From 8ccb4c3f28403b7e46b2db9a472cc3869c380e3d Mon Sep 17 00:00:00 2001 From: Keksmo Date: Mon, 29 Jul 2024 10:41:32 +0200 Subject: [PATCH 01/33] initial folder structure --- {fido2 => nitrokeys/fido2}/2fa-nextcloud.rst | 0 {fido2 => nitrokeys/fido2}/2fa-odoo.rst.inc | 0 {fido2 => nitrokeys/fido2}/faq.rst | 0 {fido2 => nitrokeys/fido2}/index.rst | 0 {fido2 => nitrokeys/fido2}/linux/2fa-nextcloud.rst | 0 {fido2 => nitrokeys/fido2}/linux/2fa-odoo.rst | 0 {fido2 => nitrokeys/fido2}/linux/desktop-login.rst | 0 .../fido2}/linux/firmware-update.rst | 0 .../fido2}/linux/images/fidou2f-1.png | Bin .../fido2}/linux/images/fidou2f-2.png | Bin .../fido2}/linux/images/fidou2f-3.png | Bin .../fido2}/linux/images/fidou2f-4.png | Bin .../fido2}/linux/images/fidou2f-5.png | Bin .../fido2}/linux/images/u2f-fido-pam-2.png | Bin {fido2 => nitrokeys/fido2}/linux/index.rst | 0 {fido2 => nitrokeys/fido2}/linux/reset.rst | 0 {fido2 => nitrokeys/fido2}/mac/2fa-nextcloud.rst | 0 {fido2 => nitrokeys/fido2}/mac/2fa-odoo.rst | 0 {fido2 => nitrokeys/fido2}/mac/firmware-update.rst | 0 {fido2 => nitrokeys/fido2}/mac/index.rst | 0 {fido2 => nitrokeys/fido2}/mac/reset.rst | 0 .../fido2}/shared/firmware-update.rst.inc | 0 .../fido2}/shared/index-content1.rst.inc | 0 .../fido2}/shared/index-content2.rst.inc | 0 .../fido2}/windows/2fa-nextcloud.rst | 0 {fido2 => nitrokeys/fido2}/windows/2fa-odoo.rst | 0 .../fido2}/windows/firmware-update.rst | 0 .../windows/images/enabling-u2f-on-firefox/1.png | Bin .../windows/images/passwordless-microsoft/1.png | Bin .../windows/images/passwordless-microsoft/10.png | Bin .../windows/images/passwordless-microsoft/11.png | Bin .../windows/images/passwordless-microsoft/12.png | Bin .../windows/images/passwordless-microsoft/2.png | Bin .../windows/images/passwordless-microsoft/3.png | Bin .../windows/images/passwordless-microsoft/4.png | Bin .../windows/images/passwordless-microsoft/5.png | Bin .../windows/images/passwordless-microsoft/6.png | Bin .../windows/images/passwordless-microsoft/7.png | Bin .../windows/images/passwordless-microsoft/8.png | Bin .../windows/images/passwordless-microsoft/9.png | Bin {fido2 => nitrokeys/fido2}/windows/index.rst | 0 .../fido2}/windows/passwordless-microsoft.rst | 0 {fido2 => nitrokeys/fido2}/windows/reset.rst | 0 {nitrokey3 => nitrokeys/nitrokey3}/adsk.rst.inc | 0 {nitrokey3 => nitrokeys/nitrokey3}/faq.rst | 0 {nitrokey3 => nitrokeys/nitrokey3}/features.rst | 0 .../nitrokey3}/firmware-update.rst.inc | 0 {nitrokey3 => nitrokeys/nitrokey3}/index.rst | 0 .../nitrokey3}/linux/2fa-odoo.rst | 0 {nitrokey3 => nitrokeys/nitrokey3}/linux/adsk.rst | 0 .../nitrokey3}/linux/desktop-login.rst | 0 .../nitrokey3}/linux/fedora-gnupg-configuration.rst | 0 .../nitrokey3}/linux/firmware-update-qubes.rst | 0 .../nitrokey3}/linux/firmware-update.rst | 0 {nitrokey3 => nitrokeys/nitrokey3}/linux/images | 0 {nitrokey3 => nitrokeys/nitrokey3}/linux/index.rst | 0 .../nitrokey3}/linux/keepassxc.rst | 0 .../nitrokey3}/linux/nitropy.rst | 0 .../nitrokey3}/linux/openpgp-keygen-backup.rst | 0 .../nitrokey3}/linux/openpgp-keygen-gpa.rst | 0 .../nitrokey3}/linux/openpgp-keygen-on-device.rst | 0 .../nitrokey3}/linux/openpgp-outlook.rst | 0 .../nitrokey3}/linux/openpgp-thunderbird.rst | 0 .../nitrokey3}/linux/openpgp-uif.rst | 0 .../nitrokey3}/linux/openpgp.rst | 0 {nitrokey3 => nitrokeys/nitrokey3}/linux/reset.rst | 0 .../nitrokey3}/linux/set-pins.rst | 0 .../nitrokey3}/linux/smime-outlook.rst | 0 .../nitrokey3}/linux/smime-thunderbird.rst | 0 {nitrokey3 => nitrokeys/nitrokey3}/linux/smime.rst | 0 .../nitrokey3}/linux/troubleshooting.rst | 0 {nitrokey3 => nitrokeys/nitrokey3}/mac/2fa-odoo.rst | 0 {nitrokey3 => nitrokeys/nitrokey3}/mac/adsk.rst | 0 .../nitrokey3}/mac/firmware-update.rst | 0 {nitrokey3 => nitrokeys/nitrokey3}/mac/index.rst | 0 .../nitrokey3}/mac/keepassxc.rst | 0 {nitrokey3 => nitrokeys/nitrokey3}/mac/nitropy.rst | 0 .../nitrokey3}/mac/openpgp-keygen-backup.rst | 0 .../nitrokey3}/mac/openpgp-keygen-gpa.rst | 0 .../nitrokey3}/mac/openpgp-keygen-on-device.rst | 0 .../nitrokey3}/mac/openpgp-outlook.rst | 0 .../nitrokey3}/mac/openpgp-thunderbird.rst | 0 .../nitrokey3}/mac/openpgp-uif.rst | 0 {nitrokey3 => nitrokeys/nitrokey3}/mac/openpgp.rst | 0 {nitrokey3 => nitrokeys/nitrokey3}/mac/reset.rst | 0 {nitrokey3 => nitrokeys/nitrokey3}/mac/set-pins.rst | 0 .../nitrokey3}/mac/smime-outlook.rst | 0 .../nitrokey3}/mac/smime-thunderbird.rst | 0 {nitrokey3 => nitrokeys/nitrokey3}/mac/smime.rst | 0 .../nitrokey3}/mac/troubleshooting.rst | 0 {nitrokey3 => nitrokeys/nitrokey3}/shared/main.rst | 0 .../nitrokey3}/shared/nitropy.rst | 0 .../nitrokey3}/shared/openpgp-uif.rst.inc | 0 .../nitrokey3}/shared/openpgp.rst.inc | 0 .../nitrokey3}/shared/reset.rst.inc | 0 .../nitrokey3}/shared/set-pins.rst.inc | 0 .../nitrokey3}/troubleshooting.rst.inc | 0 .../nitrokey3}/windows/2fa-odoo.rst | 0 {nitrokey3 => nitrokeys/nitrokey3}/windows/adsk.rst | 0 .../nitrokey3}/windows/firmware-update.rst | 0 .../windows/images/enabling-u2f-on-firefox | 0 .../windows/images/passwordless-microsoft | 0 .../nitrokey3}/windows/index.rst | 0 .../nitrokey3}/windows/keepassxc.rst | 0 .../nitrokey3}/windows/openpgp-csp.rst | 0 .../nitrokey3}/windows/openpgp-keygen-backup.rst | 0 .../nitrokey3}/windows/openpgp-keygen-gpa.rst | 0 .../nitrokey3}/windows/openpgp-keygen-on-device.rst | 0 .../nitrokey3}/windows/openpgp-outlook.rst | 0 .../nitrokey3}/windows/openpgp-thunderbird.rst | 0 .../nitrokey3}/windows/openpgp-uif.rst | 0 .../nitrokey3}/windows/openpgp.rst | 0 .../nitrokey3}/windows/passwordless-microsoft.rst | 0 .../nitrokey3}/windows/piv/access_control.rst | 0 .../windows/piv/certificate_management.rst | 0 .../nitrokey3}/windows/piv/factory_reset.rst | 0 .../guides/client_logon_with_active_directory.rst | 0 .../nitrokey3}/windows/piv/guides/index.rst | 0 .../nitrokey3}/windows/piv/index.rst | 0 .../nitrokey3}/windows/piv/key_management.rst | 0 .../nitrokey3}/windows/reset.rst | 0 .../nitrokey3}/windows/set-pins.rst | 0 .../nitrokey3}/windows/smime-outlook.rst | 0 .../nitrokey3}/windows/smime-thunderbird.rst | 0 .../nitrokey3}/windows/smime.rst | 0 .../nitrokey3}/windows/troubleshooting.rst | 0 {nkpk => nitrokeys/nkpk}/index.rst | 0 {pro => nitrokeys/pro}/2fa-google.rst.inc | 0 {pro => nitrokeys/pro}/2fa-nextcloud.rst.inc | 0 {pro => nitrokeys/pro}/2fa-odoo.rst.inc | 0 {pro => nitrokeys/pro}/change-pins.rst.inc | 0 {pro => nitrokeys/pro}/ecc.rst.inc | 0 {pro => nitrokeys/pro}/eidauthenticate.rst.inc | 0 {pro => nitrokeys/pro}/factory-reset.rst.inc | 0 {pro => nitrokeys/pro}/faq.rst | 0 {pro => nitrokeys/pro}/firmware-update.rst.inc | 0 {pro => nitrokeys/pro}/gpa.rst | 0 {pro => nitrokeys/pro}/hard-disk-encryption.rst.inc | 0 {pro => nitrokeys/pro}/images/2fa-nextcloud/1.png | Bin {pro => nitrokeys/pro}/images/2fa-nextcloud/2.png | Bin {pro => nitrokeys/pro}/images/2fa-nextcloud/3.png | Bin {pro => nitrokeys/pro}/images/2fa-nextcloud/4.png | Bin {pro => nitrokeys/pro}/images/2fa-nextcloud/5.png | Bin {pro => nitrokeys/pro}/images/2fa-nextcloud/6.png | Bin {pro => nitrokeys/pro}/images/2fa-nextcloud/7.png | Bin {pro => nitrokeys/pro}/images/2fa-nextcloud/8.png | Bin {pro => nitrokeys/pro}/images/2fa-nextcloud/9.png | Bin {pro => nitrokeys/pro}/images/change-pins/1.png | Bin {pro => nitrokeys/pro}/images/change-pins/2.png | Bin {pro => nitrokeys/pro}/images/change-pins/3.png | Bin {pro => nitrokeys/pro}/images/change-pins/4.png | Bin {pro => nitrokeys/pro}/images/eidauthenticate/1.png | Bin {pro => nitrokeys/pro}/images/eidauthenticate/2.png | Bin {pro => nitrokeys/pro}/images/eidauthenticate/3.png | Bin {pro => nitrokeys/pro}/images/eidauthenticate/4.png | Bin {pro => nitrokeys/pro}/images/eidauthenticate/5.png | Bin {pro => nitrokeys/pro}/images/eidauthenticate/6.png | Bin {pro => nitrokeys/pro}/images/eidauthenticate/7.png | Bin {pro => nitrokeys/pro}/images/eidauthenticate/8.png | Bin {pro => nitrokeys/pro}/images/eidauthenticate/9.png | Bin {pro => nitrokeys/pro}/images/gpa/1.png | Bin {pro => nitrokeys/pro}/images/gpa/2.png | Bin {pro => nitrokeys/pro}/images/gpa/3.png | Bin {pro => nitrokeys/pro}/images/gpa/4.png | Bin {pro => nitrokeys/pro}/images/gpa/5.png | Bin {pro => nitrokeys/pro}/images/gpa/6.png | Bin {pro => nitrokeys/pro}/images/gpa/7.png | Bin {pro => nitrokeys/pro}/images/gpa/8.png | Bin {pro => nitrokeys/pro}/images/gpa/9.png | Bin .../pro}/images/openpgp-keygen-gpa/1.png | Bin .../pro}/images/openpgp-keygen-gpa/2.png | Bin .../pro}/images/openpgp-keygen-gpa/3.png | Bin .../pro}/images/openpgp-keygen-gpa/4.png | Bin .../pro}/images/openpgp-keygen-gpa/5.png | Bin .../pro}/images/openpgp-keygen-gpa/6.png | Bin .../pro}/images/openpgp-keygen-gpa/7.png | Bin .../pro}/images/openpgp-thunderbird/1.png | Bin .../pro}/images/openpgp-thunderbird/10.png | Bin .../pro}/images/openpgp-thunderbird/11.png | Bin .../pro}/images/openpgp-thunderbird/12.png | Bin .../pro}/images/openpgp-thunderbird/13.png | Bin .../pro}/images/openpgp-thunderbird/14.png | Bin .../pro}/images/openpgp-thunderbird/2.png | Bin .../pro}/images/openpgp-thunderbird/3.png | Bin .../pro}/images/openpgp-thunderbird/4.png | Bin .../pro}/images/openpgp-thunderbird/5.png | Bin .../pro}/images/openpgp-thunderbird/6.png | Bin .../pro}/images/openpgp-thunderbird/7.png | Bin .../pro}/images/openpgp-thunderbird/8.png | Bin .../pro}/images/openpgp-thunderbird/9.png | Bin {pro => nitrokeys/pro}/images/otp/1.png | Bin {pro => nitrokeys/pro}/images/otp/2.png | Bin {pro => nitrokeys/pro}/images/otp/3.png | Bin {pro => nitrokeys/pro}/images/otp/4.png | Bin {pro => nitrokeys/pro}/images/otp/5.png | Bin {pro => nitrokeys/pro}/images/otp/6.png | Bin {pro => nitrokeys/pro}/images/otp/7.png | Bin {pro => nitrokeys/pro}/images/otp/8.png | Bin {pro => nitrokeys/pro}/images/putty/1.png | Bin {pro => nitrokeys/pro}/images/putty/2.png | Bin {pro => nitrokeys/pro}/images/putty/3.png | Bin {pro => nitrokeys/pro}/images/putty/4.png | Bin {pro => nitrokeys/pro}/images/putty/5.png | Bin {pro => nitrokeys/pro}/images/putty/6.png | Bin {pro => nitrokeys/pro}/images/putty/7.png | Bin {pro => nitrokeys/pro}/images/smart-policy/1.png | Bin {pro => nitrokeys/pro}/images/smart-policy/2.png | Bin {pro => nitrokeys/pro}/images/smart-policy/3.png | Bin {pro => nitrokeys/pro}/images/smart-policy/4.png | Bin {pro => nitrokeys/pro}/images/smart-policy/5.png | Bin {pro => nitrokeys/pro}/images/smart-policy/6.png | Bin {pro => nitrokeys/pro}/images/smime-outlook/1.png | Bin {pro => nitrokeys/pro}/images/smime-outlook/2.png | Bin {pro => nitrokeys/pro}/images/smime-outlook/3.png | Bin .../pro}/images/smime-thunderbird/1.png | Bin .../pro}/images/smime-thunderbird/2.png | Bin .../pro}/images/smime-thunderbird/3.png | Bin .../pro}/images/smime-thunderbird/4.png | Bin {pro => nitrokeys/pro}/images/smime/1.png | Bin {pro => nitrokeys/pro}/index.rst | 0 {pro => nitrokeys/pro}/linux/2fa-google.rst | 0 {pro => nitrokeys/pro}/linux/2fa-nextcloud.rst | 0 {pro => nitrokeys/pro}/linux/2fa-odoo.rst | 0 .../pro}/linux/automatic-screen-lock.rst | 0 .../pro}/linux/certificate-authority.rst | 0 {pro => nitrokeys/pro}/linux/change-pins.rst | 0 .../pro}/linux/disk-encryption-luks.rst | 0 {pro => nitrokeys/pro}/linux/ecc.rst | 0 {pro => nitrokeys/pro}/linux/factory-reset.rst | 0 {pro => nitrokeys/pro}/linux/firmware-update.rst | 0 {pro => nitrokeys/pro}/linux/gpa.rst | 0 .../pro}/linux/hard-disk-encryption.rst | 0 .../pro}/linux/images/App-change-pin.png | Bin {pro => nitrokeys/pro}/linux/images/luks_1.png | Bin {pro => nitrokeys/pro}/linux/images/luks_2.png | Bin {pro => nitrokeys/pro}/linux/images/luks_3.png | Bin {pro => nitrokeys/pro}/linux/images/luks_5.png | Bin {pro => nitrokeys/pro}/linux/images/luks_6.png | Bin {pro => nitrokeys/pro}/linux/images/luks_7.png | Bin {pro => nitrokeys/pro}/linux/index.rst | 0 {pro => nitrokeys/pro}/linux/ipsec.rst | 0 {pro => nitrokeys/pro}/linux/login-with-pam.rst | 0 .../pro}/linux/openpgp-keygen-backup.rst | 0 {pro => nitrokeys/pro}/linux/openpgp-keygen-gpa.rst | 0 .../pro}/linux/openpgp-keygen-on-device.rst | 0 {pro => nitrokeys/pro}/linux/openpgp-outlook.rst | 0 .../pro}/linux/openpgp-thunderbird.rst | 0 {pro => nitrokeys/pro}/linux/openpgp.rst | 0 {pro => nitrokeys/pro}/linux/openvpn-easyrsa.rst | 0 {pro => nitrokeys/pro}/linux/otp.rst | 0 {pro => nitrokeys/pro}/linux/smime-outlook.rst | 0 {pro => nitrokeys/pro}/linux/smime-thunderbird.rst | 0 {pro => nitrokeys/pro}/linux/smime.rst | 0 {pro => nitrokeys/pro}/linux/ssh.rst | 0 {pro => nitrokeys/pro}/linux/stunnel.rst | 0 {pro => nitrokeys/pro}/login-with-pam.rst.inc | 0 {pro => nitrokeys/pro}/mac/2fa-google.rst | 0 {pro => nitrokeys/pro}/mac/2fa-nextcloud.rst | 0 {pro => nitrokeys/pro}/mac/2fa-odoo.rst | 0 {pro => nitrokeys/pro}/mac/change-pins.rst | 0 {pro => nitrokeys/pro}/mac/ecc.rst | 0 {pro => nitrokeys/pro}/mac/factory-reset.rst | 0 .../qubes => nitrokeys/pro/mac}/firmware-update.rst | 0 {pro => nitrokeys/pro}/mac/gpa.rst | 0 {pro => nitrokeys/pro}/mac/hard-disk-encryption.rst | 0 .../pro}/mac/images/App-change-pin.png | Bin {pro => nitrokeys/pro}/mac/index.rst | 0 .../pro}/mac/openpgp-keygen-backup.rst | 0 {pro => nitrokeys/pro}/mac/openpgp-keygen-gpa.rst | 0 .../pro}/mac/openpgp-keygen-on-device.rst | 0 {pro => nitrokeys/pro}/mac/openpgp-outlook.rst | 0 {pro => nitrokeys/pro}/mac/openpgp-thunderbird.rst | 0 {pro => nitrokeys/pro}/mac/openpgp.rst | 0 {pro => nitrokeys/pro}/mac/otp.rst | 0 {pro => nitrokeys/pro}/mac/smime-outlook.rst | 0 {pro => nitrokeys/pro}/mac/smime-thunderbird.rst | 0 {pro => nitrokeys/pro}/mac/smime.rst | 0 .../pro}/openpgp-keygen-backup.rst.inc | 0 {pro => nitrokeys/pro}/openpgp-keygen-gpa.rst.inc | 0 .../pro}/openpgp-keygen-on-device.rst.inc | 0 {pro => nitrokeys/pro}/openpgp-outlook.rst.inc | 0 {pro => nitrokeys/pro}/openpgp-thunderbird.rst.inc | 0 {pro => nitrokeys/pro}/openpgp.rst.inc | 0 {pro => nitrokeys/pro}/otp.rst.inc | 0 {pro => nitrokeys/pro}/putty.rst.inc | 0 {pro => nitrokeys/pro}/smart-policy.rst.inc | 0 {pro => nitrokeys/pro}/smime-outlook.rst.inc | 0 {pro => nitrokeys/pro}/smime-thunderbird.rst.inc | 0 {pro => nitrokeys/pro}/smime.rst.inc | 0 {pro => nitrokeys/pro}/ssh.rst | 0 {pro => nitrokeys/pro}/windows/2fa-google.rst | 0 {pro => nitrokeys/pro}/windows/2fa-microsoft.rst | 0 {pro => nitrokeys/pro}/windows/2fa-nextcloud.rst | 0 {pro => nitrokeys/pro}/windows/2fa-odoo.rst | 0 .../pro}/windows/certificate-authority.rst | 0 {pro => nitrokeys/pro}/windows/change-pins.rst | 0 {pro => nitrokeys/pro}/windows/ecc.rst | 0 {pro => nitrokeys/pro}/windows/eidauthenticate.rst | 0 {pro => nitrokeys/pro}/windows/factory-reset.rst | 0 .../pro/windows}/firmware-update.rst | 0 {pro => nitrokeys/pro}/windows/gpa.rst | 0 .../pro}/windows/hard-disk-encryption.rst | 0 .../pro}/windows/images/2fa-microsoft/1.png | Bin .../pro}/windows/images/2fa-microsoft/10.png | Bin .../pro}/windows/images/2fa-microsoft/11.png | Bin .../pro}/windows/images/2fa-microsoft/12.png | Bin .../pro}/windows/images/2fa-microsoft/13.png | Bin .../pro}/windows/images/2fa-microsoft/14.png | Bin .../pro}/windows/images/2fa-microsoft/2.png | Bin .../pro}/windows/images/2fa-microsoft/3.png | Bin .../pro}/windows/images/2fa-microsoft/4.png | Bin .../pro}/windows/images/2fa-microsoft/5.png | Bin .../pro}/windows/images/2fa-microsoft/6.png | Bin .../pro}/windows/images/2fa-microsoft/7.png | Bin .../pro}/windows/images/2fa-microsoft/8.png | Bin .../pro}/windows/images/2fa-microsoft/9.png | Bin .../pro}/windows/images/App-change-pin.png | Bin .../pro}/windows/images/openpgp-csp/1.png | Bin .../pro}/windows/images/openpgp-csp/10.png | Bin .../pro}/windows/images/openpgp-csp/11.png | Bin .../pro}/windows/images/openpgp-csp/2.png | Bin .../pro}/windows/images/openpgp-csp/3.png | Bin .../pro}/windows/images/openpgp-csp/4.png | Bin .../pro}/windows/images/openpgp-csp/5.png | Bin .../pro}/windows/images/openpgp-csp/6.png | Bin .../pro}/windows/images/openpgp-csp/7.png | Bin .../pro}/windows/images/openpgp-csp/8.png | Bin .../pro}/windows/images/openpgp-csp/9.png | Bin .../pro}/windows/images/openpgp-outlook/1.png | Bin .../pro}/windows/images/openpgp-outlook/2.png | Bin .../pro}/windows/images/openpgp-outlook/3.png | Bin .../pro}/windows/images/openpgp-outlook/4.png | Bin .../images/openvpn-viscosity/viscosity-1.jpg | Bin .../images/openvpn-viscosity/viscosity-2.jpg | Bin .../images/openvpn-viscosity/viscosity-3.jpg | Bin .../images/openvpn-viscosity/viscosity-4.jpg | Bin {pro => nitrokeys/pro}/windows/index.rst | 0 {pro => nitrokeys/pro}/windows/openpgp-csp.rst | 0 .../pro}/windows/openpgp-keygen-backup.rst | 0 .../pro}/windows/openpgp-keygen-gpa.rst | 0 .../pro}/windows/openpgp-keygen-on-device.rst | 0 {pro => nitrokeys/pro}/windows/openpgp-outlook.rst | 0 .../pro}/windows/openpgp-thunderbird.rst | 0 {pro => nitrokeys/pro}/windows/openpgp.rst | 0 {pro => nitrokeys/pro}/windows/openvpn-easyrsa.rst | 0 .../pro}/windows/openvpn-viscosity.rst | 0 {pro => nitrokeys/pro}/windows/otp.rst | 0 {pro => nitrokeys/pro}/windows/putty.rst | 0 {pro => nitrokeys/pro}/windows/smart-policy.rst | 0 {pro => nitrokeys/pro}/windows/smime-outlook.rst | 0 .../pro}/windows/smime-thunderbird.rst | 0 {pro => nitrokeys/pro}/windows/smime.rst | 0 {u2f => nitrokeys/u2f}/index.rst | 0 {u2f => nitrokeys/u2f}/linux/2fa-nextcloud.rst | 0 {u2f => nitrokeys/u2f}/linux/2fa-odoo.rst | 0 {u2f => nitrokeys/u2f}/linux/desktop-login.rst | 0 {u2f => nitrokeys/u2f}/linux/index.rst | 0 {u2f => nitrokeys/u2f}/mac/2fa-nextcloud.rst | 0 {u2f => nitrokeys/u2f}/mac/2fa-odoo.rst | 0 {u2f => nitrokeys/u2f}/mac/index.rst | 0 {u2f => nitrokeys/u2f}/shared/index-content1.rst | 0 {u2f => nitrokeys/u2f}/windows/2fa-nextcloud.rst | 0 {u2f => nitrokeys/u2f}/windows/2fa-odoo.rst | 0 {u2f => nitrokeys/u2f}/windows/index.rst | 0 .../nitropad}/content/shared-index-content1.rst | 0 .../nitropad}/content/shared-index-content2.rst | 0 .../nitropad}/default-boot.rst.inc | 0 .../nitropad}/factory-reset-heads2.rst.inc | 0 .../nitropad}/factory-reset.rst.inc | 0 {nitropad => nitropadpc/nitropad}/faq.rst | 0 .../nitropad}/firmware-update-1.4.rst.inc | 0 .../nitropad}/firmware-update.rst.inc | 0 .../nitropad}/images/NitroPad-boot-options.jpeg | Bin .../nitropad}/images/NitroPad-boot-process-bad.jpeg | Bin .../nitropad}/images/NitroPad-boot-process_0.jpeg | Bin .../images/NitroPad-confirm-boot-details.jpeg | Bin .../nitropad}/images/NitroPad-error-mismatch.jpeg | Bin .../nitropad}/images/Schraube.jpg | Bin .../nitropad}/images/SchraubenmarkierungT430.jpg | Bin .../nitropad}/images/SchraubenmarkierungX230.jpg | Bin .../nitropad}/images/boot-menu.jpg | Bin .../images/change-disk-encryption-passphrase/1.png | Bin .../images/change-disk-encryption-passphrase/2.png | Bin .../images/change-disk-encryption-passphrase/3.png | Bin .../images/change-disk-encryption-passphrase/4.png | Bin .../images/change-disk-encryption-passphrase/5.png | Bin .../nitropad}/images/default-boot/1.jpg | Bin .../nitropad}/images/default-boot/2.jpg | Bin .../nitropad}/images/default-boot/3.jpg | Bin .../nitropad}/images/default-boot/4.jpg | Bin .../images/factory-reset-heads2/admin-pin.jpg | Bin .../factory-reset-heads2/confirm-integrity.jpg | Bin .../images/factory-reset-heads2/confirm.jpg | Bin .../images/factory-reset-heads2/default-sec.jpg | Bin .../images/factory-reset-heads2/options.jpg | Bin .../images/factory-reset-heads2/otp-sec1.jpg | Bin .../images/factory-reset-heads2/otp-sec2.jpg | Bin .../images/factory-reset-heads2/reboot.jpg | Bin .../nitropad}/images/factory-reset-heads2/reset.jpg | Bin .../images/factory-reset-heads2/start-menu.jpg | Bin .../nitropad}/images/factory-reset-heads2/totp.jpg | Bin .../nitropad}/images/factory-reset-heads2/tpm.jpg | Bin .../nitropad}/images/factory-reset/1.jpg | Bin .../nitropad}/images/factory-reset/10.jpg | Bin .../nitropad}/images/factory-reset/11.jpg | Bin .../nitropad}/images/factory-reset/2.jpg | Bin .../nitropad}/images/factory-reset/3.jpg | Bin .../nitropad}/images/factory-reset/4.jpg | Bin .../nitropad}/images/factory-reset/5.jpg | Bin .../nitropad}/images/factory-reset/6.jpg | Bin .../nitropad}/images/factory-reset/7.jpg | Bin .../nitropad}/images/factory-reset/8.jpg | Bin .../nitropad}/images/factory-reset/9.jpg | Bin .../nitropad}/images/firmware-update/1.jpg | Bin .../nitropad}/images/firmware-update/2.jpg | Bin .../nitropad}/images/firmware-update/3.jpg | Bin .../nitropad}/images/firmware-update/4.jpg | Bin .../nitropad}/images/firmware-update/5.jpg | Bin .../nitropad}/images/firmware-update/6.jpg | Bin .../nitropad}/images/firmware-update/7.jpg | Bin .../nitropad}/images/firmware-update/8.jpg | Bin .../nitropad}/images/firmware-update/9.jpg | Bin .../images/network-settings/settings_0.png | Bin .../images/network-settings/settings_1.png | Bin .../images/network-settings/settings_2.png | Bin .../nitropad}/images/ns50_sealed.jpg | Bin .../nitropad}/images/nv41_sealed.jpg | Bin .../NitroPad-boot-entry-error.jpeg | Bin .../NitroPad-confirm-boot-details.jpeg | Bin .../NitroPad-update-checksum.jpeg | Bin .../nitropad}/images/options.jpg | Bin .../nitropad}/images/system-update/1.jpeg | Bin .../nitropad}/images/system-update/2.jpeg | Bin .../nitropad}/images/system-update/3.jpeg | Bin .../nitropad}/images/system-update/4.jpeg | Bin .../nitropad}/images/system-update/5.jpeg | Bin .../nitropad}/images/system-update/6.jpeg | Bin {nitropad => nitropadpc/nitropad}/index.rst | 0 .../nitropad}/os-reinstallation.rst.inc | 0 .../nitropad}/qubes/change-pins.rst | 0 .../nitropad}/qubes/default-boot.rst | 0 .../nitropad}/qubes/factory-reset-heads2.rst | 0 .../nitropad}/qubes/factory-reset.rst | 0 .../nitropad}/qubes/firmware-update-1.4.rst | 0 .../nitropad/qubes}/firmware-update.rst | 0 .../nitropad}/qubes/images/QubesDiskPassword.jpg | Bin .../qubes/images/user-password-reset/step-five.jpg | Bin .../qubes/images/user-password-reset/step-four.jpg | Bin .../qubes/images/user-password-reset/step-one.jpg | Bin .../qubes/images/user-password-reset/step-three.jpg | Bin .../qubes/images/user-password-reset/step-two.jpg | Bin {nitropad => nitropadpc/nitropad}/qubes/index.rst | 0 .../nitropad}/qubes/network-settings.rst | 0 .../nitropad}/qubes/nitrokey-app.rst | 0 .../nitropad}/qubes/os-reinstallation.rst | 0 .../nitropad}/qubes/sealed-hardware.rst | 0 .../nitropad}/qubes/system-update.rst | 0 .../nitropad}/qubes/troubleshooting.rst | 0 .../nitropad}/qubes/user-password-reset.rst | 0 .../nitropad}/sealed-hardware.rst.inc | 0 .../nitropad}/system-update.rst.inc | 0 .../nitropad}/troubleshooting.rst.inc | 0 .../ubuntu/change-disk-encryption-passphrase.rst | 0 .../nitropad}/ubuntu/change-pins.rst | 0 .../nitropad}/ubuntu/default-boot.rst | 0 .../nitropad}/ubuntu/factory-reset-heads2.rst | 0 .../nitropad}/ubuntu/factory-reset.rst | 0 .../nitropad}/ubuntu/firmware-update-1.4.rst | 0 .../nitropad/ubuntu}/firmware-update.rst | 0 .../ubuntu/images/NitroPad-boot-options.jpeg | Bin .../nitropad}/ubuntu/images/UbuntuDiskPassword.png | Bin {nitropad => nitropadpc/nitropad}/ubuntu/index.rst | 0 .../nitropad}/ubuntu/nitrokey-app.rst | 0 .../nitropad}/ubuntu/os-reinstallation.rst | 0 .../nitropad}/ubuntu/sealed-hardware.rst | 0 .../nitropad}/ubuntu/system-update.rst | 0 .../nitropad}/ubuntu/troubleshooting.rst | 0 {nitropc => nitropadpc/nitropc}/debian/index.rst | 0 .../nitropc}/debian/os-reinstallation.rst | 0 .../nitropc}/debian/sealed-hardware.rst | 0 {nitropc => nitropadpc/nitropc}/faq.rst | 0 {nitropc => nitropadpc/nitropc}/index.rst | 0 .../nitropc}/os-reinstallation.rst.inc | 0 .../nitropc}/qubes/gpu-install.rst | 0 {nitropc => nitropadpc/nitropc}/qubes/index.rst | 0 .../nitropc}/qubes/nitrokey-app.rst | 0 .../nitropc}/qubes/os-reinstallation.rst | 0 .../nitropc}/qubes/sealed-hardware.rst | 0 .../nitropc}/sealed-hardware.rst.inc | 0 {nitropc => nitropadpc/nitropc}/ubuntu/index.rst | 0 .../nitropc}/ubuntu/nitrokey-app.rst | 0 .../nitropc}/ubuntu/os-reinstallation.rst | 0 .../nitropc}/ubuntu/sealed-hardware.rst | 0 493 files changed, 0 insertions(+), 0 deletions(-) rename {fido2 => nitrokeys/fido2}/2fa-nextcloud.rst (100%) rename {fido2 => nitrokeys/fido2}/2fa-odoo.rst.inc (100%) rename {fido2 => nitrokeys/fido2}/faq.rst (100%) rename {fido2 => nitrokeys/fido2}/index.rst (100%) rename {fido2 => nitrokeys/fido2}/linux/2fa-nextcloud.rst (100%) rename {fido2 => nitrokeys/fido2}/linux/2fa-odoo.rst (100%) rename {fido2 => nitrokeys/fido2}/linux/desktop-login.rst (100%) rename {fido2 => nitrokeys/fido2}/linux/firmware-update.rst (100%) rename {fido2 => nitrokeys/fido2}/linux/images/fidou2f-1.png (100%) rename {fido2 => nitrokeys/fido2}/linux/images/fidou2f-2.png (100%) rename {fido2 => nitrokeys/fido2}/linux/images/fidou2f-3.png (100%) rename {fido2 => nitrokeys/fido2}/linux/images/fidou2f-4.png (100%) rename {fido2 => nitrokeys/fido2}/linux/images/fidou2f-5.png (100%) rename {fido2 => nitrokeys/fido2}/linux/images/u2f-fido-pam-2.png (100%) rename {fido2 => nitrokeys/fido2}/linux/index.rst (100%) rename {fido2 => nitrokeys/fido2}/linux/reset.rst (100%) rename {fido2 => nitrokeys/fido2}/mac/2fa-nextcloud.rst (100%) rename {fido2 => nitrokeys/fido2}/mac/2fa-odoo.rst (100%) rename {fido2 => nitrokeys/fido2}/mac/firmware-update.rst (100%) rename {fido2 => nitrokeys/fido2}/mac/index.rst (100%) rename {fido2 => nitrokeys/fido2}/mac/reset.rst (100%) rename {fido2 => nitrokeys/fido2}/shared/firmware-update.rst.inc (100%) rename {fido2 => nitrokeys/fido2}/shared/index-content1.rst.inc (100%) rename {fido2 => nitrokeys/fido2}/shared/index-content2.rst.inc (100%) rename {fido2 => nitrokeys/fido2}/windows/2fa-nextcloud.rst (100%) rename {fido2 => nitrokeys/fido2}/windows/2fa-odoo.rst (100%) rename {fido2 => nitrokeys/fido2}/windows/firmware-update.rst (100%) rename {fido2 => nitrokeys/fido2}/windows/images/enabling-u2f-on-firefox/1.png (100%) rename {fido2 => nitrokeys/fido2}/windows/images/passwordless-microsoft/1.png (100%) rename {fido2 => nitrokeys/fido2}/windows/images/passwordless-microsoft/10.png (100%) rename {fido2 => nitrokeys/fido2}/windows/images/passwordless-microsoft/11.png (100%) rename {fido2 => nitrokeys/fido2}/windows/images/passwordless-microsoft/12.png (100%) rename {fido2 => nitrokeys/fido2}/windows/images/passwordless-microsoft/2.png (100%) rename {fido2 => nitrokeys/fido2}/windows/images/passwordless-microsoft/3.png (100%) rename {fido2 => nitrokeys/fido2}/windows/images/passwordless-microsoft/4.png (100%) rename {fido2 => nitrokeys/fido2}/windows/images/passwordless-microsoft/5.png (100%) rename {fido2 => nitrokeys/fido2}/windows/images/passwordless-microsoft/6.png (100%) rename {fido2 => nitrokeys/fido2}/windows/images/passwordless-microsoft/7.png (100%) rename {fido2 => nitrokeys/fido2}/windows/images/passwordless-microsoft/8.png (100%) rename {fido2 => nitrokeys/fido2}/windows/images/passwordless-microsoft/9.png (100%) rename {fido2 => nitrokeys/fido2}/windows/index.rst (100%) rename {fido2 => nitrokeys/fido2}/windows/passwordless-microsoft.rst (100%) rename {fido2 => nitrokeys/fido2}/windows/reset.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/adsk.rst.inc (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/faq.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/features.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/firmware-update.rst.inc (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/index.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/2fa-odoo.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/adsk.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/desktop-login.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/fedora-gnupg-configuration.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/firmware-update-qubes.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/firmware-update.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/images (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/index.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/keepassxc.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/nitropy.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/openpgp-keygen-backup.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/openpgp-keygen-gpa.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/openpgp-keygen-on-device.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/openpgp-outlook.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/openpgp-thunderbird.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/openpgp-uif.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/openpgp.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/reset.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/set-pins.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/smime-outlook.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/smime-thunderbird.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/smime.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/linux/troubleshooting.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/2fa-odoo.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/adsk.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/firmware-update.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/index.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/keepassxc.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/nitropy.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/openpgp-keygen-backup.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/openpgp-keygen-gpa.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/openpgp-keygen-on-device.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/openpgp-outlook.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/openpgp-thunderbird.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/openpgp-uif.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/openpgp.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/reset.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/set-pins.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/smime-outlook.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/smime-thunderbird.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/smime.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/mac/troubleshooting.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/shared/main.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/shared/nitropy.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/shared/openpgp-uif.rst.inc (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/shared/openpgp.rst.inc (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/shared/reset.rst.inc (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/shared/set-pins.rst.inc (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/troubleshooting.rst.inc (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/2fa-odoo.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/adsk.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/firmware-update.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/images/enabling-u2f-on-firefox (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/images/passwordless-microsoft (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/index.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/keepassxc.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/openpgp-csp.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/openpgp-keygen-backup.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/openpgp-keygen-gpa.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/openpgp-keygen-on-device.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/openpgp-outlook.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/openpgp-thunderbird.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/openpgp-uif.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/openpgp.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/passwordless-microsoft.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/piv/access_control.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/piv/certificate_management.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/piv/factory_reset.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/piv/guides/client_logon_with_active_directory.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/piv/guides/index.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/piv/index.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/piv/key_management.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/reset.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/set-pins.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/smime-outlook.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/smime-thunderbird.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/smime.rst (100%) rename {nitrokey3 => nitrokeys/nitrokey3}/windows/troubleshooting.rst (100%) rename {nkpk => nitrokeys/nkpk}/index.rst (100%) rename {pro => nitrokeys/pro}/2fa-google.rst.inc (100%) rename {pro => nitrokeys/pro}/2fa-nextcloud.rst.inc (100%) rename {pro => nitrokeys/pro}/2fa-odoo.rst.inc (100%) rename {pro => nitrokeys/pro}/change-pins.rst.inc (100%) rename {pro => nitrokeys/pro}/ecc.rst.inc (100%) rename {pro => nitrokeys/pro}/eidauthenticate.rst.inc (100%) rename {pro => nitrokeys/pro}/factory-reset.rst.inc (100%) rename {pro => nitrokeys/pro}/faq.rst (100%) rename {pro => nitrokeys/pro}/firmware-update.rst.inc (100%) rename {pro => nitrokeys/pro}/gpa.rst (100%) rename {pro => nitrokeys/pro}/hard-disk-encryption.rst.inc (100%) rename {pro => nitrokeys/pro}/images/2fa-nextcloud/1.png (100%) rename {pro => nitrokeys/pro}/images/2fa-nextcloud/2.png (100%) rename {pro => nitrokeys/pro}/images/2fa-nextcloud/3.png (100%) rename {pro => nitrokeys/pro}/images/2fa-nextcloud/4.png (100%) rename {pro => nitrokeys/pro}/images/2fa-nextcloud/5.png (100%) rename {pro => nitrokeys/pro}/images/2fa-nextcloud/6.png (100%) rename {pro => nitrokeys/pro}/images/2fa-nextcloud/7.png (100%) rename {pro => nitrokeys/pro}/images/2fa-nextcloud/8.png (100%) rename {pro => nitrokeys/pro}/images/2fa-nextcloud/9.png (100%) rename {pro => nitrokeys/pro}/images/change-pins/1.png (100%) rename {pro => nitrokeys/pro}/images/change-pins/2.png (100%) rename {pro => nitrokeys/pro}/images/change-pins/3.png (100%) rename {pro => nitrokeys/pro}/images/change-pins/4.png (100%) rename {pro => nitrokeys/pro}/images/eidauthenticate/1.png (100%) rename {pro => nitrokeys/pro}/images/eidauthenticate/2.png (100%) rename {pro => nitrokeys/pro}/images/eidauthenticate/3.png (100%) rename {pro => nitrokeys/pro}/images/eidauthenticate/4.png (100%) rename {pro => nitrokeys/pro}/images/eidauthenticate/5.png (100%) rename {pro => nitrokeys/pro}/images/eidauthenticate/6.png (100%) rename {pro => nitrokeys/pro}/images/eidauthenticate/7.png (100%) rename {pro => nitrokeys/pro}/images/eidauthenticate/8.png (100%) rename {pro => nitrokeys/pro}/images/eidauthenticate/9.png (100%) rename {pro => nitrokeys/pro}/images/gpa/1.png (100%) rename {pro => nitrokeys/pro}/images/gpa/2.png (100%) rename {pro => nitrokeys/pro}/images/gpa/3.png (100%) rename {pro => nitrokeys/pro}/images/gpa/4.png (100%) rename {pro => nitrokeys/pro}/images/gpa/5.png (100%) rename {pro => nitrokeys/pro}/images/gpa/6.png (100%) rename {pro => nitrokeys/pro}/images/gpa/7.png (100%) rename {pro => nitrokeys/pro}/images/gpa/8.png (100%) rename {pro => nitrokeys/pro}/images/gpa/9.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-keygen-gpa/1.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-keygen-gpa/2.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-keygen-gpa/3.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-keygen-gpa/4.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-keygen-gpa/5.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-keygen-gpa/6.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-keygen-gpa/7.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-thunderbird/1.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-thunderbird/10.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-thunderbird/11.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-thunderbird/12.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-thunderbird/13.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-thunderbird/14.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-thunderbird/2.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-thunderbird/3.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-thunderbird/4.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-thunderbird/5.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-thunderbird/6.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-thunderbird/7.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-thunderbird/8.png (100%) rename {pro => nitrokeys/pro}/images/openpgp-thunderbird/9.png (100%) rename {pro => nitrokeys/pro}/images/otp/1.png (100%) rename {pro => nitrokeys/pro}/images/otp/2.png (100%) rename {pro => nitrokeys/pro}/images/otp/3.png (100%) rename {pro => nitrokeys/pro}/images/otp/4.png (100%) rename {pro => nitrokeys/pro}/images/otp/5.png (100%) rename {pro => nitrokeys/pro}/images/otp/6.png (100%) rename {pro => nitrokeys/pro}/images/otp/7.png (100%) rename {pro => nitrokeys/pro}/images/otp/8.png (100%) rename {pro => nitrokeys/pro}/images/putty/1.png (100%) rename {pro => nitrokeys/pro}/images/putty/2.png (100%) rename {pro => nitrokeys/pro}/images/putty/3.png (100%) rename {pro => nitrokeys/pro}/images/putty/4.png (100%) rename {pro => nitrokeys/pro}/images/putty/5.png (100%) rename {pro => nitrokeys/pro}/images/putty/6.png (100%) rename {pro => nitrokeys/pro}/images/putty/7.png (100%) rename {pro => nitrokeys/pro}/images/smart-policy/1.png (100%) rename {pro => nitrokeys/pro}/images/smart-policy/2.png (100%) rename {pro => nitrokeys/pro}/images/smart-policy/3.png (100%) rename {pro => nitrokeys/pro}/images/smart-policy/4.png (100%) rename {pro => nitrokeys/pro}/images/smart-policy/5.png (100%) rename {pro => nitrokeys/pro}/images/smart-policy/6.png (100%) rename {pro => nitrokeys/pro}/images/smime-outlook/1.png (100%) rename {pro => nitrokeys/pro}/images/smime-outlook/2.png (100%) rename {pro => nitrokeys/pro}/images/smime-outlook/3.png (100%) rename {pro => nitrokeys/pro}/images/smime-thunderbird/1.png (100%) rename {pro => nitrokeys/pro}/images/smime-thunderbird/2.png (100%) rename {pro => nitrokeys/pro}/images/smime-thunderbird/3.png (100%) rename {pro => nitrokeys/pro}/images/smime-thunderbird/4.png (100%) rename {pro => nitrokeys/pro}/images/smime/1.png (100%) rename {pro => nitrokeys/pro}/index.rst (100%) rename {pro => nitrokeys/pro}/linux/2fa-google.rst (100%) rename {pro => nitrokeys/pro}/linux/2fa-nextcloud.rst (100%) rename {pro => nitrokeys/pro}/linux/2fa-odoo.rst (100%) rename {pro => nitrokeys/pro}/linux/automatic-screen-lock.rst (100%) rename {pro => nitrokeys/pro}/linux/certificate-authority.rst (100%) rename {pro => nitrokeys/pro}/linux/change-pins.rst (100%) rename {pro => nitrokeys/pro}/linux/disk-encryption-luks.rst (100%) rename {pro => nitrokeys/pro}/linux/ecc.rst (100%) rename {pro => nitrokeys/pro}/linux/factory-reset.rst (100%) rename {pro => nitrokeys/pro}/linux/firmware-update.rst (100%) rename {pro => nitrokeys/pro}/linux/gpa.rst (100%) rename {pro => nitrokeys/pro}/linux/hard-disk-encryption.rst (100%) rename {pro => nitrokeys/pro}/linux/images/App-change-pin.png (100%) rename {pro => nitrokeys/pro}/linux/images/luks_1.png (100%) rename {pro => nitrokeys/pro}/linux/images/luks_2.png (100%) rename {pro => nitrokeys/pro}/linux/images/luks_3.png (100%) rename {pro => nitrokeys/pro}/linux/images/luks_5.png (100%) rename {pro => nitrokeys/pro}/linux/images/luks_6.png (100%) rename {pro => nitrokeys/pro}/linux/images/luks_7.png (100%) rename {pro => nitrokeys/pro}/linux/index.rst (100%) rename {pro => nitrokeys/pro}/linux/ipsec.rst (100%) rename {pro => nitrokeys/pro}/linux/login-with-pam.rst (100%) rename {pro => nitrokeys/pro}/linux/openpgp-keygen-backup.rst (100%) rename {pro => nitrokeys/pro}/linux/openpgp-keygen-gpa.rst (100%) rename {pro => nitrokeys/pro}/linux/openpgp-keygen-on-device.rst (100%) rename {pro => nitrokeys/pro}/linux/openpgp-outlook.rst (100%) rename {pro => nitrokeys/pro}/linux/openpgp-thunderbird.rst (100%) rename {pro => nitrokeys/pro}/linux/openpgp.rst (100%) rename {pro => nitrokeys/pro}/linux/openvpn-easyrsa.rst (100%) rename {pro => nitrokeys/pro}/linux/otp.rst (100%) rename {pro => nitrokeys/pro}/linux/smime-outlook.rst (100%) rename {pro => nitrokeys/pro}/linux/smime-thunderbird.rst (100%) rename {pro => nitrokeys/pro}/linux/smime.rst (100%) rename {pro => nitrokeys/pro}/linux/ssh.rst (100%) rename {pro => nitrokeys/pro}/linux/stunnel.rst (100%) rename {pro => nitrokeys/pro}/login-with-pam.rst.inc (100%) rename {pro => nitrokeys/pro}/mac/2fa-google.rst (100%) rename {pro => nitrokeys/pro}/mac/2fa-nextcloud.rst (100%) rename {pro => nitrokeys/pro}/mac/2fa-odoo.rst (100%) rename {pro => nitrokeys/pro}/mac/change-pins.rst (100%) rename {pro => nitrokeys/pro}/mac/ecc.rst (100%) rename {pro => nitrokeys/pro}/mac/factory-reset.rst (100%) rename {nitropad/qubes => nitrokeys/pro/mac}/firmware-update.rst (100%) rename {pro => nitrokeys/pro}/mac/gpa.rst (100%) rename {pro => nitrokeys/pro}/mac/hard-disk-encryption.rst (100%) rename {pro => nitrokeys/pro}/mac/images/App-change-pin.png (100%) rename {pro => nitrokeys/pro}/mac/index.rst (100%) rename {pro => nitrokeys/pro}/mac/openpgp-keygen-backup.rst (100%) rename {pro => nitrokeys/pro}/mac/openpgp-keygen-gpa.rst (100%) rename {pro => nitrokeys/pro}/mac/openpgp-keygen-on-device.rst (100%) rename {pro => nitrokeys/pro}/mac/openpgp-outlook.rst (100%) rename {pro => nitrokeys/pro}/mac/openpgp-thunderbird.rst (100%) rename {pro => nitrokeys/pro}/mac/openpgp.rst (100%) rename {pro => nitrokeys/pro}/mac/otp.rst (100%) rename {pro => nitrokeys/pro}/mac/smime-outlook.rst (100%) rename {pro => nitrokeys/pro}/mac/smime-thunderbird.rst (100%) rename {pro => nitrokeys/pro}/mac/smime.rst (100%) rename {pro => nitrokeys/pro}/openpgp-keygen-backup.rst.inc (100%) rename {pro => nitrokeys/pro}/openpgp-keygen-gpa.rst.inc (100%) rename {pro => nitrokeys/pro}/openpgp-keygen-on-device.rst.inc (100%) rename {pro => nitrokeys/pro}/openpgp-outlook.rst.inc (100%) rename {pro => nitrokeys/pro}/openpgp-thunderbird.rst.inc (100%) rename {pro => nitrokeys/pro}/openpgp.rst.inc (100%) rename {pro => nitrokeys/pro}/otp.rst.inc (100%) rename {pro => nitrokeys/pro}/putty.rst.inc (100%) rename {pro => nitrokeys/pro}/smart-policy.rst.inc (100%) rename {pro => nitrokeys/pro}/smime-outlook.rst.inc (100%) rename {pro => nitrokeys/pro}/smime-thunderbird.rst.inc (100%) rename {pro => nitrokeys/pro}/smime.rst.inc (100%) rename {pro => nitrokeys/pro}/ssh.rst (100%) rename {pro => nitrokeys/pro}/windows/2fa-google.rst (100%) rename {pro => nitrokeys/pro}/windows/2fa-microsoft.rst (100%) rename {pro => nitrokeys/pro}/windows/2fa-nextcloud.rst (100%) rename {pro => nitrokeys/pro}/windows/2fa-odoo.rst (100%) rename {pro => nitrokeys/pro}/windows/certificate-authority.rst (100%) rename {pro => nitrokeys/pro}/windows/change-pins.rst (100%) rename {pro => nitrokeys/pro}/windows/ecc.rst (100%) rename {pro => nitrokeys/pro}/windows/eidauthenticate.rst (100%) rename {pro => nitrokeys/pro}/windows/factory-reset.rst (100%) rename {nitropad/ubuntu => nitrokeys/pro/windows}/firmware-update.rst (100%) rename {pro => nitrokeys/pro}/windows/gpa.rst (100%) rename {pro => nitrokeys/pro}/windows/hard-disk-encryption.rst (100%) rename {pro => nitrokeys/pro}/windows/images/2fa-microsoft/1.png (100%) rename {pro => nitrokeys/pro}/windows/images/2fa-microsoft/10.png (100%) rename {pro => nitrokeys/pro}/windows/images/2fa-microsoft/11.png (100%) rename {pro => nitrokeys/pro}/windows/images/2fa-microsoft/12.png (100%) rename {pro => nitrokeys/pro}/windows/images/2fa-microsoft/13.png (100%) rename {pro => nitrokeys/pro}/windows/images/2fa-microsoft/14.png (100%) rename {pro => nitrokeys/pro}/windows/images/2fa-microsoft/2.png (100%) rename {pro => nitrokeys/pro}/windows/images/2fa-microsoft/3.png (100%) rename {pro => nitrokeys/pro}/windows/images/2fa-microsoft/4.png (100%) rename {pro => nitrokeys/pro}/windows/images/2fa-microsoft/5.png (100%) rename {pro => nitrokeys/pro}/windows/images/2fa-microsoft/6.png (100%) rename {pro => nitrokeys/pro}/windows/images/2fa-microsoft/7.png (100%) rename {pro => nitrokeys/pro}/windows/images/2fa-microsoft/8.png (100%) rename {pro => nitrokeys/pro}/windows/images/2fa-microsoft/9.png (100%) rename {pro => nitrokeys/pro}/windows/images/App-change-pin.png (100%) rename {pro => nitrokeys/pro}/windows/images/openpgp-csp/1.png (100%) rename {pro => nitrokeys/pro}/windows/images/openpgp-csp/10.png (100%) rename {pro => nitrokeys/pro}/windows/images/openpgp-csp/11.png (100%) rename {pro => nitrokeys/pro}/windows/images/openpgp-csp/2.png (100%) rename {pro => nitrokeys/pro}/windows/images/openpgp-csp/3.png (100%) rename {pro => nitrokeys/pro}/windows/images/openpgp-csp/4.png (100%) rename {pro => nitrokeys/pro}/windows/images/openpgp-csp/5.png (100%) rename {pro => nitrokeys/pro}/windows/images/openpgp-csp/6.png (100%) rename {pro => nitrokeys/pro}/windows/images/openpgp-csp/7.png (100%) rename {pro => nitrokeys/pro}/windows/images/openpgp-csp/8.png (100%) rename {pro => nitrokeys/pro}/windows/images/openpgp-csp/9.png (100%) rename {pro => nitrokeys/pro}/windows/images/openpgp-outlook/1.png (100%) rename {pro => nitrokeys/pro}/windows/images/openpgp-outlook/2.png (100%) rename {pro => nitrokeys/pro}/windows/images/openpgp-outlook/3.png (100%) rename {pro => nitrokeys/pro}/windows/images/openpgp-outlook/4.png (100%) rename {pro => nitrokeys/pro}/windows/images/openvpn-viscosity/viscosity-1.jpg (100%) rename {pro => nitrokeys/pro}/windows/images/openvpn-viscosity/viscosity-2.jpg (100%) rename {pro => nitrokeys/pro}/windows/images/openvpn-viscosity/viscosity-3.jpg (100%) rename {pro => nitrokeys/pro}/windows/images/openvpn-viscosity/viscosity-4.jpg (100%) rename {pro => nitrokeys/pro}/windows/index.rst (100%) rename {pro => nitrokeys/pro}/windows/openpgp-csp.rst (100%) rename {pro => nitrokeys/pro}/windows/openpgp-keygen-backup.rst (100%) rename {pro => nitrokeys/pro}/windows/openpgp-keygen-gpa.rst (100%) rename {pro => nitrokeys/pro}/windows/openpgp-keygen-on-device.rst (100%) rename {pro => nitrokeys/pro}/windows/openpgp-outlook.rst (100%) rename {pro => nitrokeys/pro}/windows/openpgp-thunderbird.rst (100%) rename {pro => nitrokeys/pro}/windows/openpgp.rst (100%) rename {pro => nitrokeys/pro}/windows/openvpn-easyrsa.rst (100%) rename {pro => nitrokeys/pro}/windows/openvpn-viscosity.rst (100%) rename {pro => nitrokeys/pro}/windows/otp.rst (100%) rename {pro => nitrokeys/pro}/windows/putty.rst (100%) rename {pro => nitrokeys/pro}/windows/smart-policy.rst (100%) rename {pro => nitrokeys/pro}/windows/smime-outlook.rst (100%) rename {pro => nitrokeys/pro}/windows/smime-thunderbird.rst (100%) rename {pro => nitrokeys/pro}/windows/smime.rst (100%) rename {u2f => nitrokeys/u2f}/index.rst (100%) rename {u2f => nitrokeys/u2f}/linux/2fa-nextcloud.rst (100%) rename {u2f => nitrokeys/u2f}/linux/2fa-odoo.rst (100%) rename {u2f => nitrokeys/u2f}/linux/desktop-login.rst (100%) rename {u2f => nitrokeys/u2f}/linux/index.rst (100%) rename {u2f => nitrokeys/u2f}/mac/2fa-nextcloud.rst (100%) rename {u2f => nitrokeys/u2f}/mac/2fa-odoo.rst (100%) rename {u2f => nitrokeys/u2f}/mac/index.rst (100%) rename {u2f => nitrokeys/u2f}/shared/index-content1.rst (100%) rename {u2f => nitrokeys/u2f}/windows/2fa-nextcloud.rst (100%) rename {u2f => nitrokeys/u2f}/windows/2fa-odoo.rst (100%) rename {u2f => nitrokeys/u2f}/windows/index.rst (100%) rename {nitropad => nitropadpc/nitropad}/content/shared-index-content1.rst (100%) rename {nitropad => nitropadpc/nitropad}/content/shared-index-content2.rst (100%) rename {nitropad => nitropadpc/nitropad}/default-boot.rst.inc (100%) rename {nitropad => nitropadpc/nitropad}/factory-reset-heads2.rst.inc (100%) rename {nitropad => nitropadpc/nitropad}/factory-reset.rst.inc (100%) rename {nitropad => nitropadpc/nitropad}/faq.rst (100%) rename {nitropad => nitropadpc/nitropad}/firmware-update-1.4.rst.inc (100%) rename {nitropad => nitropadpc/nitropad}/firmware-update.rst.inc (100%) rename {nitropad => nitropadpc/nitropad}/images/NitroPad-boot-options.jpeg (100%) rename {nitropad => nitropadpc/nitropad}/images/NitroPad-boot-process-bad.jpeg (100%) rename {nitropad => nitropadpc/nitropad}/images/NitroPad-boot-process_0.jpeg (100%) rename {nitropad => nitropadpc/nitropad}/images/NitroPad-confirm-boot-details.jpeg (100%) rename {nitropad => nitropadpc/nitropad}/images/NitroPad-error-mismatch.jpeg (100%) rename {nitropad => nitropadpc/nitropad}/images/Schraube.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/SchraubenmarkierungT430.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/SchraubenmarkierungX230.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/boot-menu.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/change-disk-encryption-passphrase/1.png (100%) rename {nitropad => nitropadpc/nitropad}/images/change-disk-encryption-passphrase/2.png (100%) rename {nitropad => nitropadpc/nitropad}/images/change-disk-encryption-passphrase/3.png (100%) rename {nitropad => nitropadpc/nitropad}/images/change-disk-encryption-passphrase/4.png (100%) rename {nitropad => nitropadpc/nitropad}/images/change-disk-encryption-passphrase/5.png (100%) rename {nitropad => nitropadpc/nitropad}/images/default-boot/1.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/default-boot/2.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/default-boot/3.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/default-boot/4.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset-heads2/admin-pin.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset-heads2/confirm-integrity.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset-heads2/confirm.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset-heads2/default-sec.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset-heads2/options.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset-heads2/otp-sec1.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset-heads2/otp-sec2.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset-heads2/reboot.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset-heads2/reset.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset-heads2/start-menu.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset-heads2/totp.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset-heads2/tpm.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset/1.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset/10.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset/11.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset/2.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset/3.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset/4.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset/5.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset/6.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset/7.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset/8.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/factory-reset/9.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/firmware-update/1.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/firmware-update/2.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/firmware-update/3.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/firmware-update/4.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/firmware-update/5.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/firmware-update/6.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/firmware-update/7.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/firmware-update/8.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/firmware-update/9.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/network-settings/settings_0.png (100%) rename {nitropad => nitropadpc/nitropad}/images/network-settings/settings_1.png (100%) rename {nitropad => nitropadpc/nitropad}/images/network-settings/settings_2.png (100%) rename {nitropad => nitropadpc/nitropad}/images/ns50_sealed.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/nv41_sealed.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/operating-system-update/NitroPad-boot-entry-error.jpeg (100%) rename {nitropad => nitropadpc/nitropad}/images/operating-system-update/NitroPad-confirm-boot-details.jpeg (100%) rename {nitropad => nitropadpc/nitropad}/images/operating-system-update/NitroPad-update-checksum.jpeg (100%) rename {nitropad => nitropadpc/nitropad}/images/options.jpg (100%) rename {nitropad => nitropadpc/nitropad}/images/system-update/1.jpeg (100%) rename {nitropad => nitropadpc/nitropad}/images/system-update/2.jpeg (100%) rename {nitropad => nitropadpc/nitropad}/images/system-update/3.jpeg (100%) rename {nitropad => nitropadpc/nitropad}/images/system-update/4.jpeg (100%) rename {nitropad => nitropadpc/nitropad}/images/system-update/5.jpeg (100%) rename {nitropad => nitropadpc/nitropad}/images/system-update/6.jpeg (100%) rename {nitropad => nitropadpc/nitropad}/index.rst (100%) rename {nitropad => nitropadpc/nitropad}/os-reinstallation.rst.inc (100%) rename {nitropad => nitropadpc/nitropad}/qubes/change-pins.rst (100%) rename {nitropad => nitropadpc/nitropad}/qubes/default-boot.rst (100%) rename {nitropad => nitropadpc/nitropad}/qubes/factory-reset-heads2.rst (100%) rename {nitropad => nitropadpc/nitropad}/qubes/factory-reset.rst (100%) rename {nitropad => nitropadpc/nitropad}/qubes/firmware-update-1.4.rst (100%) rename {pro/mac => nitropadpc/nitropad/qubes}/firmware-update.rst (100%) rename {nitropad => nitropadpc/nitropad}/qubes/images/QubesDiskPassword.jpg (100%) rename {nitropad => nitropadpc/nitropad}/qubes/images/user-password-reset/step-five.jpg (100%) rename {nitropad => nitropadpc/nitropad}/qubes/images/user-password-reset/step-four.jpg (100%) rename {nitropad => nitropadpc/nitropad}/qubes/images/user-password-reset/step-one.jpg (100%) rename {nitropad => nitropadpc/nitropad}/qubes/images/user-password-reset/step-three.jpg (100%) rename {nitropad => nitropadpc/nitropad}/qubes/images/user-password-reset/step-two.jpg (100%) rename {nitropad => nitropadpc/nitropad}/qubes/index.rst (100%) rename {nitropad => nitropadpc/nitropad}/qubes/network-settings.rst (100%) rename {nitropad => nitropadpc/nitropad}/qubes/nitrokey-app.rst (100%) rename {nitropad => nitropadpc/nitropad}/qubes/os-reinstallation.rst (100%) rename {nitropad => nitropadpc/nitropad}/qubes/sealed-hardware.rst (100%) rename {nitropad => nitropadpc/nitropad}/qubes/system-update.rst (100%) rename {nitropad => nitropadpc/nitropad}/qubes/troubleshooting.rst (100%) rename {nitropad => nitropadpc/nitropad}/qubes/user-password-reset.rst (100%) rename {nitropad => nitropadpc/nitropad}/sealed-hardware.rst.inc (100%) rename {nitropad => nitropadpc/nitropad}/system-update.rst.inc (100%) rename {nitropad => nitropadpc/nitropad}/troubleshooting.rst.inc (100%) rename {nitropad => nitropadpc/nitropad}/ubuntu/change-disk-encryption-passphrase.rst (100%) rename {nitropad => nitropadpc/nitropad}/ubuntu/change-pins.rst (100%) rename {nitropad => nitropadpc/nitropad}/ubuntu/default-boot.rst (100%) rename {nitropad => nitropadpc/nitropad}/ubuntu/factory-reset-heads2.rst (100%) rename {nitropad => nitropadpc/nitropad}/ubuntu/factory-reset.rst (100%) rename {nitropad => nitropadpc/nitropad}/ubuntu/firmware-update-1.4.rst (100%) rename {pro/windows => nitropadpc/nitropad/ubuntu}/firmware-update.rst (100%) rename {nitropad => nitropadpc/nitropad}/ubuntu/images/NitroPad-boot-options.jpeg (100%) rename {nitropad => nitropadpc/nitropad}/ubuntu/images/UbuntuDiskPassword.png (100%) rename {nitropad => nitropadpc/nitropad}/ubuntu/index.rst (100%) rename {nitropad => nitropadpc/nitropad}/ubuntu/nitrokey-app.rst (100%) rename {nitropad => nitropadpc/nitropad}/ubuntu/os-reinstallation.rst (100%) rename {nitropad => nitropadpc/nitropad}/ubuntu/sealed-hardware.rst (100%) rename {nitropad => nitropadpc/nitropad}/ubuntu/system-update.rst (100%) rename {nitropad => nitropadpc/nitropad}/ubuntu/troubleshooting.rst (100%) rename {nitropc => nitropadpc/nitropc}/debian/index.rst (100%) rename {nitropc => nitropadpc/nitropc}/debian/os-reinstallation.rst (100%) rename {nitropc => nitropadpc/nitropc}/debian/sealed-hardware.rst (100%) rename {nitropc => nitropadpc/nitropc}/faq.rst (100%) rename {nitropc => nitropadpc/nitropc}/index.rst (100%) rename {nitropc => nitropadpc/nitropc}/os-reinstallation.rst.inc (100%) rename {nitropc => nitropadpc/nitropc}/qubes/gpu-install.rst (100%) rename {nitropc => nitropadpc/nitropc}/qubes/index.rst (100%) rename {nitropc => nitropadpc/nitropc}/qubes/nitrokey-app.rst (100%) rename {nitropc => nitropadpc/nitropc}/qubes/os-reinstallation.rst (100%) rename {nitropc => nitropadpc/nitropc}/qubes/sealed-hardware.rst (100%) rename {nitropc => nitropadpc/nitropc}/sealed-hardware.rst.inc (100%) rename {nitropc => nitropadpc/nitropc}/ubuntu/index.rst (100%) rename {nitropc => nitropadpc/nitropc}/ubuntu/nitrokey-app.rst (100%) rename {nitropc => nitropadpc/nitropc}/ubuntu/os-reinstallation.rst (100%) rename {nitropc => nitropadpc/nitropc}/ubuntu/sealed-hardware.rst (100%) diff --git a/fido2/2fa-nextcloud.rst b/nitrokeys/fido2/2fa-nextcloud.rst similarity index 100% rename from fido2/2fa-nextcloud.rst rename to nitrokeys/fido2/2fa-nextcloud.rst diff --git a/fido2/2fa-odoo.rst.inc b/nitrokeys/fido2/2fa-odoo.rst.inc similarity index 100% rename from fido2/2fa-odoo.rst.inc rename to nitrokeys/fido2/2fa-odoo.rst.inc diff --git a/fido2/faq.rst b/nitrokeys/fido2/faq.rst similarity index 100% rename from fido2/faq.rst rename to nitrokeys/fido2/faq.rst diff --git a/fido2/index.rst b/nitrokeys/fido2/index.rst similarity index 100% rename from fido2/index.rst rename to nitrokeys/fido2/index.rst diff --git a/fido2/linux/2fa-nextcloud.rst b/nitrokeys/fido2/linux/2fa-nextcloud.rst similarity index 100% rename from fido2/linux/2fa-nextcloud.rst rename to nitrokeys/fido2/linux/2fa-nextcloud.rst diff --git a/fido2/linux/2fa-odoo.rst b/nitrokeys/fido2/linux/2fa-odoo.rst similarity index 100% rename from fido2/linux/2fa-odoo.rst rename to nitrokeys/fido2/linux/2fa-odoo.rst diff --git a/fido2/linux/desktop-login.rst b/nitrokeys/fido2/linux/desktop-login.rst similarity index 100% rename from fido2/linux/desktop-login.rst rename to nitrokeys/fido2/linux/desktop-login.rst diff --git a/fido2/linux/firmware-update.rst b/nitrokeys/fido2/linux/firmware-update.rst similarity index 100% rename from fido2/linux/firmware-update.rst rename to nitrokeys/fido2/linux/firmware-update.rst diff --git a/fido2/linux/images/fidou2f-1.png b/nitrokeys/fido2/linux/images/fidou2f-1.png similarity index 100% rename from fido2/linux/images/fidou2f-1.png rename to nitrokeys/fido2/linux/images/fidou2f-1.png diff --git a/fido2/linux/images/fidou2f-2.png b/nitrokeys/fido2/linux/images/fidou2f-2.png similarity index 100% rename from fido2/linux/images/fidou2f-2.png rename to nitrokeys/fido2/linux/images/fidou2f-2.png diff --git a/fido2/linux/images/fidou2f-3.png b/nitrokeys/fido2/linux/images/fidou2f-3.png similarity index 100% rename from fido2/linux/images/fidou2f-3.png rename to nitrokeys/fido2/linux/images/fidou2f-3.png diff --git a/fido2/linux/images/fidou2f-4.png b/nitrokeys/fido2/linux/images/fidou2f-4.png similarity index 100% rename from fido2/linux/images/fidou2f-4.png rename to nitrokeys/fido2/linux/images/fidou2f-4.png diff --git a/fido2/linux/images/fidou2f-5.png b/nitrokeys/fido2/linux/images/fidou2f-5.png similarity index 100% rename from fido2/linux/images/fidou2f-5.png rename to nitrokeys/fido2/linux/images/fidou2f-5.png diff --git a/fido2/linux/images/u2f-fido-pam-2.png b/nitrokeys/fido2/linux/images/u2f-fido-pam-2.png similarity index 100% rename from fido2/linux/images/u2f-fido-pam-2.png rename to nitrokeys/fido2/linux/images/u2f-fido-pam-2.png diff --git a/fido2/linux/index.rst b/nitrokeys/fido2/linux/index.rst similarity index 100% rename from fido2/linux/index.rst rename to nitrokeys/fido2/linux/index.rst diff --git a/fido2/linux/reset.rst b/nitrokeys/fido2/linux/reset.rst similarity index 100% rename from fido2/linux/reset.rst rename to nitrokeys/fido2/linux/reset.rst diff --git a/fido2/mac/2fa-nextcloud.rst b/nitrokeys/fido2/mac/2fa-nextcloud.rst similarity index 100% rename from fido2/mac/2fa-nextcloud.rst rename to nitrokeys/fido2/mac/2fa-nextcloud.rst diff --git a/fido2/mac/2fa-odoo.rst b/nitrokeys/fido2/mac/2fa-odoo.rst similarity index 100% rename from fido2/mac/2fa-odoo.rst rename to nitrokeys/fido2/mac/2fa-odoo.rst diff --git a/fido2/mac/firmware-update.rst b/nitrokeys/fido2/mac/firmware-update.rst similarity index 100% rename from fido2/mac/firmware-update.rst rename to nitrokeys/fido2/mac/firmware-update.rst diff --git a/fido2/mac/index.rst b/nitrokeys/fido2/mac/index.rst similarity index 100% rename from fido2/mac/index.rst rename to nitrokeys/fido2/mac/index.rst diff --git a/fido2/mac/reset.rst b/nitrokeys/fido2/mac/reset.rst similarity index 100% rename from fido2/mac/reset.rst rename to nitrokeys/fido2/mac/reset.rst diff --git a/fido2/shared/firmware-update.rst.inc b/nitrokeys/fido2/shared/firmware-update.rst.inc similarity index 100% rename from fido2/shared/firmware-update.rst.inc rename to nitrokeys/fido2/shared/firmware-update.rst.inc diff --git a/fido2/shared/index-content1.rst.inc b/nitrokeys/fido2/shared/index-content1.rst.inc similarity index 100% rename from fido2/shared/index-content1.rst.inc rename to nitrokeys/fido2/shared/index-content1.rst.inc diff --git a/fido2/shared/index-content2.rst.inc b/nitrokeys/fido2/shared/index-content2.rst.inc similarity index 100% rename from fido2/shared/index-content2.rst.inc rename to nitrokeys/fido2/shared/index-content2.rst.inc diff --git a/fido2/windows/2fa-nextcloud.rst b/nitrokeys/fido2/windows/2fa-nextcloud.rst similarity index 100% rename from fido2/windows/2fa-nextcloud.rst rename to nitrokeys/fido2/windows/2fa-nextcloud.rst diff --git a/fido2/windows/2fa-odoo.rst b/nitrokeys/fido2/windows/2fa-odoo.rst similarity index 100% rename from fido2/windows/2fa-odoo.rst rename to nitrokeys/fido2/windows/2fa-odoo.rst diff --git a/fido2/windows/firmware-update.rst b/nitrokeys/fido2/windows/firmware-update.rst similarity index 100% rename from fido2/windows/firmware-update.rst rename to nitrokeys/fido2/windows/firmware-update.rst diff --git a/fido2/windows/images/enabling-u2f-on-firefox/1.png b/nitrokeys/fido2/windows/images/enabling-u2f-on-firefox/1.png similarity index 100% rename from fido2/windows/images/enabling-u2f-on-firefox/1.png rename to nitrokeys/fido2/windows/images/enabling-u2f-on-firefox/1.png diff --git a/fido2/windows/images/passwordless-microsoft/1.png b/nitrokeys/fido2/windows/images/passwordless-microsoft/1.png similarity index 100% rename from fido2/windows/images/passwordless-microsoft/1.png rename to nitrokeys/fido2/windows/images/passwordless-microsoft/1.png diff --git a/fido2/windows/images/passwordless-microsoft/10.png b/nitrokeys/fido2/windows/images/passwordless-microsoft/10.png similarity index 100% rename from fido2/windows/images/passwordless-microsoft/10.png rename to nitrokeys/fido2/windows/images/passwordless-microsoft/10.png diff --git a/fido2/windows/images/passwordless-microsoft/11.png b/nitrokeys/fido2/windows/images/passwordless-microsoft/11.png similarity index 100% rename from fido2/windows/images/passwordless-microsoft/11.png rename to nitrokeys/fido2/windows/images/passwordless-microsoft/11.png diff --git a/fido2/windows/images/passwordless-microsoft/12.png b/nitrokeys/fido2/windows/images/passwordless-microsoft/12.png similarity index 100% rename from fido2/windows/images/passwordless-microsoft/12.png rename to nitrokeys/fido2/windows/images/passwordless-microsoft/12.png diff --git a/fido2/windows/images/passwordless-microsoft/2.png b/nitrokeys/fido2/windows/images/passwordless-microsoft/2.png similarity index 100% rename from fido2/windows/images/passwordless-microsoft/2.png rename to nitrokeys/fido2/windows/images/passwordless-microsoft/2.png diff --git a/fido2/windows/images/passwordless-microsoft/3.png b/nitrokeys/fido2/windows/images/passwordless-microsoft/3.png similarity index 100% rename from fido2/windows/images/passwordless-microsoft/3.png rename to nitrokeys/fido2/windows/images/passwordless-microsoft/3.png diff --git a/fido2/windows/images/passwordless-microsoft/4.png b/nitrokeys/fido2/windows/images/passwordless-microsoft/4.png similarity index 100% rename from fido2/windows/images/passwordless-microsoft/4.png rename to nitrokeys/fido2/windows/images/passwordless-microsoft/4.png diff --git a/fido2/windows/images/passwordless-microsoft/5.png b/nitrokeys/fido2/windows/images/passwordless-microsoft/5.png similarity index 100% rename from fido2/windows/images/passwordless-microsoft/5.png rename to nitrokeys/fido2/windows/images/passwordless-microsoft/5.png diff --git a/fido2/windows/images/passwordless-microsoft/6.png b/nitrokeys/fido2/windows/images/passwordless-microsoft/6.png similarity index 100% rename from fido2/windows/images/passwordless-microsoft/6.png rename to nitrokeys/fido2/windows/images/passwordless-microsoft/6.png diff --git a/fido2/windows/images/passwordless-microsoft/7.png b/nitrokeys/fido2/windows/images/passwordless-microsoft/7.png similarity index 100% rename from fido2/windows/images/passwordless-microsoft/7.png rename to nitrokeys/fido2/windows/images/passwordless-microsoft/7.png diff --git a/fido2/windows/images/passwordless-microsoft/8.png b/nitrokeys/fido2/windows/images/passwordless-microsoft/8.png similarity index 100% rename from fido2/windows/images/passwordless-microsoft/8.png rename to nitrokeys/fido2/windows/images/passwordless-microsoft/8.png diff --git a/fido2/windows/images/passwordless-microsoft/9.png b/nitrokeys/fido2/windows/images/passwordless-microsoft/9.png similarity index 100% rename from fido2/windows/images/passwordless-microsoft/9.png rename to nitrokeys/fido2/windows/images/passwordless-microsoft/9.png diff --git a/fido2/windows/index.rst b/nitrokeys/fido2/windows/index.rst similarity index 100% rename from fido2/windows/index.rst rename to nitrokeys/fido2/windows/index.rst diff --git a/fido2/windows/passwordless-microsoft.rst b/nitrokeys/fido2/windows/passwordless-microsoft.rst similarity index 100% rename from fido2/windows/passwordless-microsoft.rst rename to nitrokeys/fido2/windows/passwordless-microsoft.rst diff --git a/fido2/windows/reset.rst b/nitrokeys/fido2/windows/reset.rst similarity index 100% rename from fido2/windows/reset.rst rename to nitrokeys/fido2/windows/reset.rst diff --git a/nitrokey3/adsk.rst.inc b/nitrokeys/nitrokey3/adsk.rst.inc similarity index 100% rename from nitrokey3/adsk.rst.inc rename to nitrokeys/nitrokey3/adsk.rst.inc diff --git a/nitrokey3/faq.rst b/nitrokeys/nitrokey3/faq.rst similarity index 100% rename from nitrokey3/faq.rst rename to nitrokeys/nitrokey3/faq.rst diff --git a/nitrokey3/features.rst b/nitrokeys/nitrokey3/features.rst similarity index 100% rename from nitrokey3/features.rst rename to nitrokeys/nitrokey3/features.rst diff --git a/nitrokey3/firmware-update.rst.inc b/nitrokeys/nitrokey3/firmware-update.rst.inc similarity index 100% rename from nitrokey3/firmware-update.rst.inc rename to nitrokeys/nitrokey3/firmware-update.rst.inc diff --git a/nitrokey3/index.rst b/nitrokeys/nitrokey3/index.rst similarity index 100% rename from nitrokey3/index.rst rename to nitrokeys/nitrokey3/index.rst diff --git a/nitrokey3/linux/2fa-odoo.rst b/nitrokeys/nitrokey3/linux/2fa-odoo.rst similarity index 100% rename from nitrokey3/linux/2fa-odoo.rst rename to nitrokeys/nitrokey3/linux/2fa-odoo.rst diff --git a/nitrokey3/linux/adsk.rst b/nitrokeys/nitrokey3/linux/adsk.rst similarity index 100% rename from nitrokey3/linux/adsk.rst rename to nitrokeys/nitrokey3/linux/adsk.rst diff --git a/nitrokey3/linux/desktop-login.rst b/nitrokeys/nitrokey3/linux/desktop-login.rst similarity index 100% rename from nitrokey3/linux/desktop-login.rst rename to nitrokeys/nitrokey3/linux/desktop-login.rst diff --git a/nitrokey3/linux/fedora-gnupg-configuration.rst b/nitrokeys/nitrokey3/linux/fedora-gnupg-configuration.rst similarity index 100% rename from nitrokey3/linux/fedora-gnupg-configuration.rst rename to nitrokeys/nitrokey3/linux/fedora-gnupg-configuration.rst diff --git a/nitrokey3/linux/firmware-update-qubes.rst b/nitrokeys/nitrokey3/linux/firmware-update-qubes.rst similarity index 100% rename from nitrokey3/linux/firmware-update-qubes.rst rename to nitrokeys/nitrokey3/linux/firmware-update-qubes.rst diff --git a/nitrokey3/linux/firmware-update.rst b/nitrokeys/nitrokey3/linux/firmware-update.rst similarity index 100% rename from nitrokey3/linux/firmware-update.rst rename to nitrokeys/nitrokey3/linux/firmware-update.rst diff --git a/nitrokey3/linux/images b/nitrokeys/nitrokey3/linux/images similarity index 100% rename from nitrokey3/linux/images rename to nitrokeys/nitrokey3/linux/images diff --git a/nitrokey3/linux/index.rst b/nitrokeys/nitrokey3/linux/index.rst similarity index 100% rename from nitrokey3/linux/index.rst rename to nitrokeys/nitrokey3/linux/index.rst diff --git a/nitrokey3/linux/keepassxc.rst b/nitrokeys/nitrokey3/linux/keepassxc.rst similarity index 100% rename from nitrokey3/linux/keepassxc.rst rename to nitrokeys/nitrokey3/linux/keepassxc.rst diff --git a/nitrokey3/linux/nitropy.rst b/nitrokeys/nitrokey3/linux/nitropy.rst similarity index 100% rename from nitrokey3/linux/nitropy.rst rename to nitrokeys/nitrokey3/linux/nitropy.rst diff --git a/nitrokey3/linux/openpgp-keygen-backup.rst b/nitrokeys/nitrokey3/linux/openpgp-keygen-backup.rst similarity index 100% rename from nitrokey3/linux/openpgp-keygen-backup.rst rename to nitrokeys/nitrokey3/linux/openpgp-keygen-backup.rst diff --git a/nitrokey3/linux/openpgp-keygen-gpa.rst b/nitrokeys/nitrokey3/linux/openpgp-keygen-gpa.rst similarity index 100% rename from nitrokey3/linux/openpgp-keygen-gpa.rst rename to nitrokeys/nitrokey3/linux/openpgp-keygen-gpa.rst diff --git a/nitrokey3/linux/openpgp-keygen-on-device.rst b/nitrokeys/nitrokey3/linux/openpgp-keygen-on-device.rst similarity index 100% rename from nitrokey3/linux/openpgp-keygen-on-device.rst rename to nitrokeys/nitrokey3/linux/openpgp-keygen-on-device.rst diff --git a/nitrokey3/linux/openpgp-outlook.rst b/nitrokeys/nitrokey3/linux/openpgp-outlook.rst similarity index 100% rename from nitrokey3/linux/openpgp-outlook.rst rename to nitrokeys/nitrokey3/linux/openpgp-outlook.rst diff --git a/nitrokey3/linux/openpgp-thunderbird.rst b/nitrokeys/nitrokey3/linux/openpgp-thunderbird.rst similarity index 100% rename from nitrokey3/linux/openpgp-thunderbird.rst rename to nitrokeys/nitrokey3/linux/openpgp-thunderbird.rst diff --git a/nitrokey3/linux/openpgp-uif.rst b/nitrokeys/nitrokey3/linux/openpgp-uif.rst similarity index 100% rename from nitrokey3/linux/openpgp-uif.rst rename to nitrokeys/nitrokey3/linux/openpgp-uif.rst diff --git a/nitrokey3/linux/openpgp.rst b/nitrokeys/nitrokey3/linux/openpgp.rst similarity index 100% rename from nitrokey3/linux/openpgp.rst rename to nitrokeys/nitrokey3/linux/openpgp.rst diff --git a/nitrokey3/linux/reset.rst b/nitrokeys/nitrokey3/linux/reset.rst similarity index 100% rename from nitrokey3/linux/reset.rst rename to nitrokeys/nitrokey3/linux/reset.rst diff --git a/nitrokey3/linux/set-pins.rst b/nitrokeys/nitrokey3/linux/set-pins.rst similarity index 100% rename from nitrokey3/linux/set-pins.rst rename to nitrokeys/nitrokey3/linux/set-pins.rst diff --git a/nitrokey3/linux/smime-outlook.rst b/nitrokeys/nitrokey3/linux/smime-outlook.rst similarity index 100% rename from nitrokey3/linux/smime-outlook.rst rename to nitrokeys/nitrokey3/linux/smime-outlook.rst diff --git a/nitrokey3/linux/smime-thunderbird.rst b/nitrokeys/nitrokey3/linux/smime-thunderbird.rst similarity index 100% rename from nitrokey3/linux/smime-thunderbird.rst rename to nitrokeys/nitrokey3/linux/smime-thunderbird.rst diff --git a/nitrokey3/linux/smime.rst b/nitrokeys/nitrokey3/linux/smime.rst similarity index 100% rename from nitrokey3/linux/smime.rst rename to nitrokeys/nitrokey3/linux/smime.rst diff --git a/nitrokey3/linux/troubleshooting.rst b/nitrokeys/nitrokey3/linux/troubleshooting.rst similarity index 100% rename from nitrokey3/linux/troubleshooting.rst rename to nitrokeys/nitrokey3/linux/troubleshooting.rst diff --git a/nitrokey3/mac/2fa-odoo.rst b/nitrokeys/nitrokey3/mac/2fa-odoo.rst similarity index 100% rename from nitrokey3/mac/2fa-odoo.rst rename to nitrokeys/nitrokey3/mac/2fa-odoo.rst diff --git a/nitrokey3/mac/adsk.rst b/nitrokeys/nitrokey3/mac/adsk.rst similarity index 100% rename from nitrokey3/mac/adsk.rst rename to nitrokeys/nitrokey3/mac/adsk.rst diff --git a/nitrokey3/mac/firmware-update.rst b/nitrokeys/nitrokey3/mac/firmware-update.rst similarity index 100% rename from nitrokey3/mac/firmware-update.rst rename to nitrokeys/nitrokey3/mac/firmware-update.rst diff --git a/nitrokey3/mac/index.rst b/nitrokeys/nitrokey3/mac/index.rst similarity index 100% rename from nitrokey3/mac/index.rst rename to nitrokeys/nitrokey3/mac/index.rst diff --git a/nitrokey3/mac/keepassxc.rst b/nitrokeys/nitrokey3/mac/keepassxc.rst similarity index 100% rename from nitrokey3/mac/keepassxc.rst rename to nitrokeys/nitrokey3/mac/keepassxc.rst diff --git a/nitrokey3/mac/nitropy.rst b/nitrokeys/nitrokey3/mac/nitropy.rst similarity index 100% rename from nitrokey3/mac/nitropy.rst rename to nitrokeys/nitrokey3/mac/nitropy.rst diff --git a/nitrokey3/mac/openpgp-keygen-backup.rst b/nitrokeys/nitrokey3/mac/openpgp-keygen-backup.rst similarity index 100% rename from nitrokey3/mac/openpgp-keygen-backup.rst rename to nitrokeys/nitrokey3/mac/openpgp-keygen-backup.rst diff --git a/nitrokey3/mac/openpgp-keygen-gpa.rst b/nitrokeys/nitrokey3/mac/openpgp-keygen-gpa.rst similarity index 100% rename from nitrokey3/mac/openpgp-keygen-gpa.rst rename to nitrokeys/nitrokey3/mac/openpgp-keygen-gpa.rst diff --git a/nitrokey3/mac/openpgp-keygen-on-device.rst b/nitrokeys/nitrokey3/mac/openpgp-keygen-on-device.rst similarity index 100% rename from nitrokey3/mac/openpgp-keygen-on-device.rst rename to nitrokeys/nitrokey3/mac/openpgp-keygen-on-device.rst diff --git a/nitrokey3/mac/openpgp-outlook.rst b/nitrokeys/nitrokey3/mac/openpgp-outlook.rst similarity index 100% rename from nitrokey3/mac/openpgp-outlook.rst rename to nitrokeys/nitrokey3/mac/openpgp-outlook.rst diff --git a/nitrokey3/mac/openpgp-thunderbird.rst b/nitrokeys/nitrokey3/mac/openpgp-thunderbird.rst similarity index 100% rename from nitrokey3/mac/openpgp-thunderbird.rst rename to nitrokeys/nitrokey3/mac/openpgp-thunderbird.rst diff --git a/nitrokey3/mac/openpgp-uif.rst b/nitrokeys/nitrokey3/mac/openpgp-uif.rst similarity index 100% rename from nitrokey3/mac/openpgp-uif.rst rename to nitrokeys/nitrokey3/mac/openpgp-uif.rst diff --git a/nitrokey3/mac/openpgp.rst b/nitrokeys/nitrokey3/mac/openpgp.rst similarity index 100% rename from nitrokey3/mac/openpgp.rst rename to nitrokeys/nitrokey3/mac/openpgp.rst diff --git a/nitrokey3/mac/reset.rst b/nitrokeys/nitrokey3/mac/reset.rst similarity index 100% rename from nitrokey3/mac/reset.rst rename to nitrokeys/nitrokey3/mac/reset.rst diff --git a/nitrokey3/mac/set-pins.rst b/nitrokeys/nitrokey3/mac/set-pins.rst similarity index 100% rename from nitrokey3/mac/set-pins.rst rename to nitrokeys/nitrokey3/mac/set-pins.rst diff --git a/nitrokey3/mac/smime-outlook.rst b/nitrokeys/nitrokey3/mac/smime-outlook.rst similarity index 100% rename from nitrokey3/mac/smime-outlook.rst rename to nitrokeys/nitrokey3/mac/smime-outlook.rst diff --git a/nitrokey3/mac/smime-thunderbird.rst b/nitrokeys/nitrokey3/mac/smime-thunderbird.rst similarity index 100% rename from nitrokey3/mac/smime-thunderbird.rst rename to nitrokeys/nitrokey3/mac/smime-thunderbird.rst diff --git a/nitrokey3/mac/smime.rst b/nitrokeys/nitrokey3/mac/smime.rst similarity index 100% rename from nitrokey3/mac/smime.rst rename to nitrokeys/nitrokey3/mac/smime.rst diff --git a/nitrokey3/mac/troubleshooting.rst b/nitrokeys/nitrokey3/mac/troubleshooting.rst similarity index 100% rename from nitrokey3/mac/troubleshooting.rst rename to nitrokeys/nitrokey3/mac/troubleshooting.rst diff --git a/nitrokey3/shared/main.rst b/nitrokeys/nitrokey3/shared/main.rst similarity index 100% rename from nitrokey3/shared/main.rst rename to nitrokeys/nitrokey3/shared/main.rst diff --git a/nitrokey3/shared/nitropy.rst b/nitrokeys/nitrokey3/shared/nitropy.rst similarity index 100% rename from nitrokey3/shared/nitropy.rst rename to nitrokeys/nitrokey3/shared/nitropy.rst diff --git a/nitrokey3/shared/openpgp-uif.rst.inc b/nitrokeys/nitrokey3/shared/openpgp-uif.rst.inc similarity index 100% rename from nitrokey3/shared/openpgp-uif.rst.inc rename to nitrokeys/nitrokey3/shared/openpgp-uif.rst.inc diff --git a/nitrokey3/shared/openpgp.rst.inc b/nitrokeys/nitrokey3/shared/openpgp.rst.inc similarity index 100% rename from nitrokey3/shared/openpgp.rst.inc rename to nitrokeys/nitrokey3/shared/openpgp.rst.inc diff --git a/nitrokey3/shared/reset.rst.inc b/nitrokeys/nitrokey3/shared/reset.rst.inc similarity index 100% rename from nitrokey3/shared/reset.rst.inc rename to nitrokeys/nitrokey3/shared/reset.rst.inc diff --git a/nitrokey3/shared/set-pins.rst.inc b/nitrokeys/nitrokey3/shared/set-pins.rst.inc similarity index 100% rename from nitrokey3/shared/set-pins.rst.inc rename to nitrokeys/nitrokey3/shared/set-pins.rst.inc diff --git a/nitrokey3/troubleshooting.rst.inc b/nitrokeys/nitrokey3/troubleshooting.rst.inc similarity index 100% rename from nitrokey3/troubleshooting.rst.inc rename to nitrokeys/nitrokey3/troubleshooting.rst.inc diff --git a/nitrokey3/windows/2fa-odoo.rst b/nitrokeys/nitrokey3/windows/2fa-odoo.rst similarity index 100% rename from nitrokey3/windows/2fa-odoo.rst rename to nitrokeys/nitrokey3/windows/2fa-odoo.rst diff --git a/nitrokey3/windows/adsk.rst b/nitrokeys/nitrokey3/windows/adsk.rst similarity index 100% rename from nitrokey3/windows/adsk.rst rename to nitrokeys/nitrokey3/windows/adsk.rst diff --git a/nitrokey3/windows/firmware-update.rst b/nitrokeys/nitrokey3/windows/firmware-update.rst similarity index 100% rename from nitrokey3/windows/firmware-update.rst rename to nitrokeys/nitrokey3/windows/firmware-update.rst diff --git a/nitrokey3/windows/images/enabling-u2f-on-firefox b/nitrokeys/nitrokey3/windows/images/enabling-u2f-on-firefox similarity index 100% rename from nitrokey3/windows/images/enabling-u2f-on-firefox rename to nitrokeys/nitrokey3/windows/images/enabling-u2f-on-firefox diff --git a/nitrokey3/windows/images/passwordless-microsoft b/nitrokeys/nitrokey3/windows/images/passwordless-microsoft similarity index 100% rename from nitrokey3/windows/images/passwordless-microsoft rename to nitrokeys/nitrokey3/windows/images/passwordless-microsoft diff --git a/nitrokey3/windows/index.rst b/nitrokeys/nitrokey3/windows/index.rst similarity index 100% rename from nitrokey3/windows/index.rst rename to nitrokeys/nitrokey3/windows/index.rst diff --git a/nitrokey3/windows/keepassxc.rst b/nitrokeys/nitrokey3/windows/keepassxc.rst similarity index 100% rename from nitrokey3/windows/keepassxc.rst rename to nitrokeys/nitrokey3/windows/keepassxc.rst diff --git a/nitrokey3/windows/openpgp-csp.rst b/nitrokeys/nitrokey3/windows/openpgp-csp.rst similarity index 100% rename from nitrokey3/windows/openpgp-csp.rst rename to nitrokeys/nitrokey3/windows/openpgp-csp.rst diff --git a/nitrokey3/windows/openpgp-keygen-backup.rst b/nitrokeys/nitrokey3/windows/openpgp-keygen-backup.rst similarity index 100% rename from nitrokey3/windows/openpgp-keygen-backup.rst rename to nitrokeys/nitrokey3/windows/openpgp-keygen-backup.rst diff --git a/nitrokey3/windows/openpgp-keygen-gpa.rst b/nitrokeys/nitrokey3/windows/openpgp-keygen-gpa.rst similarity index 100% rename from nitrokey3/windows/openpgp-keygen-gpa.rst rename to nitrokeys/nitrokey3/windows/openpgp-keygen-gpa.rst diff --git a/nitrokey3/windows/openpgp-keygen-on-device.rst b/nitrokeys/nitrokey3/windows/openpgp-keygen-on-device.rst similarity index 100% rename from nitrokey3/windows/openpgp-keygen-on-device.rst rename to nitrokeys/nitrokey3/windows/openpgp-keygen-on-device.rst diff --git a/nitrokey3/windows/openpgp-outlook.rst b/nitrokeys/nitrokey3/windows/openpgp-outlook.rst similarity index 100% rename from nitrokey3/windows/openpgp-outlook.rst rename to nitrokeys/nitrokey3/windows/openpgp-outlook.rst diff --git a/nitrokey3/windows/openpgp-thunderbird.rst b/nitrokeys/nitrokey3/windows/openpgp-thunderbird.rst similarity index 100% rename from nitrokey3/windows/openpgp-thunderbird.rst rename to nitrokeys/nitrokey3/windows/openpgp-thunderbird.rst diff --git a/nitrokey3/windows/openpgp-uif.rst b/nitrokeys/nitrokey3/windows/openpgp-uif.rst similarity index 100% rename from nitrokey3/windows/openpgp-uif.rst rename to nitrokeys/nitrokey3/windows/openpgp-uif.rst diff --git a/nitrokey3/windows/openpgp.rst b/nitrokeys/nitrokey3/windows/openpgp.rst similarity index 100% rename from nitrokey3/windows/openpgp.rst rename to nitrokeys/nitrokey3/windows/openpgp.rst diff --git a/nitrokey3/windows/passwordless-microsoft.rst b/nitrokeys/nitrokey3/windows/passwordless-microsoft.rst similarity index 100% rename from nitrokey3/windows/passwordless-microsoft.rst rename to nitrokeys/nitrokey3/windows/passwordless-microsoft.rst diff --git a/nitrokey3/windows/piv/access_control.rst b/nitrokeys/nitrokey3/windows/piv/access_control.rst similarity index 100% rename from nitrokey3/windows/piv/access_control.rst rename to nitrokeys/nitrokey3/windows/piv/access_control.rst diff --git a/nitrokey3/windows/piv/certificate_management.rst b/nitrokeys/nitrokey3/windows/piv/certificate_management.rst similarity index 100% rename from nitrokey3/windows/piv/certificate_management.rst rename to nitrokeys/nitrokey3/windows/piv/certificate_management.rst diff --git a/nitrokey3/windows/piv/factory_reset.rst b/nitrokeys/nitrokey3/windows/piv/factory_reset.rst similarity index 100% rename from nitrokey3/windows/piv/factory_reset.rst rename to nitrokeys/nitrokey3/windows/piv/factory_reset.rst diff --git a/nitrokey3/windows/piv/guides/client_logon_with_active_directory.rst b/nitrokeys/nitrokey3/windows/piv/guides/client_logon_with_active_directory.rst similarity index 100% rename from nitrokey3/windows/piv/guides/client_logon_with_active_directory.rst rename to nitrokeys/nitrokey3/windows/piv/guides/client_logon_with_active_directory.rst diff --git a/nitrokey3/windows/piv/guides/index.rst b/nitrokeys/nitrokey3/windows/piv/guides/index.rst similarity index 100% rename from nitrokey3/windows/piv/guides/index.rst rename to nitrokeys/nitrokey3/windows/piv/guides/index.rst diff --git a/nitrokey3/windows/piv/index.rst b/nitrokeys/nitrokey3/windows/piv/index.rst similarity index 100% rename from nitrokey3/windows/piv/index.rst rename to nitrokeys/nitrokey3/windows/piv/index.rst diff --git a/nitrokey3/windows/piv/key_management.rst b/nitrokeys/nitrokey3/windows/piv/key_management.rst similarity index 100% rename from nitrokey3/windows/piv/key_management.rst rename to nitrokeys/nitrokey3/windows/piv/key_management.rst diff --git a/nitrokey3/windows/reset.rst b/nitrokeys/nitrokey3/windows/reset.rst similarity index 100% rename from nitrokey3/windows/reset.rst rename to nitrokeys/nitrokey3/windows/reset.rst diff --git a/nitrokey3/windows/set-pins.rst b/nitrokeys/nitrokey3/windows/set-pins.rst similarity index 100% rename from nitrokey3/windows/set-pins.rst rename to nitrokeys/nitrokey3/windows/set-pins.rst diff --git a/nitrokey3/windows/smime-outlook.rst b/nitrokeys/nitrokey3/windows/smime-outlook.rst similarity index 100% rename from nitrokey3/windows/smime-outlook.rst rename to nitrokeys/nitrokey3/windows/smime-outlook.rst diff --git a/nitrokey3/windows/smime-thunderbird.rst b/nitrokeys/nitrokey3/windows/smime-thunderbird.rst similarity index 100% rename from nitrokey3/windows/smime-thunderbird.rst rename to nitrokeys/nitrokey3/windows/smime-thunderbird.rst diff --git a/nitrokey3/windows/smime.rst b/nitrokeys/nitrokey3/windows/smime.rst similarity index 100% rename from nitrokey3/windows/smime.rst rename to nitrokeys/nitrokey3/windows/smime.rst diff --git a/nitrokey3/windows/troubleshooting.rst b/nitrokeys/nitrokey3/windows/troubleshooting.rst similarity index 100% rename from nitrokey3/windows/troubleshooting.rst rename to nitrokeys/nitrokey3/windows/troubleshooting.rst diff --git a/nkpk/index.rst b/nitrokeys/nkpk/index.rst similarity index 100% rename from nkpk/index.rst rename to nitrokeys/nkpk/index.rst diff --git a/pro/2fa-google.rst.inc b/nitrokeys/pro/2fa-google.rst.inc similarity index 100% rename from pro/2fa-google.rst.inc rename to nitrokeys/pro/2fa-google.rst.inc diff --git a/pro/2fa-nextcloud.rst.inc b/nitrokeys/pro/2fa-nextcloud.rst.inc similarity index 100% rename from pro/2fa-nextcloud.rst.inc rename to nitrokeys/pro/2fa-nextcloud.rst.inc diff --git a/pro/2fa-odoo.rst.inc b/nitrokeys/pro/2fa-odoo.rst.inc similarity index 100% rename from pro/2fa-odoo.rst.inc rename to nitrokeys/pro/2fa-odoo.rst.inc diff --git a/pro/change-pins.rst.inc b/nitrokeys/pro/change-pins.rst.inc similarity index 100% rename from pro/change-pins.rst.inc rename to nitrokeys/pro/change-pins.rst.inc diff --git a/pro/ecc.rst.inc b/nitrokeys/pro/ecc.rst.inc similarity index 100% rename from pro/ecc.rst.inc rename to nitrokeys/pro/ecc.rst.inc diff --git a/pro/eidauthenticate.rst.inc b/nitrokeys/pro/eidauthenticate.rst.inc similarity index 100% rename from pro/eidauthenticate.rst.inc rename to nitrokeys/pro/eidauthenticate.rst.inc diff --git a/pro/factory-reset.rst.inc b/nitrokeys/pro/factory-reset.rst.inc similarity index 100% rename from pro/factory-reset.rst.inc rename to nitrokeys/pro/factory-reset.rst.inc diff --git a/pro/faq.rst b/nitrokeys/pro/faq.rst similarity index 100% rename from pro/faq.rst rename to nitrokeys/pro/faq.rst diff --git a/pro/firmware-update.rst.inc b/nitrokeys/pro/firmware-update.rst.inc similarity index 100% rename from pro/firmware-update.rst.inc rename to nitrokeys/pro/firmware-update.rst.inc diff --git a/pro/gpa.rst b/nitrokeys/pro/gpa.rst similarity index 100% rename from pro/gpa.rst rename to nitrokeys/pro/gpa.rst diff --git a/pro/hard-disk-encryption.rst.inc b/nitrokeys/pro/hard-disk-encryption.rst.inc similarity index 100% rename from pro/hard-disk-encryption.rst.inc rename to nitrokeys/pro/hard-disk-encryption.rst.inc diff --git a/pro/images/2fa-nextcloud/1.png b/nitrokeys/pro/images/2fa-nextcloud/1.png similarity index 100% rename from pro/images/2fa-nextcloud/1.png rename to nitrokeys/pro/images/2fa-nextcloud/1.png diff --git a/pro/images/2fa-nextcloud/2.png b/nitrokeys/pro/images/2fa-nextcloud/2.png similarity index 100% rename from pro/images/2fa-nextcloud/2.png rename to nitrokeys/pro/images/2fa-nextcloud/2.png diff --git a/pro/images/2fa-nextcloud/3.png b/nitrokeys/pro/images/2fa-nextcloud/3.png similarity index 100% rename from pro/images/2fa-nextcloud/3.png rename to nitrokeys/pro/images/2fa-nextcloud/3.png diff --git a/pro/images/2fa-nextcloud/4.png b/nitrokeys/pro/images/2fa-nextcloud/4.png similarity index 100% rename from pro/images/2fa-nextcloud/4.png rename to nitrokeys/pro/images/2fa-nextcloud/4.png diff --git a/pro/images/2fa-nextcloud/5.png b/nitrokeys/pro/images/2fa-nextcloud/5.png similarity index 100% rename from pro/images/2fa-nextcloud/5.png rename to nitrokeys/pro/images/2fa-nextcloud/5.png diff --git a/pro/images/2fa-nextcloud/6.png b/nitrokeys/pro/images/2fa-nextcloud/6.png similarity index 100% rename from pro/images/2fa-nextcloud/6.png rename to nitrokeys/pro/images/2fa-nextcloud/6.png diff --git a/pro/images/2fa-nextcloud/7.png b/nitrokeys/pro/images/2fa-nextcloud/7.png similarity index 100% rename from pro/images/2fa-nextcloud/7.png rename to nitrokeys/pro/images/2fa-nextcloud/7.png diff --git a/pro/images/2fa-nextcloud/8.png b/nitrokeys/pro/images/2fa-nextcloud/8.png similarity index 100% rename from pro/images/2fa-nextcloud/8.png rename to nitrokeys/pro/images/2fa-nextcloud/8.png diff --git a/pro/images/2fa-nextcloud/9.png b/nitrokeys/pro/images/2fa-nextcloud/9.png similarity index 100% rename from pro/images/2fa-nextcloud/9.png rename to nitrokeys/pro/images/2fa-nextcloud/9.png diff --git a/pro/images/change-pins/1.png b/nitrokeys/pro/images/change-pins/1.png similarity index 100% rename from pro/images/change-pins/1.png rename to nitrokeys/pro/images/change-pins/1.png diff --git a/pro/images/change-pins/2.png b/nitrokeys/pro/images/change-pins/2.png similarity index 100% rename from pro/images/change-pins/2.png rename to nitrokeys/pro/images/change-pins/2.png diff --git a/pro/images/change-pins/3.png b/nitrokeys/pro/images/change-pins/3.png similarity index 100% rename from pro/images/change-pins/3.png rename to nitrokeys/pro/images/change-pins/3.png diff --git a/pro/images/change-pins/4.png b/nitrokeys/pro/images/change-pins/4.png similarity index 100% rename from pro/images/change-pins/4.png rename to nitrokeys/pro/images/change-pins/4.png diff --git a/pro/images/eidauthenticate/1.png b/nitrokeys/pro/images/eidauthenticate/1.png similarity index 100% rename from pro/images/eidauthenticate/1.png rename to nitrokeys/pro/images/eidauthenticate/1.png diff --git a/pro/images/eidauthenticate/2.png b/nitrokeys/pro/images/eidauthenticate/2.png similarity index 100% rename from pro/images/eidauthenticate/2.png rename to nitrokeys/pro/images/eidauthenticate/2.png diff --git a/pro/images/eidauthenticate/3.png b/nitrokeys/pro/images/eidauthenticate/3.png similarity index 100% rename from pro/images/eidauthenticate/3.png rename to nitrokeys/pro/images/eidauthenticate/3.png diff --git a/pro/images/eidauthenticate/4.png b/nitrokeys/pro/images/eidauthenticate/4.png similarity index 100% rename from pro/images/eidauthenticate/4.png rename to nitrokeys/pro/images/eidauthenticate/4.png diff --git a/pro/images/eidauthenticate/5.png b/nitrokeys/pro/images/eidauthenticate/5.png similarity index 100% rename from pro/images/eidauthenticate/5.png rename to nitrokeys/pro/images/eidauthenticate/5.png diff --git a/pro/images/eidauthenticate/6.png b/nitrokeys/pro/images/eidauthenticate/6.png similarity index 100% rename from pro/images/eidauthenticate/6.png rename to nitrokeys/pro/images/eidauthenticate/6.png diff --git a/pro/images/eidauthenticate/7.png b/nitrokeys/pro/images/eidauthenticate/7.png similarity index 100% rename from pro/images/eidauthenticate/7.png rename to nitrokeys/pro/images/eidauthenticate/7.png diff --git a/pro/images/eidauthenticate/8.png b/nitrokeys/pro/images/eidauthenticate/8.png similarity index 100% rename from pro/images/eidauthenticate/8.png rename to nitrokeys/pro/images/eidauthenticate/8.png diff --git a/pro/images/eidauthenticate/9.png b/nitrokeys/pro/images/eidauthenticate/9.png similarity index 100% rename from pro/images/eidauthenticate/9.png rename to nitrokeys/pro/images/eidauthenticate/9.png diff --git a/pro/images/gpa/1.png b/nitrokeys/pro/images/gpa/1.png similarity index 100% rename from pro/images/gpa/1.png rename to nitrokeys/pro/images/gpa/1.png diff --git a/pro/images/gpa/2.png b/nitrokeys/pro/images/gpa/2.png similarity index 100% rename from pro/images/gpa/2.png rename to nitrokeys/pro/images/gpa/2.png diff --git a/pro/images/gpa/3.png b/nitrokeys/pro/images/gpa/3.png similarity index 100% rename from pro/images/gpa/3.png rename to nitrokeys/pro/images/gpa/3.png diff --git a/pro/images/gpa/4.png b/nitrokeys/pro/images/gpa/4.png similarity index 100% rename from pro/images/gpa/4.png rename to nitrokeys/pro/images/gpa/4.png diff --git a/pro/images/gpa/5.png b/nitrokeys/pro/images/gpa/5.png similarity index 100% rename from pro/images/gpa/5.png rename to nitrokeys/pro/images/gpa/5.png diff --git a/pro/images/gpa/6.png b/nitrokeys/pro/images/gpa/6.png similarity index 100% rename from pro/images/gpa/6.png rename to nitrokeys/pro/images/gpa/6.png diff --git a/pro/images/gpa/7.png b/nitrokeys/pro/images/gpa/7.png similarity index 100% rename from pro/images/gpa/7.png rename to nitrokeys/pro/images/gpa/7.png diff --git a/pro/images/gpa/8.png b/nitrokeys/pro/images/gpa/8.png similarity index 100% rename from pro/images/gpa/8.png rename to nitrokeys/pro/images/gpa/8.png diff --git a/pro/images/gpa/9.png b/nitrokeys/pro/images/gpa/9.png similarity index 100% rename from pro/images/gpa/9.png rename to nitrokeys/pro/images/gpa/9.png diff --git a/pro/images/openpgp-keygen-gpa/1.png b/nitrokeys/pro/images/openpgp-keygen-gpa/1.png similarity index 100% rename from pro/images/openpgp-keygen-gpa/1.png rename to nitrokeys/pro/images/openpgp-keygen-gpa/1.png diff --git a/pro/images/openpgp-keygen-gpa/2.png b/nitrokeys/pro/images/openpgp-keygen-gpa/2.png similarity index 100% rename from pro/images/openpgp-keygen-gpa/2.png rename to nitrokeys/pro/images/openpgp-keygen-gpa/2.png diff --git a/pro/images/openpgp-keygen-gpa/3.png b/nitrokeys/pro/images/openpgp-keygen-gpa/3.png similarity index 100% rename from pro/images/openpgp-keygen-gpa/3.png rename to nitrokeys/pro/images/openpgp-keygen-gpa/3.png diff --git a/pro/images/openpgp-keygen-gpa/4.png b/nitrokeys/pro/images/openpgp-keygen-gpa/4.png similarity index 100% rename from pro/images/openpgp-keygen-gpa/4.png rename to nitrokeys/pro/images/openpgp-keygen-gpa/4.png diff --git a/pro/images/openpgp-keygen-gpa/5.png b/nitrokeys/pro/images/openpgp-keygen-gpa/5.png similarity index 100% rename from pro/images/openpgp-keygen-gpa/5.png rename to nitrokeys/pro/images/openpgp-keygen-gpa/5.png diff --git a/pro/images/openpgp-keygen-gpa/6.png b/nitrokeys/pro/images/openpgp-keygen-gpa/6.png similarity index 100% rename from pro/images/openpgp-keygen-gpa/6.png rename to nitrokeys/pro/images/openpgp-keygen-gpa/6.png diff --git a/pro/images/openpgp-keygen-gpa/7.png b/nitrokeys/pro/images/openpgp-keygen-gpa/7.png similarity index 100% rename from pro/images/openpgp-keygen-gpa/7.png rename to nitrokeys/pro/images/openpgp-keygen-gpa/7.png diff --git a/pro/images/openpgp-thunderbird/1.png b/nitrokeys/pro/images/openpgp-thunderbird/1.png similarity index 100% rename from pro/images/openpgp-thunderbird/1.png rename to nitrokeys/pro/images/openpgp-thunderbird/1.png diff --git a/pro/images/openpgp-thunderbird/10.png b/nitrokeys/pro/images/openpgp-thunderbird/10.png similarity index 100% rename from pro/images/openpgp-thunderbird/10.png rename to nitrokeys/pro/images/openpgp-thunderbird/10.png diff --git a/pro/images/openpgp-thunderbird/11.png b/nitrokeys/pro/images/openpgp-thunderbird/11.png similarity index 100% rename from pro/images/openpgp-thunderbird/11.png rename to nitrokeys/pro/images/openpgp-thunderbird/11.png diff --git a/pro/images/openpgp-thunderbird/12.png b/nitrokeys/pro/images/openpgp-thunderbird/12.png similarity index 100% rename from pro/images/openpgp-thunderbird/12.png rename to nitrokeys/pro/images/openpgp-thunderbird/12.png diff --git a/pro/images/openpgp-thunderbird/13.png b/nitrokeys/pro/images/openpgp-thunderbird/13.png similarity index 100% rename from pro/images/openpgp-thunderbird/13.png rename to nitrokeys/pro/images/openpgp-thunderbird/13.png diff --git a/pro/images/openpgp-thunderbird/14.png b/nitrokeys/pro/images/openpgp-thunderbird/14.png similarity index 100% rename from pro/images/openpgp-thunderbird/14.png rename to nitrokeys/pro/images/openpgp-thunderbird/14.png diff --git a/pro/images/openpgp-thunderbird/2.png b/nitrokeys/pro/images/openpgp-thunderbird/2.png similarity index 100% rename from pro/images/openpgp-thunderbird/2.png rename to nitrokeys/pro/images/openpgp-thunderbird/2.png diff --git a/pro/images/openpgp-thunderbird/3.png b/nitrokeys/pro/images/openpgp-thunderbird/3.png similarity index 100% rename from pro/images/openpgp-thunderbird/3.png rename to nitrokeys/pro/images/openpgp-thunderbird/3.png diff --git a/pro/images/openpgp-thunderbird/4.png b/nitrokeys/pro/images/openpgp-thunderbird/4.png similarity index 100% rename from pro/images/openpgp-thunderbird/4.png rename to nitrokeys/pro/images/openpgp-thunderbird/4.png diff --git a/pro/images/openpgp-thunderbird/5.png b/nitrokeys/pro/images/openpgp-thunderbird/5.png similarity index 100% rename from pro/images/openpgp-thunderbird/5.png rename to nitrokeys/pro/images/openpgp-thunderbird/5.png diff --git a/pro/images/openpgp-thunderbird/6.png b/nitrokeys/pro/images/openpgp-thunderbird/6.png similarity index 100% rename from pro/images/openpgp-thunderbird/6.png rename to nitrokeys/pro/images/openpgp-thunderbird/6.png diff --git a/pro/images/openpgp-thunderbird/7.png b/nitrokeys/pro/images/openpgp-thunderbird/7.png similarity index 100% rename from pro/images/openpgp-thunderbird/7.png rename to nitrokeys/pro/images/openpgp-thunderbird/7.png diff --git a/pro/images/openpgp-thunderbird/8.png b/nitrokeys/pro/images/openpgp-thunderbird/8.png similarity index 100% rename from pro/images/openpgp-thunderbird/8.png rename to nitrokeys/pro/images/openpgp-thunderbird/8.png diff --git a/pro/images/openpgp-thunderbird/9.png b/nitrokeys/pro/images/openpgp-thunderbird/9.png similarity index 100% rename from pro/images/openpgp-thunderbird/9.png rename to nitrokeys/pro/images/openpgp-thunderbird/9.png diff --git a/pro/images/otp/1.png b/nitrokeys/pro/images/otp/1.png similarity index 100% rename from pro/images/otp/1.png rename to nitrokeys/pro/images/otp/1.png diff --git a/pro/images/otp/2.png b/nitrokeys/pro/images/otp/2.png similarity index 100% rename from pro/images/otp/2.png rename to nitrokeys/pro/images/otp/2.png diff --git a/pro/images/otp/3.png b/nitrokeys/pro/images/otp/3.png similarity index 100% rename from pro/images/otp/3.png rename to nitrokeys/pro/images/otp/3.png diff --git a/pro/images/otp/4.png b/nitrokeys/pro/images/otp/4.png similarity index 100% rename from pro/images/otp/4.png rename to nitrokeys/pro/images/otp/4.png diff --git a/pro/images/otp/5.png b/nitrokeys/pro/images/otp/5.png similarity index 100% rename from pro/images/otp/5.png rename to nitrokeys/pro/images/otp/5.png diff --git a/pro/images/otp/6.png b/nitrokeys/pro/images/otp/6.png similarity index 100% rename from pro/images/otp/6.png rename to nitrokeys/pro/images/otp/6.png diff --git a/pro/images/otp/7.png b/nitrokeys/pro/images/otp/7.png similarity index 100% rename from pro/images/otp/7.png rename to nitrokeys/pro/images/otp/7.png diff --git a/pro/images/otp/8.png b/nitrokeys/pro/images/otp/8.png similarity index 100% rename from pro/images/otp/8.png rename to nitrokeys/pro/images/otp/8.png diff --git a/pro/images/putty/1.png b/nitrokeys/pro/images/putty/1.png similarity index 100% rename from pro/images/putty/1.png rename to nitrokeys/pro/images/putty/1.png diff --git a/pro/images/putty/2.png b/nitrokeys/pro/images/putty/2.png similarity index 100% rename from pro/images/putty/2.png rename to nitrokeys/pro/images/putty/2.png diff --git a/pro/images/putty/3.png b/nitrokeys/pro/images/putty/3.png similarity index 100% rename from pro/images/putty/3.png rename to nitrokeys/pro/images/putty/3.png diff --git a/pro/images/putty/4.png b/nitrokeys/pro/images/putty/4.png similarity index 100% rename from pro/images/putty/4.png rename to nitrokeys/pro/images/putty/4.png diff --git a/pro/images/putty/5.png b/nitrokeys/pro/images/putty/5.png similarity index 100% rename from pro/images/putty/5.png rename to nitrokeys/pro/images/putty/5.png diff --git a/pro/images/putty/6.png b/nitrokeys/pro/images/putty/6.png similarity index 100% rename from pro/images/putty/6.png rename to nitrokeys/pro/images/putty/6.png diff --git a/pro/images/putty/7.png b/nitrokeys/pro/images/putty/7.png similarity index 100% rename from pro/images/putty/7.png rename to nitrokeys/pro/images/putty/7.png diff --git a/pro/images/smart-policy/1.png b/nitrokeys/pro/images/smart-policy/1.png similarity index 100% rename from pro/images/smart-policy/1.png rename to nitrokeys/pro/images/smart-policy/1.png diff --git a/pro/images/smart-policy/2.png b/nitrokeys/pro/images/smart-policy/2.png similarity index 100% rename from pro/images/smart-policy/2.png rename to nitrokeys/pro/images/smart-policy/2.png diff --git a/pro/images/smart-policy/3.png b/nitrokeys/pro/images/smart-policy/3.png similarity index 100% rename from pro/images/smart-policy/3.png rename to nitrokeys/pro/images/smart-policy/3.png diff --git a/pro/images/smart-policy/4.png b/nitrokeys/pro/images/smart-policy/4.png similarity index 100% rename from pro/images/smart-policy/4.png rename to nitrokeys/pro/images/smart-policy/4.png diff --git a/pro/images/smart-policy/5.png b/nitrokeys/pro/images/smart-policy/5.png similarity index 100% rename from pro/images/smart-policy/5.png rename to nitrokeys/pro/images/smart-policy/5.png diff --git a/pro/images/smart-policy/6.png b/nitrokeys/pro/images/smart-policy/6.png similarity index 100% rename from pro/images/smart-policy/6.png rename to nitrokeys/pro/images/smart-policy/6.png diff --git a/pro/images/smime-outlook/1.png b/nitrokeys/pro/images/smime-outlook/1.png similarity index 100% rename from pro/images/smime-outlook/1.png rename to nitrokeys/pro/images/smime-outlook/1.png diff --git a/pro/images/smime-outlook/2.png b/nitrokeys/pro/images/smime-outlook/2.png similarity index 100% rename from pro/images/smime-outlook/2.png rename to nitrokeys/pro/images/smime-outlook/2.png diff --git a/pro/images/smime-outlook/3.png b/nitrokeys/pro/images/smime-outlook/3.png similarity index 100% rename from pro/images/smime-outlook/3.png rename to nitrokeys/pro/images/smime-outlook/3.png diff --git a/pro/images/smime-thunderbird/1.png b/nitrokeys/pro/images/smime-thunderbird/1.png similarity index 100% rename from pro/images/smime-thunderbird/1.png rename to nitrokeys/pro/images/smime-thunderbird/1.png diff --git a/pro/images/smime-thunderbird/2.png b/nitrokeys/pro/images/smime-thunderbird/2.png similarity index 100% rename from pro/images/smime-thunderbird/2.png rename to nitrokeys/pro/images/smime-thunderbird/2.png diff --git a/pro/images/smime-thunderbird/3.png b/nitrokeys/pro/images/smime-thunderbird/3.png similarity index 100% rename from pro/images/smime-thunderbird/3.png rename to nitrokeys/pro/images/smime-thunderbird/3.png diff --git a/pro/images/smime-thunderbird/4.png b/nitrokeys/pro/images/smime-thunderbird/4.png similarity index 100% rename from pro/images/smime-thunderbird/4.png rename to nitrokeys/pro/images/smime-thunderbird/4.png diff --git a/pro/images/smime/1.png b/nitrokeys/pro/images/smime/1.png similarity index 100% rename from pro/images/smime/1.png rename to nitrokeys/pro/images/smime/1.png diff --git a/pro/index.rst b/nitrokeys/pro/index.rst similarity index 100% rename from pro/index.rst rename to nitrokeys/pro/index.rst diff --git a/pro/linux/2fa-google.rst b/nitrokeys/pro/linux/2fa-google.rst similarity index 100% rename from pro/linux/2fa-google.rst rename to nitrokeys/pro/linux/2fa-google.rst diff --git a/pro/linux/2fa-nextcloud.rst b/nitrokeys/pro/linux/2fa-nextcloud.rst similarity index 100% rename from pro/linux/2fa-nextcloud.rst rename to nitrokeys/pro/linux/2fa-nextcloud.rst diff --git a/pro/linux/2fa-odoo.rst b/nitrokeys/pro/linux/2fa-odoo.rst similarity index 100% rename from pro/linux/2fa-odoo.rst rename to nitrokeys/pro/linux/2fa-odoo.rst diff --git a/pro/linux/automatic-screen-lock.rst b/nitrokeys/pro/linux/automatic-screen-lock.rst similarity index 100% rename from pro/linux/automatic-screen-lock.rst rename to nitrokeys/pro/linux/automatic-screen-lock.rst diff --git a/pro/linux/certificate-authority.rst b/nitrokeys/pro/linux/certificate-authority.rst similarity index 100% rename from pro/linux/certificate-authority.rst rename to nitrokeys/pro/linux/certificate-authority.rst diff --git a/pro/linux/change-pins.rst b/nitrokeys/pro/linux/change-pins.rst similarity index 100% rename from pro/linux/change-pins.rst rename to nitrokeys/pro/linux/change-pins.rst diff --git a/pro/linux/disk-encryption-luks.rst b/nitrokeys/pro/linux/disk-encryption-luks.rst similarity index 100% rename from pro/linux/disk-encryption-luks.rst rename to nitrokeys/pro/linux/disk-encryption-luks.rst diff --git a/pro/linux/ecc.rst b/nitrokeys/pro/linux/ecc.rst similarity index 100% rename from pro/linux/ecc.rst rename to nitrokeys/pro/linux/ecc.rst diff --git a/pro/linux/factory-reset.rst b/nitrokeys/pro/linux/factory-reset.rst similarity index 100% rename from pro/linux/factory-reset.rst rename to nitrokeys/pro/linux/factory-reset.rst diff --git a/pro/linux/firmware-update.rst b/nitrokeys/pro/linux/firmware-update.rst similarity index 100% rename from pro/linux/firmware-update.rst rename to nitrokeys/pro/linux/firmware-update.rst diff --git a/pro/linux/gpa.rst b/nitrokeys/pro/linux/gpa.rst similarity index 100% rename from pro/linux/gpa.rst rename to nitrokeys/pro/linux/gpa.rst diff --git a/pro/linux/hard-disk-encryption.rst b/nitrokeys/pro/linux/hard-disk-encryption.rst similarity index 100% rename from pro/linux/hard-disk-encryption.rst rename to nitrokeys/pro/linux/hard-disk-encryption.rst diff --git a/pro/linux/images/App-change-pin.png b/nitrokeys/pro/linux/images/App-change-pin.png similarity index 100% rename from pro/linux/images/App-change-pin.png rename to nitrokeys/pro/linux/images/App-change-pin.png diff --git a/pro/linux/images/luks_1.png b/nitrokeys/pro/linux/images/luks_1.png similarity index 100% rename from pro/linux/images/luks_1.png rename to nitrokeys/pro/linux/images/luks_1.png diff --git a/pro/linux/images/luks_2.png b/nitrokeys/pro/linux/images/luks_2.png similarity index 100% rename from pro/linux/images/luks_2.png rename to nitrokeys/pro/linux/images/luks_2.png diff --git a/pro/linux/images/luks_3.png b/nitrokeys/pro/linux/images/luks_3.png similarity index 100% rename from pro/linux/images/luks_3.png rename to nitrokeys/pro/linux/images/luks_3.png diff --git a/pro/linux/images/luks_5.png b/nitrokeys/pro/linux/images/luks_5.png similarity index 100% rename from pro/linux/images/luks_5.png rename to nitrokeys/pro/linux/images/luks_5.png diff --git a/pro/linux/images/luks_6.png b/nitrokeys/pro/linux/images/luks_6.png similarity index 100% rename from pro/linux/images/luks_6.png rename to nitrokeys/pro/linux/images/luks_6.png diff --git a/pro/linux/images/luks_7.png b/nitrokeys/pro/linux/images/luks_7.png similarity index 100% rename from pro/linux/images/luks_7.png rename to nitrokeys/pro/linux/images/luks_7.png diff --git a/pro/linux/index.rst b/nitrokeys/pro/linux/index.rst similarity index 100% rename from pro/linux/index.rst rename to nitrokeys/pro/linux/index.rst diff --git a/pro/linux/ipsec.rst b/nitrokeys/pro/linux/ipsec.rst similarity index 100% rename from pro/linux/ipsec.rst rename to nitrokeys/pro/linux/ipsec.rst diff --git a/pro/linux/login-with-pam.rst b/nitrokeys/pro/linux/login-with-pam.rst similarity index 100% rename from pro/linux/login-with-pam.rst rename to nitrokeys/pro/linux/login-with-pam.rst diff --git a/pro/linux/openpgp-keygen-backup.rst b/nitrokeys/pro/linux/openpgp-keygen-backup.rst similarity index 100% rename from pro/linux/openpgp-keygen-backup.rst rename to nitrokeys/pro/linux/openpgp-keygen-backup.rst diff --git a/pro/linux/openpgp-keygen-gpa.rst b/nitrokeys/pro/linux/openpgp-keygen-gpa.rst similarity index 100% rename from pro/linux/openpgp-keygen-gpa.rst rename to nitrokeys/pro/linux/openpgp-keygen-gpa.rst diff --git a/pro/linux/openpgp-keygen-on-device.rst b/nitrokeys/pro/linux/openpgp-keygen-on-device.rst similarity index 100% rename from pro/linux/openpgp-keygen-on-device.rst rename to nitrokeys/pro/linux/openpgp-keygen-on-device.rst diff --git a/pro/linux/openpgp-outlook.rst b/nitrokeys/pro/linux/openpgp-outlook.rst similarity index 100% rename from pro/linux/openpgp-outlook.rst rename to nitrokeys/pro/linux/openpgp-outlook.rst diff --git a/pro/linux/openpgp-thunderbird.rst b/nitrokeys/pro/linux/openpgp-thunderbird.rst similarity index 100% rename from pro/linux/openpgp-thunderbird.rst rename to nitrokeys/pro/linux/openpgp-thunderbird.rst diff --git a/pro/linux/openpgp.rst b/nitrokeys/pro/linux/openpgp.rst similarity index 100% rename from pro/linux/openpgp.rst rename to nitrokeys/pro/linux/openpgp.rst diff --git a/pro/linux/openvpn-easyrsa.rst b/nitrokeys/pro/linux/openvpn-easyrsa.rst similarity index 100% rename from pro/linux/openvpn-easyrsa.rst rename to nitrokeys/pro/linux/openvpn-easyrsa.rst diff --git a/pro/linux/otp.rst b/nitrokeys/pro/linux/otp.rst similarity index 100% rename from pro/linux/otp.rst rename to nitrokeys/pro/linux/otp.rst diff --git a/pro/linux/smime-outlook.rst b/nitrokeys/pro/linux/smime-outlook.rst similarity index 100% rename from pro/linux/smime-outlook.rst rename to nitrokeys/pro/linux/smime-outlook.rst diff --git a/pro/linux/smime-thunderbird.rst b/nitrokeys/pro/linux/smime-thunderbird.rst similarity index 100% rename from pro/linux/smime-thunderbird.rst rename to nitrokeys/pro/linux/smime-thunderbird.rst diff --git a/pro/linux/smime.rst b/nitrokeys/pro/linux/smime.rst similarity index 100% rename from pro/linux/smime.rst rename to nitrokeys/pro/linux/smime.rst diff --git a/pro/linux/ssh.rst b/nitrokeys/pro/linux/ssh.rst similarity index 100% rename from pro/linux/ssh.rst rename to nitrokeys/pro/linux/ssh.rst diff --git a/pro/linux/stunnel.rst b/nitrokeys/pro/linux/stunnel.rst similarity index 100% rename from pro/linux/stunnel.rst rename to nitrokeys/pro/linux/stunnel.rst diff --git a/pro/login-with-pam.rst.inc b/nitrokeys/pro/login-with-pam.rst.inc similarity index 100% rename from pro/login-with-pam.rst.inc rename to nitrokeys/pro/login-with-pam.rst.inc diff --git a/pro/mac/2fa-google.rst b/nitrokeys/pro/mac/2fa-google.rst similarity index 100% rename from pro/mac/2fa-google.rst rename to nitrokeys/pro/mac/2fa-google.rst diff --git a/pro/mac/2fa-nextcloud.rst b/nitrokeys/pro/mac/2fa-nextcloud.rst similarity index 100% rename from pro/mac/2fa-nextcloud.rst rename to nitrokeys/pro/mac/2fa-nextcloud.rst diff --git a/pro/mac/2fa-odoo.rst b/nitrokeys/pro/mac/2fa-odoo.rst similarity index 100% rename from pro/mac/2fa-odoo.rst rename to nitrokeys/pro/mac/2fa-odoo.rst diff --git a/pro/mac/change-pins.rst b/nitrokeys/pro/mac/change-pins.rst similarity index 100% rename from pro/mac/change-pins.rst rename to nitrokeys/pro/mac/change-pins.rst diff --git a/pro/mac/ecc.rst b/nitrokeys/pro/mac/ecc.rst similarity index 100% rename from pro/mac/ecc.rst rename to nitrokeys/pro/mac/ecc.rst diff --git a/pro/mac/factory-reset.rst b/nitrokeys/pro/mac/factory-reset.rst similarity index 100% rename from pro/mac/factory-reset.rst rename to nitrokeys/pro/mac/factory-reset.rst diff --git a/nitropad/qubes/firmware-update.rst b/nitrokeys/pro/mac/firmware-update.rst similarity index 100% rename from nitropad/qubes/firmware-update.rst rename to nitrokeys/pro/mac/firmware-update.rst diff --git a/pro/mac/gpa.rst b/nitrokeys/pro/mac/gpa.rst similarity index 100% rename from pro/mac/gpa.rst rename to nitrokeys/pro/mac/gpa.rst diff --git a/pro/mac/hard-disk-encryption.rst b/nitrokeys/pro/mac/hard-disk-encryption.rst similarity index 100% rename from pro/mac/hard-disk-encryption.rst rename to nitrokeys/pro/mac/hard-disk-encryption.rst diff --git a/pro/mac/images/App-change-pin.png b/nitrokeys/pro/mac/images/App-change-pin.png similarity index 100% rename from pro/mac/images/App-change-pin.png rename to nitrokeys/pro/mac/images/App-change-pin.png diff --git a/pro/mac/index.rst b/nitrokeys/pro/mac/index.rst similarity index 100% rename from pro/mac/index.rst rename to nitrokeys/pro/mac/index.rst diff --git a/pro/mac/openpgp-keygen-backup.rst b/nitrokeys/pro/mac/openpgp-keygen-backup.rst similarity index 100% rename from pro/mac/openpgp-keygen-backup.rst rename to nitrokeys/pro/mac/openpgp-keygen-backup.rst diff --git a/pro/mac/openpgp-keygen-gpa.rst b/nitrokeys/pro/mac/openpgp-keygen-gpa.rst similarity index 100% rename from pro/mac/openpgp-keygen-gpa.rst rename to nitrokeys/pro/mac/openpgp-keygen-gpa.rst diff --git a/pro/mac/openpgp-keygen-on-device.rst b/nitrokeys/pro/mac/openpgp-keygen-on-device.rst similarity index 100% rename from pro/mac/openpgp-keygen-on-device.rst rename to nitrokeys/pro/mac/openpgp-keygen-on-device.rst diff --git a/pro/mac/openpgp-outlook.rst b/nitrokeys/pro/mac/openpgp-outlook.rst similarity index 100% rename from pro/mac/openpgp-outlook.rst rename to nitrokeys/pro/mac/openpgp-outlook.rst diff --git a/pro/mac/openpgp-thunderbird.rst b/nitrokeys/pro/mac/openpgp-thunderbird.rst similarity index 100% rename from pro/mac/openpgp-thunderbird.rst rename to nitrokeys/pro/mac/openpgp-thunderbird.rst diff --git a/pro/mac/openpgp.rst b/nitrokeys/pro/mac/openpgp.rst similarity index 100% rename from pro/mac/openpgp.rst rename to nitrokeys/pro/mac/openpgp.rst diff --git a/pro/mac/otp.rst b/nitrokeys/pro/mac/otp.rst similarity index 100% rename from pro/mac/otp.rst rename to nitrokeys/pro/mac/otp.rst diff --git a/pro/mac/smime-outlook.rst b/nitrokeys/pro/mac/smime-outlook.rst similarity index 100% rename from pro/mac/smime-outlook.rst rename to nitrokeys/pro/mac/smime-outlook.rst diff --git a/pro/mac/smime-thunderbird.rst b/nitrokeys/pro/mac/smime-thunderbird.rst similarity index 100% rename from pro/mac/smime-thunderbird.rst rename to nitrokeys/pro/mac/smime-thunderbird.rst diff --git a/pro/mac/smime.rst b/nitrokeys/pro/mac/smime.rst similarity index 100% rename from pro/mac/smime.rst rename to nitrokeys/pro/mac/smime.rst diff --git a/pro/openpgp-keygen-backup.rst.inc b/nitrokeys/pro/openpgp-keygen-backup.rst.inc similarity index 100% rename from pro/openpgp-keygen-backup.rst.inc rename to nitrokeys/pro/openpgp-keygen-backup.rst.inc diff --git a/pro/openpgp-keygen-gpa.rst.inc b/nitrokeys/pro/openpgp-keygen-gpa.rst.inc similarity index 100% rename from pro/openpgp-keygen-gpa.rst.inc rename to nitrokeys/pro/openpgp-keygen-gpa.rst.inc diff --git a/pro/openpgp-keygen-on-device.rst.inc b/nitrokeys/pro/openpgp-keygen-on-device.rst.inc similarity index 100% rename from pro/openpgp-keygen-on-device.rst.inc rename to nitrokeys/pro/openpgp-keygen-on-device.rst.inc diff --git a/pro/openpgp-outlook.rst.inc b/nitrokeys/pro/openpgp-outlook.rst.inc similarity index 100% rename from pro/openpgp-outlook.rst.inc rename to nitrokeys/pro/openpgp-outlook.rst.inc diff --git a/pro/openpgp-thunderbird.rst.inc b/nitrokeys/pro/openpgp-thunderbird.rst.inc similarity index 100% rename from pro/openpgp-thunderbird.rst.inc rename to nitrokeys/pro/openpgp-thunderbird.rst.inc diff --git a/pro/openpgp.rst.inc b/nitrokeys/pro/openpgp.rst.inc similarity index 100% rename from pro/openpgp.rst.inc rename to nitrokeys/pro/openpgp.rst.inc diff --git a/pro/otp.rst.inc b/nitrokeys/pro/otp.rst.inc similarity index 100% rename from pro/otp.rst.inc rename to nitrokeys/pro/otp.rst.inc diff --git a/pro/putty.rst.inc b/nitrokeys/pro/putty.rst.inc similarity index 100% rename from pro/putty.rst.inc rename to nitrokeys/pro/putty.rst.inc diff --git a/pro/smart-policy.rst.inc b/nitrokeys/pro/smart-policy.rst.inc similarity index 100% rename from pro/smart-policy.rst.inc rename to nitrokeys/pro/smart-policy.rst.inc diff --git a/pro/smime-outlook.rst.inc b/nitrokeys/pro/smime-outlook.rst.inc similarity index 100% rename from pro/smime-outlook.rst.inc rename to nitrokeys/pro/smime-outlook.rst.inc diff --git a/pro/smime-thunderbird.rst.inc b/nitrokeys/pro/smime-thunderbird.rst.inc similarity index 100% rename from pro/smime-thunderbird.rst.inc rename to nitrokeys/pro/smime-thunderbird.rst.inc diff --git a/pro/smime.rst.inc b/nitrokeys/pro/smime.rst.inc similarity index 100% rename from pro/smime.rst.inc rename to nitrokeys/pro/smime.rst.inc diff --git a/pro/ssh.rst b/nitrokeys/pro/ssh.rst similarity index 100% rename from pro/ssh.rst rename to nitrokeys/pro/ssh.rst diff --git a/pro/windows/2fa-google.rst b/nitrokeys/pro/windows/2fa-google.rst similarity index 100% rename from pro/windows/2fa-google.rst rename to nitrokeys/pro/windows/2fa-google.rst diff --git a/pro/windows/2fa-microsoft.rst b/nitrokeys/pro/windows/2fa-microsoft.rst similarity index 100% rename from pro/windows/2fa-microsoft.rst rename to nitrokeys/pro/windows/2fa-microsoft.rst diff --git a/pro/windows/2fa-nextcloud.rst b/nitrokeys/pro/windows/2fa-nextcloud.rst similarity index 100% rename from pro/windows/2fa-nextcloud.rst rename to nitrokeys/pro/windows/2fa-nextcloud.rst diff --git a/pro/windows/2fa-odoo.rst b/nitrokeys/pro/windows/2fa-odoo.rst similarity index 100% rename from pro/windows/2fa-odoo.rst rename to nitrokeys/pro/windows/2fa-odoo.rst diff --git a/pro/windows/certificate-authority.rst b/nitrokeys/pro/windows/certificate-authority.rst similarity index 100% rename from pro/windows/certificate-authority.rst rename to nitrokeys/pro/windows/certificate-authority.rst diff --git a/pro/windows/change-pins.rst b/nitrokeys/pro/windows/change-pins.rst similarity index 100% rename from pro/windows/change-pins.rst rename to nitrokeys/pro/windows/change-pins.rst diff --git a/pro/windows/ecc.rst b/nitrokeys/pro/windows/ecc.rst similarity index 100% rename from pro/windows/ecc.rst rename to nitrokeys/pro/windows/ecc.rst diff --git a/pro/windows/eidauthenticate.rst b/nitrokeys/pro/windows/eidauthenticate.rst similarity index 100% rename from pro/windows/eidauthenticate.rst rename to nitrokeys/pro/windows/eidauthenticate.rst diff --git a/pro/windows/factory-reset.rst b/nitrokeys/pro/windows/factory-reset.rst similarity index 100% rename from pro/windows/factory-reset.rst rename to nitrokeys/pro/windows/factory-reset.rst diff --git a/nitropad/ubuntu/firmware-update.rst b/nitrokeys/pro/windows/firmware-update.rst similarity index 100% rename from nitropad/ubuntu/firmware-update.rst rename to nitrokeys/pro/windows/firmware-update.rst diff --git a/pro/windows/gpa.rst b/nitrokeys/pro/windows/gpa.rst similarity index 100% rename from pro/windows/gpa.rst rename to nitrokeys/pro/windows/gpa.rst diff --git a/pro/windows/hard-disk-encryption.rst b/nitrokeys/pro/windows/hard-disk-encryption.rst similarity index 100% rename from pro/windows/hard-disk-encryption.rst rename to nitrokeys/pro/windows/hard-disk-encryption.rst diff --git a/pro/windows/images/2fa-microsoft/1.png b/nitrokeys/pro/windows/images/2fa-microsoft/1.png similarity index 100% rename from pro/windows/images/2fa-microsoft/1.png rename to nitrokeys/pro/windows/images/2fa-microsoft/1.png diff --git a/pro/windows/images/2fa-microsoft/10.png b/nitrokeys/pro/windows/images/2fa-microsoft/10.png similarity index 100% rename from pro/windows/images/2fa-microsoft/10.png rename to nitrokeys/pro/windows/images/2fa-microsoft/10.png diff --git a/pro/windows/images/2fa-microsoft/11.png b/nitrokeys/pro/windows/images/2fa-microsoft/11.png similarity index 100% rename from pro/windows/images/2fa-microsoft/11.png rename to nitrokeys/pro/windows/images/2fa-microsoft/11.png diff --git a/pro/windows/images/2fa-microsoft/12.png b/nitrokeys/pro/windows/images/2fa-microsoft/12.png similarity index 100% rename from pro/windows/images/2fa-microsoft/12.png rename to nitrokeys/pro/windows/images/2fa-microsoft/12.png diff --git a/pro/windows/images/2fa-microsoft/13.png b/nitrokeys/pro/windows/images/2fa-microsoft/13.png similarity index 100% rename from pro/windows/images/2fa-microsoft/13.png rename to nitrokeys/pro/windows/images/2fa-microsoft/13.png diff --git a/pro/windows/images/2fa-microsoft/14.png b/nitrokeys/pro/windows/images/2fa-microsoft/14.png similarity index 100% rename from pro/windows/images/2fa-microsoft/14.png rename to nitrokeys/pro/windows/images/2fa-microsoft/14.png diff --git a/pro/windows/images/2fa-microsoft/2.png b/nitrokeys/pro/windows/images/2fa-microsoft/2.png similarity index 100% rename from pro/windows/images/2fa-microsoft/2.png rename to nitrokeys/pro/windows/images/2fa-microsoft/2.png diff --git a/pro/windows/images/2fa-microsoft/3.png b/nitrokeys/pro/windows/images/2fa-microsoft/3.png similarity index 100% rename from pro/windows/images/2fa-microsoft/3.png rename to nitrokeys/pro/windows/images/2fa-microsoft/3.png diff --git a/pro/windows/images/2fa-microsoft/4.png b/nitrokeys/pro/windows/images/2fa-microsoft/4.png similarity index 100% rename from pro/windows/images/2fa-microsoft/4.png rename to nitrokeys/pro/windows/images/2fa-microsoft/4.png diff --git a/pro/windows/images/2fa-microsoft/5.png b/nitrokeys/pro/windows/images/2fa-microsoft/5.png similarity index 100% rename from pro/windows/images/2fa-microsoft/5.png rename to nitrokeys/pro/windows/images/2fa-microsoft/5.png diff --git a/pro/windows/images/2fa-microsoft/6.png b/nitrokeys/pro/windows/images/2fa-microsoft/6.png similarity index 100% rename from pro/windows/images/2fa-microsoft/6.png rename to nitrokeys/pro/windows/images/2fa-microsoft/6.png diff --git a/pro/windows/images/2fa-microsoft/7.png b/nitrokeys/pro/windows/images/2fa-microsoft/7.png similarity index 100% rename from pro/windows/images/2fa-microsoft/7.png rename to nitrokeys/pro/windows/images/2fa-microsoft/7.png diff --git a/pro/windows/images/2fa-microsoft/8.png b/nitrokeys/pro/windows/images/2fa-microsoft/8.png similarity index 100% rename from pro/windows/images/2fa-microsoft/8.png rename to nitrokeys/pro/windows/images/2fa-microsoft/8.png diff --git a/pro/windows/images/2fa-microsoft/9.png b/nitrokeys/pro/windows/images/2fa-microsoft/9.png similarity index 100% rename from pro/windows/images/2fa-microsoft/9.png rename to nitrokeys/pro/windows/images/2fa-microsoft/9.png diff --git a/pro/windows/images/App-change-pin.png b/nitrokeys/pro/windows/images/App-change-pin.png similarity index 100% rename from pro/windows/images/App-change-pin.png rename to nitrokeys/pro/windows/images/App-change-pin.png diff --git a/pro/windows/images/openpgp-csp/1.png b/nitrokeys/pro/windows/images/openpgp-csp/1.png similarity index 100% rename from pro/windows/images/openpgp-csp/1.png rename to nitrokeys/pro/windows/images/openpgp-csp/1.png diff --git a/pro/windows/images/openpgp-csp/10.png b/nitrokeys/pro/windows/images/openpgp-csp/10.png similarity index 100% rename from pro/windows/images/openpgp-csp/10.png rename to nitrokeys/pro/windows/images/openpgp-csp/10.png diff --git a/pro/windows/images/openpgp-csp/11.png b/nitrokeys/pro/windows/images/openpgp-csp/11.png similarity index 100% rename from pro/windows/images/openpgp-csp/11.png rename to nitrokeys/pro/windows/images/openpgp-csp/11.png diff --git a/pro/windows/images/openpgp-csp/2.png b/nitrokeys/pro/windows/images/openpgp-csp/2.png similarity index 100% rename from pro/windows/images/openpgp-csp/2.png rename to nitrokeys/pro/windows/images/openpgp-csp/2.png diff --git a/pro/windows/images/openpgp-csp/3.png b/nitrokeys/pro/windows/images/openpgp-csp/3.png similarity index 100% rename from pro/windows/images/openpgp-csp/3.png rename to nitrokeys/pro/windows/images/openpgp-csp/3.png diff --git a/pro/windows/images/openpgp-csp/4.png b/nitrokeys/pro/windows/images/openpgp-csp/4.png similarity index 100% rename from pro/windows/images/openpgp-csp/4.png rename to nitrokeys/pro/windows/images/openpgp-csp/4.png diff --git a/pro/windows/images/openpgp-csp/5.png b/nitrokeys/pro/windows/images/openpgp-csp/5.png similarity index 100% rename from pro/windows/images/openpgp-csp/5.png rename to nitrokeys/pro/windows/images/openpgp-csp/5.png diff --git a/pro/windows/images/openpgp-csp/6.png b/nitrokeys/pro/windows/images/openpgp-csp/6.png similarity index 100% rename from pro/windows/images/openpgp-csp/6.png rename to nitrokeys/pro/windows/images/openpgp-csp/6.png diff --git a/pro/windows/images/openpgp-csp/7.png b/nitrokeys/pro/windows/images/openpgp-csp/7.png similarity index 100% rename from pro/windows/images/openpgp-csp/7.png rename to nitrokeys/pro/windows/images/openpgp-csp/7.png diff --git a/pro/windows/images/openpgp-csp/8.png b/nitrokeys/pro/windows/images/openpgp-csp/8.png similarity index 100% rename from pro/windows/images/openpgp-csp/8.png rename to nitrokeys/pro/windows/images/openpgp-csp/8.png diff --git a/pro/windows/images/openpgp-csp/9.png b/nitrokeys/pro/windows/images/openpgp-csp/9.png similarity index 100% rename from pro/windows/images/openpgp-csp/9.png rename to nitrokeys/pro/windows/images/openpgp-csp/9.png diff --git a/pro/windows/images/openpgp-outlook/1.png b/nitrokeys/pro/windows/images/openpgp-outlook/1.png similarity index 100% rename from pro/windows/images/openpgp-outlook/1.png rename to nitrokeys/pro/windows/images/openpgp-outlook/1.png diff --git a/pro/windows/images/openpgp-outlook/2.png b/nitrokeys/pro/windows/images/openpgp-outlook/2.png similarity index 100% rename from pro/windows/images/openpgp-outlook/2.png rename to nitrokeys/pro/windows/images/openpgp-outlook/2.png diff --git a/pro/windows/images/openpgp-outlook/3.png b/nitrokeys/pro/windows/images/openpgp-outlook/3.png similarity index 100% rename from pro/windows/images/openpgp-outlook/3.png rename to nitrokeys/pro/windows/images/openpgp-outlook/3.png diff --git a/pro/windows/images/openpgp-outlook/4.png b/nitrokeys/pro/windows/images/openpgp-outlook/4.png similarity index 100% rename from pro/windows/images/openpgp-outlook/4.png rename to nitrokeys/pro/windows/images/openpgp-outlook/4.png diff --git a/pro/windows/images/openvpn-viscosity/viscosity-1.jpg b/nitrokeys/pro/windows/images/openvpn-viscosity/viscosity-1.jpg similarity index 100% rename from pro/windows/images/openvpn-viscosity/viscosity-1.jpg rename to nitrokeys/pro/windows/images/openvpn-viscosity/viscosity-1.jpg diff --git a/pro/windows/images/openvpn-viscosity/viscosity-2.jpg b/nitrokeys/pro/windows/images/openvpn-viscosity/viscosity-2.jpg similarity index 100% rename from pro/windows/images/openvpn-viscosity/viscosity-2.jpg rename to nitrokeys/pro/windows/images/openvpn-viscosity/viscosity-2.jpg diff --git a/pro/windows/images/openvpn-viscosity/viscosity-3.jpg b/nitrokeys/pro/windows/images/openvpn-viscosity/viscosity-3.jpg similarity index 100% rename from pro/windows/images/openvpn-viscosity/viscosity-3.jpg rename to nitrokeys/pro/windows/images/openvpn-viscosity/viscosity-3.jpg diff --git a/pro/windows/images/openvpn-viscosity/viscosity-4.jpg b/nitrokeys/pro/windows/images/openvpn-viscosity/viscosity-4.jpg similarity index 100% rename from pro/windows/images/openvpn-viscosity/viscosity-4.jpg rename to nitrokeys/pro/windows/images/openvpn-viscosity/viscosity-4.jpg diff --git a/pro/windows/index.rst b/nitrokeys/pro/windows/index.rst similarity index 100% rename from pro/windows/index.rst rename to nitrokeys/pro/windows/index.rst diff --git a/pro/windows/openpgp-csp.rst b/nitrokeys/pro/windows/openpgp-csp.rst similarity index 100% rename from pro/windows/openpgp-csp.rst rename to nitrokeys/pro/windows/openpgp-csp.rst diff --git a/pro/windows/openpgp-keygen-backup.rst b/nitrokeys/pro/windows/openpgp-keygen-backup.rst similarity index 100% rename from pro/windows/openpgp-keygen-backup.rst rename to nitrokeys/pro/windows/openpgp-keygen-backup.rst diff --git a/pro/windows/openpgp-keygen-gpa.rst b/nitrokeys/pro/windows/openpgp-keygen-gpa.rst similarity index 100% rename from pro/windows/openpgp-keygen-gpa.rst rename to nitrokeys/pro/windows/openpgp-keygen-gpa.rst diff --git a/pro/windows/openpgp-keygen-on-device.rst b/nitrokeys/pro/windows/openpgp-keygen-on-device.rst similarity index 100% rename from pro/windows/openpgp-keygen-on-device.rst rename to nitrokeys/pro/windows/openpgp-keygen-on-device.rst diff --git a/pro/windows/openpgp-outlook.rst b/nitrokeys/pro/windows/openpgp-outlook.rst similarity index 100% rename from pro/windows/openpgp-outlook.rst rename to nitrokeys/pro/windows/openpgp-outlook.rst diff --git a/pro/windows/openpgp-thunderbird.rst b/nitrokeys/pro/windows/openpgp-thunderbird.rst similarity index 100% rename from pro/windows/openpgp-thunderbird.rst rename to nitrokeys/pro/windows/openpgp-thunderbird.rst diff --git a/pro/windows/openpgp.rst b/nitrokeys/pro/windows/openpgp.rst similarity index 100% rename from pro/windows/openpgp.rst rename to nitrokeys/pro/windows/openpgp.rst diff --git a/pro/windows/openvpn-easyrsa.rst b/nitrokeys/pro/windows/openvpn-easyrsa.rst similarity index 100% rename from pro/windows/openvpn-easyrsa.rst rename to nitrokeys/pro/windows/openvpn-easyrsa.rst diff --git a/pro/windows/openvpn-viscosity.rst b/nitrokeys/pro/windows/openvpn-viscosity.rst similarity index 100% rename from pro/windows/openvpn-viscosity.rst rename to nitrokeys/pro/windows/openvpn-viscosity.rst diff --git a/pro/windows/otp.rst b/nitrokeys/pro/windows/otp.rst similarity index 100% rename from pro/windows/otp.rst rename to nitrokeys/pro/windows/otp.rst diff --git a/pro/windows/putty.rst b/nitrokeys/pro/windows/putty.rst similarity index 100% rename from pro/windows/putty.rst rename to nitrokeys/pro/windows/putty.rst diff --git a/pro/windows/smart-policy.rst b/nitrokeys/pro/windows/smart-policy.rst similarity index 100% rename from pro/windows/smart-policy.rst rename to nitrokeys/pro/windows/smart-policy.rst diff --git a/pro/windows/smime-outlook.rst b/nitrokeys/pro/windows/smime-outlook.rst similarity index 100% rename from pro/windows/smime-outlook.rst rename to nitrokeys/pro/windows/smime-outlook.rst diff --git a/pro/windows/smime-thunderbird.rst b/nitrokeys/pro/windows/smime-thunderbird.rst similarity index 100% rename from pro/windows/smime-thunderbird.rst rename to nitrokeys/pro/windows/smime-thunderbird.rst diff --git a/pro/windows/smime.rst b/nitrokeys/pro/windows/smime.rst similarity index 100% rename from pro/windows/smime.rst rename to nitrokeys/pro/windows/smime.rst diff --git a/u2f/index.rst b/nitrokeys/u2f/index.rst similarity index 100% rename from u2f/index.rst rename to nitrokeys/u2f/index.rst diff --git a/u2f/linux/2fa-nextcloud.rst b/nitrokeys/u2f/linux/2fa-nextcloud.rst similarity index 100% rename from u2f/linux/2fa-nextcloud.rst rename to nitrokeys/u2f/linux/2fa-nextcloud.rst diff --git a/u2f/linux/2fa-odoo.rst b/nitrokeys/u2f/linux/2fa-odoo.rst similarity index 100% rename from u2f/linux/2fa-odoo.rst rename to nitrokeys/u2f/linux/2fa-odoo.rst diff --git a/u2f/linux/desktop-login.rst b/nitrokeys/u2f/linux/desktop-login.rst similarity index 100% rename from u2f/linux/desktop-login.rst rename to nitrokeys/u2f/linux/desktop-login.rst diff --git a/u2f/linux/index.rst b/nitrokeys/u2f/linux/index.rst similarity index 100% rename from u2f/linux/index.rst rename to nitrokeys/u2f/linux/index.rst diff --git a/u2f/mac/2fa-nextcloud.rst b/nitrokeys/u2f/mac/2fa-nextcloud.rst similarity index 100% rename from u2f/mac/2fa-nextcloud.rst rename to nitrokeys/u2f/mac/2fa-nextcloud.rst diff --git a/u2f/mac/2fa-odoo.rst b/nitrokeys/u2f/mac/2fa-odoo.rst similarity index 100% rename from u2f/mac/2fa-odoo.rst rename to nitrokeys/u2f/mac/2fa-odoo.rst diff --git a/u2f/mac/index.rst b/nitrokeys/u2f/mac/index.rst similarity index 100% rename from u2f/mac/index.rst rename to nitrokeys/u2f/mac/index.rst diff --git a/u2f/shared/index-content1.rst b/nitrokeys/u2f/shared/index-content1.rst similarity index 100% rename from u2f/shared/index-content1.rst rename to nitrokeys/u2f/shared/index-content1.rst diff --git a/u2f/windows/2fa-nextcloud.rst b/nitrokeys/u2f/windows/2fa-nextcloud.rst similarity index 100% rename from u2f/windows/2fa-nextcloud.rst rename to nitrokeys/u2f/windows/2fa-nextcloud.rst diff --git a/u2f/windows/2fa-odoo.rst b/nitrokeys/u2f/windows/2fa-odoo.rst similarity index 100% rename from u2f/windows/2fa-odoo.rst rename to nitrokeys/u2f/windows/2fa-odoo.rst diff --git a/u2f/windows/index.rst b/nitrokeys/u2f/windows/index.rst similarity index 100% rename from u2f/windows/index.rst rename to nitrokeys/u2f/windows/index.rst diff --git a/nitropad/content/shared-index-content1.rst b/nitropadpc/nitropad/content/shared-index-content1.rst similarity index 100% rename from nitropad/content/shared-index-content1.rst rename to nitropadpc/nitropad/content/shared-index-content1.rst diff --git a/nitropad/content/shared-index-content2.rst b/nitropadpc/nitropad/content/shared-index-content2.rst similarity index 100% rename from nitropad/content/shared-index-content2.rst rename to nitropadpc/nitropad/content/shared-index-content2.rst diff --git a/nitropad/default-boot.rst.inc b/nitropadpc/nitropad/default-boot.rst.inc similarity index 100% rename from nitropad/default-boot.rst.inc rename to nitropadpc/nitropad/default-boot.rst.inc diff --git a/nitropad/factory-reset-heads2.rst.inc b/nitropadpc/nitropad/factory-reset-heads2.rst.inc similarity index 100% rename from nitropad/factory-reset-heads2.rst.inc rename to nitropadpc/nitropad/factory-reset-heads2.rst.inc diff --git a/nitropad/factory-reset.rst.inc b/nitropadpc/nitropad/factory-reset.rst.inc similarity index 100% rename from nitropad/factory-reset.rst.inc rename to nitropadpc/nitropad/factory-reset.rst.inc diff --git a/nitropad/faq.rst b/nitropadpc/nitropad/faq.rst similarity index 100% rename from nitropad/faq.rst rename to nitropadpc/nitropad/faq.rst diff --git a/nitropad/firmware-update-1.4.rst.inc b/nitropadpc/nitropad/firmware-update-1.4.rst.inc similarity index 100% rename from nitropad/firmware-update-1.4.rst.inc rename to nitropadpc/nitropad/firmware-update-1.4.rst.inc diff --git a/nitropad/firmware-update.rst.inc b/nitropadpc/nitropad/firmware-update.rst.inc similarity index 100% rename from nitropad/firmware-update.rst.inc rename to nitropadpc/nitropad/firmware-update.rst.inc diff --git a/nitropad/images/NitroPad-boot-options.jpeg b/nitropadpc/nitropad/images/NitroPad-boot-options.jpeg similarity index 100% rename from nitropad/images/NitroPad-boot-options.jpeg rename to nitropadpc/nitropad/images/NitroPad-boot-options.jpeg diff --git a/nitropad/images/NitroPad-boot-process-bad.jpeg b/nitropadpc/nitropad/images/NitroPad-boot-process-bad.jpeg similarity index 100% rename from nitropad/images/NitroPad-boot-process-bad.jpeg rename to nitropadpc/nitropad/images/NitroPad-boot-process-bad.jpeg diff --git a/nitropad/images/NitroPad-boot-process_0.jpeg b/nitropadpc/nitropad/images/NitroPad-boot-process_0.jpeg similarity index 100% rename from nitropad/images/NitroPad-boot-process_0.jpeg rename to nitropadpc/nitropad/images/NitroPad-boot-process_0.jpeg diff --git a/nitropad/images/NitroPad-confirm-boot-details.jpeg b/nitropadpc/nitropad/images/NitroPad-confirm-boot-details.jpeg similarity index 100% rename from nitropad/images/NitroPad-confirm-boot-details.jpeg rename to nitropadpc/nitropad/images/NitroPad-confirm-boot-details.jpeg diff --git a/nitropad/images/NitroPad-error-mismatch.jpeg b/nitropadpc/nitropad/images/NitroPad-error-mismatch.jpeg similarity index 100% rename from nitropad/images/NitroPad-error-mismatch.jpeg rename to nitropadpc/nitropad/images/NitroPad-error-mismatch.jpeg diff --git a/nitropad/images/Schraube.jpg b/nitropadpc/nitropad/images/Schraube.jpg similarity index 100% rename from nitropad/images/Schraube.jpg rename to nitropadpc/nitropad/images/Schraube.jpg diff --git a/nitropad/images/SchraubenmarkierungT430.jpg b/nitropadpc/nitropad/images/SchraubenmarkierungT430.jpg similarity index 100% rename from nitropad/images/SchraubenmarkierungT430.jpg rename to nitropadpc/nitropad/images/SchraubenmarkierungT430.jpg diff --git a/nitropad/images/SchraubenmarkierungX230.jpg b/nitropadpc/nitropad/images/SchraubenmarkierungX230.jpg similarity index 100% rename from nitropad/images/SchraubenmarkierungX230.jpg rename to nitropadpc/nitropad/images/SchraubenmarkierungX230.jpg diff --git a/nitropad/images/boot-menu.jpg b/nitropadpc/nitropad/images/boot-menu.jpg similarity index 100% rename from nitropad/images/boot-menu.jpg rename to nitropadpc/nitropad/images/boot-menu.jpg diff --git a/nitropad/images/change-disk-encryption-passphrase/1.png b/nitropadpc/nitropad/images/change-disk-encryption-passphrase/1.png similarity index 100% rename from nitropad/images/change-disk-encryption-passphrase/1.png rename to nitropadpc/nitropad/images/change-disk-encryption-passphrase/1.png diff --git a/nitropad/images/change-disk-encryption-passphrase/2.png b/nitropadpc/nitropad/images/change-disk-encryption-passphrase/2.png similarity index 100% rename from nitropad/images/change-disk-encryption-passphrase/2.png rename to nitropadpc/nitropad/images/change-disk-encryption-passphrase/2.png diff --git a/nitropad/images/change-disk-encryption-passphrase/3.png b/nitropadpc/nitropad/images/change-disk-encryption-passphrase/3.png similarity index 100% rename from nitropad/images/change-disk-encryption-passphrase/3.png rename to nitropadpc/nitropad/images/change-disk-encryption-passphrase/3.png diff --git a/nitropad/images/change-disk-encryption-passphrase/4.png b/nitropadpc/nitropad/images/change-disk-encryption-passphrase/4.png similarity index 100% rename from nitropad/images/change-disk-encryption-passphrase/4.png rename to nitropadpc/nitropad/images/change-disk-encryption-passphrase/4.png diff --git a/nitropad/images/change-disk-encryption-passphrase/5.png b/nitropadpc/nitropad/images/change-disk-encryption-passphrase/5.png similarity index 100% rename from nitropad/images/change-disk-encryption-passphrase/5.png rename to nitropadpc/nitropad/images/change-disk-encryption-passphrase/5.png diff --git a/nitropad/images/default-boot/1.jpg b/nitropadpc/nitropad/images/default-boot/1.jpg similarity index 100% rename from nitropad/images/default-boot/1.jpg rename to nitropadpc/nitropad/images/default-boot/1.jpg diff --git a/nitropad/images/default-boot/2.jpg b/nitropadpc/nitropad/images/default-boot/2.jpg similarity index 100% rename from nitropad/images/default-boot/2.jpg rename to nitropadpc/nitropad/images/default-boot/2.jpg diff --git a/nitropad/images/default-boot/3.jpg b/nitropadpc/nitropad/images/default-boot/3.jpg similarity index 100% rename from nitropad/images/default-boot/3.jpg rename to nitropadpc/nitropad/images/default-boot/3.jpg diff --git a/nitropad/images/default-boot/4.jpg b/nitropadpc/nitropad/images/default-boot/4.jpg similarity index 100% rename from nitropad/images/default-boot/4.jpg rename to nitropadpc/nitropad/images/default-boot/4.jpg diff --git a/nitropad/images/factory-reset-heads2/admin-pin.jpg b/nitropadpc/nitropad/images/factory-reset-heads2/admin-pin.jpg similarity index 100% rename from nitropad/images/factory-reset-heads2/admin-pin.jpg rename to nitropadpc/nitropad/images/factory-reset-heads2/admin-pin.jpg diff --git a/nitropad/images/factory-reset-heads2/confirm-integrity.jpg b/nitropadpc/nitropad/images/factory-reset-heads2/confirm-integrity.jpg similarity index 100% rename from nitropad/images/factory-reset-heads2/confirm-integrity.jpg rename to nitropadpc/nitropad/images/factory-reset-heads2/confirm-integrity.jpg diff --git a/nitropad/images/factory-reset-heads2/confirm.jpg b/nitropadpc/nitropad/images/factory-reset-heads2/confirm.jpg similarity index 100% rename from nitropad/images/factory-reset-heads2/confirm.jpg rename to nitropadpc/nitropad/images/factory-reset-heads2/confirm.jpg diff --git a/nitropad/images/factory-reset-heads2/default-sec.jpg b/nitropadpc/nitropad/images/factory-reset-heads2/default-sec.jpg similarity index 100% rename from nitropad/images/factory-reset-heads2/default-sec.jpg rename to nitropadpc/nitropad/images/factory-reset-heads2/default-sec.jpg diff --git a/nitropad/images/factory-reset-heads2/options.jpg b/nitropadpc/nitropad/images/factory-reset-heads2/options.jpg similarity index 100% rename from nitropad/images/factory-reset-heads2/options.jpg rename to nitropadpc/nitropad/images/factory-reset-heads2/options.jpg diff --git a/nitropad/images/factory-reset-heads2/otp-sec1.jpg b/nitropadpc/nitropad/images/factory-reset-heads2/otp-sec1.jpg similarity index 100% rename from nitropad/images/factory-reset-heads2/otp-sec1.jpg rename to nitropadpc/nitropad/images/factory-reset-heads2/otp-sec1.jpg diff --git a/nitropad/images/factory-reset-heads2/otp-sec2.jpg b/nitropadpc/nitropad/images/factory-reset-heads2/otp-sec2.jpg similarity index 100% rename from nitropad/images/factory-reset-heads2/otp-sec2.jpg rename to nitropadpc/nitropad/images/factory-reset-heads2/otp-sec2.jpg diff --git a/nitropad/images/factory-reset-heads2/reboot.jpg b/nitropadpc/nitropad/images/factory-reset-heads2/reboot.jpg similarity index 100% rename from nitropad/images/factory-reset-heads2/reboot.jpg rename to nitropadpc/nitropad/images/factory-reset-heads2/reboot.jpg diff --git a/nitropad/images/factory-reset-heads2/reset.jpg b/nitropadpc/nitropad/images/factory-reset-heads2/reset.jpg similarity index 100% rename from nitropad/images/factory-reset-heads2/reset.jpg rename to nitropadpc/nitropad/images/factory-reset-heads2/reset.jpg diff --git a/nitropad/images/factory-reset-heads2/start-menu.jpg b/nitropadpc/nitropad/images/factory-reset-heads2/start-menu.jpg similarity index 100% rename from nitropad/images/factory-reset-heads2/start-menu.jpg rename to nitropadpc/nitropad/images/factory-reset-heads2/start-menu.jpg diff --git a/nitropad/images/factory-reset-heads2/totp.jpg b/nitropadpc/nitropad/images/factory-reset-heads2/totp.jpg similarity index 100% rename from nitropad/images/factory-reset-heads2/totp.jpg rename to nitropadpc/nitropad/images/factory-reset-heads2/totp.jpg diff --git a/nitropad/images/factory-reset-heads2/tpm.jpg b/nitropadpc/nitropad/images/factory-reset-heads2/tpm.jpg similarity index 100% rename from nitropad/images/factory-reset-heads2/tpm.jpg rename to nitropadpc/nitropad/images/factory-reset-heads2/tpm.jpg diff --git a/nitropad/images/factory-reset/1.jpg b/nitropadpc/nitropad/images/factory-reset/1.jpg similarity index 100% rename from nitropad/images/factory-reset/1.jpg rename to nitropadpc/nitropad/images/factory-reset/1.jpg diff --git a/nitropad/images/factory-reset/10.jpg b/nitropadpc/nitropad/images/factory-reset/10.jpg similarity index 100% rename from nitropad/images/factory-reset/10.jpg rename to nitropadpc/nitropad/images/factory-reset/10.jpg diff --git a/nitropad/images/factory-reset/11.jpg b/nitropadpc/nitropad/images/factory-reset/11.jpg similarity index 100% rename from nitropad/images/factory-reset/11.jpg rename to nitropadpc/nitropad/images/factory-reset/11.jpg diff --git a/nitropad/images/factory-reset/2.jpg b/nitropadpc/nitropad/images/factory-reset/2.jpg similarity index 100% rename from nitropad/images/factory-reset/2.jpg rename to nitropadpc/nitropad/images/factory-reset/2.jpg diff --git a/nitropad/images/factory-reset/3.jpg b/nitropadpc/nitropad/images/factory-reset/3.jpg similarity index 100% rename from nitropad/images/factory-reset/3.jpg rename to nitropadpc/nitropad/images/factory-reset/3.jpg diff --git a/nitropad/images/factory-reset/4.jpg b/nitropadpc/nitropad/images/factory-reset/4.jpg similarity index 100% rename from nitropad/images/factory-reset/4.jpg rename to nitropadpc/nitropad/images/factory-reset/4.jpg diff --git a/nitropad/images/factory-reset/5.jpg b/nitropadpc/nitropad/images/factory-reset/5.jpg similarity index 100% rename from nitropad/images/factory-reset/5.jpg rename to nitropadpc/nitropad/images/factory-reset/5.jpg diff --git a/nitropad/images/factory-reset/6.jpg b/nitropadpc/nitropad/images/factory-reset/6.jpg similarity index 100% rename from nitropad/images/factory-reset/6.jpg rename to nitropadpc/nitropad/images/factory-reset/6.jpg diff --git a/nitropad/images/factory-reset/7.jpg b/nitropadpc/nitropad/images/factory-reset/7.jpg similarity index 100% rename from nitropad/images/factory-reset/7.jpg rename to nitropadpc/nitropad/images/factory-reset/7.jpg diff --git a/nitropad/images/factory-reset/8.jpg b/nitropadpc/nitropad/images/factory-reset/8.jpg similarity index 100% rename from nitropad/images/factory-reset/8.jpg rename to nitropadpc/nitropad/images/factory-reset/8.jpg diff --git a/nitropad/images/factory-reset/9.jpg b/nitropadpc/nitropad/images/factory-reset/9.jpg similarity index 100% rename from nitropad/images/factory-reset/9.jpg rename to nitropadpc/nitropad/images/factory-reset/9.jpg diff --git a/nitropad/images/firmware-update/1.jpg b/nitropadpc/nitropad/images/firmware-update/1.jpg similarity index 100% rename from nitropad/images/firmware-update/1.jpg rename to nitropadpc/nitropad/images/firmware-update/1.jpg diff --git a/nitropad/images/firmware-update/2.jpg b/nitropadpc/nitropad/images/firmware-update/2.jpg similarity index 100% rename from nitropad/images/firmware-update/2.jpg rename to nitropadpc/nitropad/images/firmware-update/2.jpg diff --git a/nitropad/images/firmware-update/3.jpg b/nitropadpc/nitropad/images/firmware-update/3.jpg similarity index 100% rename from nitropad/images/firmware-update/3.jpg rename to nitropadpc/nitropad/images/firmware-update/3.jpg diff --git a/nitropad/images/firmware-update/4.jpg b/nitropadpc/nitropad/images/firmware-update/4.jpg similarity index 100% rename from nitropad/images/firmware-update/4.jpg rename to nitropadpc/nitropad/images/firmware-update/4.jpg diff --git a/nitropad/images/firmware-update/5.jpg b/nitropadpc/nitropad/images/firmware-update/5.jpg similarity index 100% rename from nitropad/images/firmware-update/5.jpg rename to nitropadpc/nitropad/images/firmware-update/5.jpg diff --git a/nitropad/images/firmware-update/6.jpg b/nitropadpc/nitropad/images/firmware-update/6.jpg similarity index 100% rename from nitropad/images/firmware-update/6.jpg rename to nitropadpc/nitropad/images/firmware-update/6.jpg diff --git a/nitropad/images/firmware-update/7.jpg b/nitropadpc/nitropad/images/firmware-update/7.jpg similarity index 100% rename from nitropad/images/firmware-update/7.jpg rename to nitropadpc/nitropad/images/firmware-update/7.jpg diff --git a/nitropad/images/firmware-update/8.jpg b/nitropadpc/nitropad/images/firmware-update/8.jpg similarity index 100% rename from nitropad/images/firmware-update/8.jpg rename to nitropadpc/nitropad/images/firmware-update/8.jpg diff --git a/nitropad/images/firmware-update/9.jpg b/nitropadpc/nitropad/images/firmware-update/9.jpg similarity index 100% rename from nitropad/images/firmware-update/9.jpg rename to nitropadpc/nitropad/images/firmware-update/9.jpg diff --git a/nitropad/images/network-settings/settings_0.png b/nitropadpc/nitropad/images/network-settings/settings_0.png similarity index 100% rename from nitropad/images/network-settings/settings_0.png rename to nitropadpc/nitropad/images/network-settings/settings_0.png diff --git a/nitropad/images/network-settings/settings_1.png b/nitropadpc/nitropad/images/network-settings/settings_1.png similarity index 100% rename from nitropad/images/network-settings/settings_1.png rename to nitropadpc/nitropad/images/network-settings/settings_1.png diff --git a/nitropad/images/network-settings/settings_2.png b/nitropadpc/nitropad/images/network-settings/settings_2.png similarity index 100% rename from nitropad/images/network-settings/settings_2.png rename to nitropadpc/nitropad/images/network-settings/settings_2.png diff --git a/nitropad/images/ns50_sealed.jpg b/nitropadpc/nitropad/images/ns50_sealed.jpg similarity index 100% rename from nitropad/images/ns50_sealed.jpg rename to nitropadpc/nitropad/images/ns50_sealed.jpg diff --git a/nitropad/images/nv41_sealed.jpg b/nitropadpc/nitropad/images/nv41_sealed.jpg similarity index 100% rename from nitropad/images/nv41_sealed.jpg rename to nitropadpc/nitropad/images/nv41_sealed.jpg diff --git a/nitropad/images/operating-system-update/NitroPad-boot-entry-error.jpeg b/nitropadpc/nitropad/images/operating-system-update/NitroPad-boot-entry-error.jpeg similarity index 100% rename from nitropad/images/operating-system-update/NitroPad-boot-entry-error.jpeg rename to nitropadpc/nitropad/images/operating-system-update/NitroPad-boot-entry-error.jpeg diff --git a/nitropad/images/operating-system-update/NitroPad-confirm-boot-details.jpeg b/nitropadpc/nitropad/images/operating-system-update/NitroPad-confirm-boot-details.jpeg similarity index 100% rename from nitropad/images/operating-system-update/NitroPad-confirm-boot-details.jpeg rename to nitropadpc/nitropad/images/operating-system-update/NitroPad-confirm-boot-details.jpeg diff --git a/nitropad/images/operating-system-update/NitroPad-update-checksum.jpeg b/nitropadpc/nitropad/images/operating-system-update/NitroPad-update-checksum.jpeg similarity index 100% rename from nitropad/images/operating-system-update/NitroPad-update-checksum.jpeg rename to nitropadpc/nitropad/images/operating-system-update/NitroPad-update-checksum.jpeg diff --git a/nitropad/images/options.jpg b/nitropadpc/nitropad/images/options.jpg similarity index 100% rename from nitropad/images/options.jpg rename to nitropadpc/nitropad/images/options.jpg diff --git a/nitropad/images/system-update/1.jpeg b/nitropadpc/nitropad/images/system-update/1.jpeg similarity index 100% rename from nitropad/images/system-update/1.jpeg rename to nitropadpc/nitropad/images/system-update/1.jpeg diff --git a/nitropad/images/system-update/2.jpeg b/nitropadpc/nitropad/images/system-update/2.jpeg similarity index 100% rename from nitropad/images/system-update/2.jpeg rename to nitropadpc/nitropad/images/system-update/2.jpeg diff --git a/nitropad/images/system-update/3.jpeg b/nitropadpc/nitropad/images/system-update/3.jpeg similarity index 100% rename from nitropad/images/system-update/3.jpeg rename to nitropadpc/nitropad/images/system-update/3.jpeg diff --git a/nitropad/images/system-update/4.jpeg b/nitropadpc/nitropad/images/system-update/4.jpeg similarity index 100% rename from nitropad/images/system-update/4.jpeg rename to nitropadpc/nitropad/images/system-update/4.jpeg diff --git a/nitropad/images/system-update/5.jpeg b/nitropadpc/nitropad/images/system-update/5.jpeg similarity index 100% rename from nitropad/images/system-update/5.jpeg rename to nitropadpc/nitropad/images/system-update/5.jpeg diff --git a/nitropad/images/system-update/6.jpeg b/nitropadpc/nitropad/images/system-update/6.jpeg similarity index 100% rename from nitropad/images/system-update/6.jpeg rename to nitropadpc/nitropad/images/system-update/6.jpeg diff --git a/nitropad/index.rst b/nitropadpc/nitropad/index.rst similarity index 100% rename from nitropad/index.rst rename to nitropadpc/nitropad/index.rst diff --git a/nitropad/os-reinstallation.rst.inc b/nitropadpc/nitropad/os-reinstallation.rst.inc similarity index 100% rename from nitropad/os-reinstallation.rst.inc rename to nitropadpc/nitropad/os-reinstallation.rst.inc diff --git a/nitropad/qubes/change-pins.rst b/nitropadpc/nitropad/qubes/change-pins.rst similarity index 100% rename from nitropad/qubes/change-pins.rst rename to nitropadpc/nitropad/qubes/change-pins.rst diff --git a/nitropad/qubes/default-boot.rst b/nitropadpc/nitropad/qubes/default-boot.rst similarity index 100% rename from nitropad/qubes/default-boot.rst rename to nitropadpc/nitropad/qubes/default-boot.rst diff --git a/nitropad/qubes/factory-reset-heads2.rst b/nitropadpc/nitropad/qubes/factory-reset-heads2.rst similarity index 100% rename from nitropad/qubes/factory-reset-heads2.rst rename to nitropadpc/nitropad/qubes/factory-reset-heads2.rst diff --git a/nitropad/qubes/factory-reset.rst b/nitropadpc/nitropad/qubes/factory-reset.rst similarity index 100% rename from nitropad/qubes/factory-reset.rst rename to nitropadpc/nitropad/qubes/factory-reset.rst diff --git a/nitropad/qubes/firmware-update-1.4.rst b/nitropadpc/nitropad/qubes/firmware-update-1.4.rst similarity index 100% rename from nitropad/qubes/firmware-update-1.4.rst rename to nitropadpc/nitropad/qubes/firmware-update-1.4.rst diff --git a/pro/mac/firmware-update.rst b/nitropadpc/nitropad/qubes/firmware-update.rst similarity index 100% rename from pro/mac/firmware-update.rst rename to nitropadpc/nitropad/qubes/firmware-update.rst diff --git a/nitropad/qubes/images/QubesDiskPassword.jpg b/nitropadpc/nitropad/qubes/images/QubesDiskPassword.jpg similarity index 100% rename from nitropad/qubes/images/QubesDiskPassword.jpg rename to nitropadpc/nitropad/qubes/images/QubesDiskPassword.jpg diff --git a/nitropad/qubes/images/user-password-reset/step-five.jpg b/nitropadpc/nitropad/qubes/images/user-password-reset/step-five.jpg similarity index 100% rename from nitropad/qubes/images/user-password-reset/step-five.jpg rename to nitropadpc/nitropad/qubes/images/user-password-reset/step-five.jpg diff --git a/nitropad/qubes/images/user-password-reset/step-four.jpg b/nitropadpc/nitropad/qubes/images/user-password-reset/step-four.jpg similarity index 100% rename from nitropad/qubes/images/user-password-reset/step-four.jpg rename to nitropadpc/nitropad/qubes/images/user-password-reset/step-four.jpg diff --git a/nitropad/qubes/images/user-password-reset/step-one.jpg b/nitropadpc/nitropad/qubes/images/user-password-reset/step-one.jpg similarity index 100% rename from nitropad/qubes/images/user-password-reset/step-one.jpg rename to nitropadpc/nitropad/qubes/images/user-password-reset/step-one.jpg diff --git a/nitropad/qubes/images/user-password-reset/step-three.jpg b/nitropadpc/nitropad/qubes/images/user-password-reset/step-three.jpg similarity index 100% rename from nitropad/qubes/images/user-password-reset/step-three.jpg rename to nitropadpc/nitropad/qubes/images/user-password-reset/step-three.jpg diff --git a/nitropad/qubes/images/user-password-reset/step-two.jpg b/nitropadpc/nitropad/qubes/images/user-password-reset/step-two.jpg similarity index 100% rename from nitropad/qubes/images/user-password-reset/step-two.jpg rename to nitropadpc/nitropad/qubes/images/user-password-reset/step-two.jpg diff --git a/nitropad/qubes/index.rst b/nitropadpc/nitropad/qubes/index.rst similarity index 100% rename from nitropad/qubes/index.rst rename to nitropadpc/nitropad/qubes/index.rst diff --git a/nitropad/qubes/network-settings.rst b/nitropadpc/nitropad/qubes/network-settings.rst similarity index 100% rename from nitropad/qubes/network-settings.rst rename to nitropadpc/nitropad/qubes/network-settings.rst diff --git a/nitropad/qubes/nitrokey-app.rst b/nitropadpc/nitropad/qubes/nitrokey-app.rst similarity index 100% rename from nitropad/qubes/nitrokey-app.rst rename to nitropadpc/nitropad/qubes/nitrokey-app.rst diff --git a/nitropad/qubes/os-reinstallation.rst b/nitropadpc/nitropad/qubes/os-reinstallation.rst similarity index 100% rename from nitropad/qubes/os-reinstallation.rst rename to nitropadpc/nitropad/qubes/os-reinstallation.rst diff --git a/nitropad/qubes/sealed-hardware.rst b/nitropadpc/nitropad/qubes/sealed-hardware.rst similarity index 100% rename from nitropad/qubes/sealed-hardware.rst rename to nitropadpc/nitropad/qubes/sealed-hardware.rst diff --git a/nitropad/qubes/system-update.rst b/nitropadpc/nitropad/qubes/system-update.rst similarity index 100% rename from nitropad/qubes/system-update.rst rename to nitropadpc/nitropad/qubes/system-update.rst diff --git a/nitropad/qubes/troubleshooting.rst b/nitropadpc/nitropad/qubes/troubleshooting.rst similarity index 100% rename from nitropad/qubes/troubleshooting.rst rename to nitropadpc/nitropad/qubes/troubleshooting.rst diff --git a/nitropad/qubes/user-password-reset.rst b/nitropadpc/nitropad/qubes/user-password-reset.rst similarity index 100% rename from nitropad/qubes/user-password-reset.rst rename to nitropadpc/nitropad/qubes/user-password-reset.rst diff --git a/nitropad/sealed-hardware.rst.inc b/nitropadpc/nitropad/sealed-hardware.rst.inc similarity index 100% rename from nitropad/sealed-hardware.rst.inc rename to nitropadpc/nitropad/sealed-hardware.rst.inc diff --git a/nitropad/system-update.rst.inc b/nitropadpc/nitropad/system-update.rst.inc similarity index 100% rename from nitropad/system-update.rst.inc rename to nitropadpc/nitropad/system-update.rst.inc diff --git a/nitropad/troubleshooting.rst.inc b/nitropadpc/nitropad/troubleshooting.rst.inc similarity index 100% rename from nitropad/troubleshooting.rst.inc rename to nitropadpc/nitropad/troubleshooting.rst.inc diff --git a/nitropad/ubuntu/change-disk-encryption-passphrase.rst b/nitropadpc/nitropad/ubuntu/change-disk-encryption-passphrase.rst similarity index 100% rename from nitropad/ubuntu/change-disk-encryption-passphrase.rst rename to nitropadpc/nitropad/ubuntu/change-disk-encryption-passphrase.rst diff --git a/nitropad/ubuntu/change-pins.rst b/nitropadpc/nitropad/ubuntu/change-pins.rst similarity index 100% rename from nitropad/ubuntu/change-pins.rst rename to nitropadpc/nitropad/ubuntu/change-pins.rst diff --git a/nitropad/ubuntu/default-boot.rst b/nitropadpc/nitropad/ubuntu/default-boot.rst similarity index 100% rename from nitropad/ubuntu/default-boot.rst rename to nitropadpc/nitropad/ubuntu/default-boot.rst diff --git a/nitropad/ubuntu/factory-reset-heads2.rst b/nitropadpc/nitropad/ubuntu/factory-reset-heads2.rst similarity index 100% rename from nitropad/ubuntu/factory-reset-heads2.rst rename to nitropadpc/nitropad/ubuntu/factory-reset-heads2.rst diff --git a/nitropad/ubuntu/factory-reset.rst b/nitropadpc/nitropad/ubuntu/factory-reset.rst similarity index 100% rename from nitropad/ubuntu/factory-reset.rst rename to nitropadpc/nitropad/ubuntu/factory-reset.rst diff --git a/nitropad/ubuntu/firmware-update-1.4.rst b/nitropadpc/nitropad/ubuntu/firmware-update-1.4.rst similarity index 100% rename from nitropad/ubuntu/firmware-update-1.4.rst rename to nitropadpc/nitropad/ubuntu/firmware-update-1.4.rst diff --git a/pro/windows/firmware-update.rst b/nitropadpc/nitropad/ubuntu/firmware-update.rst similarity index 100% rename from pro/windows/firmware-update.rst rename to nitropadpc/nitropad/ubuntu/firmware-update.rst diff --git a/nitropad/ubuntu/images/NitroPad-boot-options.jpeg b/nitropadpc/nitropad/ubuntu/images/NitroPad-boot-options.jpeg similarity index 100% rename from nitropad/ubuntu/images/NitroPad-boot-options.jpeg rename to nitropadpc/nitropad/ubuntu/images/NitroPad-boot-options.jpeg diff --git a/nitropad/ubuntu/images/UbuntuDiskPassword.png b/nitropadpc/nitropad/ubuntu/images/UbuntuDiskPassword.png similarity index 100% rename from nitropad/ubuntu/images/UbuntuDiskPassword.png rename to nitropadpc/nitropad/ubuntu/images/UbuntuDiskPassword.png diff --git a/nitropad/ubuntu/index.rst b/nitropadpc/nitropad/ubuntu/index.rst similarity index 100% rename from nitropad/ubuntu/index.rst rename to nitropadpc/nitropad/ubuntu/index.rst diff --git a/nitropad/ubuntu/nitrokey-app.rst b/nitropadpc/nitropad/ubuntu/nitrokey-app.rst similarity index 100% rename from nitropad/ubuntu/nitrokey-app.rst rename to nitropadpc/nitropad/ubuntu/nitrokey-app.rst diff --git a/nitropad/ubuntu/os-reinstallation.rst b/nitropadpc/nitropad/ubuntu/os-reinstallation.rst similarity index 100% rename from nitropad/ubuntu/os-reinstallation.rst rename to nitropadpc/nitropad/ubuntu/os-reinstallation.rst diff --git a/nitropad/ubuntu/sealed-hardware.rst b/nitropadpc/nitropad/ubuntu/sealed-hardware.rst similarity index 100% rename from nitropad/ubuntu/sealed-hardware.rst rename to nitropadpc/nitropad/ubuntu/sealed-hardware.rst diff --git a/nitropad/ubuntu/system-update.rst b/nitropadpc/nitropad/ubuntu/system-update.rst similarity index 100% rename from nitropad/ubuntu/system-update.rst rename to nitropadpc/nitropad/ubuntu/system-update.rst diff --git a/nitropad/ubuntu/troubleshooting.rst b/nitropadpc/nitropad/ubuntu/troubleshooting.rst similarity index 100% rename from nitropad/ubuntu/troubleshooting.rst rename to nitropadpc/nitropad/ubuntu/troubleshooting.rst diff --git a/nitropc/debian/index.rst b/nitropadpc/nitropc/debian/index.rst similarity index 100% rename from nitropc/debian/index.rst rename to nitropadpc/nitropc/debian/index.rst diff --git a/nitropc/debian/os-reinstallation.rst b/nitropadpc/nitropc/debian/os-reinstallation.rst similarity index 100% rename from nitropc/debian/os-reinstallation.rst rename to nitropadpc/nitropc/debian/os-reinstallation.rst diff --git a/nitropc/debian/sealed-hardware.rst b/nitropadpc/nitropc/debian/sealed-hardware.rst similarity index 100% rename from nitropc/debian/sealed-hardware.rst rename to nitropadpc/nitropc/debian/sealed-hardware.rst diff --git a/nitropc/faq.rst b/nitropadpc/nitropc/faq.rst similarity index 100% rename from nitropc/faq.rst rename to nitropadpc/nitropc/faq.rst diff --git a/nitropc/index.rst b/nitropadpc/nitropc/index.rst similarity index 100% rename from nitropc/index.rst rename to nitropadpc/nitropc/index.rst diff --git a/nitropc/os-reinstallation.rst.inc b/nitropadpc/nitropc/os-reinstallation.rst.inc similarity index 100% rename from nitropc/os-reinstallation.rst.inc rename to nitropadpc/nitropc/os-reinstallation.rst.inc diff --git a/nitropc/qubes/gpu-install.rst b/nitropadpc/nitropc/qubes/gpu-install.rst similarity index 100% rename from nitropc/qubes/gpu-install.rst rename to nitropadpc/nitropc/qubes/gpu-install.rst diff --git a/nitropc/qubes/index.rst b/nitropadpc/nitropc/qubes/index.rst similarity index 100% rename from nitropc/qubes/index.rst rename to nitropadpc/nitropc/qubes/index.rst diff --git a/nitropc/qubes/nitrokey-app.rst b/nitropadpc/nitropc/qubes/nitrokey-app.rst similarity index 100% rename from nitropc/qubes/nitrokey-app.rst rename to nitropadpc/nitropc/qubes/nitrokey-app.rst diff --git a/nitropc/qubes/os-reinstallation.rst b/nitropadpc/nitropc/qubes/os-reinstallation.rst similarity index 100% rename from nitropc/qubes/os-reinstallation.rst rename to nitropadpc/nitropc/qubes/os-reinstallation.rst diff --git a/nitropc/qubes/sealed-hardware.rst b/nitropadpc/nitropc/qubes/sealed-hardware.rst similarity index 100% rename from nitropc/qubes/sealed-hardware.rst rename to nitropadpc/nitropc/qubes/sealed-hardware.rst diff --git a/nitropc/sealed-hardware.rst.inc b/nitropadpc/nitropc/sealed-hardware.rst.inc similarity index 100% rename from nitropc/sealed-hardware.rst.inc rename to nitropadpc/nitropc/sealed-hardware.rst.inc diff --git a/nitropc/ubuntu/index.rst b/nitropadpc/nitropc/ubuntu/index.rst similarity index 100% rename from nitropc/ubuntu/index.rst rename to nitropadpc/nitropc/ubuntu/index.rst diff --git a/nitropc/ubuntu/nitrokey-app.rst b/nitropadpc/nitropc/ubuntu/nitrokey-app.rst similarity index 100% rename from nitropc/ubuntu/nitrokey-app.rst rename to nitropadpc/nitropc/ubuntu/nitrokey-app.rst diff --git a/nitropc/ubuntu/os-reinstallation.rst b/nitropadpc/nitropc/ubuntu/os-reinstallation.rst similarity index 100% rename from nitropc/ubuntu/os-reinstallation.rst rename to nitropadpc/nitropc/ubuntu/os-reinstallation.rst diff --git a/nitropc/ubuntu/sealed-hardware.rst b/nitropadpc/nitropc/ubuntu/sealed-hardware.rst similarity index 100% rename from nitropc/ubuntu/sealed-hardware.rst rename to nitropadpc/nitropc/ubuntu/sealed-hardware.rst From a0089dbc4e09bd1274ccae6f3eacf769f9bac0f7 Mon Sep 17 00:00:00 2001 From: Keksmo Date: Mon, 29 Jul 2024 12:12:16 +0200 Subject: [PATCH 02/33] completed u2f --- .../fido2 => features/2fa}/2fa-nextcloud.rst | 2 + .../2fa/2fa-odoo.rst | 0 features/2fa/2fa-website.rst | 202 ++++++++++++ features/2fa/desktop-login.rst | 299 ++++++++++++++++++ features/2fa/index.rst | 12 + .../images/2fa}/fidou2f-1.png | Bin .../images/2fa}/fidou2f-2.png | Bin .../images/2fa}/fidou2f-3.png | Bin .../images/2fa}/fidou2f-4.png | Bin .../images/2fa}/fidou2f-5.png | Bin .../images/2fa}/u2f-fido-pam-2.png | Bin features/openpgp/index.rst | 11 + nitrokeys/fido2/features.rst | 8 + nitrokeys/fido2/index.rst | 6 +- nitrokeys/nitrokey3/index.rst | 6 +- nitrokeys/pro/features.rst | 11 + nitrokeys/pro/index.rst | 6 +- nitrokeys/u2f/features.rst | 10 + nitrokeys/u2f/index.rst | 6 +- nitrokeys/u2f/linux/2fa-nextcloud.rst | 4 - nitrokeys/u2f/linux/2fa-odoo.rst | 1 - nitrokeys/u2f/linux/desktop-login.rst | 1 - nitrokeys/u2f/linux/index.rst | 27 -- nitrokeys/u2f/mac/2fa-nextcloud.rst | 4 - nitrokeys/u2f/mac/2fa-odoo.rst | 1 - nitrokeys/u2f/mac/index.rst | 13 - nitrokeys/u2f/shared/index-content1.rst | 25 -- nitrokeys/u2f/windows/2fa-nextcloud.rst | 4 - nitrokeys/u2f/windows/2fa-odoo.rst | 1 - nitrokeys/u2f/windows/index.rst | 16 - 30 files changed, 564 insertions(+), 112 deletions(-) rename {nitrokeys/fido2 => features/2fa}/2fa-nextcloud.rst (73%) rename nitrokeys/fido2/2fa-odoo.rst.inc => features/2fa/2fa-odoo.rst (100%) create mode 100644 features/2fa/2fa-website.rst create mode 100644 features/2fa/desktop-login.rst create mode 100644 features/2fa/index.rst rename {nitrokeys/fido2/linux/images => features/images/2fa}/fidou2f-1.png (100%) rename {nitrokeys/fido2/linux/images => features/images/2fa}/fidou2f-2.png (100%) rename {nitrokeys/fido2/linux/images => features/images/2fa}/fidou2f-3.png (100%) rename {nitrokeys/fido2/linux/images => features/images/2fa}/fidou2f-4.png (100%) rename {nitrokeys/fido2/linux/images => features/images/2fa}/fidou2f-5.png (100%) rename {nitrokeys/fido2/linux/images => features/images/2fa}/u2f-fido-pam-2.png (100%) create mode 100644 features/openpgp/index.rst create mode 100644 nitrokeys/fido2/features.rst create mode 100644 nitrokeys/pro/features.rst create mode 100644 nitrokeys/u2f/features.rst delete mode 100644 nitrokeys/u2f/linux/2fa-nextcloud.rst delete mode 100644 nitrokeys/u2f/linux/2fa-odoo.rst delete mode 100644 nitrokeys/u2f/linux/desktop-login.rst delete mode 100644 nitrokeys/u2f/linux/index.rst delete mode 100644 nitrokeys/u2f/mac/2fa-nextcloud.rst delete mode 100644 nitrokeys/u2f/mac/2fa-odoo.rst delete mode 100644 nitrokeys/u2f/mac/index.rst delete mode 100644 nitrokeys/u2f/shared/index-content1.rst delete mode 100644 nitrokeys/u2f/windows/2fa-nextcloud.rst delete mode 100644 nitrokeys/u2f/windows/2fa-odoo.rst delete mode 100644 nitrokeys/u2f/windows/index.rst diff --git a/nitrokeys/fido2/2fa-nextcloud.rst b/features/2fa/2fa-nextcloud.rst similarity index 73% rename from nitrokeys/fido2/2fa-nextcloud.rst rename to features/2fa/2fa-nextcloud.rst index 2f5bdee469..3c460fcee2 100644 --- a/nitrokeys/fido2/2fa-nextcloud.rst +++ b/features/2fa/2fa-nextcloud.rst @@ -1,3 +1,5 @@ +Two-Factor Authentication And Passwordless Login For Nextcloud Accounts +======================================================================= These are the basic steps for registering the Nitrokey FIDO2 as a second factor or setting up passwordless login of a Nextcloud account. diff --git a/nitrokeys/fido2/2fa-odoo.rst.inc b/features/2fa/2fa-odoo.rst similarity index 100% rename from nitrokeys/fido2/2fa-odoo.rst.inc rename to features/2fa/2fa-odoo.rst diff --git a/features/2fa/2fa-website.rst b/features/2fa/2fa-website.rst new file mode 100644 index 0000000000..eab66dca4b --- /dev/null +++ b/features/2fa/2fa-website.rst @@ -0,0 +1,202 @@ +2FA Website Login +================= + +.. contents:: :local: + +.. toctree:: + :maxdepth: 1 + :glob: + :hidden: + + * + +The Nitrokey FIDO2 supports two-factor authentication (2FA) and +passwordless authentication: + +- With **passwordless authentication**, entering a password is replaced + by logging in with the Nitrokey FIDO2 and a PIN. + +- With **two-factor authentication** (2FA), the Nitrokey FIDO2 is + checked in addition to the password. + +The Nitrokey FIDO2 can be used with any current browser. + +.. important:: + + The Nitrokey App can not be used for the Nitrokey FIDO2. + +.. tip:: + + `Check online `__ if your Nitrokey + FIDO2 has the latest firmware installed. + +Passwordless Authentication +--------------------------- + +1. Open a web page that supports FIDO2 (for example + `Google `__). +2. Log in to the website and go to “Passkeys and security keys” in the security + settings of your account. +3. Click on Create passkey. +4. Click on Use a different device. +5. Follow the prompts to set a PIN for your Nitrokey FIDO2. +6. Touch the button of your Nitrokey FIDO2 when prompted. +7. Once you have successfully configured the device, you will need to + activate your Nitrokey FIDO2 this way each time you log in, after + entering your PIN. + +Two-Factor Authentication (2FA) +------------------------------- + +1. Open one of the `websites that support FIDO + U2F `__. +2. Log in to the website and enable two-factor authentication in your + account settings. (In most cases you will find a link to the + documentation of the supported web service at + `dongleauth.com `__) +3. Register your Nitrokey FIDO2 in the account settings by touching the + button to activate the Nitrokey FIDO2. After you have successfully + configured the device, you must activate the Nitrokey FIDO2 this way + each time you log in. + +You are now ready to go. + +Touch Button And LED Behavior +----------------------------- + +The first FIDO operation is automatically accepted within two seconds +after connecting Nitrokey FIDO2. In this case touching the touch button +is not required. + +Multiple operations can be accepted by a single touch. For this, keep +the touch button touched for up to 10 seconds. + +To avoid accidental and malicious reset of the Nitrokey, the required +touch confirmation time for the FIDO2 reset operation is longer and with +a distinct LED behavior (red LED light) than normal operations. To reset +the Nitrokey FIDO2, confirm by touching the touch button for at least 5 +seconds until the green or blue LED lights up. + ++-----------------+-----------------+-----------------+-----------------+ +| LED Color | Event | Time Period | Comments | ++=================+=================+=================+=================+ +| Any (blinking) | Awaiting for | Until touch is | | +| | touch | confirmed or | | +| | | timed out | | ++-----------------+-----------------+-----------------+-----------------+ +| Any (blinking | Touch detected, | Until touch is | | +| faster) | counting | confirmed or | | +| | seconds | timed out | | ++-----------------+-----------------+-----------------+-----------------+ +| White (blinks) | Touch request | | Requires 1 | +| | for FIDO | | second touch to | +| | registration or | | complete; | +| | authentication | | timeout is | +| | operation | | usually about | +| | | | 30 seconds | ++-----------------+-----------------+-----------------+-----------------+ +| Yellow (blinks) | Touch request | | Requires 5 | +| | for | | seconds touch | +| | configuration | | to complete; | +| | operation | | e.g. used for | +| | | | activating | +| | | | firmware update | +| | | | mode | ++-----------------+-----------------+-----------------+-----------------+ +| Red (blinks) | Touch request | Available only | Requires 5 | +| | for reset | during the very | seconds touch | +| | operation | first 10 | to complete; | +| | | seconds after | e.g. used for | +| | | Nitrokey is | FIDO2 reset | +| | | powered | operation | ++-----------------+-----------------+-----------------+-----------------+ +| Green | Touch accepted, | After touch was | For the FIDO | +| (constant) | Nitrokey is | registered, 10 | registration or | +| | active and | seconds timeout | authentication | +| | accepting | | operations | +| | further FIDO2 | | after a | +| | operations | | confirmation | +| | | | Nitrokey enters | +| | | | into | +| | | | “activation” | +| | | | mode, | +| | | | auto-accepting | +| | | | any following | +| | | | mentioned | +| | | | operations | +| | | | until touch | +| | | | button is | +| | | | released, but | +| | | | not longer than | +| | | | 10 seconds | ++-----------------+-----------------+-----------------+-----------------+ +| Blue (constant) | Touch consumed | Until touch is | Touch | +| | - accepted and | released | consumption | +| | used up by the | | here means, | +| | operation | | that without | +| | | | releasing the | +| | | | touch button, | +| | | | and touching | +| | | | again the | +| | | | Nitrokey will | +| | | | not confirm any | +| | | | new operations | ++-----------------+-----------------+-----------------+-----------------+ +| White (single | Nitrokey ready | 0.5 seconds | | +| blink) | to work | after powering | | +| | | up | | ++-----------------+-----------------+-----------------+-----------------+ +| (no LED signal) | Nitrokey is | | | +| | idle | | | +| | | | | ++-----------------+-----------------+-----------------+-----------------+ +| (no LED signal) | Auto-accept | Within first 2 | Nitrokey is | +| | single FIDO | seconds after | automatically | +| | registration or | powering up | accepting any | +| | authentication | | single FIDO | +| | operation | | registration or | +| | | | authentication | +| | | | operation upon | +| | | | insertion event | +| | | | - the latter is | +| | | | treated as an | +| | | | equivalent of | +| | | | the touch | +| | | | button | +| | | | registration | +| | | | signal (user | +| | | | presence); the | +| | | | conf | +| | | | iguration/reset | +| | | | operations are | +| | | | not accepted | ++-----------------+-----------------+-----------------+-----------------+ +| All colors | Nitrokey is in | Active until | If the firmware | +| | Firmware Update | firmware update | update fails, | +| | mode | operation is | the Nitrokey | +| | | successful, or | will stay in | +| | | until | the this mode | +| | | reinsertion | until the | +| | | | firmware is | +| | | | written | +| | | | correctly | ++-----------------+-----------------+-----------------+-----------------+ + + +Note: white LED blinking is used as well to signalize the selected device (the so called WINK command). +If you are using Windows, the first time you plug in the Nitrokey it may need some +time to configure the device. + +Troubleshooting (Linux) +----------------------- + +- If the Nitrokey is not accepted immediately, you may need to copy + this file + `41-nitrokey.rules `__ + to ``etc/udev/rules.d/``. In very rare cases, the system will need + the `older + version `__ + of this file. + +- After copying the file, restart udev via + ``sudo service udev restart``. diff --git a/features/2fa/desktop-login.rst b/features/2fa/desktop-login.rst new file mode 100644 index 0000000000..fe8a0a22a6 --- /dev/null +++ b/features/2fa/desktop-login.rst @@ -0,0 +1,299 @@ +Desktop Login And Linux User Authentication +=========================================== + +.. contents:: :local: + +Introduction +------------ + +This guide will walk you through the configuration of Linux to use FIDO Universal 2nd Factor, i.e. FIDO U2F with ``libpam-u2f`` and Nitrokey FIDO2. + +If you want to login to you computer using `Nitrokey Pro +2, `__ `Nitrokey Storage +2 `__ and `Nitrokey Start `__ you can visit the instructions available `here <../../pro/linux/login-with-pam.html>`_. + +Requirements +------------ + +- Ubuntu 20.04 with Gnome Display Manager. + +- Nitrokey FIDO2 configured following `these + instructions `__. + +Instructions +------------ + +GUI Method +'''''''''' + +1. **In the lower left corner click on** ``Show Applications`` **and type settings in the search bar as following:** + + .. figure:: ../images/2fa/fidou2f-1.png + :alt: img1 + +2. **Scroll down in the right bar to** ``Users`` + + .. figure:: ../images/2fa/fidou2f-2.png + :alt: img2 + +3. **In the left corner click on** ``Unlock`` **and that would prompt for your + password** + + .. figure:: ../images/2fa/fidou2f-3.png + :alt: img3 + +4. **Select** ``Administrator`` **and enter the user name and password of your + choice** + + .. figure:: ../images/2fa/fidou2f-4.png + :alt: img4 + +5. **Once you finish Step 4 you should be done** + + .. figure:: ../images/2fa/fidou2f-5.png + :alt: img5 + +CLI Method +'''''''''' + +1. **Create a backup user and give it root privileges** + + You can do so by using these commands: + + .. rstcheck: ignore-next-code-block + .. code-block:: bash + + $ sudo adduser + $ sudo usermod -aG sudo + + In case you prefer to setup U2F for a single user, and are locked out of your + user session, you would still be able to login with the ````, and + proceed with the maintenance. + + .. warning:: + + The following guide can potentially lock you out of your computer. + You should be aware of these risks, as it is recommended to first use + the instructions below on a secondary computer, or after a full + backup. + + You might lose access to your data after configuring `PAM + modules `__. + + +2. **Set up the** ``rules`` **to recognize the Nitrokey FIDO2** + + Under ``/etc/udev/rules.d`` download ``41-nitrokey.rules`` + + .. code-block:: bash + + $ cd /etc/udev/rules.d/ + $ sudo wget https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules + + And restart ``udev`` service + + .. code-block:: bash + + $ sudo systemctl restart udev + +3. **Install** ``libpam-u2f`` + + On Ubuntu 20.04 it is possible to download directly ``libpam-u2f`` from the official repos + + .. code-block:: bash + + $ sudo apt install libpam-u2f + + .. note:: + + Click for more options + + - Alternatively you can build ``libpam-u2f`` from + `Git `__. + + - To verify that the library is properly installed enter the + following command: + + .. code-block:: bash + + $ file /lib/x86_64-linux-gnu/security/pam_u2f.so + + The Output should be something like the following: + + .. rstcheck: ignore-next-code-block + .. code-block:: bash + + /lib/x86_64-linux-gnu/security/pam_u2f.so: \ ELF 64-bit LSB shared object, x86-64, version 1 (SYSV),\ dynamically linked, BuildID[sha1]=1d55e1b11a97be2038c6a139579f6c0d91caedb1, stripped + +4. **Prepare the Directory** + + Create ``.config/Nitrokey/`` under your home directory + + .. code-block:: bash + + $ mkdir ~/.config/Nitrokey + + And plug your Nitrokey FIDO2. + + Once done with the preparation, we can start to configure the computer to use the Nitrokey FIDO2 for 2nd factor authentication at login and ``sudo``. + +5. **Generate the U2F config file** + + To generate the configuration file we will use the ``pamu2fcfg`` utility that comes with the ``libpam-u2f``. For convenience, we will directly write the output of the utility to the ``u2f_keys`` file under ``.config/Nitrokey``. First plug your Nitrokey FIDO2 (if you did not already), and enter the following command: + + .. code-block:: bash + + $ pamu2fcfg > ~/.config/Nitrokey/u2f_keys + + Once you run the command above, you will need to touch the key while it flashes. Once done, ``pamu2fcfg`` will append its output the ``u2f_keys`` in the following format: + + .. code-block:: bash + + :Zx...mw,04...0a + + Note, the output will be much longer, but sensitive parts have been removed here. For better security, and once the config file generated, we will move the ``.config/Nitrokey`` directory under the ``etc/`` + directory with this command: + + .. code-block:: bash + + $ sudo mv ~/.config/Nitrokey /etc + + .. tip:: + + - The file under ``.config/Nitrokey`` must be named ``u2f_keys`` + + - It is recommended to first test the instructions with a single + user. For this purpose the previous command takes the ``-u`` + option, to specify a user, like in the example below: + + .. rstcheck: ignore-next-code-block + .. code-block:: bash + + $ pamu2fcfg -u > ~/.config/Nitrokey/u2f_keys + + - For individual user configuration you should point to the home + directory in the next step, or not include the ``authfile`` option + in the PAM configuration. + +6. **Backup** + + This step is optional, however it is advised to have a backup Nitrokey in the case of loss, theft or destruction of your Nitrokey FIDO. + + To set up a backup key, repeat the procedure above, and use ``pamu2fcfg -n``. This will omit the ```` field, and the output can be appended to the line with your ```` like this: + + .. code-block:: bash + + :Zx...mw,04...0a:xB...fw,04...3f + +7. **Modify the Pluggable Authentication Module** ``PAM`` + + The final step is configure the PAM module files under ``/etc/pam.d/``. In this guide we will modify the ``common-auth`` file as it handles the authentication settings which are common to all services, but other options are possible. You can modify the file with the following command: + + .. code-block:: bash + + $ cd /etc/pam.d + $ sudo $editor common-auth + + And add the following lines at the top of the file: + + .. code-block:: bash + + #Nitrokey FIDO2 config + auth sufficient pam_u2f.so authfile=/etc/Nitrokey/u2f_keys cue prompt nouserok + + .. tip:: + + - Since we are using Central Authentication Mapping, we need to tell + ``pam_u2f`` the location of the file to use with the ``authfile`` + option. + + - If you often forget to insert the key, ``prompt`` option make + ``pam_u2f`` print ``Insert your U2F device, then press ENTER.`` + and give you a chance to insert the Nitrokey. + + - If you would like to be prompted to touch the Nitrokey, ``cue`` + option will make ``pam_u2f`` print ``Please touch the device.`` + message. + + - `nouserok` will ensure that you can still login using the username and + password, you might want to remove this at some point once the setup + is working and you don't want regular username & password based logins. + + Once we modified the ``common-auth``, we can save and exit the file. + + You can test the configuration by typing ``sudo ls`` in the terminal. You should be prompted the message ``Please touch the device.`` and have a similar output on the terminal: + + .. code-block:: bash + + nitrouser@nitrouser:~$ sudo ls + [sudo] password for nitrouser: Please touch the device. + + You can also test your configuration by logging out of the user session and logging back. A similar screen should be displayed once you you unplug/replug yout Nitrokey FIDO2 and type your password: + + .. figure:: ../images/2fa/u2f-fido-pam-2.png + :alt: img6 + +Usage +----- + +After the PAM module modification, you will be able to test your configuration right away, but it is recommended to reboot your computer, and unplug/replug the Nitrokey FIDO2. + +Once you have properly tested the instructions in this guide (and set up a backup), it is recommended to use either the ``required`` or the ``requisite`` control flag instead of ``sufficient``. + +The flags ``required`` and ``requisite`` provide a tighter access control, and will make the Nitrokey FIDO2 necessary to login, and/or use the configured service. + +If you need more information about Control Flags in the ``PAM`` +configuration line, you may see the last section of this guide to understand the difference, and the implications of using each of them. + +PAM Modules +'''''''''''''''''''''''' + +There are several PAM modules files that can be modified according to your needs: + +- By modifying ``/etc/pam.d/common-auth`` file, you will be able to use + you Nitrokey FIDO for 2nd factor authentication for graphic login and + ``sudo``. Note: ``common-auth`` should be modified by adding the + additional configuration line at the end of the file. + +- If you wish to use FIDO U2F authentication solely for Gnome’s graphic + login, you might prefer to modify the\ ``/etc/pam.d/gdm-password`` + +- Alternatively you can just modify the ``/etc/pam.d/sudo`` file if you + wish to use FIDO U2F when using the ``sudo`` command. + +Control Flags +'''''''''''''''''''''''' + +In step 7 we have used the ``sufficient`` control flag to determine the behavior of the PAM module when the Nitrokey is plugged or not. However it is possible to change this behavior by using the following control flags: + +- ``required``: This is the most critical flag. The module result must + be successful for authentication to continue. This flag can lock you + out of your computer if you do not have access to the Nitrokey. + +- ``requisite``: Similar to ``required`` however, in the case where a + specific module returns a failure, control is directly returned to + the application, or to the superior PAM stack. This flag can also + lock you out of your computer if you do not have access to the + Nitrokey. + +- ``sufficient``: The module result is ignored if it fails. The + ``sufficient`` flag considered to be safe for testing purposes. + +- ``optional``: The success or failure of this module is only important + if it is the only module in the stack associated with this + service+type. The ``optional`` flag is considered to be safe to use + for testing purposes. + +.. warning:: + + - If ``required`` or ``requisite`` is set, the failure of U2F + authentication will cause a failure of the overall authentication. + Failure will occur when the configured Nitrokey FIDO is not + plugged, lost or destroyed. + + - You will lose access to your computer if you mis-configured the + PAM module *and* used the ``required`` or ``requisite`` flags. + + - You will also lose the ability to use ``sudo`` if you set up + Central Authentication Mapping *and* used the ``required`` or + ``requisite`` flags. diff --git a/features/2fa/index.rst b/features/2fa/index.rst new file mode 100644 index 0000000000..09441eb430 --- /dev/null +++ b/features/2fa/index.rst @@ -0,0 +1,12 @@ +Two-Factor Authentication (2FA) +=============================== + + +.. toctree:: + :maxdepth: 1 + :glob: + + Website Login <2fa-website> + Nextcloud Login <2fa-nextcloud> + Odoo Login <2fa-odoo> + Desktop Login \ No newline at end of file diff --git a/nitrokeys/fido2/linux/images/fidou2f-1.png b/features/images/2fa/fidou2f-1.png similarity index 100% rename from nitrokeys/fido2/linux/images/fidou2f-1.png rename to features/images/2fa/fidou2f-1.png diff --git a/nitrokeys/fido2/linux/images/fidou2f-2.png b/features/images/2fa/fidou2f-2.png similarity index 100% rename from nitrokeys/fido2/linux/images/fidou2f-2.png rename to features/images/2fa/fidou2f-2.png diff --git a/nitrokeys/fido2/linux/images/fidou2f-3.png b/features/images/2fa/fidou2f-3.png similarity index 100% rename from nitrokeys/fido2/linux/images/fidou2f-3.png rename to features/images/2fa/fidou2f-3.png diff --git a/nitrokeys/fido2/linux/images/fidou2f-4.png b/features/images/2fa/fidou2f-4.png similarity index 100% rename from nitrokeys/fido2/linux/images/fidou2f-4.png rename to features/images/2fa/fidou2f-4.png diff --git a/nitrokeys/fido2/linux/images/fidou2f-5.png b/features/images/2fa/fidou2f-5.png similarity index 100% rename from nitrokeys/fido2/linux/images/fidou2f-5.png rename to features/images/2fa/fidou2f-5.png diff --git a/nitrokeys/fido2/linux/images/u2f-fido-pam-2.png b/features/images/2fa/u2f-fido-pam-2.png similarity index 100% rename from nitrokeys/fido2/linux/images/u2f-fido-pam-2.png rename to features/images/2fa/u2f-fido-pam-2.png diff --git a/features/openpgp/index.rst b/features/openpgp/index.rst new file mode 100644 index 0000000000..4f06d54c12 --- /dev/null +++ b/features/openpgp/index.rst @@ -0,0 +1,11 @@ +OpenPGP +======= + +.. toctree:: + :maxdepth: 1 + :glob: + + Use OpenPGP with Outlook + Use OpenPGP with Thunderbird + Odoo Login <2fa-odoo> + Desktop Login \ No newline at end of file diff --git a/nitrokeys/fido2/features.rst b/nitrokeys/fido2/features.rst new file mode 100644 index 0000000000..ab022193c1 --- /dev/null +++ b/nitrokeys/fido2/features.rst @@ -0,0 +1,8 @@ +FIDO2 Features +============== + +The Nitrokey FIDO2 currently supports the following features: + +.. toctree:: + :maxdepth: 1 + :glob: \ No newline at end of file diff --git a/nitrokeys/fido2/index.rst b/nitrokeys/fido2/index.rst index 37bfb22c4d..5d16dc88a5 100644 --- a/nitrokeys/fido2/index.rst +++ b/nitrokeys/fido2/index.rst @@ -11,13 +11,11 @@ First check the: Frequently Asked Questions -or choose your operating system: +or check out the features: .. toctree:: :maxdepth: 1 :glob: - Windows - macOS - Linux + Features diff --git a/nitrokeys/nitrokey3/index.rst b/nitrokeys/nitrokey3/index.rst index c672eaf399..aac91a3f88 100644 --- a/nitrokeys/nitrokey3/index.rst +++ b/nitrokeys/nitrokey3/index.rst @@ -26,11 +26,11 @@ First check the: Or choose your operating system: +or check out the features: + .. toctree:: :maxdepth: 1 :glob: - Windows - macOS - Linux + Features diff --git a/nitrokeys/pro/features.rst b/nitrokeys/pro/features.rst new file mode 100644 index 0000000000..7a21a91d37 --- /dev/null +++ b/nitrokeys/pro/features.rst @@ -0,0 +1,11 @@ +Nitrokey Pro 2 Features +======================= + +The Nitrokey Pro 2 currently supports the following features: + +.. toctree:: + :maxdepth: 1 + :glob: + + Two-Factor Authentication (2FA) <../features/2fa> + OpenPGP <../features/openpgp> \ No newline at end of file diff --git a/nitrokeys/pro/index.rst b/nitrokeys/pro/index.rst index 8cde11bc4d..b190095399 100644 --- a/nitrokeys/pro/index.rst +++ b/nitrokeys/pro/index.rst @@ -12,13 +12,11 @@ First check the: Frequently Asked Questions -or choose your operating system: +or check out the features: .. toctree:: :maxdepth: 1 :glob: - Windows - macOS - Linux + Features diff --git a/nitrokeys/u2f/features.rst b/nitrokeys/u2f/features.rst new file mode 100644 index 0000000000..49510a2ac0 --- /dev/null +++ b/nitrokeys/u2f/features.rst @@ -0,0 +1,10 @@ +FIDO U2F Features +================= + +The Nitrokey FIDO U2F currently supports the following features: + +.. toctree:: + :maxdepth: 1 + :glob: + + Two-Factor Authentication (2FA) <../../features/2fa/index> diff --git a/nitrokeys/u2f/index.rst b/nitrokeys/u2f/index.rst index 6e856a75bf..e8b2ce23c8 100644 --- a/nitrokeys/u2f/index.rst +++ b/nitrokeys/u2f/index.rst @@ -3,13 +3,11 @@ Nitrokey FIDO U2F .. contents:: :local: -Choose your operating system: +Check out the features: .. toctree:: :maxdepth: 1 :glob: - Windows - macOS - Linux + Features diff --git a/nitrokeys/u2f/linux/2fa-nextcloud.rst b/nitrokeys/u2f/linux/2fa-nextcloud.rst deleted file mode 100644 index eed3ad9899..0000000000 --- a/nitrokeys/u2f/linux/2fa-nextcloud.rst +++ /dev/null @@ -1,4 +0,0 @@ -Two-Factor Authentication And Passwordless Login For Nextcloud Accounts -======================================================================= - -.. include:: ../../fido2/2fa-nextcloud.rst diff --git a/nitrokeys/u2f/linux/2fa-odoo.rst b/nitrokeys/u2f/linux/2fa-odoo.rst deleted file mode 100644 index 5bf7237e31..0000000000 --- a/nitrokeys/u2f/linux/2fa-odoo.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../fido2/2fa-odoo.rst.inc diff --git a/nitrokeys/u2f/linux/desktop-login.rst b/nitrokeys/u2f/linux/desktop-login.rst deleted file mode 100644 index 3cf97f3894..0000000000 --- a/nitrokeys/u2f/linux/desktop-login.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../fido2/linux/desktop-login.rst \ No newline at end of file diff --git a/nitrokeys/u2f/linux/index.rst b/nitrokeys/u2f/linux/index.rst deleted file mode 100644 index f89717d489..0000000000 --- a/nitrokeys/u2f/linux/index.rst +++ /dev/null @@ -1,27 +0,0 @@ -Nitrokey FIDO U2F With Linux -============================ - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -.. include:: ../shared/index-content1.rst - -Troubleshooting ---------------- - -- If the Nitrokey is not accepted immediately, you may need to copy - this file - `41-nitrokey.rules `__ - to ``etc/udev/rules.d/``. In very rare cases, the system will need - the `older - version `__ - of this file. - -- After copying the file, restart udev via - ``sudo service udev restart``. diff --git a/nitrokeys/u2f/mac/2fa-nextcloud.rst b/nitrokeys/u2f/mac/2fa-nextcloud.rst deleted file mode 100644 index eed3ad9899..0000000000 --- a/nitrokeys/u2f/mac/2fa-nextcloud.rst +++ /dev/null @@ -1,4 +0,0 @@ -Two-Factor Authentication And Passwordless Login For Nextcloud Accounts -======================================================================= - -.. include:: ../../fido2/2fa-nextcloud.rst diff --git a/nitrokeys/u2f/mac/2fa-odoo.rst b/nitrokeys/u2f/mac/2fa-odoo.rst deleted file mode 100644 index 5bf7237e31..0000000000 --- a/nitrokeys/u2f/mac/2fa-odoo.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../fido2/2fa-odoo.rst.inc diff --git a/nitrokeys/u2f/mac/index.rst b/nitrokeys/u2f/mac/index.rst deleted file mode 100644 index 826477b989..0000000000 --- a/nitrokeys/u2f/mac/index.rst +++ /dev/null @@ -1,13 +0,0 @@ -Nitrokey FIDO U2F With macOS -============================ - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -.. include:: ../shared/index-content1.rst diff --git a/nitrokeys/u2f/shared/index-content1.rst b/nitrokeys/u2f/shared/index-content1.rst deleted file mode 100644 index 5e9088f110..0000000000 --- a/nitrokeys/u2f/shared/index-content1.rst +++ /dev/null @@ -1,25 +0,0 @@ -The Nitrokey FIDO U2F supports **two-factor authentication (2FA)**. With -two-factor authentication (2FA), the Nitrokey FIDO U2F is checked in -addition to the password. - -The Nitrokey FIDO U2F can be used with any current browser. - -Two-Factor Authentication (2FA) -------------------------------- - -1. Open one of the `websites that support FIDO - U2F `__. -2. Log in to the website and enable two-factor authentication in your - account settings. (In most cases you will find a link to the - documentation of the supported web service at - `dongleauth.com `__.) -3. Register your Nitrokey FIDO U2F in the account settings by touching - the button to activate the Nitrokey FIDO U2F. After you have - successfully configured the device, you must activate the Nitrokey - FIDO U2F this way each time you log in. - -You are now ready to go. - -.. important:: - - The Nitrokey App can not be used for the Nitrokey FIDO U2F. diff --git a/nitrokeys/u2f/windows/2fa-nextcloud.rst b/nitrokeys/u2f/windows/2fa-nextcloud.rst deleted file mode 100644 index eed3ad9899..0000000000 --- a/nitrokeys/u2f/windows/2fa-nextcloud.rst +++ /dev/null @@ -1,4 +0,0 @@ -Two-Factor Authentication And Passwordless Login For Nextcloud Accounts -======================================================================= - -.. include:: ../../fido2/2fa-nextcloud.rst diff --git a/nitrokeys/u2f/windows/2fa-odoo.rst b/nitrokeys/u2f/windows/2fa-odoo.rst deleted file mode 100644 index 5bf7237e31..0000000000 --- a/nitrokeys/u2f/windows/2fa-odoo.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../fido2/2fa-odoo.rst.inc diff --git a/nitrokeys/u2f/windows/index.rst b/nitrokeys/u2f/windows/index.rst deleted file mode 100644 index 534a0c8720..0000000000 --- a/nitrokeys/u2f/windows/index.rst +++ /dev/null @@ -1,16 +0,0 @@ -Nitrokey FIDO U2F With Windows -============================== - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -The first time you plug in the Nitrokey FIDO U2F Windows may need some -time to configure the device. - -.. include:: ../shared/index-content1.rst From 0eff6a18f66f3ab701f03e1e7ab5a2dd65be25a6 Mon Sep 17 00:00:00 2001 From: Keksmo Date: Mon, 29 Jul 2024 13:05:34 +0200 Subject: [PATCH 03/33] added OpenPGP as feature --- features/openpgp/index.rst | 11 ------- .../features}/2fa/2fa-nextcloud.rst | 0 .../features}/2fa/2fa-odoo.rst | 0 .../features}/2fa/2fa-website.rst | 0 .../features}/2fa/desktop-login.rst | 12 ++++---- .../features/2fa/images}/fidou2f-1.png | Bin .../features/2fa/images}/fidou2f-2.png | Bin .../features/2fa/images}/fidou2f-3.png | Bin .../features/2fa/images}/fidou2f-4.png | Bin .../features/2fa/images}/fidou2f-5.png | Bin .../features/2fa/images}/u2f-fido-pam-2.png | Bin .../features}/2fa/index.rst | 0 nitrokeys/features/index.rst | 0 .../openpgp/images/outlook}/1.png | Bin .../openpgp/images/outlook}/2.png | Bin .../openpgp/images/outlook}/3.png | Bin .../openpgp/images/outlook}/4.png | Bin .../openpgp/images/thunderbird}/1.png | Bin .../openpgp/images/thunderbird}/10.png | Bin .../openpgp/images/thunderbird}/11.png | Bin .../openpgp/images/thunderbird}/12.png | Bin .../openpgp/images/thunderbird}/13.png | Bin .../openpgp/images/thunderbird}/14.png | Bin .../openpgp/images/thunderbird}/2.png | Bin .../openpgp/images/thunderbird}/3.png | Bin .../openpgp/images/thunderbird}/4.png | Bin .../openpgp/images/thunderbird}/5.png | Bin .../openpgp/images/thunderbird}/6.png | Bin .../openpgp/images/thunderbird}/7.png | Bin .../openpgp/images/thunderbird}/8.png | Bin .../openpgp/images/thunderbird}/9.png | Bin .../features/openpgp/index.rst | 3 ++ .../openpgp}/openpgp-csp.rst | 0 .../openpgp/openpgp-keygen-backup.rst} | 0 .../openpgp/openpgp-keygen-gpa.rst} | 0 .../openpgp/openpgp-keygen-on-device.rst} | 0 .../openpgp/openpgp-outlook.rst} | 8 ++--- .../openpgp/openpgp-thunderbird.rst} | 28 ++++++++--------- .../smime/index.rst} | 0 .../smime/smime-outlook.rst} | 0 .../smime/smime-thunderbird.rst} | 0 .../totp/google.rst} | 0 .../totp/images/nextcloud}/1.png | Bin .../totp/images/nextcloud}/2.png | Bin .../totp/images/nextcloud}/3.png | Bin .../totp/images/nextcloud}/4.png | Bin .../totp/images/nextcloud}/5.png | Bin .../totp/images/nextcloud}/6.png | Bin .../totp/images/nextcloud}/7.png | Bin .../totp/images/nextcloud}/8.png | Bin .../totp/images/nextcloud}/9.png | Bin nitrokeys/features/totp/index.rst | 1 + .../totp/nextcloud.rst} | 18 +++++------ nitrokeys/pro/2fa-odoo.rst.inc | 29 ------------------ nitrokeys/pro/features.rst | 5 +-- nitrokeys/pro/linux/openpgp-keygen-backup.rst | 1 - nitrokeys/pro/linux/openpgp-keygen-gpa.rst | 1 - .../pro/linux/openpgp-keygen-on-device.rst | 1 - nitrokeys/pro/linux/openpgp-outlook.rst | 1 - nitrokeys/pro/linux/openpgp-thunderbird.rst | 1 - nitrokeys/pro/linux/openpgp.rst | 1 - nitrokeys/pro/mac/openpgp-keygen-backup.rst | 1 - nitrokeys/pro/mac/openpgp-keygen-gpa.rst | 1 - .../pro/mac/openpgp-keygen-on-device.rst | 1 - nitrokeys/pro/mac/openpgp-outlook.rst | 1 - nitrokeys/pro/mac/openpgp-thunderbird.rst | 1 - nitrokeys/pro/mac/openpgp.rst | 2 -- nitrokeys/pro/openpgp.rst.inc | 6 ---- .../pro/windows/openpgp-keygen-backup.rst | 1 - nitrokeys/pro/windows/openpgp-keygen-gpa.rst | 1 - .../pro/windows/openpgp-keygen-on-device.rst | 1 - nitrokeys/pro/windows/openpgp-outlook.rst | 1 - nitrokeys/pro/windows/openpgp-thunderbird.rst | 1 - nitrokeys/pro/windows/openpgp.rst | 1 - nitrokeys/u2f/features.rst | 2 +- 75 files changed, 41 insertions(+), 101 deletions(-) delete mode 100644 features/openpgp/index.rst rename {features => nitrokeys/features}/2fa/2fa-nextcloud.rst (100%) rename {features => nitrokeys/features}/2fa/2fa-odoo.rst (100%) rename {features => nitrokeys/features}/2fa/2fa-website.rst (100%) rename {features => nitrokeys/features}/2fa/desktop-login.rst (97%) rename {features/images/2fa => nitrokeys/features/2fa/images}/fidou2f-1.png (100%) rename {features/images/2fa => nitrokeys/features/2fa/images}/fidou2f-2.png (100%) rename {features/images/2fa => nitrokeys/features/2fa/images}/fidou2f-3.png (100%) rename {features/images/2fa => nitrokeys/features/2fa/images}/fidou2f-4.png (100%) rename {features/images/2fa => nitrokeys/features/2fa/images}/fidou2f-5.png (100%) rename {features/images/2fa => nitrokeys/features/2fa/images}/u2f-fido-pam-2.png (100%) rename {features => nitrokeys/features}/2fa/index.rst (100%) create mode 100644 nitrokeys/features/index.rst rename nitrokeys/{pro/windows/images/openpgp-outlook => features/openpgp/images/outlook}/1.png (100%) rename nitrokeys/{pro/windows/images/openpgp-outlook => features/openpgp/images/outlook}/2.png (100%) rename nitrokeys/{pro/windows/images/openpgp-outlook => features/openpgp/images/outlook}/3.png (100%) rename nitrokeys/{pro/windows/images/openpgp-outlook => features/openpgp/images/outlook}/4.png (100%) rename nitrokeys/{pro/images/openpgp-thunderbird => features/openpgp/images/thunderbird}/1.png (100%) rename nitrokeys/{pro/images/openpgp-thunderbird => features/openpgp/images/thunderbird}/10.png (100%) rename nitrokeys/{pro/images/openpgp-thunderbird => features/openpgp/images/thunderbird}/11.png (100%) rename nitrokeys/{pro/images/openpgp-thunderbird => features/openpgp/images/thunderbird}/12.png (100%) rename nitrokeys/{pro/images/openpgp-thunderbird => features/openpgp/images/thunderbird}/13.png (100%) rename nitrokeys/{pro/images/openpgp-thunderbird => features/openpgp/images/thunderbird}/14.png (100%) rename nitrokeys/{pro/images/openpgp-thunderbird => features/openpgp/images/thunderbird}/2.png (100%) rename nitrokeys/{pro/images/openpgp-thunderbird => features/openpgp/images/thunderbird}/3.png (100%) rename nitrokeys/{pro/images/openpgp-thunderbird => features/openpgp/images/thunderbird}/4.png (100%) rename nitrokeys/{pro/images/openpgp-thunderbird => features/openpgp/images/thunderbird}/5.png (100%) rename nitrokeys/{pro/images/openpgp-thunderbird => features/openpgp/images/thunderbird}/6.png (100%) rename nitrokeys/{pro/images/openpgp-thunderbird => features/openpgp/images/thunderbird}/7.png (100%) rename nitrokeys/{pro/images/openpgp-thunderbird => features/openpgp/images/thunderbird}/8.png (100%) rename nitrokeys/{pro/images/openpgp-thunderbird => features/openpgp/images/thunderbird}/9.png (100%) rename shared/openpgp.rst.inc => nitrokeys/features/openpgp/index.rst (98%) rename nitrokeys/{pro/windows => features/openpgp}/openpgp-csp.rst (100%) rename nitrokeys/{pro/openpgp-keygen-backup.rst.inc => features/openpgp/openpgp-keygen-backup.rst} (100%) rename nitrokeys/{pro/openpgp-keygen-gpa.rst.inc => features/openpgp/openpgp-keygen-gpa.rst} (100%) rename nitrokeys/{pro/openpgp-keygen-on-device.rst.inc => features/openpgp/openpgp-keygen-on-device.rst} (100%) rename nitrokeys/{pro/openpgp-outlook.rst.inc => features/openpgp/openpgp-outlook.rst} (84%) rename nitrokeys/{pro/openpgp-thunderbird.rst.inc => features/openpgp/openpgp-thunderbird.rst} (90%) rename nitrokeys/{pro/smime.rst.inc => features/smime/index.rst} (100%) rename nitrokeys/{pro/smime-outlook.rst.inc => features/smime/smime-outlook.rst} (100%) rename nitrokeys/{pro/smime-thunderbird.rst.inc => features/smime/smime-thunderbird.rst} (100%) rename nitrokeys/{pro/2fa-google.rst.inc => features/totp/google.rst} (100%) rename nitrokeys/{pro/images/2fa-nextcloud => features/totp/images/nextcloud}/1.png (100%) rename nitrokeys/{pro/images/2fa-nextcloud => features/totp/images/nextcloud}/2.png (100%) rename nitrokeys/{pro/images/2fa-nextcloud => features/totp/images/nextcloud}/3.png (100%) rename nitrokeys/{pro/images/2fa-nextcloud => features/totp/images/nextcloud}/4.png (100%) rename nitrokeys/{pro/images/2fa-nextcloud => features/totp/images/nextcloud}/5.png (100%) rename nitrokeys/{pro/images/2fa-nextcloud => features/totp/images/nextcloud}/6.png (100%) rename nitrokeys/{pro/images/2fa-nextcloud => features/totp/images/nextcloud}/7.png (100%) rename nitrokeys/{pro/images/2fa-nextcloud => features/totp/images/nextcloud}/8.png (100%) rename nitrokeys/{pro/images/2fa-nextcloud => features/totp/images/nextcloud}/9.png (100%) create mode 100644 nitrokeys/features/totp/index.rst rename nitrokeys/{pro/2fa-nextcloud.rst.inc => features/totp/nextcloud.rst} (76%) delete mode 100644 nitrokeys/pro/2fa-odoo.rst.inc delete mode 100644 nitrokeys/pro/linux/openpgp-keygen-backup.rst delete mode 100644 nitrokeys/pro/linux/openpgp-keygen-gpa.rst delete mode 100644 nitrokeys/pro/linux/openpgp-keygen-on-device.rst delete mode 100644 nitrokeys/pro/linux/openpgp-outlook.rst delete mode 100644 nitrokeys/pro/linux/openpgp-thunderbird.rst delete mode 100644 nitrokeys/pro/linux/openpgp.rst delete mode 100644 nitrokeys/pro/mac/openpgp-keygen-backup.rst delete mode 100644 nitrokeys/pro/mac/openpgp-keygen-gpa.rst delete mode 100644 nitrokeys/pro/mac/openpgp-keygen-on-device.rst delete mode 100644 nitrokeys/pro/mac/openpgp-outlook.rst delete mode 100644 nitrokeys/pro/mac/openpgp-thunderbird.rst delete mode 100644 nitrokeys/pro/mac/openpgp.rst delete mode 100644 nitrokeys/pro/openpgp.rst.inc delete mode 100644 nitrokeys/pro/windows/openpgp-keygen-backup.rst delete mode 100644 nitrokeys/pro/windows/openpgp-keygen-gpa.rst delete mode 100644 nitrokeys/pro/windows/openpgp-keygen-on-device.rst delete mode 100644 nitrokeys/pro/windows/openpgp-outlook.rst delete mode 100644 nitrokeys/pro/windows/openpgp-thunderbird.rst delete mode 100644 nitrokeys/pro/windows/openpgp.rst diff --git a/features/openpgp/index.rst b/features/openpgp/index.rst deleted file mode 100644 index 4f06d54c12..0000000000 --- a/features/openpgp/index.rst +++ /dev/null @@ -1,11 +0,0 @@ -OpenPGP -======= - -.. toctree:: - :maxdepth: 1 - :glob: - - Use OpenPGP with Outlook - Use OpenPGP with Thunderbird - Odoo Login <2fa-odoo> - Desktop Login \ No newline at end of file diff --git a/features/2fa/2fa-nextcloud.rst b/nitrokeys/features/2fa/2fa-nextcloud.rst similarity index 100% rename from features/2fa/2fa-nextcloud.rst rename to nitrokeys/features/2fa/2fa-nextcloud.rst diff --git a/features/2fa/2fa-odoo.rst b/nitrokeys/features/2fa/2fa-odoo.rst similarity index 100% rename from features/2fa/2fa-odoo.rst rename to nitrokeys/features/2fa/2fa-odoo.rst diff --git a/features/2fa/2fa-website.rst b/nitrokeys/features/2fa/2fa-website.rst similarity index 100% rename from features/2fa/2fa-website.rst rename to nitrokeys/features/2fa/2fa-website.rst diff --git a/features/2fa/desktop-login.rst b/nitrokeys/features/2fa/desktop-login.rst similarity index 97% rename from features/2fa/desktop-login.rst rename to nitrokeys/features/2fa/desktop-login.rst index fe8a0a22a6..cabc0a9c67 100644 --- a/features/2fa/desktop-login.rst +++ b/nitrokeys/features/2fa/desktop-login.rst @@ -28,29 +28,29 @@ GUI Method 1. **In the lower left corner click on** ``Show Applications`` **and type settings in the search bar as following:** - .. figure:: ../images/2fa/fidou2f-1.png + .. figure:: images/fidou2f-1.png :alt: img1 2. **Scroll down in the right bar to** ``Users`` - .. figure:: ../images/2fa/fidou2f-2.png + .. figure:: images/fidou2f-2.png :alt: img2 3. **In the left corner click on** ``Unlock`` **and that would prompt for your password** - .. figure:: ../images/2fa/fidou2f-3.png + .. figure:: images/fidou2f-3.png :alt: img3 4. **Select** ``Administrator`` **and enter the user name and password of your choice** - .. figure:: ../images/2fa/fidou2f-4.png + .. figure:: images/fidou2f-4.png :alt: img4 5. **Once you finish Step 4 you should be done** - .. figure:: ../images/2fa/fidou2f-5.png + .. figure:: images/fidou2f-5.png :alt: img5 CLI Method @@ -230,7 +230,7 @@ CLI Method You can also test your configuration by logging out of the user session and logging back. A similar screen should be displayed once you you unplug/replug yout Nitrokey FIDO2 and type your password: - .. figure:: ../images/2fa/u2f-fido-pam-2.png + .. figure:: images/u2f-fido-pam-2.png :alt: img6 Usage diff --git a/features/images/2fa/fidou2f-1.png b/nitrokeys/features/2fa/images/fidou2f-1.png similarity index 100% rename from features/images/2fa/fidou2f-1.png rename to nitrokeys/features/2fa/images/fidou2f-1.png diff --git a/features/images/2fa/fidou2f-2.png b/nitrokeys/features/2fa/images/fidou2f-2.png similarity index 100% rename from features/images/2fa/fidou2f-2.png rename to nitrokeys/features/2fa/images/fidou2f-2.png diff --git a/features/images/2fa/fidou2f-3.png b/nitrokeys/features/2fa/images/fidou2f-3.png similarity index 100% rename from features/images/2fa/fidou2f-3.png rename to nitrokeys/features/2fa/images/fidou2f-3.png diff --git a/features/images/2fa/fidou2f-4.png b/nitrokeys/features/2fa/images/fidou2f-4.png similarity index 100% rename from features/images/2fa/fidou2f-4.png rename to nitrokeys/features/2fa/images/fidou2f-4.png diff --git a/features/images/2fa/fidou2f-5.png b/nitrokeys/features/2fa/images/fidou2f-5.png similarity index 100% rename from features/images/2fa/fidou2f-5.png rename to nitrokeys/features/2fa/images/fidou2f-5.png diff --git a/features/images/2fa/u2f-fido-pam-2.png b/nitrokeys/features/2fa/images/u2f-fido-pam-2.png similarity index 100% rename from features/images/2fa/u2f-fido-pam-2.png rename to nitrokeys/features/2fa/images/u2f-fido-pam-2.png diff --git a/features/2fa/index.rst b/nitrokeys/features/2fa/index.rst similarity index 100% rename from features/2fa/index.rst rename to nitrokeys/features/2fa/index.rst diff --git a/nitrokeys/features/index.rst b/nitrokeys/features/index.rst new file mode 100644 index 0000000000..e69de29bb2 diff --git a/nitrokeys/pro/windows/images/openpgp-outlook/1.png b/nitrokeys/features/openpgp/images/outlook/1.png similarity index 100% rename from nitrokeys/pro/windows/images/openpgp-outlook/1.png rename to nitrokeys/features/openpgp/images/outlook/1.png diff --git a/nitrokeys/pro/windows/images/openpgp-outlook/2.png b/nitrokeys/features/openpgp/images/outlook/2.png similarity index 100% rename from nitrokeys/pro/windows/images/openpgp-outlook/2.png rename to nitrokeys/features/openpgp/images/outlook/2.png diff --git a/nitrokeys/pro/windows/images/openpgp-outlook/3.png b/nitrokeys/features/openpgp/images/outlook/3.png similarity index 100% rename from nitrokeys/pro/windows/images/openpgp-outlook/3.png rename to nitrokeys/features/openpgp/images/outlook/3.png diff --git a/nitrokeys/pro/windows/images/openpgp-outlook/4.png b/nitrokeys/features/openpgp/images/outlook/4.png similarity index 100% rename from nitrokeys/pro/windows/images/openpgp-outlook/4.png rename to nitrokeys/features/openpgp/images/outlook/4.png diff --git a/nitrokeys/pro/images/openpgp-thunderbird/1.png b/nitrokeys/features/openpgp/images/thunderbird/1.png similarity index 100% rename from nitrokeys/pro/images/openpgp-thunderbird/1.png rename to nitrokeys/features/openpgp/images/thunderbird/1.png diff --git a/nitrokeys/pro/images/openpgp-thunderbird/10.png b/nitrokeys/features/openpgp/images/thunderbird/10.png similarity index 100% rename from nitrokeys/pro/images/openpgp-thunderbird/10.png rename to nitrokeys/features/openpgp/images/thunderbird/10.png diff --git a/nitrokeys/pro/images/openpgp-thunderbird/11.png b/nitrokeys/features/openpgp/images/thunderbird/11.png similarity index 100% rename from nitrokeys/pro/images/openpgp-thunderbird/11.png rename to nitrokeys/features/openpgp/images/thunderbird/11.png diff --git a/nitrokeys/pro/images/openpgp-thunderbird/12.png b/nitrokeys/features/openpgp/images/thunderbird/12.png similarity index 100% rename from nitrokeys/pro/images/openpgp-thunderbird/12.png rename to nitrokeys/features/openpgp/images/thunderbird/12.png diff --git a/nitrokeys/pro/images/openpgp-thunderbird/13.png b/nitrokeys/features/openpgp/images/thunderbird/13.png similarity index 100% rename from nitrokeys/pro/images/openpgp-thunderbird/13.png rename to nitrokeys/features/openpgp/images/thunderbird/13.png diff --git a/nitrokeys/pro/images/openpgp-thunderbird/14.png b/nitrokeys/features/openpgp/images/thunderbird/14.png similarity index 100% rename from nitrokeys/pro/images/openpgp-thunderbird/14.png rename to nitrokeys/features/openpgp/images/thunderbird/14.png diff --git a/nitrokeys/pro/images/openpgp-thunderbird/2.png b/nitrokeys/features/openpgp/images/thunderbird/2.png similarity index 100% rename from nitrokeys/pro/images/openpgp-thunderbird/2.png rename to nitrokeys/features/openpgp/images/thunderbird/2.png diff --git a/nitrokeys/pro/images/openpgp-thunderbird/3.png b/nitrokeys/features/openpgp/images/thunderbird/3.png similarity index 100% rename from nitrokeys/pro/images/openpgp-thunderbird/3.png rename to nitrokeys/features/openpgp/images/thunderbird/3.png diff --git a/nitrokeys/pro/images/openpgp-thunderbird/4.png b/nitrokeys/features/openpgp/images/thunderbird/4.png similarity index 100% rename from nitrokeys/pro/images/openpgp-thunderbird/4.png rename to nitrokeys/features/openpgp/images/thunderbird/4.png diff --git a/nitrokeys/pro/images/openpgp-thunderbird/5.png b/nitrokeys/features/openpgp/images/thunderbird/5.png similarity index 100% rename from nitrokeys/pro/images/openpgp-thunderbird/5.png rename to nitrokeys/features/openpgp/images/thunderbird/5.png diff --git a/nitrokeys/pro/images/openpgp-thunderbird/6.png b/nitrokeys/features/openpgp/images/thunderbird/6.png similarity index 100% rename from nitrokeys/pro/images/openpgp-thunderbird/6.png rename to nitrokeys/features/openpgp/images/thunderbird/6.png diff --git a/nitrokeys/pro/images/openpgp-thunderbird/7.png b/nitrokeys/features/openpgp/images/thunderbird/7.png similarity index 100% rename from nitrokeys/pro/images/openpgp-thunderbird/7.png rename to nitrokeys/features/openpgp/images/thunderbird/7.png diff --git a/nitrokeys/pro/images/openpgp-thunderbird/8.png b/nitrokeys/features/openpgp/images/thunderbird/8.png similarity index 100% rename from nitrokeys/pro/images/openpgp-thunderbird/8.png rename to nitrokeys/features/openpgp/images/thunderbird/8.png diff --git a/nitrokeys/pro/images/openpgp-thunderbird/9.png b/nitrokeys/features/openpgp/images/thunderbird/9.png similarity index 100% rename from nitrokeys/pro/images/openpgp-thunderbird/9.png rename to nitrokeys/features/openpgp/images/thunderbird/9.png diff --git a/shared/openpgp.rst.inc b/nitrokeys/features/openpgp/index.rst similarity index 98% rename from shared/openpgp.rst.inc rename to nitrokeys/features/openpgp/index.rst index 91f1d4d60e..96b38a6e8c 100644 --- a/shared/openpgp.rst.inc +++ b/nitrokeys/features/openpgp/index.rst @@ -1,3 +1,6 @@ +OpenPGP Email Encryption +======================== + There are two widely used standards for email encryption. - OpenPGP/GnuPG is popular among individuals, diff --git a/nitrokeys/pro/windows/openpgp-csp.rst b/nitrokeys/features/openpgp/openpgp-csp.rst similarity index 100% rename from nitrokeys/pro/windows/openpgp-csp.rst rename to nitrokeys/features/openpgp/openpgp-csp.rst diff --git a/nitrokeys/pro/openpgp-keygen-backup.rst.inc b/nitrokeys/features/openpgp/openpgp-keygen-backup.rst similarity index 100% rename from nitrokeys/pro/openpgp-keygen-backup.rst.inc rename to nitrokeys/features/openpgp/openpgp-keygen-backup.rst diff --git a/nitrokeys/pro/openpgp-keygen-gpa.rst.inc b/nitrokeys/features/openpgp/openpgp-keygen-gpa.rst similarity index 100% rename from nitrokeys/pro/openpgp-keygen-gpa.rst.inc rename to nitrokeys/features/openpgp/openpgp-keygen-gpa.rst diff --git a/nitrokeys/pro/openpgp-keygen-on-device.rst.inc b/nitrokeys/features/openpgp/openpgp-keygen-on-device.rst similarity index 100% rename from nitrokeys/pro/openpgp-keygen-on-device.rst.inc rename to nitrokeys/features/openpgp/openpgp-keygen-on-device.rst diff --git a/nitrokeys/pro/openpgp-outlook.rst.inc b/nitrokeys/features/openpgp/openpgp-outlook.rst similarity index 84% rename from nitrokeys/pro/openpgp-outlook.rst.inc rename to nitrokeys/features/openpgp/openpgp-outlook.rst index 2b53d3239f..5ee52144fa 100644 --- a/nitrokeys/pro/openpgp-outlook.rst.inc +++ b/nitrokeys/features/openpgp/openpgp-outlook.rst @@ -15,7 +15,7 @@ If you do not have PGP-Keys on your Nitrokey yet, please look at `this page `__. You need to make sure to have “GpgOL” checked during installation process (see below). -.. figure:: /pro/windows/images/openpgp-outlook/1.png +.. figure:: images/outlook/1.png :alt: img1 @@ -25,21 +25,21 @@ Usage After installing GPG4Win along with GpgOL, you will see a new icon labeled “Secure” in the composing window. To encrypt and sign a mail you just click on the sign like seen below. -.. figure:: /pro/windows/images/openpgp-outlook/2.png +.. figure:: images/outlook/2.png :alt: img2 GnuPG will start signing and encrypting the mail as soon as you click on ‘send’. You are requested to choose the identity you want to sign with and encrypt for. -.. figure:: /pro/windows/images/openpgp-outlook/3.png +.. figure:: images/outlook/3.png :alt: img3 Furthermore, you are asked for typing in the User PIN of the Nitrokey for signing the mail. -.. figure:: /pro/windows/images/openpgp-outlook/4.png +.. figure:: images/outlook/4.png :alt: img4 diff --git a/nitrokeys/pro/openpgp-thunderbird.rst.inc b/nitrokeys/features/openpgp/openpgp-thunderbird.rst similarity index 90% rename from nitrokeys/pro/openpgp-thunderbird.rst.inc rename to nitrokeys/features/openpgp/openpgp-thunderbird.rst index a0bf2846df..c1d4456184 100644 --- a/nitrokeys/pro/openpgp-thunderbird.rst.inc +++ b/nitrokeys/features/openpgp/openpgp-thunderbird.rst @@ -55,14 +55,14 @@ Procedure 3. In Thunderbird, select as shown in the following picture. “OpenPGP” → “Manage smart card” -.. figure:: /pro/images/openpgp-thunderbird/1.png +.. figure:: images/thunderbird/1.png :alt: img1 4. In the “SmartCard Details” window, select “SmartCard → Change PIN” -.. figure:: /pro/images/openpgp-thunderbird/2.png +.. figure:: images/thunderbird/2.png :alt: img2 @@ -73,14 +73,14 @@ Procedure () [] {}% +. The PIN should be at least 6 characters long. Click “OK”. -.. figure:: /pro/images/openpgp-thunderbird/3.png +.. figure:: images/thunderbird/3.png :alt: img3 6. Repeat the procedure for the Admin PIN. “SmartCard → Change PIN” -.. figure:: /pro/images/openpgp-thunderbird/4.png +.. figure:: images/thunderbird/4.png :alt: img4 @@ -91,7 +91,7 @@ Procedure .;;:- !? () [] {}% +. The PIN should be at least 8 characters long. Click “OK”. -.. figure:: /pro/images/openpgp-thunderbird/5.png +.. figure:: images/thunderbird/5.png :alt: img5 @@ -118,7 +118,7 @@ To encrypt data and e-mails, a key pair consisting of a public key and a private “User ID” is correct. You can also specify whether a private key backup copy should be stored on your computer. -.. figure:: /pro/images/openpgp-thunderbird/6.png +.. figure:: images/thunderbird/6.png :alt: img6 @@ -126,7 +126,7 @@ To encrypt data and e-mails, a key pair consisting of a public key and a private 5. If you do not create a backup copy, you have no chance to get your encrypted data if the Nitrokey is lost or damaged! -.. figure:: /pro/images/openpgp-thunderbird/7.png +.. figure:: images/thunderbird/7.png :alt: img7 @@ -151,14 +151,14 @@ You can also specify whether and when the key should be automatically invalid. T 1. Finally, click on “Generate key pair”. -.. figure:: /pro/images/openpgp-thunderbird/8.png +.. figure:: images/thunderbird/8.png :alt: img8 2. You are now asked if the key should be generated. Confirm with “Yes”. -.. figure:: /pro/images/openpgp-thunderbird/9.png +.. figure:: images/thunderbird/9.png :alt: img9 @@ -166,7 +166,7 @@ You can also specify whether and when the key should be automatically invalid. T 3. In order for the program to write your keys to the stick, you must enter the admin PIN and the user PIN (changed above). -.. figure:: /pro/images/openpgp-thunderbird/10.png +.. figure:: images/thunderbird/10.png :alt: img10 @@ -182,7 +182,7 @@ The key generation can take a few minutes. Do not terminate the program prematur You can now select the directory in which the backup copy is stored. This copy is encrypted with your password entered above. This means that no one can read or use the keys without your password. Do not give your password to anyone. This file with the name of your e-mail address and the suffix “.asc” should be backed up on another medium. After selecting the directory, click “Save”. -.. figure:: /pro/images/openpgp-thunderbird/11.png +.. figure:: images/thunderbird/11.png :alt: img11 @@ -190,7 +190,7 @@ You can now select the directory in which the backup copy is stored. This copy i 5. Here you must again specify your user PIN or passphrase. Then click “OK” -.. figure:: /pro/images/openpgp-thunderbird/12.png +.. figure:: images/thunderbird/12.png :alt: img12 @@ -198,7 +198,7 @@ You can now select the directory in which the backup copy is stored. This copy i 7. You will now see the message that the certificate was created and saved. Click “OK” -.. figure:: /pro/images/openpgp-thunderbird/13.png +.. figure:: images/thunderbird/13.png :alt: img13 @@ -206,7 +206,7 @@ You can now select the directory in which the backup copy is stored. This copy i 8. Key generation is now complete. You can now exit the program (File - Close). -.. figure:: /pro/images/openpgp-thunderbird/14.png +.. figure:: images/thunderbird/14.png :alt: img14 diff --git a/nitrokeys/pro/smime.rst.inc b/nitrokeys/features/smime/index.rst similarity index 100% rename from nitrokeys/pro/smime.rst.inc rename to nitrokeys/features/smime/index.rst diff --git a/nitrokeys/pro/smime-outlook.rst.inc b/nitrokeys/features/smime/smime-outlook.rst similarity index 100% rename from nitrokeys/pro/smime-outlook.rst.inc rename to nitrokeys/features/smime/smime-outlook.rst diff --git a/nitrokeys/pro/smime-thunderbird.rst.inc b/nitrokeys/features/smime/smime-thunderbird.rst similarity index 100% rename from nitrokeys/pro/smime-thunderbird.rst.inc rename to nitrokeys/features/smime/smime-thunderbird.rst diff --git a/nitrokeys/pro/2fa-google.rst.inc b/nitrokeys/features/totp/google.rst similarity index 100% rename from nitrokeys/pro/2fa-google.rst.inc rename to nitrokeys/features/totp/google.rst diff --git a/nitrokeys/pro/images/2fa-nextcloud/1.png b/nitrokeys/features/totp/images/nextcloud/1.png similarity index 100% rename from nitrokeys/pro/images/2fa-nextcloud/1.png rename to nitrokeys/features/totp/images/nextcloud/1.png diff --git a/nitrokeys/pro/images/2fa-nextcloud/2.png b/nitrokeys/features/totp/images/nextcloud/2.png similarity index 100% rename from nitrokeys/pro/images/2fa-nextcloud/2.png rename to nitrokeys/features/totp/images/nextcloud/2.png diff --git a/nitrokeys/pro/images/2fa-nextcloud/3.png b/nitrokeys/features/totp/images/nextcloud/3.png similarity index 100% rename from nitrokeys/pro/images/2fa-nextcloud/3.png rename to nitrokeys/features/totp/images/nextcloud/3.png diff --git a/nitrokeys/pro/images/2fa-nextcloud/4.png b/nitrokeys/features/totp/images/nextcloud/4.png similarity index 100% rename from nitrokeys/pro/images/2fa-nextcloud/4.png rename to nitrokeys/features/totp/images/nextcloud/4.png diff --git a/nitrokeys/pro/images/2fa-nextcloud/5.png b/nitrokeys/features/totp/images/nextcloud/5.png similarity index 100% rename from nitrokeys/pro/images/2fa-nextcloud/5.png rename to nitrokeys/features/totp/images/nextcloud/5.png diff --git a/nitrokeys/pro/images/2fa-nextcloud/6.png b/nitrokeys/features/totp/images/nextcloud/6.png similarity index 100% rename from nitrokeys/pro/images/2fa-nextcloud/6.png rename to nitrokeys/features/totp/images/nextcloud/6.png diff --git a/nitrokeys/pro/images/2fa-nextcloud/7.png b/nitrokeys/features/totp/images/nextcloud/7.png similarity index 100% rename from nitrokeys/pro/images/2fa-nextcloud/7.png rename to nitrokeys/features/totp/images/nextcloud/7.png diff --git a/nitrokeys/pro/images/2fa-nextcloud/8.png b/nitrokeys/features/totp/images/nextcloud/8.png similarity index 100% rename from nitrokeys/pro/images/2fa-nextcloud/8.png rename to nitrokeys/features/totp/images/nextcloud/8.png diff --git a/nitrokeys/pro/images/2fa-nextcloud/9.png b/nitrokeys/features/totp/images/nextcloud/9.png similarity index 100% rename from nitrokeys/pro/images/2fa-nextcloud/9.png rename to nitrokeys/features/totp/images/nextcloud/9.png diff --git a/nitrokeys/features/totp/index.rst b/nitrokeys/features/totp/index.rst new file mode 100644 index 0000000000..8aecc3b754 --- /dev/null +++ b/nitrokeys/features/totp/index.rst @@ -0,0 +1 @@ +teasdasd \ No newline at end of file diff --git a/nitrokeys/pro/2fa-nextcloud.rst.inc b/nitrokeys/features/totp/nextcloud.rst similarity index 76% rename from nitrokeys/pro/2fa-nextcloud.rst.inc rename to nitrokeys/features/totp/nextcloud.rst index b0efcab989..95f8990739 100644 --- a/nitrokeys/pro/2fa-nextcloud.rst.inc +++ b/nitrokeys/features/totp/nextcloud.rst @@ -7,59 +7,59 @@ These are the basic steps for registering the Nitrokey Pro or Nitrokey Storage a At first, log in to your Nextcloud account, click on the top right symbol of your account and open the settings menu. -.. figure:: /pro/images/2fa-nextcloud/1.png +.. figure:: images/nextcloud/1.png :alt: img1 Now choose “Security” on the left hand side. -.. figure:: /pro/images/2fa-nextcloud/2.png +.. figure:: images/nextcloud/2.png :alt: img2 Now you can tick the box reading “Enable TOTP”. There is shown the TOTP secret which we need to add to our Nitrokey via the Nitrokey App. -.. figure:: /pro/images/2fa-nextcloud/3.png +.. figure:: images/nextcloud/3.png :alt: img3 Copy and save secret code into the Nitrokey App. -.. figure:: /pro/images/2fa-nextcloud/4.png +.. figure:: images/nextcloud/4.png :alt: img4 -.. figure:: /pro/images/2fa-nextcloud/5.png +.. figure:: images/nextcloud/5.png :alt: img5 Now we request a one-time password for the Nextcloud to verify the process by inserting the password on the website and pressing “verify”. -.. figure:: /pro/images/2fa-nextcloud/6.png +.. figure:: images/nextcloud/6.png :alt: img6 -.. figure:: /pro/images/2fa-nextcloud/7.png +.. figure:: images/nextcloud/7.png :alt: img7 From now on, when signing in you need an OTP additionally to your password. Get one by the Nitrokey App like before and insert it in when logging in. -.. figure:: /pro/images/2fa-nextcloud/8.png +.. figure:: images/nextcloud/8.png :alt: img8 Nextcloud provides you with backup codes, in case you lost your Nitrokey. It is recommended to print out these codes and store them somewhere save otherwise you might not be able to log in to your account anymore! -.. figure:: /pro/images/2fa-nextcloud/9.png +.. figure:: images/nextcloud/9.png :alt: img9 diff --git a/nitrokeys/pro/2fa-odoo.rst.inc b/nitrokeys/pro/2fa-odoo.rst.inc deleted file mode 100644 index cdf8ede5d4..0000000000 --- a/nitrokeys/pro/2fa-odoo.rst.inc +++ /dev/null @@ -1,29 +0,0 @@ -Two-Factor Authentication For ERP Software Odoo -=============================================== - -.. only:: comment - - .. contents:: :local: - -`Odoo `__ is a powerful ERP (Enterprise Resource Planning) software for companies of all sizes. Odoo is available as open source and contains modules for CRM, website, e-commerce, accounting, financial accounting, production, warehouse management, project management, document management, among others. - -The secure access to such a central software is especially important and can now be realized with the Nitrokey. For this purpose access is protected by two-factor authentication (2FA) and critical users are given a Nitrokey. From now on during login the Nitrokey will be checked in addition to the user's password. Phishing attacks are thus foiled and your critical company data is protected. - -The two-factor authentication can be carried out using one-time passwords (TOTP, RFC 6238) and FIDO U2F, thus enabling Nitrokey Pro, Nitrokey Storage and Nitrokey FIDO U2F to be used. It is also possible to configure authentication centrally and to activate it only for selected users. - -The FIDO solution was developed together with our partner `initOS `__, who are specialized in the development and customization of Odoo. If you are interested, `contact us `__. - -.. only::: comment - - `Contact `__ - -Video: Two-Factor Authentication With The Nitrokey Pro in Odoo --------------------------------------------------------------- - -.. raw:: html - - diff --git a/nitrokeys/pro/features.rst b/nitrokeys/pro/features.rst index 7a21a91d37..24a3caaa96 100644 --- a/nitrokeys/pro/features.rst +++ b/nitrokeys/pro/features.rst @@ -7,5 +7,6 @@ The Nitrokey Pro 2 currently supports the following features: :maxdepth: 1 :glob: - Two-Factor Authentication (2FA) <../features/2fa> - OpenPGP <../features/openpgp> \ No newline at end of file + Two-Factor Authentication (2FA) <../features/2fa/index> + OpenPGP <../features/openpgp/index> + TOTP <../features/totp/index> \ No newline at end of file diff --git a/nitrokeys/pro/linux/openpgp-keygen-backup.rst b/nitrokeys/pro/linux/openpgp-keygen-backup.rst deleted file mode 100644 index 7d3886ecef..0000000000 --- a/nitrokeys/pro/linux/openpgp-keygen-backup.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../openpgp-keygen-backup.rst.inc diff --git a/nitrokeys/pro/linux/openpgp-keygen-gpa.rst b/nitrokeys/pro/linux/openpgp-keygen-gpa.rst deleted file mode 100644 index 797b8412fc..0000000000 --- a/nitrokeys/pro/linux/openpgp-keygen-gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../openpgp-keygen-gpa.rst.inc diff --git a/nitrokeys/pro/linux/openpgp-keygen-on-device.rst b/nitrokeys/pro/linux/openpgp-keygen-on-device.rst deleted file mode 100644 index 9d0b148be6..0000000000 --- a/nitrokeys/pro/linux/openpgp-keygen-on-device.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../openpgp-keygen-on-device.rst.inc diff --git a/nitrokeys/pro/linux/openpgp-outlook.rst b/nitrokeys/pro/linux/openpgp-outlook.rst deleted file mode 100644 index 53ef3da2da..0000000000 --- a/nitrokeys/pro/linux/openpgp-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../openpgp-outlook.rst.inc diff --git a/nitrokeys/pro/linux/openpgp-thunderbird.rst b/nitrokeys/pro/linux/openpgp-thunderbird.rst deleted file mode 100644 index 2a21baf43f..0000000000 --- a/nitrokeys/pro/linux/openpgp-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../openpgp-thunderbird.rst.inc diff --git a/nitrokeys/pro/linux/openpgp.rst b/nitrokeys/pro/linux/openpgp.rst deleted file mode 100644 index dd1a2cdd44..0000000000 --- a/nitrokeys/pro/linux/openpgp.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../openpgp.rst.inc diff --git a/nitrokeys/pro/mac/openpgp-keygen-backup.rst b/nitrokeys/pro/mac/openpgp-keygen-backup.rst deleted file mode 100644 index 7d3886ecef..0000000000 --- a/nitrokeys/pro/mac/openpgp-keygen-backup.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../openpgp-keygen-backup.rst.inc diff --git a/nitrokeys/pro/mac/openpgp-keygen-gpa.rst b/nitrokeys/pro/mac/openpgp-keygen-gpa.rst deleted file mode 100644 index 797b8412fc..0000000000 --- a/nitrokeys/pro/mac/openpgp-keygen-gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../openpgp-keygen-gpa.rst.inc diff --git a/nitrokeys/pro/mac/openpgp-keygen-on-device.rst b/nitrokeys/pro/mac/openpgp-keygen-on-device.rst deleted file mode 100644 index 9d0b148be6..0000000000 --- a/nitrokeys/pro/mac/openpgp-keygen-on-device.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../openpgp-keygen-on-device.rst.inc diff --git a/nitrokeys/pro/mac/openpgp-outlook.rst b/nitrokeys/pro/mac/openpgp-outlook.rst deleted file mode 100644 index 53ef3da2da..0000000000 --- a/nitrokeys/pro/mac/openpgp-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../openpgp-outlook.rst.inc diff --git a/nitrokeys/pro/mac/openpgp-thunderbird.rst b/nitrokeys/pro/mac/openpgp-thunderbird.rst deleted file mode 100644 index 2a21baf43f..0000000000 --- a/nitrokeys/pro/mac/openpgp-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../openpgp-thunderbird.rst.inc diff --git a/nitrokeys/pro/mac/openpgp.rst b/nitrokeys/pro/mac/openpgp.rst deleted file mode 100644 index 56599a3f36..0000000000 --- a/nitrokeys/pro/mac/openpgp.rst +++ /dev/null @@ -1,2 +0,0 @@ -.. include:: ../openpgp.rst.inc - diff --git a/nitrokeys/pro/openpgp.rst.inc b/nitrokeys/pro/openpgp.rst.inc deleted file mode 100644 index e3ff07503e..0000000000 --- a/nitrokeys/pro/openpgp.rst.inc +++ /dev/null @@ -1,6 +0,0 @@ -OpenPGP Email Encryption -======================== - -.. contents:: :local: - -.. include:: ../../shared/openpgp.rst.inc diff --git a/nitrokeys/pro/windows/openpgp-keygen-backup.rst b/nitrokeys/pro/windows/openpgp-keygen-backup.rst deleted file mode 100644 index 7d3886ecef..0000000000 --- a/nitrokeys/pro/windows/openpgp-keygen-backup.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../openpgp-keygen-backup.rst.inc diff --git a/nitrokeys/pro/windows/openpgp-keygen-gpa.rst b/nitrokeys/pro/windows/openpgp-keygen-gpa.rst deleted file mode 100644 index 797b8412fc..0000000000 --- a/nitrokeys/pro/windows/openpgp-keygen-gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../openpgp-keygen-gpa.rst.inc diff --git a/nitrokeys/pro/windows/openpgp-keygen-on-device.rst b/nitrokeys/pro/windows/openpgp-keygen-on-device.rst deleted file mode 100644 index 9d0b148be6..0000000000 --- a/nitrokeys/pro/windows/openpgp-keygen-on-device.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../openpgp-keygen-on-device.rst.inc diff --git a/nitrokeys/pro/windows/openpgp-outlook.rst b/nitrokeys/pro/windows/openpgp-outlook.rst deleted file mode 100644 index 53ef3da2da..0000000000 --- a/nitrokeys/pro/windows/openpgp-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../openpgp-outlook.rst.inc diff --git a/nitrokeys/pro/windows/openpgp-thunderbird.rst b/nitrokeys/pro/windows/openpgp-thunderbird.rst deleted file mode 100644 index 2a21baf43f..0000000000 --- a/nitrokeys/pro/windows/openpgp-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../openpgp-thunderbird.rst.inc diff --git a/nitrokeys/pro/windows/openpgp.rst b/nitrokeys/pro/windows/openpgp.rst deleted file mode 100644 index dd1a2cdd44..0000000000 --- a/nitrokeys/pro/windows/openpgp.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../openpgp.rst.inc diff --git a/nitrokeys/u2f/features.rst b/nitrokeys/u2f/features.rst index 49510a2ac0..4a23ceed33 100644 --- a/nitrokeys/u2f/features.rst +++ b/nitrokeys/u2f/features.rst @@ -7,4 +7,4 @@ The Nitrokey FIDO U2F currently supports the following features: :maxdepth: 1 :glob: - Two-Factor Authentication (2FA) <../../features/2fa/index> + Two-Factor Authentication (2FA) <../features/2fa/index> From fc0629f8eaf17c1a0bb026c562524832458110c9 Mon Sep 17 00:00:00 2001 From: Keksmo Date: Mon, 29 Jul 2024 19:37:42 +0200 Subject: [PATCH 04/33] added putty, ssh, smime and totp as features --- .../images => features}/App-change-pin.png | Bin .../openpgp/images/gpa}/1.png | Bin .../openpgp/images/gpa}/2.png | Bin .../openpgp/images/gpa}/3.png | Bin .../openpgp/images/gpa}/4.png | Bin .../openpgp/images/gpa}/5.png | Bin .../openpgp/images/gpa}/6.png | Bin .../openpgp/images/gpa}/7.png | Bin .../openpgp}/images/openpgp-csp/1.png | Bin .../openpgp}/images/openpgp-csp/10.png | Bin .../openpgp}/images/openpgp-csp/11.png | Bin .../openpgp}/images/openpgp-csp/2.png | Bin .../openpgp}/images/openpgp-csp/3.png | Bin .../openpgp}/images/openpgp-csp/4.png | Bin .../openpgp}/images/openpgp-csp/5.png | Bin .../openpgp}/images/openpgp-csp/6.png | Bin .../openpgp}/images/openpgp-csp/7.png | Bin .../openpgp}/images/openpgp-csp/8.png | Bin .../openpgp}/images/openpgp-csp/9.png | Bin nitrokeys/features/openpgp/index.rst | 2 +- nitrokeys/features/openpgp/openpgp-csp.rst | 22 +++++++------- .../features/openpgp/openpgp-keygen-gpa.rst | 14 ++++----- .../openpgp/openpgp-keygen-on-device.rst | 2 +- .../openvpn/images/viscosity}/viscosity-1.jpg | Bin .../openvpn/images/viscosity}/viscosity-2.jpg | Bin .../openvpn/images/viscosity}/viscosity-3.jpg | Bin .../openvpn/images/viscosity}/viscosity-4.jpg | Bin .../openvpn}/openvpn-easyrsa.rst | 0 .../openvpn}/openvpn-viscosity.rst | 0 .../putty}/images/putty/1.png | Bin .../putty}/images/putty/2.png | Bin .../putty}/images/putty/3.png | Bin .../putty}/images/putty/4.png | Bin .../putty}/images/putty/5.png | Bin .../putty}/images/putty/6.png | Bin .../putty}/images/putty/7.png | Bin .../putty/index.rst} | 14 ++++----- .../smime}/images/smime-outlook/1.png | Bin .../smime}/images/smime-outlook/2.png | Bin .../smime}/images/smime-outlook/3.png | Bin .../smime}/images/smime-thunderbird/1.png | Bin .../smime}/images/smime-thunderbird/2.png | Bin .../smime}/images/smime-thunderbird/3.png | Bin .../smime}/images/smime-thunderbird/4.png | Bin .../smime}/images/smime/1.png | Bin nitrokeys/features/smime/index.rst | 9 ++++-- nitrokeys/features/smime/smime-outlook.rst | 8 ++--- .../features/smime/smime-thunderbird.rst | 10 +++---- .../{pro/ssh.rst => features/ssh/index.rst} | 0 .../otp.rst.inc => features/totp/general.rst} | 16 +++++----- .../totp/images/microsoft}/1.png | Bin .../totp/images/microsoft}/10.png | Bin .../totp/images/microsoft}/11.png | Bin .../totp/images/microsoft}/12.png | Bin .../totp/images/microsoft}/13.png | Bin .../totp/images/microsoft}/14.png | Bin .../totp/images/microsoft}/2.png | Bin .../totp/images/microsoft}/3.png | Bin .../totp/images/microsoft}/4.png | Bin .../totp/images/microsoft}/5.png | Bin .../totp/images/microsoft}/6.png | Bin .../totp/images/microsoft}/7.png | Bin .../totp/images/microsoft}/8.png | Bin .../totp/images/microsoft}/9.png | Bin .../{pro => features/totp}/images/otp/1.png | Bin .../{pro => features/totp}/images/otp/2.png | Bin .../{pro => features/totp}/images/otp/3.png | Bin .../{pro => features/totp}/images/otp/4.png | Bin .../{pro => features/totp}/images/otp/5.png | Bin .../{pro => features/totp}/images/otp/6.png | Bin .../{pro => features/totp}/images/otp/7.png | Bin .../{pro => features/totp}/images/otp/8.png | Bin nitrokeys/features/totp/index.rst | 9 +++++- .../totp/microsoft.rst} | 28 +++++++++--------- nitrokeys/pro/features.rst | 6 +++- nitrokeys/pro/linux/2fa-google.rst | 1 - nitrokeys/pro/linux/2fa-nextcloud.rst | 1 - nitrokeys/pro/linux/2fa-odoo.rst | 1 - nitrokeys/pro/linux/otp.rst | 1 - nitrokeys/pro/linux/smime-outlook.rst | 1 - nitrokeys/pro/linux/smime-thunderbird.rst | 1 - nitrokeys/pro/linux/smime.rst | 1 - nitrokeys/pro/linux/ssh.rst | 4 --- nitrokeys/pro/mac/2fa-google.rst | 1 - nitrokeys/pro/mac/2fa-nextcloud.rst | 1 - nitrokeys/pro/mac/2fa-odoo.rst | 1 - nitrokeys/pro/mac/otp.rst | 1 - nitrokeys/pro/mac/smime-outlook.rst | 1 - nitrokeys/pro/mac/smime-thunderbird.rst | 1 - nitrokeys/pro/mac/smime.rst | 1 - nitrokeys/pro/windows/2fa-google.rst | 1 - nitrokeys/pro/windows/2fa-nextcloud.rst | 1 - nitrokeys/pro/windows/2fa-odoo.rst | 1 - nitrokeys/pro/windows/otp.rst | 1 - nitrokeys/pro/windows/putty.rst | 1 - nitrokeys/pro/windows/smime-outlook.rst | 1 - nitrokeys/pro/windows/smime-thunderbird.rst | 1 - nitrokeys/pro/windows/smime.rst | 9 ------ 98 files changed, 78 insertions(+), 96 deletions(-) rename nitrokeys/{pro/windows/images => features}/App-change-pin.png (100%) rename nitrokeys/{pro/images/openpgp-keygen-gpa => features/openpgp/images/gpa}/1.png (100%) rename nitrokeys/{pro/images/openpgp-keygen-gpa => features/openpgp/images/gpa}/2.png (100%) rename nitrokeys/{pro/images/openpgp-keygen-gpa => features/openpgp/images/gpa}/3.png (100%) rename nitrokeys/{pro/images/openpgp-keygen-gpa => features/openpgp/images/gpa}/4.png (100%) rename nitrokeys/{pro/images/openpgp-keygen-gpa => features/openpgp/images/gpa}/5.png (100%) rename nitrokeys/{pro/images/openpgp-keygen-gpa => features/openpgp/images/gpa}/6.png (100%) rename nitrokeys/{pro/images/openpgp-keygen-gpa => features/openpgp/images/gpa}/7.png (100%) rename nitrokeys/{pro/windows => features/openpgp}/images/openpgp-csp/1.png (100%) rename nitrokeys/{pro/windows => features/openpgp}/images/openpgp-csp/10.png (100%) rename nitrokeys/{pro/windows => features/openpgp}/images/openpgp-csp/11.png (100%) rename nitrokeys/{pro/windows => features/openpgp}/images/openpgp-csp/2.png (100%) rename nitrokeys/{pro/windows => features/openpgp}/images/openpgp-csp/3.png (100%) rename nitrokeys/{pro/windows => features/openpgp}/images/openpgp-csp/4.png (100%) rename nitrokeys/{pro/windows => features/openpgp}/images/openpgp-csp/5.png (100%) rename nitrokeys/{pro/windows => features/openpgp}/images/openpgp-csp/6.png (100%) rename nitrokeys/{pro/windows => features/openpgp}/images/openpgp-csp/7.png (100%) rename nitrokeys/{pro/windows => features/openpgp}/images/openpgp-csp/8.png (100%) rename nitrokeys/{pro/windows => features/openpgp}/images/openpgp-csp/9.png (100%) rename nitrokeys/{pro/windows/images/openvpn-viscosity => features/openvpn/images/viscosity}/viscosity-1.jpg (100%) rename nitrokeys/{pro/windows/images/openvpn-viscosity => features/openvpn/images/viscosity}/viscosity-2.jpg (100%) rename nitrokeys/{pro/windows/images/openvpn-viscosity => features/openvpn/images/viscosity}/viscosity-3.jpg (100%) rename nitrokeys/{pro/windows/images/openvpn-viscosity => features/openvpn/images/viscosity}/viscosity-4.jpg (100%) rename nitrokeys/{pro/linux => features/openvpn}/openvpn-easyrsa.rst (100%) rename nitrokeys/{pro/windows => features/openvpn}/openvpn-viscosity.rst (100%) rename nitrokeys/{pro => features/putty}/images/putty/1.png (100%) rename nitrokeys/{pro => features/putty}/images/putty/2.png (100%) rename nitrokeys/{pro => features/putty}/images/putty/3.png (100%) rename nitrokeys/{pro => features/putty}/images/putty/4.png (100%) rename nitrokeys/{pro => features/putty}/images/putty/5.png (100%) rename nitrokeys/{pro => features/putty}/images/putty/6.png (100%) rename nitrokeys/{pro => features/putty}/images/putty/7.png (100%) rename nitrokeys/{pro/putty.rst.inc => features/putty/index.rst} (88%) rename nitrokeys/{pro => features/smime}/images/smime-outlook/1.png (100%) rename nitrokeys/{pro => features/smime}/images/smime-outlook/2.png (100%) rename nitrokeys/{pro => features/smime}/images/smime-outlook/3.png (100%) rename nitrokeys/{pro => features/smime}/images/smime-thunderbird/1.png (100%) rename nitrokeys/{pro => features/smime}/images/smime-thunderbird/2.png (100%) rename nitrokeys/{pro => features/smime}/images/smime-thunderbird/3.png (100%) rename nitrokeys/{pro => features/smime}/images/smime-thunderbird/4.png (100%) rename nitrokeys/{pro => features/smime}/images/smime/1.png (100%) rename nitrokeys/{pro/ssh.rst => features/ssh/index.rst} (100%) rename nitrokeys/{pro/otp.rst.inc => features/totp/general.rst} (91%) rename nitrokeys/{pro/windows/images/2fa-microsoft => features/totp/images/microsoft}/1.png (100%) rename nitrokeys/{pro/windows/images/2fa-microsoft => features/totp/images/microsoft}/10.png (100%) rename nitrokeys/{pro/windows/images/2fa-microsoft => features/totp/images/microsoft}/11.png (100%) rename nitrokeys/{pro/windows/images/2fa-microsoft => features/totp/images/microsoft}/12.png (100%) rename nitrokeys/{pro/windows/images/2fa-microsoft => features/totp/images/microsoft}/13.png (100%) rename nitrokeys/{pro/windows/images/2fa-microsoft => features/totp/images/microsoft}/14.png (100%) rename nitrokeys/{pro/windows/images/2fa-microsoft => features/totp/images/microsoft}/2.png (100%) rename nitrokeys/{pro/windows/images/2fa-microsoft => features/totp/images/microsoft}/3.png (100%) rename nitrokeys/{pro/windows/images/2fa-microsoft => features/totp/images/microsoft}/4.png (100%) rename nitrokeys/{pro/windows/images/2fa-microsoft => features/totp/images/microsoft}/5.png (100%) rename nitrokeys/{pro/windows/images/2fa-microsoft => features/totp/images/microsoft}/6.png (100%) rename nitrokeys/{pro/windows/images/2fa-microsoft => features/totp/images/microsoft}/7.png (100%) rename nitrokeys/{pro/windows/images/2fa-microsoft => features/totp/images/microsoft}/8.png (100%) rename nitrokeys/{pro/windows/images/2fa-microsoft => features/totp/images/microsoft}/9.png (100%) rename nitrokeys/{pro => features/totp}/images/otp/1.png (100%) rename nitrokeys/{pro => features/totp}/images/otp/2.png (100%) rename nitrokeys/{pro => features/totp}/images/otp/3.png (100%) rename nitrokeys/{pro => features/totp}/images/otp/4.png (100%) rename nitrokeys/{pro => features/totp}/images/otp/5.png (100%) rename nitrokeys/{pro => features/totp}/images/otp/6.png (100%) rename nitrokeys/{pro => features/totp}/images/otp/7.png (100%) rename nitrokeys/{pro => features/totp}/images/otp/8.png (100%) rename nitrokeys/{pro/windows/2fa-microsoft.rst => features/totp/microsoft.rst} (57%) delete mode 100644 nitrokeys/pro/linux/2fa-google.rst delete mode 100644 nitrokeys/pro/linux/2fa-nextcloud.rst delete mode 100644 nitrokeys/pro/linux/2fa-odoo.rst delete mode 100644 nitrokeys/pro/linux/otp.rst delete mode 100644 nitrokeys/pro/linux/smime-outlook.rst delete mode 100644 nitrokeys/pro/linux/smime-thunderbird.rst delete mode 100644 nitrokeys/pro/linux/smime.rst delete mode 100644 nitrokeys/pro/linux/ssh.rst delete mode 100644 nitrokeys/pro/mac/2fa-google.rst delete mode 100644 nitrokeys/pro/mac/2fa-nextcloud.rst delete mode 100644 nitrokeys/pro/mac/2fa-odoo.rst delete mode 100644 nitrokeys/pro/mac/otp.rst delete mode 100644 nitrokeys/pro/mac/smime-outlook.rst delete mode 100644 nitrokeys/pro/mac/smime-thunderbird.rst delete mode 100644 nitrokeys/pro/mac/smime.rst delete mode 100644 nitrokeys/pro/windows/2fa-google.rst delete mode 100644 nitrokeys/pro/windows/2fa-nextcloud.rst delete mode 100644 nitrokeys/pro/windows/2fa-odoo.rst delete mode 100644 nitrokeys/pro/windows/otp.rst delete mode 100644 nitrokeys/pro/windows/putty.rst delete mode 100644 nitrokeys/pro/windows/smime-outlook.rst delete mode 100644 nitrokeys/pro/windows/smime-thunderbird.rst delete mode 100644 nitrokeys/pro/windows/smime.rst diff --git a/nitrokeys/pro/windows/images/App-change-pin.png b/nitrokeys/features/App-change-pin.png similarity index 100% rename from nitrokeys/pro/windows/images/App-change-pin.png rename to nitrokeys/features/App-change-pin.png diff --git a/nitrokeys/pro/images/openpgp-keygen-gpa/1.png b/nitrokeys/features/openpgp/images/gpa/1.png similarity index 100% rename from nitrokeys/pro/images/openpgp-keygen-gpa/1.png rename to nitrokeys/features/openpgp/images/gpa/1.png diff --git a/nitrokeys/pro/images/openpgp-keygen-gpa/2.png b/nitrokeys/features/openpgp/images/gpa/2.png similarity index 100% rename from nitrokeys/pro/images/openpgp-keygen-gpa/2.png rename to nitrokeys/features/openpgp/images/gpa/2.png diff --git a/nitrokeys/pro/images/openpgp-keygen-gpa/3.png b/nitrokeys/features/openpgp/images/gpa/3.png similarity index 100% rename from nitrokeys/pro/images/openpgp-keygen-gpa/3.png rename to nitrokeys/features/openpgp/images/gpa/3.png diff --git a/nitrokeys/pro/images/openpgp-keygen-gpa/4.png b/nitrokeys/features/openpgp/images/gpa/4.png similarity index 100% rename from nitrokeys/pro/images/openpgp-keygen-gpa/4.png rename to nitrokeys/features/openpgp/images/gpa/4.png diff --git a/nitrokeys/pro/images/openpgp-keygen-gpa/5.png b/nitrokeys/features/openpgp/images/gpa/5.png similarity index 100% rename from nitrokeys/pro/images/openpgp-keygen-gpa/5.png rename to nitrokeys/features/openpgp/images/gpa/5.png diff --git a/nitrokeys/pro/images/openpgp-keygen-gpa/6.png b/nitrokeys/features/openpgp/images/gpa/6.png similarity index 100% rename from nitrokeys/pro/images/openpgp-keygen-gpa/6.png rename to nitrokeys/features/openpgp/images/gpa/6.png diff --git a/nitrokeys/pro/images/openpgp-keygen-gpa/7.png b/nitrokeys/features/openpgp/images/gpa/7.png similarity index 100% rename from nitrokeys/pro/images/openpgp-keygen-gpa/7.png rename to nitrokeys/features/openpgp/images/gpa/7.png diff --git a/nitrokeys/pro/windows/images/openpgp-csp/1.png b/nitrokeys/features/openpgp/images/openpgp-csp/1.png similarity index 100% rename from nitrokeys/pro/windows/images/openpgp-csp/1.png rename to nitrokeys/features/openpgp/images/openpgp-csp/1.png diff --git a/nitrokeys/pro/windows/images/openpgp-csp/10.png b/nitrokeys/features/openpgp/images/openpgp-csp/10.png similarity index 100% rename from nitrokeys/pro/windows/images/openpgp-csp/10.png rename to nitrokeys/features/openpgp/images/openpgp-csp/10.png diff --git a/nitrokeys/pro/windows/images/openpgp-csp/11.png b/nitrokeys/features/openpgp/images/openpgp-csp/11.png similarity index 100% rename from nitrokeys/pro/windows/images/openpgp-csp/11.png rename to nitrokeys/features/openpgp/images/openpgp-csp/11.png diff --git a/nitrokeys/pro/windows/images/openpgp-csp/2.png b/nitrokeys/features/openpgp/images/openpgp-csp/2.png similarity index 100% rename from nitrokeys/pro/windows/images/openpgp-csp/2.png rename to nitrokeys/features/openpgp/images/openpgp-csp/2.png diff --git a/nitrokeys/pro/windows/images/openpgp-csp/3.png b/nitrokeys/features/openpgp/images/openpgp-csp/3.png similarity index 100% rename from nitrokeys/pro/windows/images/openpgp-csp/3.png rename to nitrokeys/features/openpgp/images/openpgp-csp/3.png diff --git a/nitrokeys/pro/windows/images/openpgp-csp/4.png b/nitrokeys/features/openpgp/images/openpgp-csp/4.png similarity index 100% rename from nitrokeys/pro/windows/images/openpgp-csp/4.png rename to nitrokeys/features/openpgp/images/openpgp-csp/4.png diff --git a/nitrokeys/pro/windows/images/openpgp-csp/5.png b/nitrokeys/features/openpgp/images/openpgp-csp/5.png similarity index 100% rename from nitrokeys/pro/windows/images/openpgp-csp/5.png rename to nitrokeys/features/openpgp/images/openpgp-csp/5.png diff --git a/nitrokeys/pro/windows/images/openpgp-csp/6.png b/nitrokeys/features/openpgp/images/openpgp-csp/6.png similarity index 100% rename from nitrokeys/pro/windows/images/openpgp-csp/6.png rename to nitrokeys/features/openpgp/images/openpgp-csp/6.png diff --git a/nitrokeys/pro/windows/images/openpgp-csp/7.png b/nitrokeys/features/openpgp/images/openpgp-csp/7.png similarity index 100% rename from nitrokeys/pro/windows/images/openpgp-csp/7.png rename to nitrokeys/features/openpgp/images/openpgp-csp/7.png diff --git a/nitrokeys/pro/windows/images/openpgp-csp/8.png b/nitrokeys/features/openpgp/images/openpgp-csp/8.png similarity index 100% rename from nitrokeys/pro/windows/images/openpgp-csp/8.png rename to nitrokeys/features/openpgp/images/openpgp-csp/8.png diff --git a/nitrokeys/pro/windows/images/openpgp-csp/9.png b/nitrokeys/features/openpgp/images/openpgp-csp/9.png similarity index 100% rename from nitrokeys/pro/windows/images/openpgp-csp/9.png rename to nitrokeys/features/openpgp/images/openpgp-csp/9.png diff --git a/nitrokeys/features/openpgp/index.rst b/nitrokeys/features/openpgp/index.rst index 96b38a6e8c..30805df115 100644 --- a/nitrokeys/features/openpgp/index.rst +++ b/nitrokeys/features/openpgp/index.rst @@ -7,7 +7,7 @@ There are two widely used standards for email encryption. - S/MIME/X.509 is mostly used by enterprises. -If you are in doubt which one to choose, you should use OpenPGP. While this page describes the usage of OpenPGP, S/MIME is described `here `_. +If you are in doubt which one to choose, you should use OpenPGP. While this page describes the usage of OpenPGP, S/MIME is described `here <../smime/index.html>`_. Please familiarize yourself with the general concept behind the OpenPGP standard first, for example by reading `this info graphic `__ of the Free Software Foundation. diff --git a/nitrokeys/features/openpgp/openpgp-csp.rst b/nitrokeys/features/openpgp/openpgp-csp.rst index 5565c27e8f..9f54987968 100644 --- a/nitrokeys/features/openpgp/openpgp-csp.rst +++ b/nitrokeys/features/openpgp/openpgp-csp.rst @@ -22,45 +22,45 @@ Creating Certificate Template on Server Side On Active Directory Server open certsrv.msc to manage your certificate templates. Right click on ‘Certificate Templates’ and choose ‘Manage’ -.. figure:: /pro/windows/images/openpgp-csp/1.png +.. figure:: images/openpgp-csp/1.png :alt: img1 Now right click on ‘Smartcard Logon’ template and click ‘Duplicate’, to create a new template on basis of this standard template. Rename template to ‘OpenPGP Card Logon and Email’ or alike. -.. figure:: /pro/windows/images/openpgp-csp/2.png +.. figure:: images/openpgp-csp/2.png :alt: img2 Under ‘Request Handling’, you can choose the OpenPGP-CSP as the one and only Cryptography Service Provider (click the Button labeled ‘CSPs…’). For this to work, you need to install the driver on the server as well and you have to insert a Nitrokey beforehand. This is optional. You can let the user choose, which CSP to use. -.. figure:: /pro/windows/images/openpgp-csp/3.png +.. figure:: images/openpgp-csp/3.png :alt: img3 -.. figure:: /pro/windows/images/openpgp-csp/4.png +.. figure:: images/openpgp-csp/4.png :alt: img4 For enabling S/MIME email encryption go to ‘Subject name’. Tick the checkbox ‘E-Mail name’ (note: You must save the mail addresses of your users in the corresponding Active Directory field!). -.. figure:: /pro/windows/images/openpgp-csp/5.png +.. figure:: images/openpgp-csp/5.png :alt: img5 Then go to ‘Extensions’, there you edit the applications guideline and add ‘Secure Email’. -.. figure:: /pro/windows/images/openpgp-csp/6.png +.. figure:: images/openpgp-csp/6.png :alt: img6 -.. figure:: /pro/windows/images/openpgp-csp/7.png +.. figure:: images/openpgp-csp/7.png :alt: img7 @@ -71,19 +71,19 @@ Request Certificate on Client (Domain Member) To request a certificate for a domain member, you have to open certmgr.msc. Right click on folder ‘Personal->Certificates’ and click ’All Tasks->Request New Certificate and choose the template you created on the AD. -.. figure:: /pro/windows/images/openpgp-csp/8.png +.. figure:: images/openpgp-csp/8.png :alt: img8 If you did not enforce the usage of OpenPGP-CSP you have to choose it here now. -.. figure:: /pro/windows/images/openpgp-csp/9.png +.. figure:: images/openpgp-csp/9.png :alt: img9 -.. figure:: /pro/windows/images/openpgp-csp/10.png +.. figure:: images/openpgp-csp/10.png :alt: img10 @@ -92,6 +92,6 @@ Next you choose the Authentication slot for the certificate. You are now ready to logon on the computer with the Nitrokey instead of your password and you can use `S/MIME email encryption/signing `_ with the Nitrokey. The driver has to be installed on every computer you want to use the certificate on. -.. figure:: /pro/windows/images/openpgp-csp/11.png +.. figure:: images/openpgp-csp/11.png :alt: img11 diff --git a/nitrokeys/features/openpgp/openpgp-keygen-gpa.rst b/nitrokeys/features/openpgp/openpgp-keygen-gpa.rst index 04a2b828c3..eae5a1132b 100644 --- a/nitrokeys/features/openpgp/openpgp-keygen-gpa.rst +++ b/nitrokeys/features/openpgp/openpgp-keygen-gpa.rst @@ -12,14 +12,14 @@ Key Generation At first, open the GNU Privacy Assistant (GPA). You may are asked to generate a key, you can skip this step for now by clicking “Do it later”. In the main window, please click on “Card” or “Card Manager”. -.. figure:: /pro/images/openpgp-keygen-gpa/1.png +.. figure:: images/gpa/1.png :alt: img1 Another windows opens. Please go to “Card” -> “Generate key” to start the key generation process. -.. figure:: /pro/images/openpgp-keygen-gpa/2.png +.. figure:: images/gpa/2.png :alt: img2 @@ -28,21 +28,21 @@ Now you can put in your name and the email address you want to use for the key t **Please do not use the backup checkbox**. This “backup” does only save the encryption key. In case of a loss of the device, you will not be able to restore the whole key set. So on the one hand it is no full backup (use `these instructions `_ instead, if you need one) and on the other hand you risk that someone else can get in possession of your encryption key. The advantage of generating keys on-device is to make sure that keys are stored securely. Therefore, we recommend to skip this half-backup. -.. figure:: /pro/images/openpgp-keygen-gpa/3.png +.. figure:: images/gpa/3.png :alt: img3 You will be asked for the admin PIN (default: 12345678) and the user PIN (default: 123456). When the key generation is finished, you can see the fingerprints of the keys on the bottom of the window. You may fill up the fields shown above, which are saved on your Nitrokey as well. -.. figure:: /pro/images/openpgp-keygen-gpa/4.png +.. figure:: images/gpa/4.png :alt: img4 Now you can close the window and go back to the main window. Your key will be visible in the key manager after refreshing. Every application which makes use of GnuPG will work with your Nitrokey as well, because GnuPG is fully aware of the fact, that the keys are stored on your Nitrokey. -.. figure:: /pro/images/openpgp-keygen-gpa/5.png +.. figure:: images/gpa/5.png :alt: img5 @@ -52,7 +52,7 @@ Exporting Public Key and Keyserver Usage Although you can start to use your Nitrokey right away after generating the keys on your system, you need to import your public key on every system, you want to use the Nitrokey on. So to be prepared you have two options: You either save the public key anywhere you like and use it on another system or you save the public key on a webpage/keyserver. -.. figure:: /pro/images/openpgp-keygen-gpa/6.png +.. figure:: images/gpa/6.png :alt: img6 @@ -66,6 +66,6 @@ If you do not want to carry a public keyfile with you, you can upload it to keys Another possibility is to change the URL setting on your card. Open the card manager again and fill in the URL where the key is situated (e.g. on the keyserver or on your webpage etc.). From now on you can import the key on another system by right-clicking on the URL and click on “Fetch Key”. -.. figure:: /pro/images/openpgp-keygen-gpa/7.png +.. figure:: images/gpa/7.png :alt: img7 diff --git a/nitrokeys/features/openpgp/openpgp-keygen-on-device.rst b/nitrokeys/features/openpgp/openpgp-keygen-on-device.rst index 3012967dae..7016818146 100644 --- a/nitrokeys/features/openpgp/openpgp-keygen-on-device.rst +++ b/nitrokeys/features/openpgp/openpgp-keygen-on-device.rst @@ -10,7 +10,7 @@ The following instructions explain the generation of OpenPGP keys directly on th These instructions are based on GnuPG version 2.2.6 or higher. Some Linux Distributions have an older version installed. In this case please choose a different method as listed - `here `_ + `here `_ or install a newer version if possible. Key Generation diff --git a/nitrokeys/pro/windows/images/openvpn-viscosity/viscosity-1.jpg b/nitrokeys/features/openvpn/images/viscosity/viscosity-1.jpg similarity index 100% rename from nitrokeys/pro/windows/images/openvpn-viscosity/viscosity-1.jpg rename to nitrokeys/features/openvpn/images/viscosity/viscosity-1.jpg diff --git a/nitrokeys/pro/windows/images/openvpn-viscosity/viscosity-2.jpg b/nitrokeys/features/openvpn/images/viscosity/viscosity-2.jpg similarity index 100% rename from nitrokeys/pro/windows/images/openvpn-viscosity/viscosity-2.jpg rename to nitrokeys/features/openvpn/images/viscosity/viscosity-2.jpg diff --git a/nitrokeys/pro/windows/images/openvpn-viscosity/viscosity-3.jpg b/nitrokeys/features/openvpn/images/viscosity/viscosity-3.jpg similarity index 100% rename from nitrokeys/pro/windows/images/openvpn-viscosity/viscosity-3.jpg rename to nitrokeys/features/openvpn/images/viscosity/viscosity-3.jpg diff --git a/nitrokeys/pro/windows/images/openvpn-viscosity/viscosity-4.jpg b/nitrokeys/features/openvpn/images/viscosity/viscosity-4.jpg similarity index 100% rename from nitrokeys/pro/windows/images/openvpn-viscosity/viscosity-4.jpg rename to nitrokeys/features/openvpn/images/viscosity/viscosity-4.jpg diff --git a/nitrokeys/pro/linux/openvpn-easyrsa.rst b/nitrokeys/features/openvpn/openvpn-easyrsa.rst similarity index 100% rename from nitrokeys/pro/linux/openvpn-easyrsa.rst rename to nitrokeys/features/openvpn/openvpn-easyrsa.rst diff --git a/nitrokeys/pro/windows/openvpn-viscosity.rst b/nitrokeys/features/openvpn/openvpn-viscosity.rst similarity index 100% rename from nitrokeys/pro/windows/openvpn-viscosity.rst rename to nitrokeys/features/openvpn/openvpn-viscosity.rst diff --git a/nitrokeys/pro/images/putty/1.png b/nitrokeys/features/putty/images/putty/1.png similarity index 100% rename from nitrokeys/pro/images/putty/1.png rename to nitrokeys/features/putty/images/putty/1.png diff --git a/nitrokeys/pro/images/putty/2.png b/nitrokeys/features/putty/images/putty/2.png similarity index 100% rename from nitrokeys/pro/images/putty/2.png rename to nitrokeys/features/putty/images/putty/2.png diff --git a/nitrokeys/pro/images/putty/3.png b/nitrokeys/features/putty/images/putty/3.png similarity index 100% rename from nitrokeys/pro/images/putty/3.png rename to nitrokeys/features/putty/images/putty/3.png diff --git a/nitrokeys/pro/images/putty/4.png b/nitrokeys/features/putty/images/putty/4.png similarity index 100% rename from nitrokeys/pro/images/putty/4.png rename to nitrokeys/features/putty/images/putty/4.png diff --git a/nitrokeys/pro/images/putty/5.png b/nitrokeys/features/putty/images/putty/5.png similarity index 100% rename from nitrokeys/pro/images/putty/5.png rename to nitrokeys/features/putty/images/putty/5.png diff --git a/nitrokeys/pro/images/putty/6.png b/nitrokeys/features/putty/images/putty/6.png similarity index 100% rename from nitrokeys/pro/images/putty/6.png rename to nitrokeys/features/putty/images/putty/6.png diff --git a/nitrokeys/pro/images/putty/7.png b/nitrokeys/features/putty/images/putty/7.png similarity index 100% rename from nitrokeys/pro/images/putty/7.png rename to nitrokeys/features/putty/images/putty/7.png diff --git a/nitrokeys/pro/putty.rst.inc b/nitrokeys/features/putty/index.rst similarity index 88% rename from nitrokeys/pro/putty.rst.inc rename to nitrokeys/features/putty/index.rst index 54e1ecf07b..a32d7458a3 100644 --- a/nitrokeys/pro/putty.rst.inc +++ b/nitrokeys/features/putty/index.rst @@ -21,35 +21,35 @@ This mini-howto assumes that the Nitrokey has been initialized and contains cryp start pageant.exe. That this is running is shown in the notification area of the taskbar. -.. figure:: /pro/images/putty/1.png +.. figure:: images/putty/1.png :alt: img1 A double click opens the view of the current keys. -.. figure:: /pro/images/putty/2.png +.. figure:: images/putty/2.png :alt: img2 After inserting the key it looks like this. -.. figure:: /pro/images/putty/3.png +.. figure:: images/putty/3.png :alt: img3 If nothing is displayed here, pageant may have to be restarted or another application is already using the stick. A possibly running pgp-agent must be terminated! Now we only need the public key we want to store in the ssh configuration of the server. Therefore we press CTRL while inserting the stick… -.. figure:: /pro/images/putty/4.png +.. figure:: images/putty/4.png :alt: img4 and then view the Pageant-PublicKeys.txt. -.. figure:: /pro/images/putty/5.png +.. figure:: images/putty/5.png :alt: img5 @@ -60,7 +60,7 @@ I searched for the ssh-rsa entry of the auth key and added the line on the serve There is surprisingly little to say about PuTTY itself. -.. figure:: /pro/images/putty/6.png +.. figure:: images/putty/6.png :alt: img6 @@ -73,6 +73,6 @@ That’s it, as soon as you connect to the server while pageant is running and y If you are annoyed that Windows reports every time you plug in the stick that no driver could be found for “Smartcard”, you can get rid of it. You just have to install the x86 or x64 version of the above mentioned driver and the smartcard looks like this: -.. figure:: /pro/images/putty/7.png +.. figure:: images/putty/7.png :alt: img7 diff --git a/nitrokeys/pro/images/smime-outlook/1.png b/nitrokeys/features/smime/images/smime-outlook/1.png similarity index 100% rename from nitrokeys/pro/images/smime-outlook/1.png rename to nitrokeys/features/smime/images/smime-outlook/1.png diff --git a/nitrokeys/pro/images/smime-outlook/2.png b/nitrokeys/features/smime/images/smime-outlook/2.png similarity index 100% rename from nitrokeys/pro/images/smime-outlook/2.png rename to nitrokeys/features/smime/images/smime-outlook/2.png diff --git a/nitrokeys/pro/images/smime-outlook/3.png b/nitrokeys/features/smime/images/smime-outlook/3.png similarity index 100% rename from nitrokeys/pro/images/smime-outlook/3.png rename to nitrokeys/features/smime/images/smime-outlook/3.png diff --git a/nitrokeys/pro/images/smime-thunderbird/1.png b/nitrokeys/features/smime/images/smime-thunderbird/1.png similarity index 100% rename from nitrokeys/pro/images/smime-thunderbird/1.png rename to nitrokeys/features/smime/images/smime-thunderbird/1.png diff --git a/nitrokeys/pro/images/smime-thunderbird/2.png b/nitrokeys/features/smime/images/smime-thunderbird/2.png similarity index 100% rename from nitrokeys/pro/images/smime-thunderbird/2.png rename to nitrokeys/features/smime/images/smime-thunderbird/2.png diff --git a/nitrokeys/pro/images/smime-thunderbird/3.png b/nitrokeys/features/smime/images/smime-thunderbird/3.png similarity index 100% rename from nitrokeys/pro/images/smime-thunderbird/3.png rename to nitrokeys/features/smime/images/smime-thunderbird/3.png diff --git a/nitrokeys/pro/images/smime-thunderbird/4.png b/nitrokeys/features/smime/images/smime-thunderbird/4.png similarity index 100% rename from nitrokeys/pro/images/smime-thunderbird/4.png rename to nitrokeys/features/smime/images/smime-thunderbird/4.png diff --git a/nitrokeys/pro/images/smime/1.png b/nitrokeys/features/smime/images/smime/1.png similarity index 100% rename from nitrokeys/pro/images/smime/1.png rename to nitrokeys/features/smime/images/smime/1.png diff --git a/nitrokeys/features/smime/index.rst b/nitrokeys/features/smime/index.rst index 405d4c06e8..a05b6bf5c8 100644 --- a/nitrokeys/features/smime/index.rst +++ b/nitrokeys/features/smime/index.rst @@ -12,10 +12,15 @@ There are two widely used standards for email encryption. - S/MIME/X.509 is mostly used by enterprises. -If you are in doubt which one to choose, you should use OpenPGP, see `here `_. This page describes the usage of S/MIME email encryption. +If you are in doubt which one to choose, you should use OpenPGP, see `here <../openpgp/index.html>`_. This page describes the usage of S/MIME email encryption. You need to purchase a S/MIME certificate (e.g. at `CERTUM `__) or may already got one by your company. Furthermore, you need to install `OpenSC `__ on your System. While GNU/Linux users usually can install OpenSC over the package manager (e.g. ``sudo apt install opensc`` on Ubuntu), macOS and Windows users can download the installation files from the `OpenSC `__ page. +.. note:: + + Windows users with 64-bit system (standard) need to install both, the 32-bit and the 64-bit version of OpenSC! + + Import Existing Key and Certificate ----------------------------------- @@ -41,7 +46,7 @@ and on macOS and GNU/Linux it will be The two commands copy the key-certificate pair to the slot 2 (needed for decrypting emails) and slot 3 (needed for signing). The output looks on both systems something like this: -.. figure:: /pro/images/smime/1.png +.. figure:: images/smime/1.png :alt: img1 diff --git a/nitrokeys/features/smime/smime-outlook.rst b/nitrokeys/features/smime/smime-outlook.rst index 23e82e1386..a156b1faf2 100644 --- a/nitrokeys/features/smime/smime-outlook.rst +++ b/nitrokeys/features/smime/smime-outlook.rst @@ -6,7 +6,7 @@ S/MIME Email Encryption with Outlook Prerequisites ------------- -If you do not have a S/MIME key-certificate pair installed on your Nitrokey yet, please look at `this page `_ first. +If you do not have a S/MIME key-certificate pair installed on your Nitrokey yet, please look at `this page `_ first. You need to have OpenSC installed on your System. Please have a look at the `wiki page of the OpenSC project `__. @@ -21,12 +21,12 @@ Settings in Outlook Before you can use the Nitrokey in Outlook you have to activate S/MIME encryption. You can achieve this by clicking on to ‘Start’ -> ‘Options’ and clicking on ‘Trust Center’ in the options window. In section ‘Email Security’ you can choose your S/MIME identity. Your certificate should already be recognized by Outlook. -.. figure:: /pro/images/smime-outlook/1.png +.. figure:: images/smime-outlook/1.png :alt: img1 -.. figure:: /pro/images/smime-outlook/2.png +.. figure:: images/smime-outlook/2.png :alt: img2 @@ -35,7 +35,7 @@ Usage When composing a mail you can now choose to encrypt and sign the message in the ‘Options’ ribbon of the compose window. -.. figure:: /pro/images/smime-outlook/3.png +.. figure:: images/smime-outlook/3.png :alt: img3 .. note:: diff --git a/nitrokeys/features/smime/smime-thunderbird.rst b/nitrokeys/features/smime/smime-thunderbird.rst index b1e3a5ca87..389231f0c4 100644 --- a/nitrokeys/features/smime/smime-thunderbird.rst +++ b/nitrokeys/features/smime/smime-thunderbird.rst @@ -6,7 +6,7 @@ S/MIME Email Encryption with Thunderbird Prerequisites ------------- -If you do not have a S/MIME key-certificate pair installed on your Nitrokey yet or if you did not installed OpenSC, please look at `this page `_ first. +If you do not have a S/MIME key-certificate pair installed on your Nitrokey yet or if you did not installed OpenSC, please look at `this page `_ first. You need to have `OpenSC installed `__ on your System. While GNU/Linux users usually can install OpenSC over the package manager (e.g. ``sudo apt update && sudo apt install opensc`` on Ubuntu), macOS and Windows users can download the installation files from OpenSC directly. @@ -20,21 +20,21 @@ Settings in Thunderbird Before you can use the Nitrokey in Thunderbird you have to activate S/MIME encryption in the account settings. You can achieve this by clicking on the menu and go to ‘Preferences’ -> ‘Account Settings’ and clicking on ‘Security’ in the account settings window. -.. figure:: /pro/images/smime-thunderbird/1.png +.. figure:: images/smime-thunderbird/1.png :alt: img1 Click on “Security Devices” to import the right PCKS11 module. Click on “Load” on the right-hand side. Now give the Module a name (like “OpenSC Module”) and click on “Browse” to choose the location of the Module (see below). -.. figure:: /pro/images/smime-thunderbird/2.png +.. figure:: images/smime-thunderbird/2.png :alt: img2 On Windows the right file lays under “C:\Windows\System32\opensc-pkcs11.dll”. On macOS and GNU/Linux the file should be in “/lib/pkcs11/opensc-pkcs11.so” or “/usr/lib/pkcs11/opensc-pkcs11.so” or alike. Press “OK” twice and you are back in security section of the account settings. Now you can actually choose a certificate on the upper part of the window. You should get asked for a PIN to unlock your Nitrokey. Please type in your User PIN. -.. figure:: /pro/images/smime-thunderbird/3.png +.. figure:: images/smime-thunderbird/3.png :alt: img3 @@ -44,6 +44,6 @@ Usage When composing an email you can now choose to encrypt and sign the message. -.. figure:: /pro/images/smime-thunderbird/4.png +.. figure:: images/smime-thunderbird/4.png :alt: img4 diff --git a/nitrokeys/pro/ssh.rst b/nitrokeys/features/ssh/index.rst similarity index 100% rename from nitrokeys/pro/ssh.rst rename to nitrokeys/features/ssh/index.rst diff --git a/nitrokeys/pro/otp.rst.inc b/nitrokeys/features/totp/general.rst similarity index 91% rename from nitrokeys/pro/otp.rst.inc rename to nitrokeys/features/totp/general.rst index fe35ca9c48..d30e91208c 100644 --- a/nitrokeys/pro/otp.rst.inc +++ b/nitrokeys/features/totp/general.rst @@ -12,14 +12,14 @@ Configure a Website/Application to Use OTP Login to the website which supports OTP (in this example, the `support forum `__). Usually you find the option to enable two-factor-authentication under your profile or in the settings. -.. figure:: /pro/images/otp/1.png +.. figure:: images/otp/1.png :alt: img1 Most of the time, you will get a QR-Code as seen below. There should be an option, to show the secret key directly. -.. figure:: /pro/images/otp/2.png +.. figure:: images/otp/2.png :alt: img2 @@ -28,21 +28,21 @@ We need to copy the secret code. This is what the Nitrokey is actually protecting. You may create a backup of it now (in case the Nitrokey get lost or breaks) by writing it down on a sheet of paper and storing it securely. But be aware that anybody who is in possession of this secret code, can create one-time passwords for your account! *Please note that you won’t be able to backup this code, once it is stored in the Nitrokey!* -.. figure:: /pro/images/otp/3.png +.. figure:: images/otp/3.png :alt: img3 Now start the Nitrokey App and open the “OTP Slot Configuration”. -.. figure:: /pro/images/otp/4.png +.. figure:: images/otp/4.png :alt: img4 Paste in the secret key in the corresponding field and choose an appropiate slot name. Click on “Save” and type in your admin PIN if requested. -.. figure:: /pro/images/otp/5.png +.. figure:: images/otp/5.png :alt: img5 @@ -50,14 +50,14 @@ Paste in the secret key in the corresponding field and choose an appropiate slot After saving the slot you can go to “Menu” -> “Passwords” -> YourSlotName to get your very first one-time password. -.. figure:: /pro/images/otp/6.png +.. figure:: images/otp/6.png :alt: img6 The one-time password is copied to your clipboard automatically. You just need to paste it to the field on the website to confirm the correct setup and thus to activate the two-factor authentication. -.. figure:: /pro/images/otp/7.png +.. figure:: images/otp/7.png :alt: img7 @@ -68,6 +68,6 @@ Securely Login to Website/Application From now on you will get asked for a one-time password additionally to your other credentials if you try to login the the website. You just need to open the Nitrokey App and go to “Menu” -> “Passwords” -> YourSlotName again to get the one-time password. -.. figure:: /pro/images/otp/8.png +.. figure:: images/otp/8.png :alt: img8 diff --git a/nitrokeys/pro/windows/images/2fa-microsoft/1.png b/nitrokeys/features/totp/images/microsoft/1.png similarity index 100% rename from nitrokeys/pro/windows/images/2fa-microsoft/1.png rename to nitrokeys/features/totp/images/microsoft/1.png diff --git a/nitrokeys/pro/windows/images/2fa-microsoft/10.png b/nitrokeys/features/totp/images/microsoft/10.png similarity index 100% rename from nitrokeys/pro/windows/images/2fa-microsoft/10.png rename to nitrokeys/features/totp/images/microsoft/10.png diff --git a/nitrokeys/pro/windows/images/2fa-microsoft/11.png b/nitrokeys/features/totp/images/microsoft/11.png similarity index 100% rename from nitrokeys/pro/windows/images/2fa-microsoft/11.png rename to nitrokeys/features/totp/images/microsoft/11.png diff --git a/nitrokeys/pro/windows/images/2fa-microsoft/12.png b/nitrokeys/features/totp/images/microsoft/12.png similarity index 100% rename from nitrokeys/pro/windows/images/2fa-microsoft/12.png rename to nitrokeys/features/totp/images/microsoft/12.png diff --git a/nitrokeys/pro/windows/images/2fa-microsoft/13.png b/nitrokeys/features/totp/images/microsoft/13.png similarity index 100% rename from nitrokeys/pro/windows/images/2fa-microsoft/13.png rename to nitrokeys/features/totp/images/microsoft/13.png diff --git a/nitrokeys/pro/windows/images/2fa-microsoft/14.png b/nitrokeys/features/totp/images/microsoft/14.png similarity index 100% rename from nitrokeys/pro/windows/images/2fa-microsoft/14.png rename to nitrokeys/features/totp/images/microsoft/14.png diff --git a/nitrokeys/pro/windows/images/2fa-microsoft/2.png b/nitrokeys/features/totp/images/microsoft/2.png similarity index 100% rename from nitrokeys/pro/windows/images/2fa-microsoft/2.png rename to nitrokeys/features/totp/images/microsoft/2.png diff --git a/nitrokeys/pro/windows/images/2fa-microsoft/3.png b/nitrokeys/features/totp/images/microsoft/3.png similarity index 100% rename from nitrokeys/pro/windows/images/2fa-microsoft/3.png rename to nitrokeys/features/totp/images/microsoft/3.png diff --git a/nitrokeys/pro/windows/images/2fa-microsoft/4.png b/nitrokeys/features/totp/images/microsoft/4.png similarity index 100% rename from nitrokeys/pro/windows/images/2fa-microsoft/4.png rename to nitrokeys/features/totp/images/microsoft/4.png diff --git a/nitrokeys/pro/windows/images/2fa-microsoft/5.png b/nitrokeys/features/totp/images/microsoft/5.png similarity index 100% rename from nitrokeys/pro/windows/images/2fa-microsoft/5.png rename to nitrokeys/features/totp/images/microsoft/5.png diff --git a/nitrokeys/pro/windows/images/2fa-microsoft/6.png b/nitrokeys/features/totp/images/microsoft/6.png similarity index 100% rename from nitrokeys/pro/windows/images/2fa-microsoft/6.png rename to nitrokeys/features/totp/images/microsoft/6.png diff --git a/nitrokeys/pro/windows/images/2fa-microsoft/7.png b/nitrokeys/features/totp/images/microsoft/7.png similarity index 100% rename from nitrokeys/pro/windows/images/2fa-microsoft/7.png rename to nitrokeys/features/totp/images/microsoft/7.png diff --git a/nitrokeys/pro/windows/images/2fa-microsoft/8.png b/nitrokeys/features/totp/images/microsoft/8.png similarity index 100% rename from nitrokeys/pro/windows/images/2fa-microsoft/8.png rename to nitrokeys/features/totp/images/microsoft/8.png diff --git a/nitrokeys/pro/windows/images/2fa-microsoft/9.png b/nitrokeys/features/totp/images/microsoft/9.png similarity index 100% rename from nitrokeys/pro/windows/images/2fa-microsoft/9.png rename to nitrokeys/features/totp/images/microsoft/9.png diff --git a/nitrokeys/pro/images/otp/1.png b/nitrokeys/features/totp/images/otp/1.png similarity index 100% rename from nitrokeys/pro/images/otp/1.png rename to nitrokeys/features/totp/images/otp/1.png diff --git a/nitrokeys/pro/images/otp/2.png b/nitrokeys/features/totp/images/otp/2.png similarity index 100% rename from nitrokeys/pro/images/otp/2.png rename to nitrokeys/features/totp/images/otp/2.png diff --git a/nitrokeys/pro/images/otp/3.png b/nitrokeys/features/totp/images/otp/3.png similarity index 100% rename from nitrokeys/pro/images/otp/3.png rename to nitrokeys/features/totp/images/otp/3.png diff --git a/nitrokeys/pro/images/otp/4.png b/nitrokeys/features/totp/images/otp/4.png similarity index 100% rename from nitrokeys/pro/images/otp/4.png rename to nitrokeys/features/totp/images/otp/4.png diff --git a/nitrokeys/pro/images/otp/5.png b/nitrokeys/features/totp/images/otp/5.png similarity index 100% rename from nitrokeys/pro/images/otp/5.png rename to nitrokeys/features/totp/images/otp/5.png diff --git a/nitrokeys/pro/images/otp/6.png b/nitrokeys/features/totp/images/otp/6.png similarity index 100% rename from nitrokeys/pro/images/otp/6.png rename to nitrokeys/features/totp/images/otp/6.png diff --git a/nitrokeys/pro/images/otp/7.png b/nitrokeys/features/totp/images/otp/7.png similarity index 100% rename from nitrokeys/pro/images/otp/7.png rename to nitrokeys/features/totp/images/otp/7.png diff --git a/nitrokeys/pro/images/otp/8.png b/nitrokeys/features/totp/images/otp/8.png similarity index 100% rename from nitrokeys/pro/images/otp/8.png rename to nitrokeys/features/totp/images/otp/8.png diff --git a/nitrokeys/features/totp/index.rst b/nitrokeys/features/totp/index.rst index 8aecc3b754..bca12bb122 100644 --- a/nitrokeys/features/totp/index.rst +++ b/nitrokeys/features/totp/index.rst @@ -1 +1,8 @@ -teasdasd \ No newline at end of file +Two-factor Authentication with One-Time Passwords (OTP) +======================================================= + +.. toctree:: + General Instructions + Microsoft + Google + Nextcloud \ No newline at end of file diff --git a/nitrokeys/pro/windows/2fa-microsoft.rst b/nitrokeys/features/totp/microsoft.rst similarity index 57% rename from nitrokeys/pro/windows/2fa-microsoft.rst rename to nitrokeys/features/totp/microsoft.rst index 1b28d54d83..28ee7b7c6d 100644 --- a/nitrokeys/pro/windows/2fa-microsoft.rst +++ b/nitrokeys/features/totp/microsoft.rst @@ -7,88 +7,88 @@ These are the basic steps for registering the Nitrokey Pro or Nitrokey Storage a Visit https://account.live.com/proofs/Manage/additional and log in to your Microsoft account if prompted. -.. figure:: /pro/windows/images/2fa-microsoft/1.png +.. figure:: images/microsoft/1.png :alt: img1 -.. figure:: /pro/windows/images/2fa-microsoft/2.png +.. figure:: images/microsoft/2.png :alt: img2 Click on “Set up two-step verification”. -.. figure:: /pro/windows/images/2fa-microsoft/3.png +.. figure:: images/microsoft/3.png :alt: img3 Click on “Next”. -.. figure:: /pro/windows/images/2fa-microsoft/4.png +.. figure:: images/microsoft/4.png :alt: img4 Now it is important to click on “set up a different Authenticator app”. -.. figure:: /pro/windows/images/2fa-microsoft/5.png +.. figure:: images/microsoft/5.png :alt: img5 Click on “I can’t scan the bar code”. -.. figure:: /pro/windows/images/2fa-microsoft/6.png +.. figure:: images/microsoft/6.png :alt: img6 Insert and save secret code into the Nitrokey App. -.. figure:: /pro/windows/images/2fa-microsoft/7.png +.. figure:: images/microsoft/7.png :alt: img7 -.. figure:: /pro/windows/images/2fa-microsoft/8.png +.. figure:: images/microsoft/8.png :alt: img8 -.. figure:: /pro/windows/images/2fa-microsoft/9.png +.. figure:: images/microsoft/9.png :alt: img9 Enter code generated by Nitrokey App to confirm. -.. figure:: /pro/windows/images/2fa-microsoft/10.png +.. figure:: images/microsoft/10.png :alt: img10 -.. figure:: /pro/windows/images/2fa-microsoft/11.png +.. figure:: images/microsoft/11.png :alt: img11 Click “Next” and then “Finish”. -.. figure:: /pro/windows/images/2fa-microsoft/12.png +.. figure:: images/microsoft/12.png :alt: img12 -.. figure:: /pro/windows/images/2fa-microsoft/13.png +.. figure:: images/microsoft/13.png :alt: img13 From now on, when signing in you need an OTP additionally to your password. -.. figure:: /pro/windows/images/2fa-microsoft/14.png +.. figure:: images/microsoft/14.png :alt: img14 diff --git a/nitrokeys/pro/features.rst b/nitrokeys/pro/features.rst index 24a3caaa96..7132ffb84a 100644 --- a/nitrokeys/pro/features.rst +++ b/nitrokeys/pro/features.rst @@ -9,4 +9,8 @@ The Nitrokey Pro 2 currently supports the following features: Two-Factor Authentication (2FA) <../features/2fa/index> OpenPGP <../features/openpgp/index> - TOTP <../features/totp/index> \ No newline at end of file + TOTP <../features/totp/index> + SMIME <../features/smime/index> + SSH <../features/ssh/index> + Putty <../features/putty/index> + OpenVPN <../features/openvpn/index> \ No newline at end of file diff --git a/nitrokeys/pro/linux/2fa-google.rst b/nitrokeys/pro/linux/2fa-google.rst deleted file mode 100644 index 86dba65c75..0000000000 --- a/nitrokeys/pro/linux/2fa-google.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../2fa-google.rst.inc diff --git a/nitrokeys/pro/linux/2fa-nextcloud.rst b/nitrokeys/pro/linux/2fa-nextcloud.rst deleted file mode 100644 index 386b9c5756..0000000000 --- a/nitrokeys/pro/linux/2fa-nextcloud.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../windows/2fa-nextcloud.rst diff --git a/nitrokeys/pro/linux/2fa-odoo.rst b/nitrokeys/pro/linux/2fa-odoo.rst deleted file mode 100644 index afac57530c..0000000000 --- a/nitrokeys/pro/linux/2fa-odoo.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../2fa-odoo.rst.inc \ No newline at end of file diff --git a/nitrokeys/pro/linux/otp.rst b/nitrokeys/pro/linux/otp.rst deleted file mode 100644 index 9c050e58fa..0000000000 --- a/nitrokeys/pro/linux/otp.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../otp.rst.inc diff --git a/nitrokeys/pro/linux/smime-outlook.rst b/nitrokeys/pro/linux/smime-outlook.rst deleted file mode 100644 index ce4ca6f530..0000000000 --- a/nitrokeys/pro/linux/smime-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../smime-outlook.rst.inc diff --git a/nitrokeys/pro/linux/smime-thunderbird.rst b/nitrokeys/pro/linux/smime-thunderbird.rst deleted file mode 100644 index fb35c7a207..0000000000 --- a/nitrokeys/pro/linux/smime-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../smime-thunderbird.rst.inc diff --git a/nitrokeys/pro/linux/smime.rst b/nitrokeys/pro/linux/smime.rst deleted file mode 100644 index 9a7ca24e7c..0000000000 --- a/nitrokeys/pro/linux/smime.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../smime.rst.inc diff --git a/nitrokeys/pro/linux/ssh.rst b/nitrokeys/pro/linux/ssh.rst deleted file mode 100644 index fa067a4ab1..0000000000 --- a/nitrokeys/pro/linux/ssh.rst +++ /dev/null @@ -1,4 +0,0 @@ -SSH For Server Administration -============================= - -.. include:: ../ssh.rst diff --git a/nitrokeys/pro/mac/2fa-google.rst b/nitrokeys/pro/mac/2fa-google.rst deleted file mode 100644 index 86dba65c75..0000000000 --- a/nitrokeys/pro/mac/2fa-google.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../2fa-google.rst.inc diff --git a/nitrokeys/pro/mac/2fa-nextcloud.rst b/nitrokeys/pro/mac/2fa-nextcloud.rst deleted file mode 100644 index 0d3141141f..0000000000 --- a/nitrokeys/pro/mac/2fa-nextcloud.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../2fa-nextcloud.rst.inc diff --git a/nitrokeys/pro/mac/2fa-odoo.rst b/nitrokeys/pro/mac/2fa-odoo.rst deleted file mode 100644 index afac57530c..0000000000 --- a/nitrokeys/pro/mac/2fa-odoo.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../2fa-odoo.rst.inc \ No newline at end of file diff --git a/nitrokeys/pro/mac/otp.rst b/nitrokeys/pro/mac/otp.rst deleted file mode 100644 index 9c050e58fa..0000000000 --- a/nitrokeys/pro/mac/otp.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../otp.rst.inc diff --git a/nitrokeys/pro/mac/smime-outlook.rst b/nitrokeys/pro/mac/smime-outlook.rst deleted file mode 100644 index ce4ca6f530..0000000000 --- a/nitrokeys/pro/mac/smime-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../smime-outlook.rst.inc diff --git a/nitrokeys/pro/mac/smime-thunderbird.rst b/nitrokeys/pro/mac/smime-thunderbird.rst deleted file mode 100644 index fb35c7a207..0000000000 --- a/nitrokeys/pro/mac/smime-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../smime-thunderbird.rst.inc diff --git a/nitrokeys/pro/mac/smime.rst b/nitrokeys/pro/mac/smime.rst deleted file mode 100644 index 9a7ca24e7c..0000000000 --- a/nitrokeys/pro/mac/smime.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../smime.rst.inc diff --git a/nitrokeys/pro/windows/2fa-google.rst b/nitrokeys/pro/windows/2fa-google.rst deleted file mode 100644 index 86dba65c75..0000000000 --- a/nitrokeys/pro/windows/2fa-google.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../2fa-google.rst.inc diff --git a/nitrokeys/pro/windows/2fa-nextcloud.rst b/nitrokeys/pro/windows/2fa-nextcloud.rst deleted file mode 100644 index 0d3141141f..0000000000 --- a/nitrokeys/pro/windows/2fa-nextcloud.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../2fa-nextcloud.rst.inc diff --git a/nitrokeys/pro/windows/2fa-odoo.rst b/nitrokeys/pro/windows/2fa-odoo.rst deleted file mode 100644 index afac57530c..0000000000 --- a/nitrokeys/pro/windows/2fa-odoo.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../2fa-odoo.rst.inc \ No newline at end of file diff --git a/nitrokeys/pro/windows/otp.rst b/nitrokeys/pro/windows/otp.rst deleted file mode 100644 index 9c050e58fa..0000000000 --- a/nitrokeys/pro/windows/otp.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../otp.rst.inc diff --git a/nitrokeys/pro/windows/putty.rst b/nitrokeys/pro/windows/putty.rst deleted file mode 100644 index 186e1d37a7..0000000000 --- a/nitrokeys/pro/windows/putty.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../putty.rst.inc diff --git a/nitrokeys/pro/windows/smime-outlook.rst b/nitrokeys/pro/windows/smime-outlook.rst deleted file mode 100644 index ce4ca6f530..0000000000 --- a/nitrokeys/pro/windows/smime-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../smime-outlook.rst.inc diff --git a/nitrokeys/pro/windows/smime-thunderbird.rst b/nitrokeys/pro/windows/smime-thunderbird.rst deleted file mode 100644 index fb35c7a207..0000000000 --- a/nitrokeys/pro/windows/smime-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../smime-thunderbird.rst.inc diff --git a/nitrokeys/pro/windows/smime.rst b/nitrokeys/pro/windows/smime.rst deleted file mode 100644 index c2fe514a64..0000000000 --- a/nitrokeys/pro/windows/smime.rst +++ /dev/null @@ -1,9 +0,0 @@ -.. include:: ../smime.rst.inc - :end-line: 20 - -.. note:: - Windows users with 64-bit system (standard) need to install both, the 32-bit and the 64-bit version of OpenSC! - -.. include:: ../smime.rst.inc - :start-line: 20 - From 5ec8187b51d7c61880b0b5d3d7955e16c0120718 Mon Sep 17 00:00:00 2001 From: Keksmo Date: Tue, 30 Jul 2024 14:04:40 +0200 Subject: [PATCH 05/33] added openvpn as feature --- .../features/openvpn/openvpn-easyrsa.rst | 30 +- nitrokeys/{nkpk => passkey}/index.rst | 0 nitrokeys/pro/{ecc.rst.inc => ecc.rst} | 0 ...actory-reset.rst.inc => factory-reset.rst} | 0 nitrokeys/pro/features.rst | 16 - ...are-update.rst.inc => firmware-update.rst} | 14 + nitrokeys/pro/index.rst | 17 +- nitrokeys/pro/linux/change-pins.rst | 1 - nitrokeys/pro/linux/ecc.rst | 1 - nitrokeys/pro/linux/factory-reset.rst | 1 - nitrokeys/pro/linux/firmware-update.rst | 13 - nitrokeys/pro/linux/gpa.rst | 1 - nitrokeys/pro/mac/change-pins.rst | 1 - nitrokeys/pro/mac/ecc.rst | 1 - nitrokeys/pro/mac/factory-reset.rst | 1 - nitrokeys/pro/mac/firmware-update.rst | 1 - nitrokeys/pro/mac/gpa.rst | 1 - nitrokeys/pro/windows/change-pins.rst | 1 - nitrokeys/pro/windows/ecc.rst | 1 - nitrokeys/pro/windows/factory-reset.rst | 1 - nitrokeys/pro/windows/firmware-update.rst | 1 - nitrokeys/pro/windows/gpa.rst | 1 - nitrokeys/pro/windows/openvpn-easyrsa.rst | 674 ------------------ .../storage}/encrypted-mobile-storage.rst | 0 .../storage}/factory-reset.rst | 0 {storage => nitrokeys/storage}/faq.rst | 0 .../storage}/firmware-update-manually.rst | 0 {storage => nitrokeys/storage}/hidden.rst | 0 .../images/enable-firmware-update.png | Bin .../images/factory-reset-menu-item.png | Bin .../images/firmware-update-manually/1.png | Bin .../images/firmware-update-manually/10.png | Bin .../images/firmware-update-manually/11.png | Bin .../images/firmware-update-manually/12.png | Bin .../images/firmware-update-manually/13.png | Bin .../images/firmware-update-manually/2.png | Bin .../images/firmware-update-manually/3.png | Bin .../images/firmware-update-manually/4.png | Bin .../images/firmware-update-manually/5.png | Bin .../images/firmware-update-manually/6.png | Bin .../images/firmware-update-manually/7.png | Bin .../images/firmware-update-manually/8.png | Bin .../images/firmware-update-manually/9.png | Bin .../storage}/images/hidden-schema.svg | 0 .../images/hidden-storage-passphrase.png | Bin .../storage}/images/setup_hidden_volume.png | Bin {storage => nitrokeys/storage}/index.rst | 0 .../storage}/linux/2fa-google.rst | 0 .../storage}/linux/2fa-nextcloud.rst | 0 .../storage}/linux/2fa-odoo.rst | 0 .../storage}/linux/automatic-screen-lock.rst | 0 .../storage}/linux/certificate-authority.rst | 0 .../storage}/linux/change-pins.rst | 0 .../storage}/linux/disk-encryption-luks.rst | 0 {storage => nitrokeys/storage}/linux/ecc.rst | 0 .../linux/encrypted-mobile-storage.rst | 0 .../storage}/linux/factory-reset.rst | 0 .../linux/firmware-update-manually.rst | 0 .../storage}/linux/firmware-update.rst | 0 {storage => nitrokeys/storage}/linux/gpa.rst | 0 .../storage}/linux/hard-disk-encryption.rst | 0 .../storage}/linux/hidden.rst | 0 .../linux/images/hidden-storage-partition.png | Bin .../storage}/linux/index.rst | 0 .../storage}/linux/ipsec.rst | 0 .../storage}/linux/login-with-pam.rst | 0 .../storage}/linux/openpgp-keygen-backup.rst | 0 .../storage}/linux/openpgp-keygen-gpa.rst | 0 .../linux/openpgp-keygen-on-device.rst | 0 .../storage}/linux/openpgp-outlook.rst | 0 .../storage}/linux/openpgp-thunderbird.rst | 0 .../storage}/linux/openpgp.rst | 0 .../storage}/linux/openvpn-easyrsa.rst | 0 {storage => nitrokeys/storage}/linux/otp.rst | 0 .../storage}/linux/smime-outlook.rst | 0 .../storage}/linux/smime-thunderbird.rst | 0 .../storage}/linux/smime.rst | 0 {storage => nitrokeys/storage}/linux/ssh.rst | 0 .../storage}/linux/stunnel.rst | 0 .../storage}/mac/2fa-google.rst | 0 .../storage}/mac/2fa-nextcloud.rst | 0 .../storage}/mac/2fa-odoo.rst | 0 .../storage}/mac/change-pins.rst | 0 {storage => nitrokeys/storage}/mac/ecc.rst | 0 .../storage}/mac/eidauthenticate.rst | 0 .../storage}/mac/encrypted-mobile-storage.rst | 0 .../storage}/mac/factory-reset.rst | 0 .../storage}/mac/firmware-update-manually.rst | 0 .../storage}/mac/firmware-update.rst | 0 {storage => nitrokeys/storage}/mac/gpa.rst | 0 .../storage}/mac/hard-disk-encryption.rst | 0 {storage => nitrokeys/storage}/mac/hidden.rst | 0 {storage => nitrokeys/storage}/mac/index.rst | 0 .../storage}/mac/openpgp-keygen-backup.rst | 0 .../storage}/mac/openpgp-keygen-gpa.rst | 0 .../storage}/mac/openpgp-keygen-on-device.rst | 0 .../storage}/mac/openpgp-outlook.rst | 0 .../storage}/mac/openpgp-thunderbird.rst | 0 .../storage}/mac/openpgp.rst | 0 {storage => nitrokeys/storage}/mac/otp.rst | 0 .../storage}/mac/smime-outlook.rst | 0 .../storage}/mac/smime-thunderbird.rst | 0 {storage => nitrokeys/storage}/mac/smime.rst | 0 .../storage}/windows/2fa-google.rst | 0 .../storage}/windows/2fa-microsoft.rst | 0 .../storage}/windows/2fa-nextcloud.rst | 0 .../storage}/windows/2fa-odoo.rst | 0 .../storage}/windows/change-pins.rst | 0 .../storage}/windows/ecc.rst | 0 .../storage}/windows/eidauthenticate.rst | 0 .../windows/encrypted-mobile-storage.rst | 0 .../storage}/windows/factory-reset.rst | 0 .../windows/firmware-update-manually.rst | 0 .../storage}/windows/firmware-update.rst | 0 .../storage}/windows/gpa.rst | 0 .../storage}/windows/hard-disk-encryption.rst | 0 .../storage}/windows/hidden.rst | 0 .../windows/images/Windows10-Systemtray.png | Bin .../storage}/windows/images/format-dialog.png | Bin .../storage}/windows/images/format-tool.png | Bin .../windows/images/nitrokey-update-tool.png | Bin .../storage}/windows/index.rst | 0 .../storage}/windows/openpgp-csp.rst | 0 .../windows/openpgp-keygen-backup.rst | 0 .../storage}/windows/openpgp-keygen-gpa.rst | 0 .../windows/openpgp-keygen-on-device.rst | 0 .../storage}/windows/openpgp-outlook.rst | 0 .../storage}/windows/openpgp-thunderbird.rst | 0 .../storage}/windows/openpgp.rst | 0 .../storage}/windows/otp.rst | 0 .../storage}/windows/putty.rst | 0 .../storage}/windows/smart-policy.rst | 0 .../storage}/windows/smime-outlook.rst | 0 .../storage}/windows/smime-thunderbird.rst | 0 .../storage}/windows/smime.rst | 0 nitrokeys/u2f/features.rst | 10 - nitrokeys/u2f/index.rst | 8 +- 137 files changed, 56 insertions(+), 740 deletions(-) rename nitrokeys/{nkpk => passkey}/index.rst (100%) rename nitrokeys/pro/{ecc.rst.inc => ecc.rst} (100%) rename nitrokeys/pro/{factory-reset.rst.inc => factory-reset.rst} (100%) delete mode 100644 nitrokeys/pro/features.rst rename nitrokeys/pro/{firmware-update.rst.inc => firmware-update.rst} (76%) delete mode 100644 nitrokeys/pro/linux/change-pins.rst delete mode 100644 nitrokeys/pro/linux/ecc.rst delete mode 100644 nitrokeys/pro/linux/factory-reset.rst delete mode 100644 nitrokeys/pro/linux/firmware-update.rst delete mode 100644 nitrokeys/pro/linux/gpa.rst delete mode 100644 nitrokeys/pro/mac/change-pins.rst delete mode 100644 nitrokeys/pro/mac/ecc.rst delete mode 100644 nitrokeys/pro/mac/factory-reset.rst delete mode 100644 nitrokeys/pro/mac/firmware-update.rst delete mode 100644 nitrokeys/pro/mac/gpa.rst delete mode 100644 nitrokeys/pro/windows/change-pins.rst delete mode 100644 nitrokeys/pro/windows/ecc.rst delete mode 100644 nitrokeys/pro/windows/factory-reset.rst delete mode 100644 nitrokeys/pro/windows/firmware-update.rst delete mode 100644 nitrokeys/pro/windows/gpa.rst delete mode 100644 nitrokeys/pro/windows/openvpn-easyrsa.rst rename {storage => nitrokeys/storage}/encrypted-mobile-storage.rst (100%) rename {storage => nitrokeys/storage}/factory-reset.rst (100%) rename {storage => nitrokeys/storage}/faq.rst (100%) rename {storage => nitrokeys/storage}/firmware-update-manually.rst (100%) rename {storage => nitrokeys/storage}/hidden.rst (100%) rename {storage => nitrokeys/storage}/images/enable-firmware-update.png (100%) rename {storage => nitrokeys/storage}/images/factory-reset-menu-item.png (100%) rename {storage => nitrokeys/storage}/images/firmware-update-manually/1.png (100%) rename {storage => nitrokeys/storage}/images/firmware-update-manually/10.png (100%) rename {storage => nitrokeys/storage}/images/firmware-update-manually/11.png (100%) rename {storage => nitrokeys/storage}/images/firmware-update-manually/12.png (100%) rename {storage => nitrokeys/storage}/images/firmware-update-manually/13.png (100%) rename {storage => nitrokeys/storage}/images/firmware-update-manually/2.png (100%) rename {storage => nitrokeys/storage}/images/firmware-update-manually/3.png (100%) rename {storage => nitrokeys/storage}/images/firmware-update-manually/4.png (100%) rename {storage => nitrokeys/storage}/images/firmware-update-manually/5.png (100%) rename {storage => nitrokeys/storage}/images/firmware-update-manually/6.png (100%) rename {storage => nitrokeys/storage}/images/firmware-update-manually/7.png (100%) rename {storage => nitrokeys/storage}/images/firmware-update-manually/8.png (100%) rename {storage => nitrokeys/storage}/images/firmware-update-manually/9.png (100%) rename {storage => nitrokeys/storage}/images/hidden-schema.svg (100%) rename {storage => nitrokeys/storage}/images/hidden-storage-passphrase.png (100%) rename {storage => nitrokeys/storage}/images/setup_hidden_volume.png (100%) rename {storage => nitrokeys/storage}/index.rst (100%) rename {storage => nitrokeys/storage}/linux/2fa-google.rst (100%) rename {storage => nitrokeys/storage}/linux/2fa-nextcloud.rst (100%) rename {storage => nitrokeys/storage}/linux/2fa-odoo.rst (100%) rename {storage => nitrokeys/storage}/linux/automatic-screen-lock.rst (100%) rename {storage => nitrokeys/storage}/linux/certificate-authority.rst (100%) rename {storage => nitrokeys/storage}/linux/change-pins.rst (100%) rename {storage => nitrokeys/storage}/linux/disk-encryption-luks.rst (100%) rename {storage => nitrokeys/storage}/linux/ecc.rst (100%) rename {storage => nitrokeys/storage}/linux/encrypted-mobile-storage.rst (100%) rename {storage => nitrokeys/storage}/linux/factory-reset.rst (100%) rename {storage => nitrokeys/storage}/linux/firmware-update-manually.rst (100%) rename {storage => nitrokeys/storage}/linux/firmware-update.rst (100%) rename {storage => nitrokeys/storage}/linux/gpa.rst (100%) rename {storage => nitrokeys/storage}/linux/hard-disk-encryption.rst (100%) rename {storage => nitrokeys/storage}/linux/hidden.rst (100%) rename {storage => nitrokeys/storage}/linux/images/hidden-storage-partition.png (100%) rename {storage => nitrokeys/storage}/linux/index.rst (100%) rename {storage => nitrokeys/storage}/linux/ipsec.rst (100%) rename {storage => nitrokeys/storage}/linux/login-with-pam.rst (100%) rename {storage => nitrokeys/storage}/linux/openpgp-keygen-backup.rst (100%) rename {storage => nitrokeys/storage}/linux/openpgp-keygen-gpa.rst (100%) rename {storage => nitrokeys/storage}/linux/openpgp-keygen-on-device.rst (100%) rename {storage => nitrokeys/storage}/linux/openpgp-outlook.rst (100%) rename {storage => nitrokeys/storage}/linux/openpgp-thunderbird.rst (100%) rename {storage => nitrokeys/storage}/linux/openpgp.rst (100%) rename {storage => nitrokeys/storage}/linux/openvpn-easyrsa.rst (100%) rename {storage => nitrokeys/storage}/linux/otp.rst (100%) rename {storage => nitrokeys/storage}/linux/smime-outlook.rst (100%) rename {storage => nitrokeys/storage}/linux/smime-thunderbird.rst (100%) rename {storage => nitrokeys/storage}/linux/smime.rst (100%) rename {storage => nitrokeys/storage}/linux/ssh.rst (100%) rename {storage => nitrokeys/storage}/linux/stunnel.rst (100%) rename {storage => nitrokeys/storage}/mac/2fa-google.rst (100%) rename {storage => nitrokeys/storage}/mac/2fa-nextcloud.rst (100%) rename {storage => nitrokeys/storage}/mac/2fa-odoo.rst (100%) rename {storage => nitrokeys/storage}/mac/change-pins.rst (100%) rename {storage => nitrokeys/storage}/mac/ecc.rst (100%) rename {storage => nitrokeys/storage}/mac/eidauthenticate.rst (100%) rename {storage => nitrokeys/storage}/mac/encrypted-mobile-storage.rst (100%) rename {storage => nitrokeys/storage}/mac/factory-reset.rst (100%) rename {storage => nitrokeys/storage}/mac/firmware-update-manually.rst (100%) rename {storage => nitrokeys/storage}/mac/firmware-update.rst (100%) rename {storage => nitrokeys/storage}/mac/gpa.rst (100%) rename {storage => nitrokeys/storage}/mac/hard-disk-encryption.rst (100%) rename {storage => nitrokeys/storage}/mac/hidden.rst (100%) rename {storage => nitrokeys/storage}/mac/index.rst (100%) rename {storage => nitrokeys/storage}/mac/openpgp-keygen-backup.rst (100%) rename {storage => nitrokeys/storage}/mac/openpgp-keygen-gpa.rst (100%) rename {storage => nitrokeys/storage}/mac/openpgp-keygen-on-device.rst (100%) rename {storage => nitrokeys/storage}/mac/openpgp-outlook.rst (100%) rename {storage => nitrokeys/storage}/mac/openpgp-thunderbird.rst (100%) rename {storage => nitrokeys/storage}/mac/openpgp.rst (100%) rename {storage => nitrokeys/storage}/mac/otp.rst (100%) rename {storage => nitrokeys/storage}/mac/smime-outlook.rst (100%) rename {storage => nitrokeys/storage}/mac/smime-thunderbird.rst (100%) rename {storage => nitrokeys/storage}/mac/smime.rst (100%) rename {storage => nitrokeys/storage}/windows/2fa-google.rst (100%) rename {storage => nitrokeys/storage}/windows/2fa-microsoft.rst (100%) rename {storage => nitrokeys/storage}/windows/2fa-nextcloud.rst (100%) rename {storage => nitrokeys/storage}/windows/2fa-odoo.rst (100%) rename {storage => nitrokeys/storage}/windows/change-pins.rst (100%) rename {storage => nitrokeys/storage}/windows/ecc.rst (100%) rename {storage => nitrokeys/storage}/windows/eidauthenticate.rst (100%) rename {storage => nitrokeys/storage}/windows/encrypted-mobile-storage.rst (100%) rename {storage => nitrokeys/storage}/windows/factory-reset.rst (100%) rename {storage => nitrokeys/storage}/windows/firmware-update-manually.rst (100%) rename {storage => nitrokeys/storage}/windows/firmware-update.rst (100%) rename {storage => nitrokeys/storage}/windows/gpa.rst (100%) rename {storage => nitrokeys/storage}/windows/hard-disk-encryption.rst (100%) rename {storage => nitrokeys/storage}/windows/hidden.rst (100%) rename {storage => nitrokeys/storage}/windows/images/Windows10-Systemtray.png (100%) rename {storage => nitrokeys/storage}/windows/images/format-dialog.png (100%) rename {storage => nitrokeys/storage}/windows/images/format-tool.png (100%) rename {storage => nitrokeys/storage}/windows/images/nitrokey-update-tool.png (100%) rename {storage => nitrokeys/storage}/windows/index.rst (100%) rename {storage => nitrokeys/storage}/windows/openpgp-csp.rst (100%) rename {storage => nitrokeys/storage}/windows/openpgp-keygen-backup.rst (100%) rename {storage => nitrokeys/storage}/windows/openpgp-keygen-gpa.rst (100%) rename {storage => nitrokeys/storage}/windows/openpgp-keygen-on-device.rst (100%) rename {storage => nitrokeys/storage}/windows/openpgp-outlook.rst (100%) rename {storage => nitrokeys/storage}/windows/openpgp-thunderbird.rst (100%) rename {storage => nitrokeys/storage}/windows/openpgp.rst (100%) rename {storage => nitrokeys/storage}/windows/otp.rst (100%) rename {storage => nitrokeys/storage}/windows/putty.rst (100%) rename {storage => nitrokeys/storage}/windows/smart-policy.rst (100%) rename {storage => nitrokeys/storage}/windows/smime-outlook.rst (100%) rename {storage => nitrokeys/storage}/windows/smime-thunderbird.rst (100%) rename {storage => nitrokeys/storage}/windows/smime.rst (100%) delete mode 100644 nitrokeys/u2f/features.rst diff --git a/nitrokeys/features/openvpn/openvpn-easyrsa.rst b/nitrokeys/features/openvpn/openvpn-easyrsa.rst index c43491fc62..c33f85cc83 100644 --- a/nitrokeys/features/openvpn/openvpn-easyrsa.rst +++ b/nitrokeys/features/openvpn/openvpn-easyrsa.rst @@ -126,7 +126,7 @@ To build the PKI, we will download the latest version of Easy-RSA on the server .. code-block:: bash $ cd ~ - wget -P ~/ https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.7/EasyRSA-3.0.7.tgz + $ wget -P ~/ https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.7/EasyRSA-3.0.7.tgz 2. Extract the tarball @@ -605,7 +605,31 @@ Client side configuration # key client.key # tls-auth ta.key 1 - 4. Known issues + + 4. Configure OpenVPN (Windows only) + + In order to establish a handshake, you must configure OpenSSL included in OpenVPN. + + Create the directory ``ssl`` in ``C:\Program Files\OpenVPN`` and create file ``openssl.cnf`` with the following content : + + openssl_conf = default_conf + + [ default_conf ] + ssl_conf = ssl_sect + + [ ssl_sect ] + system_default = ssl_default_sect + + [ ssl_default_sect ] + SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512:RSA+SHA384:ECDSA+SHA384:RSA+SHA256:ECDSA+SHA256 + MaxProtocol = TLSv1.2 + MinProtocol = TLSv1.2 + + + With this modification, you will not have error as reported `here `__, `here `__ and `here `__ + + + 5. Known issues There are some known issues related to OpenVPN login with OpenSC. Please consult these issues `here `__. @@ -641,7 +665,7 @@ Client side configuration .. warning:: - Unfortunately OpenVPN doesn’t seem to be able to establish a handshake and stops at an error as reported `here `__, `here `__ and `here `__ + Unfortunately OpenVPN doesn’t seem to be able to establish a handshake on some operating systems and stops at an error as reported `here `__, `here `__ and `here `__ :: diff --git a/nitrokeys/nkpk/index.rst b/nitrokeys/passkey/index.rst similarity index 100% rename from nitrokeys/nkpk/index.rst rename to nitrokeys/passkey/index.rst diff --git a/nitrokeys/pro/ecc.rst.inc b/nitrokeys/pro/ecc.rst similarity index 100% rename from nitrokeys/pro/ecc.rst.inc rename to nitrokeys/pro/ecc.rst diff --git a/nitrokeys/pro/factory-reset.rst.inc b/nitrokeys/pro/factory-reset.rst similarity index 100% rename from nitrokeys/pro/factory-reset.rst.inc rename to nitrokeys/pro/factory-reset.rst diff --git a/nitrokeys/pro/features.rst b/nitrokeys/pro/features.rst deleted file mode 100644 index 7132ffb84a..0000000000 --- a/nitrokeys/pro/features.rst +++ /dev/null @@ -1,16 +0,0 @@ -Nitrokey Pro 2 Features -======================= - -The Nitrokey Pro 2 currently supports the following features: - -.. toctree:: - :maxdepth: 1 - :glob: - - Two-Factor Authentication (2FA) <../features/2fa/index> - OpenPGP <../features/openpgp/index> - TOTP <../features/totp/index> - SMIME <../features/smime/index> - SSH <../features/ssh/index> - Putty <../features/putty/index> - OpenVPN <../features/openvpn/index> \ No newline at end of file diff --git a/nitrokeys/pro/firmware-update.rst.inc b/nitrokeys/pro/firmware-update.rst similarity index 76% rename from nitrokeys/pro/firmware-update.rst.inc rename to nitrokeys/pro/firmware-update.rst index 8555b7c07c..4bcad58a94 100644 --- a/nitrokeys/pro/firmware-update.rst.inc +++ b/nitrokeys/pro/firmware-update.rst @@ -77,3 +77,17 @@ Troubleshooting $ locate libnitrokey.so +Linux Permission error +^^^^^^^^^^^^^^^^^^^^^^ + +**Issue:** I get ``permission denied for /dev/hidrawX`` during update. + This likely means your user has not the needed permissions to + read/write the device. Please make sure you have set up the correct + `udev-rules`_. Download this `udev-rules`_ set and place it in your + udev rules directory (e.g., ``/etc/udev/rules.d``). Then remove + your Nitrokey Pro from the USB slot and run: + ``udevadm control --reload-rules && udevadm trigger`` or reboot + your machine. Afterwards the update should work without the + permission issue. + +.. _udev-rules: https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules diff --git a/nitrokeys/pro/index.rst b/nitrokeys/pro/index.rst index b190095399..1c9f2e1312 100644 --- a/nitrokeys/pro/index.rst +++ b/nitrokeys/pro/index.rst @@ -14,9 +14,14 @@ First check the: or check out the features: -.. toctree:: - :maxdepth: 1 - :glob: - - Features - +.. toctree:: + :maxdepth: 1 + :glob: + + Two-Factor Authentication (2FA) <../features/2fa/index> + OpenPGP <../features/openpgp/index> + TOTP <../features/totp/index> + SMIME <../features/smime/index> + SSH <../features/ssh/index> + Putty <../features/putty/index> + OpenVPN <../features/openvpn/index> diff --git a/nitrokeys/pro/linux/change-pins.rst b/nitrokeys/pro/linux/change-pins.rst deleted file mode 100644 index 253d97d4bb..0000000000 --- a/nitrokeys/pro/linux/change-pins.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../change-pins.rst.inc diff --git a/nitrokeys/pro/linux/ecc.rst b/nitrokeys/pro/linux/ecc.rst deleted file mode 100644 index ff7150cad4..0000000000 --- a/nitrokeys/pro/linux/ecc.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../ecc.rst.inc diff --git a/nitrokeys/pro/linux/factory-reset.rst b/nitrokeys/pro/linux/factory-reset.rst deleted file mode 100644 index 41182c6c07..0000000000 --- a/nitrokeys/pro/linux/factory-reset.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../factory-reset.rst.inc diff --git a/nitrokeys/pro/linux/firmware-update.rst b/nitrokeys/pro/linux/firmware-update.rst deleted file mode 100644 index edcb6af54c..0000000000 --- a/nitrokeys/pro/linux/firmware-update.rst +++ /dev/null @@ -1,13 +0,0 @@ -.. include:: ../firmware-update.rst.inc - -**Issue:** I get ``permission denied for /dev/hidrawX`` during update. - This likely means your user has not the needed permissions to - read/write the device. Please make sure you have set up the correct - `udev-rules`_. Download this `udev-rules`_ set and place it in your - udev rules directory (e.g., ``/etc/udev/rules.d``). Then remove - your Nitrokey Pro from the USB slot and run: - ``udevadm control --reload-rules && udevadm trigger`` or reboot - your machine. Afterwards the update should work without the - permission issue. - -.. _udev-rules: https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules diff --git a/nitrokeys/pro/linux/gpa.rst b/nitrokeys/pro/linux/gpa.rst deleted file mode 100644 index c2bb5534e0..0000000000 --- a/nitrokeys/pro/linux/gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../gpa.rst diff --git a/nitrokeys/pro/mac/change-pins.rst b/nitrokeys/pro/mac/change-pins.rst deleted file mode 100644 index 253d97d4bb..0000000000 --- a/nitrokeys/pro/mac/change-pins.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../change-pins.rst.inc diff --git a/nitrokeys/pro/mac/ecc.rst b/nitrokeys/pro/mac/ecc.rst deleted file mode 100644 index ff7150cad4..0000000000 --- a/nitrokeys/pro/mac/ecc.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../ecc.rst.inc diff --git a/nitrokeys/pro/mac/factory-reset.rst b/nitrokeys/pro/mac/factory-reset.rst deleted file mode 100644 index 41182c6c07..0000000000 --- a/nitrokeys/pro/mac/factory-reset.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../factory-reset.rst.inc diff --git a/nitrokeys/pro/mac/firmware-update.rst b/nitrokeys/pro/mac/firmware-update.rst deleted file mode 100644 index 97c722b20c..0000000000 --- a/nitrokeys/pro/mac/firmware-update.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../firmware-update.rst.inc diff --git a/nitrokeys/pro/mac/gpa.rst b/nitrokeys/pro/mac/gpa.rst deleted file mode 100644 index c2bb5534e0..0000000000 --- a/nitrokeys/pro/mac/gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../gpa.rst diff --git a/nitrokeys/pro/windows/change-pins.rst b/nitrokeys/pro/windows/change-pins.rst deleted file mode 100644 index 253d97d4bb..0000000000 --- a/nitrokeys/pro/windows/change-pins.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../change-pins.rst.inc diff --git a/nitrokeys/pro/windows/ecc.rst b/nitrokeys/pro/windows/ecc.rst deleted file mode 100644 index ff7150cad4..0000000000 --- a/nitrokeys/pro/windows/ecc.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../ecc.rst.inc diff --git a/nitrokeys/pro/windows/factory-reset.rst b/nitrokeys/pro/windows/factory-reset.rst deleted file mode 100644 index 41182c6c07..0000000000 --- a/nitrokeys/pro/windows/factory-reset.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../factory-reset.rst.inc diff --git a/nitrokeys/pro/windows/firmware-update.rst b/nitrokeys/pro/windows/firmware-update.rst deleted file mode 100644 index 97c722b20c..0000000000 --- a/nitrokeys/pro/windows/firmware-update.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../firmware-update.rst.inc diff --git a/nitrokeys/pro/windows/gpa.rst b/nitrokeys/pro/windows/gpa.rst deleted file mode 100644 index c2bb5534e0..0000000000 --- a/nitrokeys/pro/windows/gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../gpa.rst diff --git a/nitrokeys/pro/windows/openvpn-easyrsa.rst b/nitrokeys/pro/windows/openvpn-easyrsa.rst deleted file mode 100644 index 5131a6e41c..0000000000 --- a/nitrokeys/pro/windows/openvpn-easyrsa.rst +++ /dev/null @@ -1,674 +0,0 @@ -OpenVPN Configuration with Easy-RSA -=================================== - -.. contents:: :local: - :depth: 2 - -.. note:: - - This guide is work-in-progress, and will be updated accordinlgy. Please take this status into consideration. - -This guide shows how to configure OpenVPN clients to login using a `Nitrokey Pro -2 `__ or a `Nitrokey Storage -2 `__. For software key management we will be using `Easy-RSA `__, a utility that has been evolving alongside OpenVPN. - -To sign the certificates, we will use a `Nitrokey HSM -2 `__ set up as `Certificate Authority <../../hsm/windows/certificate-authority.html#creating-the-intermediate-certificate-authority>`_, however this guide does not cover the set up of the CA itself (it is clear and `well documented here <../../hsm/windows/certificate-authority.html#sign-a-server-certificate>`_). - -We will use Easy-RSA, because it seems to provide some flexibility, and allows key management via external PKIs. We will use it on the server to issue the signing request, and repeat the same process on the client. The Certificate Signing Requests will be signed by the CA on the Nitorkey HSM, and re-transmitted to the server and the client. - - -Prerequisites -------------- - -In the following documentation we will require 3 different machines as following: - -- OpenVPN server (v. 2.5) on Debian 10 (EC2 virtual machine - AWS) - -- OpenVPN client (v. 2.4.9) on Fedora 30 (local machine) - -- The Certificate Authority will be accessible from a standalone - machine with Fedora 30 (local machine) - -To interact with the devices we will require `OpenSC -0.20 `__ installed on the client and CA machine (the local machines). You can follow the instructions to set it up in `this link (*Unix) `__. - -To download the dependencies on Fedora machines we can this instruction: - -.. code-block:: bash - - su -c 'dnf install readline-devel openssl-devel libxslt docbook-style-xsl pcsc-lite-devel automake autoconf libtool gcc zlib-devel' - -For Debian Linux, more recent OpenSC packages are available `here `__. - -We will use the following Nitrokeys for physical key management: - -- An authentication key using the `Nitrokey Pro 2 - (pdf) `__ - -- A Certificate Authority (CA) using the `Nitrokey HSM 2 - (pdf) `__ - -As a reminder, to build a Certificate Authority on Nitrokey HSM 2, you may follow the instructions available `in the documentation `_. - -Alternatively you may set up your own CA on a `on a separate machine `__, or use the OpenVPN tutorial which also relies on `Easy-RSA `__. The last 2 options rely on software solutions for key management. - --------------- - -Server side ------------ - -1. Install OpenVPN -^^^^^^^^^^^^^^^^^^ - - 1. First we need to enable IP Forwarding by editing ``/etc/sysctl.conf`` file - - .. code-block:: bash - - $ editor /etc/sysctl.conf - - 2. Uncomment or edit accordingly the following line - - .. code-block:: bash - - net.ipv4.ip_forward=1 - - 3. Close after saving it, and enter this command - - .. code-block:: bash - - $ sysctl -p - - Once IP forwarding is done, we will need to download the latest release of OpenvPN for our Debian 10 server, according to `these instructions `__: - - 4. Change to root and download the GPG key that signed the package - - .. code-block:: bash - - $ sudo -s - # wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg | apt-key add - - - 5. Add the URL of the adequate OpenVPN packages to the ``sources.list`` file - - .. code-block:: bash - - # echo "deb http://build.openvpn.net/debian/openvpn/release/2.5 buster main" > /etc/apt/sources.list.d/openvpn-aptrepo.list - # exit - - We downloaded OpenVPN 2.5 as “password prompt” requires at least OpenVPN `version - 2.4.8 `__ to login. - - 6. Next we download OpenVPN - - .. code-block:: bash - - $ sudo apt install openvpn - - If you want to check the version, it possible by calling ``--version`` - and print the following: - - :: - - $ sudo openvpn --version - OpenVPN 2.5_beta3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 1 2020 - library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10 - Originally developed by James Yonan - Copyright (C) 2002-2018 OpenVPN Inc - Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no \ enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes \ enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no \ enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no \ enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no \ enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes \ with_mem_check=no with_sysroot=no - -2. Install Easy-RSA -^^^^^^^^^^^^^^^^^^^ - - To build the PKI, we will download the latest version of Easy-RSA on the server and client machines. To get the latest release, go to the `Releases page on the official EasyRSA GitHub project `__, copy the download link for the file ending in ``.tgz``, and then paste it into the following command: - - 1. Download the latest release - - .. code-block:: bash - - $ cd ~ - $ wget -P ~/ https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.7/EasyRSA-3.0.7.tgz - - 2. Extract the tarball - - .. code-block:: bash - - $ cd ~ - $ tar xvf EasyRSA-3.0.7.tgz - $ mv EasyRSA-3.0.7/ easyrsa/ # rename folder - -3. Create a PKI for OpenVPN server -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - - Before you can create your OpenVPN server’s private key and certificate, you need to create a local Public Key Infrastructure directory on your OpenVPN server. You will use this directory to manage the server and clients’ certificate requests, instead of making them directly on your CA server. - - To build a PKI directory on your OpenVPN server, you’ll need to populate a file called ``vars`` with some default values. - - 1. Create a ``vars`` file - - .. code-block:: bash - - $ touch ~/easyrsa/vars - $ cd easyrsa/ - $ editor vars - - 2. Once the file is opened, paste in the following two lines - - .. code-block:: bash - - set_var EASYRSA_ALGO "ec" - set_var EASYRSA_DIGEST "sha512" - - These are the only two lines that you need in this ``vars`` file on your OpenVPN server since it will not be used as a Certificate Authority. They will ensure that your private keys and certificate requests are configured to use Elliptic Curve Cryptography (ECC) to generate keys, and secure signatures for your clients and OpenVPN server. - - In regards to the choice of the cryptographic algorithms, I follow the model in `this tutorial `__, and you can customize these according to your specific needs. - - 3. Initialize the PKI - - Once you have populated the ``vars`` file you can proceed with creating the PKI directory. To do so, run the easyrsa script with the init-pki option: - - .. code-block:: bash - - $ ./easyrsa init-pki - - After you’ve initialized your PKI on the OpenVPN server, you are ready to move on to the next step, which is creating an OpenVPN server certificate request and private key. - -4. Create ``server.req`` and ``server.key`` -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - - Now that your OpenVPN server has all the prerequisites installed, the next step is to generate a key pair composed of a private key (to keep secret), and a Certificate Signing Request (``.csr``) on your OpenVPN server. - - In general terms, on systems where we generate a key and request, these files are left unencrypted by using the ``nopass`` argument, since servers usually need to start up without any password input. This generates an *unencrypted key*, so mind *protect its access and file permissions* carefully. - - .. tip:: - - Configuration notes from OpenVPN: - - 1. The server, and each client, must have their own cert and key - file. The server and all clients will use the same CA file. - 2. Server certificate should have the following: - - - ``keyUsage: digitalSignature, keyEncipherment`` - - - ``extendedKeyUsage: serverAuth`` - - 1. Create the signing request for the server - - Navigate to the ``~/easyrsa`` directory on your OpenVPN Server as your non-root user, and enter the following commands: - - .. code-block:: bash - - $ cd easyrsa/ - $ ./easyrsa gen-req server nopass - - This will create a private key for the server and a certificate request file called ``server.req``. - - Once you have a signed certificate, you’ll transfer it back to the OpenVPN server. - - 2. Copy the key to the OpenVPN server directory - - .. code-block:: bash - - $ sudo cp /home/admin/EasyRSA/pki/private/server.key /etc/openvpn/server/ - - After completing these steps, you have successfully created a private key for your OpenVPN server. You have also generated a Certificate Signing Request for the OpenVPN server. - - .. tip:: - - File extensions for certificate signing requests - - The file extension that is adopted by the CA and HSM tutorial - indicates the creation of a ``.csr`` file, however Easy-RSA creates - certificate signing requests with a ``.req`` extension. - - We will use interchangeably both extensions, while making sure that - we transfer the right files to the Certificate Authority, and - generate a final certificate with a ``.crt`` extension. - - In the next section of this guide, we will sign a ``.req`` file with our CA on deployed on the HSM 2 device. For this purpose, I will use a dedicated machine to sign the requests. - -5. Sign and retrieve ``server.crt`` -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - - The following instructions require the transfer of the ``server.req`` - (or ``server.csr``) file to the CA system. - - The transfer itself is not security sensitive, though it is wise to verify if the received file matches the sender’s copy, if the transport is untrusted. - - In order to go through these steps, I will extensively rely on `these instructions `_, to sign the certificate signing requests, once we generated them with Easy-RSA. - - 1. Sign the ``server.req`` file - - On the local machine dedicated to access the HSM, we will use the tools provided by Opensc 0.20 in order to sign the ``.req`` file, and send it back to the OpenVPN server. We assume we have transferred the file from the server machine to the CA machine. - - First we start by plugging the HSM Nitrokey, and enter this instruction for listing the keys available. - - 1. Query the list of available devices - - :: - - $ p11tool --list-all - - **(Required step)** If this is the first time you sign a certificate with the CA, you might want to retrieve the URI of the CA’s private key from the HSM, and include it in the config file. - - - The key’s URI should be in this format: - - :: - - pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%E0%16%1C%C8%B6%F5%D6%6A%C6%83%5E%CD%EC%B6%23%FC%05%06%A6%75;object=root;type=private - - 2. Create ``openvpn/`` directory under ``certificate-authority/`` - - .. code-block:: bash - - $ mkdir/opt/certificate-authority/ - $ cd /opt/certificate-authority/ - - 3. Sign the ``server.req`` - - .. code-block:: bash - - $ openssl ca -config sign_server_csrs.ini -engine pkcs11 -keyform engine -days 375 -notext -md sha512 -create_serial -in server.req -out /home/user/pki/issued/server.crt - - 2. Retrieve the ``server.crt`` file to the server machine - - 1. Transfer the signed certificates to the server - - From the CA machine, copy the files ``server.crt`` and ``chain.crt`` to the OpenVPN server. In this example we will use the ``scp`` command as following: - - .. code-block:: bash - - $ scp openvpn/{server.crt,chain.crt} admin@your_openvpnserver_ip:/tmp - - 2. Place the certificates on the server’s directory - - .. code-block:: bash - - $ mv /tmp/{server.crt,chain.crt} /etc/openvpn/server - - .. warning:: - - CA Certificate and ``chain.crt`` - - In the above, the CA returns the signed sever certificate, and - includes the CA certificate ``CA.crt`` which is the ``chain.crt`` - file. This can be done over an insecure channel, though the client is - encouraged to confirm if the received ``chain.crt`` is valid, if the - transport is untrusted. - - It is possible to rename the file ``chain.crt`` file to ``CA.crt`` on - the target machine, however we will use ``chain.crt`` in the next - instructions. - -6. Configure the OpenVPN server -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - - A connection that uses TLS requires multiple `certificates and keys for authentication `__. Now that we issued and signed those, we can place them in the right directories. The breakdown of the certificates and keys that must be located at the root directory are the following: - - :: - - OpenVPN server - - - The root certificate file (CA.crt or chain.crt in our setup) - - Server certificate - - Server key - - Diffie Hellman Parameters (optional) - - On your OpenVPN server, now you can create the configuration file ``server.conf`` with your favorite text editor. The file can be configured according to your needs, while we make sure to change the server certificate and key sections according the names you chose for the your the files we signed: - - .. code-block:: bash - - # OpenVPN Server Certificate - CA, server key and certificate - ca chain.crt - cert server.crt - key server.key - - Here is the configuration file we can use for testing these instructions: - - .. code-block:: bash - - port 1194 - proto udp - dev tun - ca ca.crt - cert server.crt - key server.key # This file should be kept secret - dh dh.pem - server 10.8.0.0 255.255.255.0 - push "redirect-gateway def1 bypass-dhcp" - push "dhcp-option DNS 208.67.222.222" - push "dhcp-option DNS 208.67.220.220" - keepalive 10 120 - tls-auth ta.key 0 # This file is secret - cipher AES-256-CBC - user nobody - group nogroup - persist-key - persist-tun - status /var/log/openvpn/openvpn-status.log - log /var/log/openvpn/openvpn.log - log-append /var/log/openvpn/openvpn.log - verb 3 - explicit-exit-notify 1 - tls-version-min 1.2 # Lower boundary for TLS version - tls-version-max 1.2 # Higher boundary for TLS version - - To test if the configuration functions properly, we can use this command: - - .. code-block:: bash - - $ sudo openvpn --server --config server.conf - -7. Start the OpenVPN service on the server -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - - Enable the OpenVPN service by adding it to systemctl, and start it using these commands: - - .. code-block:: bash - - $ sudo systemctl -f enable openvpn@server - $ sudo systemctl start openvpn@server - - To Double check if the OpenVPN service is active use this command: - - .. code-block:: bash - - $ sudo systemctl status openvpn@server - - The OpenVPN should be running at this point. - --------------- - -Client side configuration -------------------------- - -1. Install OpenVPN and Easy-RSA -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - - 1. Install the software - - We can use directly ``dnf install`` to install OpenVPN 2.4.9 and Easy-RSA 3.0.7 - - .. code-block:: bash - - $ sudo dnf install openvpn easy-rsa - - 2. Then we create as non-root a directory for Easy RSA called ``Easy-RSA`` - - .. code-block:: bash - - $ mkdir ~/easyrsa - - 3. And link it to the Easy RSA package we just installed - - .. code-block:: bash - - $ ln -s /usr/share/easy-rsa/3/* ~/easyrsa/ - -2. Create a PKI for the OpenVPN client -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - - In the same manner we created a PKI on the OpenVPN server, we will create a PKI using Easy-RSA on the client side. - -3. Create a ``client.req`` and ``client.key`` -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - - In the same manner we issued the key pair on the sever, we generate a key pair for the client which will be composed of the ``client.req`` - file and the ``client.key`` file. The latter must be kept secret on the client machine. - -4. Sign ``client.req`` and issue the ``client.crt`` file -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - - To transfer the ``client.req`` file to the CA machine, we will use the same method as we did for the ``server.req`` file. - - Once transferred, on the CA machine we sign the certificate signing request file with this command - - .. code-block:: bash - - $ openssl ca -config sign_server_csrs.ini -engine pkcs11 -keyform engine -days 375 -notext -md sha512 -create_serial -in client.req -out /home/user/pki/issued/client.crt - -5. Import ``client.crt`` on the Nitrokey from the CA machine -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - - After creating the ``client.crt`` file, we plug the Nitrokey Pro 2 device in the CA machine, and import the ``.crt`` to the Pro 2 device using this command: - - .. code-block:: bash - - $ pkcs15-init --store-certificate client.crt --id 3 - - You can see if the key is effectively stored on the Nitrokey using this command: - - .. code-block:: bash - - $ pkcs15-tool -c - - Or alternatively - - .. code-block:: bash - - $ pkcs11-tool --list-objects - - Fore more commands you can refer to the `OpenSC wiki `__. - -6. Retrieve the ``chain.crt`` file from the CA machine -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - - While we keep the ``client.crt``\ stored on the nitrokey Pro 2 device, we must retrieve the ``chain.crt`` file on the client machine, and store it in the adequate directory. We may use ``scp`` as in the method explained in the server section of this guide. - -7. Configure the client to interact with the Nitrokey -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - - Now back on the client machine, we will plug the Nitrokey Pro and use it to establish the VPN connection with the server. In general terms, a connection that uses TLS requires multiple certificates and keys for authentication: - - :: - - OpenVPN client - - The root certificate file (`chain.crt`) - - Client certificate - - Client key - - For this guide we can the following ``client.conf`` file, and add the required options to it accordingly: - - .. code-block:: bash - - client - dev tun - proto udp - remote 1194 - resolv-retry infinite - nobind - user nobody - group nobody - persist-key - persist-tun - ca ca.crt - remote-cert-tls server - cipher AES-256-CBC - verb 3 - redirect-gateway def1 - tls-version-min 1.2 # Lower boundary for TLS version - tls-version-max 1.2 # Higher boundary for TLS version - - 1. Determine the correct object - - Each PKCS#11 provider can support multiple devices. In order to view the available object list you can use the following command: - - .. code-block:: bash - - $ openvpn --show-pkcs11-ids /usr/lib64/pkcs11/opensc-pkcs11.so - - The following objects are available for use. - Each object shown below may be used as parameter to - - --pkcs11-id option please remember to use single quote mark. - - Certificate - DN: CN=client - Serial: E53DA75C5B8F1518F520BCEF0128C09F - Serialized id: pkcs11:model=pkcs11:model=PKCS%NNNN%20emulated;token=User%20PIN%20%28OpenPGP%20card%29;manufacturer=ZeitControl;serial=000NNNNNN;id=%03 - - Each certificate/private key pair have unique ``Serialized id`` string. The serialized id string of the requested certificate should be specified, in the configuration file. We can do this by adding the ``pkcs11-id`` option using single quote marks. - - .. code-block:: bash - - pkcs11-id 'pkcs11:model=pkcs11:model=PKCS%NNNN%20emulated;token=User%20PIN%20%28OpenPGP%20card%29;manufacturer=ZeitControl;serial=000NNNNNN;id=%03' - - 2. Add retrieved Serialized ID to the configuration file - - Using your favorite text editor, open the server.conf file, and add the following lines, while taking care to insert your own ``Serialized id``: - - .. code-block:: bash - - pkcs11-providers /usr/lib64/pkcs11/opensc-pkcs11.so - pkcs11-id 'pkcs11:model=pkcs11:model=PKCS%NNNN%20emulated;token=User%20PIN%20%28OpenPGP%20card%29;manufacturer=ZeitControl;serial=000NNNNNN;id=%03' - - For additional `settings related to OpenVPN `__ authentication, you may also add few lines to handle key maganagement, although it is optional. - - .. note:: - - Click to view the code - - .. code-block:: bash - - # nitrokey config - - pkcs11-providers /usr/lib64/pkcs11/opensc-pkcs11.so - pkcs11-id 'pkcs11:model=pkcs11:model=PKCS%NNNN%20emulated;token=User%20PIN%20%28OpenPGP%20card%29;manufacturer=ZeitControl;serial=000NNNNNN;id=%03' - # pkcs11-pin-cache 300 - # daemon - # auth-retry nointeract - # management-hold - # management-signal - # management 127.0.0.1 8888 - # management-query-passwords - pkcs11-cert-private 1 # Prompt for PIN - - Optional step - - - If you need to test the configuration, with and without the token on the Nitrokey, you may add lines to the same ``client.conf`` and comment/uncomment the relevant lines according to your needs: - - .. note:: - - Click to view the code - - .. code-block:: bash - - # non_nitrokey login - - # cert client.crt - # key client.key - # tls-auth ta.key 1 - - 3. Configure the OpenVPN client - - The final configuration file ``client.conf`` should look like this one: - - .. code-block:: bash - - client - dev tun - proto udp - remote 1194 - resolv-retry infinite - nobind - user nobody - group nobody - persist-key - persist-tun - ca ca.crt - remote-cert-tls server - cipher AES-256-CBC - verb 3 - redirect-gateway def1 - tls-version-min 1.2 # Lower boundary for TLS version - tls-version-max 1.2 # Higher boundary for TLS version - - # nitrokey login - - pkcs11-providers /usr/lib64/pkcs11/opensc-pkcs11.so - pkcs11-id 'pkcs11:model=pkcs11:model=PKCS%NNNN%20emulated;token=User%20PIN%20%28OpenPGP%20card%29;manufacturer=ZeitControl;serial=000NNNNNN;id=%03' - # pkcs11-pin-cache 300 - # daemon - # auth-retry nointeract - # management-hold - # management-signal - # management 127.0.0.1 8888 - # management-query-passwords - pkcs11-cert-private 1 # Prompt for PIN - - # OR - - # non_nitrokey login - - # cert client.crt - # key client.key - # tls-auth ta.key 1 - - 4. Configure OpenVPN - - In order to establish a handshake, you must configure OpenSSL included in OpenVPN. - - Create the directory ``ssl`` in ``C:\Program Files\OpenVPN`` and create file ``openssl.cnf`` with the following content : - - openssl_conf = default_conf - - [ default_conf ] - ssl_conf = ssl_sect - - [ ssl_sect ] - system_default = ssl_default_sect - - [ ssl_default_sect ] - SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512:RSA+SHA384:ECDSA+SHA384:RSA+SHA256:ECDSA+SHA256 - MaxProtocol = TLSv1.2 - MinProtocol = TLSv1.2 - - - With this modification, you will not have error as reported `here `__, `here `__ and `here `__ - - - - 5. Known issues - - There are some known issues related to OpenVPN login with OpenSC. Please consult these issues `here `__. - -8. Start the OpenVPN client -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - - 1. Start the OpenVPN service on the client - - Enable the OpenVPN service, and start it using these commands: - - .. code-block:: bash - - $ sudo systemctl -f enable openvpn-server@server.service - $ sudo systemctl start openvpn-server@server.service - - To double check if the OpenVPN service is active use this command: - - .. code-block:: bash - - $ sudo systemctl status openvpn-server@server.service - - 2. Enter your User PIN - - When executing OpenVPN client, Nitrokey’s PIN needs to be entered: - - :: - - $ sudo openvpn --client --config client.conf - Fri Sep 11 17:42:01 2020 OpenVPN 2.4.9 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2020 - Fri Sep 11 17:42:01 2020 library versions: OpenSSL 1.1.1g FIPS 21 Apr 2020, LZO 2.08 - Fri Sep 11 17:42:01 2020 PKCS#11: Adding PKCS#11 provider '/usr/lib64/pkcs11/opensc-pkcs11.so' - Enter User PIN (OpenPGP card) token Password: ****** - - - In some reported cases it does not prompt for a PIN on the terminal. One workaround would be to use to use this command to login with the PIN: - - :: - - $ telnet 8888 password 'User PIN (OpenPGP card) token' - - Alternatively, you could `recompile OpenVPN `__ client with systemd support disabled, and it will prompt you for the PIN as expected. - - Another option, would be to login to your OpenVPN instance with the Viscosity client which provides a better user experience especially for entering the PIN. diff --git a/storage/encrypted-mobile-storage.rst b/nitrokeys/storage/encrypted-mobile-storage.rst similarity index 100% rename from storage/encrypted-mobile-storage.rst rename to nitrokeys/storage/encrypted-mobile-storage.rst diff --git a/storage/factory-reset.rst b/nitrokeys/storage/factory-reset.rst similarity index 100% rename from storage/factory-reset.rst rename to nitrokeys/storage/factory-reset.rst diff --git a/storage/faq.rst b/nitrokeys/storage/faq.rst similarity index 100% rename from storage/faq.rst rename to nitrokeys/storage/faq.rst diff --git a/storage/firmware-update-manually.rst b/nitrokeys/storage/firmware-update-manually.rst similarity index 100% rename from storage/firmware-update-manually.rst rename to nitrokeys/storage/firmware-update-manually.rst diff --git a/storage/hidden.rst b/nitrokeys/storage/hidden.rst similarity index 100% rename from storage/hidden.rst rename to nitrokeys/storage/hidden.rst diff --git a/storage/images/enable-firmware-update.png b/nitrokeys/storage/images/enable-firmware-update.png similarity index 100% rename from storage/images/enable-firmware-update.png rename to nitrokeys/storage/images/enable-firmware-update.png diff --git a/storage/images/factory-reset-menu-item.png b/nitrokeys/storage/images/factory-reset-menu-item.png similarity index 100% rename from storage/images/factory-reset-menu-item.png rename to nitrokeys/storage/images/factory-reset-menu-item.png diff --git a/storage/images/firmware-update-manually/1.png b/nitrokeys/storage/images/firmware-update-manually/1.png similarity index 100% rename from storage/images/firmware-update-manually/1.png rename to nitrokeys/storage/images/firmware-update-manually/1.png diff --git a/storage/images/firmware-update-manually/10.png b/nitrokeys/storage/images/firmware-update-manually/10.png similarity index 100% rename from storage/images/firmware-update-manually/10.png rename to nitrokeys/storage/images/firmware-update-manually/10.png diff --git a/storage/images/firmware-update-manually/11.png b/nitrokeys/storage/images/firmware-update-manually/11.png similarity index 100% rename from storage/images/firmware-update-manually/11.png rename to nitrokeys/storage/images/firmware-update-manually/11.png diff --git a/storage/images/firmware-update-manually/12.png b/nitrokeys/storage/images/firmware-update-manually/12.png similarity index 100% rename from storage/images/firmware-update-manually/12.png rename to nitrokeys/storage/images/firmware-update-manually/12.png diff --git a/storage/images/firmware-update-manually/13.png b/nitrokeys/storage/images/firmware-update-manually/13.png similarity index 100% rename from storage/images/firmware-update-manually/13.png rename to nitrokeys/storage/images/firmware-update-manually/13.png diff --git a/storage/images/firmware-update-manually/2.png b/nitrokeys/storage/images/firmware-update-manually/2.png similarity index 100% rename from storage/images/firmware-update-manually/2.png rename to nitrokeys/storage/images/firmware-update-manually/2.png diff --git a/storage/images/firmware-update-manually/3.png b/nitrokeys/storage/images/firmware-update-manually/3.png similarity index 100% rename from storage/images/firmware-update-manually/3.png rename to nitrokeys/storage/images/firmware-update-manually/3.png diff --git a/storage/images/firmware-update-manually/4.png b/nitrokeys/storage/images/firmware-update-manually/4.png similarity index 100% rename from storage/images/firmware-update-manually/4.png rename to nitrokeys/storage/images/firmware-update-manually/4.png diff --git a/storage/images/firmware-update-manually/5.png b/nitrokeys/storage/images/firmware-update-manually/5.png similarity index 100% rename from storage/images/firmware-update-manually/5.png rename to nitrokeys/storage/images/firmware-update-manually/5.png diff --git a/storage/images/firmware-update-manually/6.png b/nitrokeys/storage/images/firmware-update-manually/6.png similarity index 100% rename from storage/images/firmware-update-manually/6.png rename to nitrokeys/storage/images/firmware-update-manually/6.png diff --git a/storage/images/firmware-update-manually/7.png b/nitrokeys/storage/images/firmware-update-manually/7.png similarity index 100% rename from storage/images/firmware-update-manually/7.png rename to nitrokeys/storage/images/firmware-update-manually/7.png diff --git a/storage/images/firmware-update-manually/8.png b/nitrokeys/storage/images/firmware-update-manually/8.png similarity index 100% rename from storage/images/firmware-update-manually/8.png rename to nitrokeys/storage/images/firmware-update-manually/8.png diff --git a/storage/images/firmware-update-manually/9.png b/nitrokeys/storage/images/firmware-update-manually/9.png similarity index 100% rename from storage/images/firmware-update-manually/9.png rename to nitrokeys/storage/images/firmware-update-manually/9.png diff --git a/storage/images/hidden-schema.svg b/nitrokeys/storage/images/hidden-schema.svg similarity index 100% rename from storage/images/hidden-schema.svg rename to nitrokeys/storage/images/hidden-schema.svg diff --git a/storage/images/hidden-storage-passphrase.png b/nitrokeys/storage/images/hidden-storage-passphrase.png similarity index 100% rename from storage/images/hidden-storage-passphrase.png rename to nitrokeys/storage/images/hidden-storage-passphrase.png diff --git a/storage/images/setup_hidden_volume.png b/nitrokeys/storage/images/setup_hidden_volume.png similarity index 100% rename from storage/images/setup_hidden_volume.png rename to nitrokeys/storage/images/setup_hidden_volume.png diff --git a/storage/index.rst b/nitrokeys/storage/index.rst similarity index 100% rename from storage/index.rst rename to nitrokeys/storage/index.rst diff --git a/storage/linux/2fa-google.rst b/nitrokeys/storage/linux/2fa-google.rst similarity index 100% rename from storage/linux/2fa-google.rst rename to nitrokeys/storage/linux/2fa-google.rst diff --git a/storage/linux/2fa-nextcloud.rst b/nitrokeys/storage/linux/2fa-nextcloud.rst similarity index 100% rename from storage/linux/2fa-nextcloud.rst rename to nitrokeys/storage/linux/2fa-nextcloud.rst diff --git a/storage/linux/2fa-odoo.rst b/nitrokeys/storage/linux/2fa-odoo.rst similarity index 100% rename from storage/linux/2fa-odoo.rst rename to nitrokeys/storage/linux/2fa-odoo.rst diff --git a/storage/linux/automatic-screen-lock.rst b/nitrokeys/storage/linux/automatic-screen-lock.rst similarity index 100% rename from storage/linux/automatic-screen-lock.rst rename to nitrokeys/storage/linux/automatic-screen-lock.rst diff --git a/storage/linux/certificate-authority.rst b/nitrokeys/storage/linux/certificate-authority.rst similarity index 100% rename from storage/linux/certificate-authority.rst rename to nitrokeys/storage/linux/certificate-authority.rst diff --git a/storage/linux/change-pins.rst b/nitrokeys/storage/linux/change-pins.rst similarity index 100% rename from storage/linux/change-pins.rst rename to nitrokeys/storage/linux/change-pins.rst diff --git a/storage/linux/disk-encryption-luks.rst b/nitrokeys/storage/linux/disk-encryption-luks.rst similarity index 100% rename from storage/linux/disk-encryption-luks.rst rename to nitrokeys/storage/linux/disk-encryption-luks.rst diff --git a/storage/linux/ecc.rst b/nitrokeys/storage/linux/ecc.rst similarity index 100% rename from storage/linux/ecc.rst rename to nitrokeys/storage/linux/ecc.rst diff --git a/storage/linux/encrypted-mobile-storage.rst b/nitrokeys/storage/linux/encrypted-mobile-storage.rst similarity index 100% rename from storage/linux/encrypted-mobile-storage.rst rename to nitrokeys/storage/linux/encrypted-mobile-storage.rst diff --git a/storage/linux/factory-reset.rst b/nitrokeys/storage/linux/factory-reset.rst similarity index 100% rename from storage/linux/factory-reset.rst rename to nitrokeys/storage/linux/factory-reset.rst diff --git a/storage/linux/firmware-update-manually.rst b/nitrokeys/storage/linux/firmware-update-manually.rst similarity index 100% rename from storage/linux/firmware-update-manually.rst rename to nitrokeys/storage/linux/firmware-update-manually.rst diff --git a/storage/linux/firmware-update.rst b/nitrokeys/storage/linux/firmware-update.rst similarity index 100% rename from storage/linux/firmware-update.rst rename to nitrokeys/storage/linux/firmware-update.rst diff --git a/storage/linux/gpa.rst b/nitrokeys/storage/linux/gpa.rst similarity index 100% rename from storage/linux/gpa.rst rename to nitrokeys/storage/linux/gpa.rst diff --git a/storage/linux/hard-disk-encryption.rst b/nitrokeys/storage/linux/hard-disk-encryption.rst similarity index 100% rename from storage/linux/hard-disk-encryption.rst rename to nitrokeys/storage/linux/hard-disk-encryption.rst diff --git a/storage/linux/hidden.rst b/nitrokeys/storage/linux/hidden.rst similarity index 100% rename from storage/linux/hidden.rst rename to nitrokeys/storage/linux/hidden.rst diff --git a/storage/linux/images/hidden-storage-partition.png b/nitrokeys/storage/linux/images/hidden-storage-partition.png similarity index 100% rename from storage/linux/images/hidden-storage-partition.png rename to nitrokeys/storage/linux/images/hidden-storage-partition.png diff --git a/storage/linux/index.rst b/nitrokeys/storage/linux/index.rst similarity index 100% rename from storage/linux/index.rst rename to nitrokeys/storage/linux/index.rst diff --git a/storage/linux/ipsec.rst b/nitrokeys/storage/linux/ipsec.rst similarity index 100% rename from storage/linux/ipsec.rst rename to nitrokeys/storage/linux/ipsec.rst diff --git a/storage/linux/login-with-pam.rst b/nitrokeys/storage/linux/login-with-pam.rst similarity index 100% rename from storage/linux/login-with-pam.rst rename to nitrokeys/storage/linux/login-with-pam.rst diff --git a/storage/linux/openpgp-keygen-backup.rst b/nitrokeys/storage/linux/openpgp-keygen-backup.rst similarity index 100% rename from storage/linux/openpgp-keygen-backup.rst rename to nitrokeys/storage/linux/openpgp-keygen-backup.rst diff --git a/storage/linux/openpgp-keygen-gpa.rst b/nitrokeys/storage/linux/openpgp-keygen-gpa.rst similarity index 100% rename from storage/linux/openpgp-keygen-gpa.rst rename to nitrokeys/storage/linux/openpgp-keygen-gpa.rst diff --git a/storage/linux/openpgp-keygen-on-device.rst b/nitrokeys/storage/linux/openpgp-keygen-on-device.rst similarity index 100% rename from storage/linux/openpgp-keygen-on-device.rst rename to nitrokeys/storage/linux/openpgp-keygen-on-device.rst diff --git a/storage/linux/openpgp-outlook.rst b/nitrokeys/storage/linux/openpgp-outlook.rst similarity index 100% rename from storage/linux/openpgp-outlook.rst rename to nitrokeys/storage/linux/openpgp-outlook.rst diff --git a/storage/linux/openpgp-thunderbird.rst b/nitrokeys/storage/linux/openpgp-thunderbird.rst similarity index 100% rename from storage/linux/openpgp-thunderbird.rst rename to nitrokeys/storage/linux/openpgp-thunderbird.rst diff --git a/storage/linux/openpgp.rst b/nitrokeys/storage/linux/openpgp.rst similarity index 100% rename from storage/linux/openpgp.rst rename to nitrokeys/storage/linux/openpgp.rst diff --git a/storage/linux/openvpn-easyrsa.rst b/nitrokeys/storage/linux/openvpn-easyrsa.rst similarity index 100% rename from storage/linux/openvpn-easyrsa.rst rename to nitrokeys/storage/linux/openvpn-easyrsa.rst diff --git a/storage/linux/otp.rst b/nitrokeys/storage/linux/otp.rst similarity index 100% rename from storage/linux/otp.rst rename to nitrokeys/storage/linux/otp.rst diff --git a/storage/linux/smime-outlook.rst b/nitrokeys/storage/linux/smime-outlook.rst similarity index 100% rename from storage/linux/smime-outlook.rst rename to nitrokeys/storage/linux/smime-outlook.rst diff --git a/storage/linux/smime-thunderbird.rst b/nitrokeys/storage/linux/smime-thunderbird.rst similarity index 100% rename from storage/linux/smime-thunderbird.rst rename to nitrokeys/storage/linux/smime-thunderbird.rst diff --git a/storage/linux/smime.rst b/nitrokeys/storage/linux/smime.rst similarity index 100% rename from storage/linux/smime.rst rename to nitrokeys/storage/linux/smime.rst diff --git a/storage/linux/ssh.rst b/nitrokeys/storage/linux/ssh.rst similarity index 100% rename from storage/linux/ssh.rst rename to nitrokeys/storage/linux/ssh.rst diff --git a/storage/linux/stunnel.rst b/nitrokeys/storage/linux/stunnel.rst similarity index 100% rename from storage/linux/stunnel.rst rename to nitrokeys/storage/linux/stunnel.rst diff --git a/storage/mac/2fa-google.rst b/nitrokeys/storage/mac/2fa-google.rst similarity index 100% rename from storage/mac/2fa-google.rst rename to nitrokeys/storage/mac/2fa-google.rst diff --git a/storage/mac/2fa-nextcloud.rst b/nitrokeys/storage/mac/2fa-nextcloud.rst similarity index 100% rename from storage/mac/2fa-nextcloud.rst rename to nitrokeys/storage/mac/2fa-nextcloud.rst diff --git a/storage/mac/2fa-odoo.rst b/nitrokeys/storage/mac/2fa-odoo.rst similarity index 100% rename from storage/mac/2fa-odoo.rst rename to nitrokeys/storage/mac/2fa-odoo.rst diff --git a/storage/mac/change-pins.rst b/nitrokeys/storage/mac/change-pins.rst similarity index 100% rename from storage/mac/change-pins.rst rename to nitrokeys/storage/mac/change-pins.rst diff --git a/storage/mac/ecc.rst b/nitrokeys/storage/mac/ecc.rst similarity index 100% rename from storage/mac/ecc.rst rename to nitrokeys/storage/mac/ecc.rst diff --git a/storage/mac/eidauthenticate.rst b/nitrokeys/storage/mac/eidauthenticate.rst similarity index 100% rename from storage/mac/eidauthenticate.rst rename to nitrokeys/storage/mac/eidauthenticate.rst diff --git a/storage/mac/encrypted-mobile-storage.rst b/nitrokeys/storage/mac/encrypted-mobile-storage.rst similarity index 100% rename from storage/mac/encrypted-mobile-storage.rst rename to nitrokeys/storage/mac/encrypted-mobile-storage.rst diff --git a/storage/mac/factory-reset.rst b/nitrokeys/storage/mac/factory-reset.rst similarity index 100% rename from storage/mac/factory-reset.rst rename to nitrokeys/storage/mac/factory-reset.rst diff --git a/storage/mac/firmware-update-manually.rst b/nitrokeys/storage/mac/firmware-update-manually.rst similarity index 100% rename from storage/mac/firmware-update-manually.rst rename to nitrokeys/storage/mac/firmware-update-manually.rst diff --git a/storage/mac/firmware-update.rst b/nitrokeys/storage/mac/firmware-update.rst similarity index 100% rename from storage/mac/firmware-update.rst rename to nitrokeys/storage/mac/firmware-update.rst diff --git a/storage/mac/gpa.rst b/nitrokeys/storage/mac/gpa.rst similarity index 100% rename from storage/mac/gpa.rst rename to nitrokeys/storage/mac/gpa.rst diff --git a/storage/mac/hard-disk-encryption.rst b/nitrokeys/storage/mac/hard-disk-encryption.rst similarity index 100% rename from storage/mac/hard-disk-encryption.rst rename to nitrokeys/storage/mac/hard-disk-encryption.rst diff --git a/storage/mac/hidden.rst b/nitrokeys/storage/mac/hidden.rst similarity index 100% rename from storage/mac/hidden.rst rename to nitrokeys/storage/mac/hidden.rst diff --git a/storage/mac/index.rst b/nitrokeys/storage/mac/index.rst similarity index 100% rename from storage/mac/index.rst rename to nitrokeys/storage/mac/index.rst diff --git a/storage/mac/openpgp-keygen-backup.rst b/nitrokeys/storage/mac/openpgp-keygen-backup.rst similarity index 100% rename from storage/mac/openpgp-keygen-backup.rst rename to nitrokeys/storage/mac/openpgp-keygen-backup.rst diff --git a/storage/mac/openpgp-keygen-gpa.rst b/nitrokeys/storage/mac/openpgp-keygen-gpa.rst similarity index 100% rename from storage/mac/openpgp-keygen-gpa.rst rename to nitrokeys/storage/mac/openpgp-keygen-gpa.rst diff --git a/storage/mac/openpgp-keygen-on-device.rst b/nitrokeys/storage/mac/openpgp-keygen-on-device.rst similarity index 100% rename from storage/mac/openpgp-keygen-on-device.rst rename to nitrokeys/storage/mac/openpgp-keygen-on-device.rst diff --git a/storage/mac/openpgp-outlook.rst b/nitrokeys/storage/mac/openpgp-outlook.rst similarity index 100% rename from storage/mac/openpgp-outlook.rst rename to nitrokeys/storage/mac/openpgp-outlook.rst diff --git a/storage/mac/openpgp-thunderbird.rst b/nitrokeys/storage/mac/openpgp-thunderbird.rst similarity index 100% rename from storage/mac/openpgp-thunderbird.rst rename to nitrokeys/storage/mac/openpgp-thunderbird.rst diff --git a/storage/mac/openpgp.rst b/nitrokeys/storage/mac/openpgp.rst similarity index 100% rename from storage/mac/openpgp.rst rename to nitrokeys/storage/mac/openpgp.rst diff --git a/storage/mac/otp.rst b/nitrokeys/storage/mac/otp.rst similarity index 100% rename from storage/mac/otp.rst rename to nitrokeys/storage/mac/otp.rst diff --git a/storage/mac/smime-outlook.rst b/nitrokeys/storage/mac/smime-outlook.rst similarity index 100% rename from storage/mac/smime-outlook.rst rename to nitrokeys/storage/mac/smime-outlook.rst diff --git a/storage/mac/smime-thunderbird.rst b/nitrokeys/storage/mac/smime-thunderbird.rst similarity index 100% rename from storage/mac/smime-thunderbird.rst rename to nitrokeys/storage/mac/smime-thunderbird.rst diff --git a/storage/mac/smime.rst b/nitrokeys/storage/mac/smime.rst similarity index 100% rename from storage/mac/smime.rst rename to nitrokeys/storage/mac/smime.rst diff --git a/storage/windows/2fa-google.rst b/nitrokeys/storage/windows/2fa-google.rst similarity index 100% rename from storage/windows/2fa-google.rst rename to nitrokeys/storage/windows/2fa-google.rst diff --git a/storage/windows/2fa-microsoft.rst b/nitrokeys/storage/windows/2fa-microsoft.rst similarity index 100% rename from storage/windows/2fa-microsoft.rst rename to nitrokeys/storage/windows/2fa-microsoft.rst diff --git a/storage/windows/2fa-nextcloud.rst b/nitrokeys/storage/windows/2fa-nextcloud.rst similarity index 100% rename from storage/windows/2fa-nextcloud.rst rename to nitrokeys/storage/windows/2fa-nextcloud.rst diff --git a/storage/windows/2fa-odoo.rst b/nitrokeys/storage/windows/2fa-odoo.rst similarity index 100% rename from storage/windows/2fa-odoo.rst rename to nitrokeys/storage/windows/2fa-odoo.rst diff --git a/storage/windows/change-pins.rst b/nitrokeys/storage/windows/change-pins.rst similarity index 100% rename from storage/windows/change-pins.rst rename to nitrokeys/storage/windows/change-pins.rst diff --git a/storage/windows/ecc.rst b/nitrokeys/storage/windows/ecc.rst similarity index 100% rename from storage/windows/ecc.rst rename to nitrokeys/storage/windows/ecc.rst diff --git a/storage/windows/eidauthenticate.rst b/nitrokeys/storage/windows/eidauthenticate.rst similarity index 100% rename from storage/windows/eidauthenticate.rst rename to nitrokeys/storage/windows/eidauthenticate.rst diff --git a/storage/windows/encrypted-mobile-storage.rst b/nitrokeys/storage/windows/encrypted-mobile-storage.rst similarity index 100% rename from storage/windows/encrypted-mobile-storage.rst rename to nitrokeys/storage/windows/encrypted-mobile-storage.rst diff --git a/storage/windows/factory-reset.rst b/nitrokeys/storage/windows/factory-reset.rst similarity index 100% rename from storage/windows/factory-reset.rst rename to nitrokeys/storage/windows/factory-reset.rst diff --git a/storage/windows/firmware-update-manually.rst b/nitrokeys/storage/windows/firmware-update-manually.rst similarity index 100% rename from storage/windows/firmware-update-manually.rst rename to nitrokeys/storage/windows/firmware-update-manually.rst diff --git a/storage/windows/firmware-update.rst b/nitrokeys/storage/windows/firmware-update.rst similarity index 100% rename from storage/windows/firmware-update.rst rename to nitrokeys/storage/windows/firmware-update.rst diff --git a/storage/windows/gpa.rst b/nitrokeys/storage/windows/gpa.rst similarity index 100% rename from storage/windows/gpa.rst rename to nitrokeys/storage/windows/gpa.rst diff --git a/storage/windows/hard-disk-encryption.rst b/nitrokeys/storage/windows/hard-disk-encryption.rst similarity index 100% rename from storage/windows/hard-disk-encryption.rst rename to nitrokeys/storage/windows/hard-disk-encryption.rst diff --git a/storage/windows/hidden.rst b/nitrokeys/storage/windows/hidden.rst similarity index 100% rename from storage/windows/hidden.rst rename to nitrokeys/storage/windows/hidden.rst diff --git a/storage/windows/images/Windows10-Systemtray.png b/nitrokeys/storage/windows/images/Windows10-Systemtray.png similarity index 100% rename from storage/windows/images/Windows10-Systemtray.png rename to nitrokeys/storage/windows/images/Windows10-Systemtray.png diff --git a/storage/windows/images/format-dialog.png b/nitrokeys/storage/windows/images/format-dialog.png similarity index 100% rename from storage/windows/images/format-dialog.png rename to nitrokeys/storage/windows/images/format-dialog.png diff --git a/storage/windows/images/format-tool.png b/nitrokeys/storage/windows/images/format-tool.png similarity index 100% rename from storage/windows/images/format-tool.png rename to nitrokeys/storage/windows/images/format-tool.png diff --git a/storage/windows/images/nitrokey-update-tool.png b/nitrokeys/storage/windows/images/nitrokey-update-tool.png similarity index 100% rename from storage/windows/images/nitrokey-update-tool.png rename to nitrokeys/storage/windows/images/nitrokey-update-tool.png diff --git a/storage/windows/index.rst b/nitrokeys/storage/windows/index.rst similarity index 100% rename from storage/windows/index.rst rename to nitrokeys/storage/windows/index.rst diff --git a/storage/windows/openpgp-csp.rst b/nitrokeys/storage/windows/openpgp-csp.rst similarity index 100% rename from storage/windows/openpgp-csp.rst rename to nitrokeys/storage/windows/openpgp-csp.rst diff --git a/storage/windows/openpgp-keygen-backup.rst b/nitrokeys/storage/windows/openpgp-keygen-backup.rst similarity index 100% rename from storage/windows/openpgp-keygen-backup.rst rename to nitrokeys/storage/windows/openpgp-keygen-backup.rst diff --git a/storage/windows/openpgp-keygen-gpa.rst b/nitrokeys/storage/windows/openpgp-keygen-gpa.rst similarity index 100% rename from storage/windows/openpgp-keygen-gpa.rst rename to nitrokeys/storage/windows/openpgp-keygen-gpa.rst diff --git a/storage/windows/openpgp-keygen-on-device.rst b/nitrokeys/storage/windows/openpgp-keygen-on-device.rst similarity index 100% rename from storage/windows/openpgp-keygen-on-device.rst rename to nitrokeys/storage/windows/openpgp-keygen-on-device.rst diff --git a/storage/windows/openpgp-outlook.rst b/nitrokeys/storage/windows/openpgp-outlook.rst similarity index 100% rename from storage/windows/openpgp-outlook.rst rename to nitrokeys/storage/windows/openpgp-outlook.rst diff --git a/storage/windows/openpgp-thunderbird.rst b/nitrokeys/storage/windows/openpgp-thunderbird.rst similarity index 100% rename from storage/windows/openpgp-thunderbird.rst rename to nitrokeys/storage/windows/openpgp-thunderbird.rst diff --git a/storage/windows/openpgp.rst b/nitrokeys/storage/windows/openpgp.rst similarity index 100% rename from storage/windows/openpgp.rst rename to nitrokeys/storage/windows/openpgp.rst diff --git a/storage/windows/otp.rst b/nitrokeys/storage/windows/otp.rst similarity index 100% rename from storage/windows/otp.rst rename to nitrokeys/storage/windows/otp.rst diff --git a/storage/windows/putty.rst b/nitrokeys/storage/windows/putty.rst similarity index 100% rename from storage/windows/putty.rst rename to nitrokeys/storage/windows/putty.rst diff --git a/storage/windows/smart-policy.rst b/nitrokeys/storage/windows/smart-policy.rst similarity index 100% rename from storage/windows/smart-policy.rst rename to nitrokeys/storage/windows/smart-policy.rst diff --git a/storage/windows/smime-outlook.rst b/nitrokeys/storage/windows/smime-outlook.rst similarity index 100% rename from storage/windows/smime-outlook.rst rename to nitrokeys/storage/windows/smime-outlook.rst diff --git a/storage/windows/smime-thunderbird.rst b/nitrokeys/storage/windows/smime-thunderbird.rst similarity index 100% rename from storage/windows/smime-thunderbird.rst rename to nitrokeys/storage/windows/smime-thunderbird.rst diff --git a/storage/windows/smime.rst b/nitrokeys/storage/windows/smime.rst similarity index 100% rename from storage/windows/smime.rst rename to nitrokeys/storage/windows/smime.rst diff --git a/nitrokeys/u2f/features.rst b/nitrokeys/u2f/features.rst deleted file mode 100644 index 4a23ceed33..0000000000 --- a/nitrokeys/u2f/features.rst +++ /dev/null @@ -1,10 +0,0 @@ -FIDO U2F Features -================= - -The Nitrokey FIDO U2F currently supports the following features: - -.. toctree:: - :maxdepth: 1 - :glob: - - Two-Factor Authentication (2FA) <../features/2fa/index> diff --git a/nitrokeys/u2f/index.rst b/nitrokeys/u2f/index.rst index e8b2ce23c8..0a5bfd85a6 100644 --- a/nitrokeys/u2f/index.rst +++ b/nitrokeys/u2f/index.rst @@ -5,9 +5,9 @@ Nitrokey FIDO U2F Check out the features: -.. toctree:: - :maxdepth: 1 - :glob: +.. toctree:: + :maxdepth: 1 + :glob: - Features + Two-Factor Authentication (2FA) <../features/2fa/index> From 772c599db4febbbe4a62b01227c167f29168160c Mon Sep 17 00:00:00 2001 From: Keksmo Date: Tue, 30 Jul 2024 14:24:59 +0200 Subject: [PATCH 06/33] added ECC, GPA, EID as features --- index.rst | 10 ++-------- .../{pro/ecc.rst => features/ecc/index.rst} | 0 .../eid}/images/eidauthenticate/1.png | Bin .../eid}/images/eidauthenticate/2.png | Bin .../eid}/images/eidauthenticate/3.png | Bin .../eid}/images/eidauthenticate/4.png | Bin .../eid}/images/eidauthenticate/5.png | Bin .../eid}/images/eidauthenticate/6.png | Bin .../eid}/images/eidauthenticate/7.png | Bin .../eid}/images/eidauthenticate/8.png | Bin .../eid}/images/eidauthenticate/9.png | Bin .../eid/index.rst} | 18 +++++++++--------- .../features/{2fa => fido}/2fa-nextcloud.rst | 0 nitrokeys/features/{2fa => fido}/2fa-odoo.rst | 0 .../features/{2fa => fido}/2fa-website.rst | 0 .../features/{2fa => fido}/desktop-login.rst | 0 .../{2fa => fido}/images/fidou2f-1.png | Bin .../{2fa => fido}/images/fidou2f-2.png | Bin .../{2fa => fido}/images/fidou2f-3.png | Bin .../{2fa => fido}/images/fidou2f-4.png | Bin .../{2fa => fido}/images/fidou2f-5.png | Bin .../{2fa => fido}/images/u2f-fido-pam-2.png | Bin nitrokeys/features/{2fa => fido}/index.rst | 0 .../{pro => features/gpa}/images/gpa/1.png | Bin .../{pro => features/gpa}/images/gpa/2.png | Bin .../{pro => features/gpa}/images/gpa/3.png | Bin .../{pro => features/gpa}/images/gpa/4.png | Bin .../{pro => features/gpa}/images/gpa/5.png | Bin .../{pro => features/gpa}/images/gpa/6.png | Bin .../{pro => features/gpa}/images/gpa/7.png | Bin .../{pro => features/gpa}/images/gpa/8.png | Bin .../{pro => features/gpa}/images/gpa/9.png | Bin .../{pro/gpa.rst => features/gpa/index.rst} | 18 +++++++++--------- nitrokeys/features/index.rst | 5 +++++ .../{putty => ssh}/images/putty/1.png | Bin .../{putty => ssh}/images/putty/2.png | Bin .../{putty => ssh}/images/putty/3.png | Bin .../{putty => ssh}/images/putty/4.png | Bin .../{putty => ssh}/images/putty/5.png | Bin .../{putty => ssh}/images/putty/6.png | Bin .../{putty => ssh}/images/putty/7.png | Bin .../{putty/index.rst => ssh/putty.rst} | 0 nitrokeys/index.rst | 9 +++++++++ .../{change-pins.rst.inc => change-pins.rst} | 0 nitrokeys/pro/index.rst | 6 +++++- 45 files changed, 39 insertions(+), 27 deletions(-) rename nitrokeys/{pro/ecc.rst => features/ecc/index.rst} (100%) rename nitrokeys/{pro => features/eid}/images/eidauthenticate/1.png (100%) rename nitrokeys/{pro => features/eid}/images/eidauthenticate/2.png (100%) rename nitrokeys/{pro => features/eid}/images/eidauthenticate/3.png (100%) rename nitrokeys/{pro => features/eid}/images/eidauthenticate/4.png (100%) rename nitrokeys/{pro => features/eid}/images/eidauthenticate/5.png (100%) rename nitrokeys/{pro => features/eid}/images/eidauthenticate/6.png (100%) rename nitrokeys/{pro => features/eid}/images/eidauthenticate/7.png (100%) rename nitrokeys/{pro => features/eid}/images/eidauthenticate/8.png (100%) rename nitrokeys/{pro => features/eid}/images/eidauthenticate/9.png (100%) rename nitrokeys/{pro/eidauthenticate.rst.inc => features/eid/index.rst} (80%) rename nitrokeys/features/{2fa => fido}/2fa-nextcloud.rst (100%) rename nitrokeys/features/{2fa => fido}/2fa-odoo.rst (100%) rename nitrokeys/features/{2fa => fido}/2fa-website.rst (100%) rename nitrokeys/features/{2fa => fido}/desktop-login.rst (100%) rename nitrokeys/features/{2fa => fido}/images/fidou2f-1.png (100%) rename nitrokeys/features/{2fa => fido}/images/fidou2f-2.png (100%) rename nitrokeys/features/{2fa => fido}/images/fidou2f-3.png (100%) rename nitrokeys/features/{2fa => fido}/images/fidou2f-4.png (100%) rename nitrokeys/features/{2fa => fido}/images/fidou2f-5.png (100%) rename nitrokeys/features/{2fa => fido}/images/u2f-fido-pam-2.png (100%) rename nitrokeys/features/{2fa => fido}/index.rst (100%) rename nitrokeys/{pro => features/gpa}/images/gpa/1.png (100%) rename nitrokeys/{pro => features/gpa}/images/gpa/2.png (100%) rename nitrokeys/{pro => features/gpa}/images/gpa/3.png (100%) rename nitrokeys/{pro => features/gpa}/images/gpa/4.png (100%) rename nitrokeys/{pro => features/gpa}/images/gpa/5.png (100%) rename nitrokeys/{pro => features/gpa}/images/gpa/6.png (100%) rename nitrokeys/{pro => features/gpa}/images/gpa/7.png (100%) rename nitrokeys/{pro => features/gpa}/images/gpa/8.png (100%) rename nitrokeys/{pro => features/gpa}/images/gpa/9.png (100%) rename nitrokeys/{pro/gpa.rst => features/gpa/index.rst} (87%) rename nitrokeys/features/{putty => ssh}/images/putty/1.png (100%) rename nitrokeys/features/{putty => ssh}/images/putty/2.png (100%) rename nitrokeys/features/{putty => ssh}/images/putty/3.png (100%) rename nitrokeys/features/{putty => ssh}/images/putty/4.png (100%) rename nitrokeys/features/{putty => ssh}/images/putty/5.png (100%) rename nitrokeys/features/{putty => ssh}/images/putty/6.png (100%) rename nitrokeys/features/{putty => ssh}/images/putty/7.png (100%) rename nitrokeys/features/{putty/index.rst => ssh/putty.rst} (100%) create mode 100644 nitrokeys/index.rst rename nitrokeys/pro/{change-pins.rst.inc => change-pins.rst} (100%) diff --git a/index.rst b/index.rst index cdb5538a43..5bee15e757 100644 --- a/index.rst +++ b/index.rst @@ -5,16 +5,10 @@ Nitrokey Documentation :maxdepth: 1 :titlesonly: - nitrokey3/index - nkpk/index - fido2/index - u2f/index + nitrokeys/index hsm/index - pro/index start/index - storage/index - nitropad/index - nitropc/index + nitropadpc/index nitrophone/index nextbox/index nethsm/index diff --git a/nitrokeys/pro/ecc.rst b/nitrokeys/features/ecc/index.rst similarity index 100% rename from nitrokeys/pro/ecc.rst rename to nitrokeys/features/ecc/index.rst diff --git a/nitrokeys/pro/images/eidauthenticate/1.png b/nitrokeys/features/eid/images/eidauthenticate/1.png similarity index 100% rename from nitrokeys/pro/images/eidauthenticate/1.png rename to nitrokeys/features/eid/images/eidauthenticate/1.png diff --git a/nitrokeys/pro/images/eidauthenticate/2.png b/nitrokeys/features/eid/images/eidauthenticate/2.png similarity index 100% rename from nitrokeys/pro/images/eidauthenticate/2.png rename to nitrokeys/features/eid/images/eidauthenticate/2.png diff --git a/nitrokeys/pro/images/eidauthenticate/3.png b/nitrokeys/features/eid/images/eidauthenticate/3.png similarity index 100% rename from nitrokeys/pro/images/eidauthenticate/3.png rename to nitrokeys/features/eid/images/eidauthenticate/3.png diff --git a/nitrokeys/pro/images/eidauthenticate/4.png b/nitrokeys/features/eid/images/eidauthenticate/4.png similarity index 100% rename from nitrokeys/pro/images/eidauthenticate/4.png rename to nitrokeys/features/eid/images/eidauthenticate/4.png diff --git a/nitrokeys/pro/images/eidauthenticate/5.png b/nitrokeys/features/eid/images/eidauthenticate/5.png similarity index 100% rename from nitrokeys/pro/images/eidauthenticate/5.png rename to nitrokeys/features/eid/images/eidauthenticate/5.png diff --git a/nitrokeys/pro/images/eidauthenticate/6.png b/nitrokeys/features/eid/images/eidauthenticate/6.png similarity index 100% rename from nitrokeys/pro/images/eidauthenticate/6.png rename to nitrokeys/features/eid/images/eidauthenticate/6.png diff --git a/nitrokeys/pro/images/eidauthenticate/7.png b/nitrokeys/features/eid/images/eidauthenticate/7.png similarity index 100% rename from nitrokeys/pro/images/eidauthenticate/7.png rename to nitrokeys/features/eid/images/eidauthenticate/7.png diff --git a/nitrokeys/pro/images/eidauthenticate/8.png b/nitrokeys/features/eid/images/eidauthenticate/8.png similarity index 100% rename from nitrokeys/pro/images/eidauthenticate/8.png rename to nitrokeys/features/eid/images/eidauthenticate/8.png diff --git a/nitrokeys/pro/images/eidauthenticate/9.png b/nitrokeys/features/eid/images/eidauthenticate/9.png similarity index 100% rename from nitrokeys/pro/images/eidauthenticate/9.png rename to nitrokeys/features/eid/images/eidauthenticate/9.png diff --git a/nitrokeys/pro/eidauthenticate.rst.inc b/nitrokeys/features/eid/index.rst similarity index 80% rename from nitrokeys/pro/eidauthenticate.rst.inc rename to nitrokeys/features/eid/index.rst index 0d763342d9..88f578816a 100644 --- a/nitrokeys/pro/eidauthenticate.rst.inc +++ b/nitrokeys/features/eid/index.rst @@ -12,7 +12,7 @@ Login With EIDAuthenticate on Stand Alone Windows Computers 3. Start EIDConfigurationWizard.exe 4. Select “Associate a new certificate” -.. figure:: /pro/images/eidauthenticate/1.png +.. figure:: images/eidauthenticate/1.png :alt: img1 @@ -20,7 +20,7 @@ Login With EIDAuthenticate on Stand Alone Windows Computers 5. Select or generate a Certificate Authority which should issue the user’s certificate on the Nitrokey. -.. figure:: /pro/images/eidauthenticate/2.png +.. figure:: images/eidauthenticate/2.png :alt: img2 @@ -30,42 +30,42 @@ Login With EIDAuthenticate on Stand Alone Windows Computers your Nitrokey is not detected you may want to execute “certutil -scinfo” for troubleshooting. -.. figure:: /pro/images/eidauthenticate/3.png +.. figure:: images/eidauthenticate/3.png :alt: img3 7. Select the newly generated certificate and press continue. -.. figure:: /pro/images/eidauthenticate/4.png +.. figure:: images/eidauthenticate/4.png :alt: img4 8. All checks should succeed. Press continue. -.. figure:: /pro/images/eidauthenticate/5.png +.. figure:: images/eidauthenticate/5.png :alt: img5 9. Enter the password of your user account. -.. figure:: /pro/images/eidauthenticate/6.png +.. figure:: images/eidauthenticate/6.png :alt: img6 10. Enter the user PIN which you defined previously in step 4. -.. figure:: /pro/images/eidauthenticate/7.png +.. figure:: images/eidauthenticate/7.png :alt: img7 11. The final screen may look like this. -.. figure:: /pro/images/eidauthenticate/8.png +.. figure:: images/eidauthenticate/8.png :alt: img8 @@ -74,6 +74,6 @@ You may perform further configurations such as activate the force smart card pol From now on, when logging on to your Windows computer you need to connect the Nitrokey and enter your PIN. -.. figure:: /pro/images/eidauthenticate/9.png +.. figure:: images/eidauthenticate/9.png :alt: img9 diff --git a/nitrokeys/features/2fa/2fa-nextcloud.rst b/nitrokeys/features/fido/2fa-nextcloud.rst similarity index 100% rename from nitrokeys/features/2fa/2fa-nextcloud.rst rename to nitrokeys/features/fido/2fa-nextcloud.rst diff --git a/nitrokeys/features/2fa/2fa-odoo.rst b/nitrokeys/features/fido/2fa-odoo.rst similarity index 100% rename from nitrokeys/features/2fa/2fa-odoo.rst rename to nitrokeys/features/fido/2fa-odoo.rst diff --git a/nitrokeys/features/2fa/2fa-website.rst b/nitrokeys/features/fido/2fa-website.rst similarity index 100% rename from nitrokeys/features/2fa/2fa-website.rst rename to nitrokeys/features/fido/2fa-website.rst diff --git a/nitrokeys/features/2fa/desktop-login.rst b/nitrokeys/features/fido/desktop-login.rst similarity index 100% rename from nitrokeys/features/2fa/desktop-login.rst rename to nitrokeys/features/fido/desktop-login.rst diff --git a/nitrokeys/features/2fa/images/fidou2f-1.png b/nitrokeys/features/fido/images/fidou2f-1.png similarity index 100% rename from nitrokeys/features/2fa/images/fidou2f-1.png rename to nitrokeys/features/fido/images/fidou2f-1.png diff --git a/nitrokeys/features/2fa/images/fidou2f-2.png b/nitrokeys/features/fido/images/fidou2f-2.png similarity index 100% rename from nitrokeys/features/2fa/images/fidou2f-2.png rename to nitrokeys/features/fido/images/fidou2f-2.png diff --git a/nitrokeys/features/2fa/images/fidou2f-3.png b/nitrokeys/features/fido/images/fidou2f-3.png similarity index 100% rename from nitrokeys/features/2fa/images/fidou2f-3.png rename to nitrokeys/features/fido/images/fidou2f-3.png diff --git a/nitrokeys/features/2fa/images/fidou2f-4.png b/nitrokeys/features/fido/images/fidou2f-4.png similarity index 100% rename from nitrokeys/features/2fa/images/fidou2f-4.png rename to nitrokeys/features/fido/images/fidou2f-4.png diff --git a/nitrokeys/features/2fa/images/fidou2f-5.png b/nitrokeys/features/fido/images/fidou2f-5.png similarity index 100% rename from nitrokeys/features/2fa/images/fidou2f-5.png rename to nitrokeys/features/fido/images/fidou2f-5.png diff --git a/nitrokeys/features/2fa/images/u2f-fido-pam-2.png b/nitrokeys/features/fido/images/u2f-fido-pam-2.png similarity index 100% rename from nitrokeys/features/2fa/images/u2f-fido-pam-2.png rename to nitrokeys/features/fido/images/u2f-fido-pam-2.png diff --git a/nitrokeys/features/2fa/index.rst b/nitrokeys/features/fido/index.rst similarity index 100% rename from nitrokeys/features/2fa/index.rst rename to nitrokeys/features/fido/index.rst diff --git a/nitrokeys/pro/images/gpa/1.png b/nitrokeys/features/gpa/images/gpa/1.png similarity index 100% rename from nitrokeys/pro/images/gpa/1.png rename to nitrokeys/features/gpa/images/gpa/1.png diff --git a/nitrokeys/pro/images/gpa/2.png b/nitrokeys/features/gpa/images/gpa/2.png similarity index 100% rename from nitrokeys/pro/images/gpa/2.png rename to nitrokeys/features/gpa/images/gpa/2.png diff --git a/nitrokeys/pro/images/gpa/3.png b/nitrokeys/features/gpa/images/gpa/3.png similarity index 100% rename from nitrokeys/pro/images/gpa/3.png rename to nitrokeys/features/gpa/images/gpa/3.png diff --git a/nitrokeys/pro/images/gpa/4.png b/nitrokeys/features/gpa/images/gpa/4.png similarity index 100% rename from nitrokeys/pro/images/gpa/4.png rename to nitrokeys/features/gpa/images/gpa/4.png diff --git a/nitrokeys/pro/images/gpa/5.png b/nitrokeys/features/gpa/images/gpa/5.png similarity index 100% rename from nitrokeys/pro/images/gpa/5.png rename to nitrokeys/features/gpa/images/gpa/5.png diff --git a/nitrokeys/pro/images/gpa/6.png b/nitrokeys/features/gpa/images/gpa/6.png similarity index 100% rename from nitrokeys/pro/images/gpa/6.png rename to nitrokeys/features/gpa/images/gpa/6.png diff --git a/nitrokeys/pro/images/gpa/7.png b/nitrokeys/features/gpa/images/gpa/7.png similarity index 100% rename from nitrokeys/pro/images/gpa/7.png rename to nitrokeys/features/gpa/images/gpa/7.png diff --git a/nitrokeys/pro/images/gpa/8.png b/nitrokeys/features/gpa/images/gpa/8.png similarity index 100% rename from nitrokeys/pro/images/gpa/8.png rename to nitrokeys/features/gpa/images/gpa/8.png diff --git a/nitrokeys/pro/images/gpa/9.png b/nitrokeys/features/gpa/images/gpa/9.png similarity index 100% rename from nitrokeys/pro/images/gpa/9.png rename to nitrokeys/features/gpa/images/gpa/9.png diff --git a/nitrokeys/pro/gpa.rst b/nitrokeys/features/gpa/index.rst similarity index 87% rename from nitrokeys/pro/gpa.rst rename to nitrokeys/features/gpa/index.rst index dfea076432..bc694f6f80 100644 --- a/nitrokeys/pro/gpa.rst +++ b/nitrokeys/features/gpa/index.rst @@ -7,49 +7,49 @@ This document describes how to use Gnu Privacy Assistant (GPA) to set up the Nit 2. Start GPA and select the Card Manager; either by pressing the icon at the top or by choosing Card Manager in the Windows menu. - .. figure:: /pro/images/gpa/1.png + .. figure:: images/gpa/1.png :alt: img1 3. The window of the Card Manager will appear. Enter your salutation, name and optional other information. While doing so you might be asked to enter the admin PIN. - .. figure:: /pro/images/gpa/2.png + .. figure:: images/gpa/2.png :alt: img2 4. Confirm this window and enter the admin PIN in the next window. - .. figure:: /pro/images/gpa/3.png + .. figure:: images/gpa/3.png :alt: img3 5. In the Card Manager window you might need to scroll down until you see the buttons to change the PINs. The term PIN is used interchangeable with "password". Press the first button "Change PIN" in order to change the user password. Read and confirm the following information window. - .. figure:: /pro/images/gpa/4.png + .. figure:: images/gpa/4.png :alt: img4 6. Choose and enter your own PIN with a minimum length of six characters. This PIN is required for the daily usage of the Nitrokey. - .. figure:: /pro/images/gpa/5.png + .. figure:: images/gpa/5.png :alt: img5 7. Go back to the Card Manager window in step three. This time you choose the third button Change PIN in order to change the admin PIN. The admin PIN is required to change the information on the Nitrokey and to change the cryptographic keys. Proceed as described in steps four and five. 8. After changing both the user and the admin PIN, you are back in the Card Manager window. Select "Generate key" in the "Card" menu. - .. figure:: /pro/images/gpa/6.png + .. figure:: images/gpa/6.png :alt: img6 9. Enter your name and e-mail address. You should keep "backup" enabled in order to create a backup file of your cryptographic keys. Optionally you might select an expiration date for your cryptographic keys. - .. figure:: /pro/images/gpa/7.png + .. figure:: images/gpa/7.png :alt: img7 10. Wait until the keys are generated successfully. - .. figure:: /pro/images/gpa/8.png + .. figure:: images/gpa/8.png :alt: img8 11. Enter a strong passphrase for your backup keys. We strongly recommend to store the backup file on a separate storage(e.g. CD-ROM) and on a safe location. - .. figure:: /pro/images/gpa/9.png + .. figure:: images/gpa/9.png :alt: img9 Congratulations, your Nitrokey is now ready to use. Please see the `applications `__ section for further information of its usage. diff --git a/nitrokeys/features/index.rst b/nitrokeys/features/index.rst index e69de29bb2..53b3340059 100644 --- a/nitrokeys/features/index.rst +++ b/nitrokeys/features/index.rst @@ -0,0 +1,5 @@ +.. toctree:: + :maxdepth: 1 + :glob: + + * diff --git a/nitrokeys/features/putty/images/putty/1.png b/nitrokeys/features/ssh/images/putty/1.png similarity index 100% rename from nitrokeys/features/putty/images/putty/1.png rename to nitrokeys/features/ssh/images/putty/1.png diff --git a/nitrokeys/features/putty/images/putty/2.png b/nitrokeys/features/ssh/images/putty/2.png similarity index 100% rename from nitrokeys/features/putty/images/putty/2.png rename to nitrokeys/features/ssh/images/putty/2.png diff --git a/nitrokeys/features/putty/images/putty/3.png b/nitrokeys/features/ssh/images/putty/3.png similarity index 100% rename from nitrokeys/features/putty/images/putty/3.png rename to nitrokeys/features/ssh/images/putty/3.png diff --git a/nitrokeys/features/putty/images/putty/4.png b/nitrokeys/features/ssh/images/putty/4.png similarity index 100% rename from nitrokeys/features/putty/images/putty/4.png rename to nitrokeys/features/ssh/images/putty/4.png diff --git a/nitrokeys/features/putty/images/putty/5.png b/nitrokeys/features/ssh/images/putty/5.png similarity index 100% rename from nitrokeys/features/putty/images/putty/5.png rename to nitrokeys/features/ssh/images/putty/5.png diff --git a/nitrokeys/features/putty/images/putty/6.png b/nitrokeys/features/ssh/images/putty/6.png similarity index 100% rename from nitrokeys/features/putty/images/putty/6.png rename to nitrokeys/features/ssh/images/putty/6.png diff --git a/nitrokeys/features/putty/images/putty/7.png b/nitrokeys/features/ssh/images/putty/7.png similarity index 100% rename from nitrokeys/features/putty/images/putty/7.png rename to nitrokeys/features/ssh/images/putty/7.png diff --git a/nitrokeys/features/putty/index.rst b/nitrokeys/features/ssh/putty.rst similarity index 100% rename from nitrokeys/features/putty/index.rst rename to nitrokeys/features/ssh/putty.rst diff --git a/nitrokeys/index.rst b/nitrokeys/index.rst new file mode 100644 index 0000000000..0c22ebc7cf --- /dev/null +++ b/nitrokeys/index.rst @@ -0,0 +1,9 @@ +Nitrokeys +========= + +.. toctree:: + :maxdepth: 1 + :glob: + + U2F + Pro diff --git a/nitrokeys/pro/change-pins.rst.inc b/nitrokeys/pro/change-pins.rst similarity index 100% rename from nitrokeys/pro/change-pins.rst.inc rename to nitrokeys/pro/change-pins.rst diff --git a/nitrokeys/pro/index.rst b/nitrokeys/pro/index.rst index 1c9f2e1312..af5eaabcbf 100644 --- a/nitrokeys/pro/index.rst +++ b/nitrokeys/pro/index.rst @@ -18,10 +18,14 @@ or check out the features: :maxdepth: 1 :glob: + Change PIN Two-Factor Authentication (2FA) <../features/2fa/index> OpenPGP <../features/openpgp/index> TOTP <../features/totp/index> SMIME <../features/smime/index> SSH <../features/ssh/index> - Putty <../features/putty/index> + Putty <../features/ssh/putty> OpenVPN <../features/openvpn/index> + ECC <../features/ecc/index> + GPA <../features/gpa/index> + EID <../features/eid/index> From 3f28f9272e9719e2c26800fa64051bcc1e1f4357 Mon Sep 17 00:00:00 2001 From: Keksmo Date: Tue, 30 Jul 2024 14:41:45 +0200 Subject: [PATCH 07/33] added screen lock, CA, desktop login and hard disk encryption as feature --- .../automatic-screen-lock/index.rst} | 0 .../features/certificate-authority/index.rst | 0 nitrokeys/features/desktop-login/index.rst | 9 +++++ .../desktop-login/pam.rst} | 4 +++ .../desktop-login/smart-policy.rst} | 0 .../hard-disk-encryption/index.rst} | 0 {hsm => nitrokeys/hsm}/apache2-tls.rst.inc | 0 {hsm => nitrokeys/hsm}/faq.rst | 0 .../hsm}/import-keys-certs.rst.inc | 0 {hsm => nitrokeys/hsm}/index.rst | 0 {hsm => nitrokeys/hsm}/ipsec.rst.inc | 0 {hsm => nitrokeys/hsm}/linux/apache2-tls.rst | 0 .../hsm}/linux/automatic-screen-lock.rst | 0 .../hsm}/linux/certificate-authority.rst | 0 {hsm => nitrokeys/hsm}/linux/dnssec.rst | 0 {hsm => nitrokeys/hsm}/linux/gpa.rst | 0 .../hsm}/linux/hard-disk-encryption.rst | 0 .../hsm}/linux/import-keys-certs.rst | 0 {hsm => nitrokeys/hsm}/linux/index.rst | 0 {hsm => nitrokeys/hsm}/linux/ipsec.rst | 0 .../hsm}/linux/n-of-m-schemes.rst | 0 {hsm => nitrokeys/hsm}/linux/pkcs11-url.rst | 0 .../hsm}/linux/smime-outlook.rst | 0 .../hsm}/linux/smime-thunderbird.rst | 0 {hsm => nitrokeys/hsm}/linux/smime.rst | 0 {hsm => nitrokeys/hsm}/linux/stunnel.rst | 0 {hsm => nitrokeys/hsm}/mac/apache2-tls.rst | 0 .../hsm}/mac/certificate-authority.rst | 0 {hsm => nitrokeys/hsm}/mac/gpa.rst | 0 .../hsm}/mac/hard-disk-encryption.rst | 0 .../hsm}/mac/import-keys-certs.rst | 0 {hsm => nitrokeys/hsm}/mac/index.rst | 0 {hsm => nitrokeys/hsm}/mac/pkcs11-url.rst | 0 {hsm => nitrokeys/hsm}/mac/smime-outlook.rst | 0 .../hsm}/mac/smime-thunderbird.rst | 0 {hsm => nitrokeys/hsm}/mac/smime.rst | 0 {hsm => nitrokeys/hsm}/n-of-m-schemes.rst | 0 {hsm => nitrokeys/hsm}/pkcs11-url.rst.inc | 0 {hsm => nitrokeys/hsm}/smime.rst.inc | 0 {hsm => nitrokeys/hsm}/stunnel.rst.inc | 0 .../hsm}/windows/apache2-tls.rst | 0 .../hsm}/windows/certificate-authority.rst | 0 {hsm => nitrokeys/hsm}/windows/gpa.rst | 0 .../hsm}/windows/hard-disk-encryption.rst | 0 .../hsm}/windows/import-keys-certs.rst | 0 {hsm => nitrokeys/hsm}/windows/index.rst | 0 {hsm => nitrokeys/hsm}/windows/pkcs11-url.rst | 0 .../hsm}/windows/smart-policy.rst | 0 .../hsm}/windows/smime-outlook.rst | 0 .../hsm}/windows/smime-thunderbird.rst | 0 {hsm => nitrokeys/hsm}/windows/smime.rst | 0 nitrokeys/pro/hard-disk-encryption.rst.inc | 36 ------------------- nitrokeys/pro/index.rst | 4 +++ nitrokeys/pro/linux/certificate-authority.rst | 1 - nitrokeys/pro/linux/login-with-pam.rst | 4 --- nitrokeys/pro/mac/hard-disk-encryption.rst | 4 --- .../pro/windows/certificate-authority.rst | 1 - nitrokeys/pro/windows/eidauthenticate.rst | 1 - .../pro/windows/hard-disk-encryption.rst | 4 --- nitrokeys/pro/windows/smart-policy.rst | 1 - 60 files changed, 17 insertions(+), 52 deletions(-) rename nitrokeys/{pro/linux/automatic-screen-lock.rst => features/automatic-screen-lock/index.rst} (100%) rename hsm/certificate-authority.rst.inc => nitrokeys/features/certificate-authority/index.rst (100%) create mode 100644 nitrokeys/features/desktop-login/index.rst rename nitrokeys/{pro/login-with-pam.rst.inc => features/desktop-login/pam.rst} (99%) rename nitrokeys/{pro/smart-policy.rst.inc => features/desktop-login/smart-policy.rst} (100%) rename nitrokeys/{pro/linux/hard-disk-encryption.rst => features/hard-disk-encryption/index.rst} (100%) rename {hsm => nitrokeys/hsm}/apache2-tls.rst.inc (100%) rename {hsm => nitrokeys/hsm}/faq.rst (100%) rename {hsm => nitrokeys/hsm}/import-keys-certs.rst.inc (100%) rename {hsm => nitrokeys/hsm}/index.rst (100%) rename {hsm => nitrokeys/hsm}/ipsec.rst.inc (100%) rename {hsm => nitrokeys/hsm}/linux/apache2-tls.rst (100%) rename {hsm => nitrokeys/hsm}/linux/automatic-screen-lock.rst (100%) rename {hsm => nitrokeys/hsm}/linux/certificate-authority.rst (100%) rename {hsm => nitrokeys/hsm}/linux/dnssec.rst (100%) rename {hsm => nitrokeys/hsm}/linux/gpa.rst (100%) rename {hsm => nitrokeys/hsm}/linux/hard-disk-encryption.rst (100%) rename {hsm => nitrokeys/hsm}/linux/import-keys-certs.rst (100%) rename {hsm => nitrokeys/hsm}/linux/index.rst (100%) rename {hsm => nitrokeys/hsm}/linux/ipsec.rst (100%) rename {hsm => nitrokeys/hsm}/linux/n-of-m-schemes.rst (100%) rename {hsm => nitrokeys/hsm}/linux/pkcs11-url.rst (100%) rename {hsm => nitrokeys/hsm}/linux/smime-outlook.rst (100%) rename {hsm => nitrokeys/hsm}/linux/smime-thunderbird.rst (100%) rename {hsm => nitrokeys/hsm}/linux/smime.rst (100%) rename {hsm => nitrokeys/hsm}/linux/stunnel.rst (100%) rename {hsm => nitrokeys/hsm}/mac/apache2-tls.rst (100%) rename {hsm => nitrokeys/hsm}/mac/certificate-authority.rst (100%) rename {hsm => nitrokeys/hsm}/mac/gpa.rst (100%) rename {hsm => nitrokeys/hsm}/mac/hard-disk-encryption.rst (100%) rename {hsm => nitrokeys/hsm}/mac/import-keys-certs.rst (100%) rename {hsm => nitrokeys/hsm}/mac/index.rst (100%) rename {hsm => nitrokeys/hsm}/mac/pkcs11-url.rst (100%) rename {hsm => nitrokeys/hsm}/mac/smime-outlook.rst (100%) rename {hsm => nitrokeys/hsm}/mac/smime-thunderbird.rst (100%) rename {hsm => nitrokeys/hsm}/mac/smime.rst (100%) rename {hsm => nitrokeys/hsm}/n-of-m-schemes.rst (100%) rename {hsm => nitrokeys/hsm}/pkcs11-url.rst.inc (100%) rename {hsm => nitrokeys/hsm}/smime.rst.inc (100%) rename {hsm => nitrokeys/hsm}/stunnel.rst.inc (100%) rename {hsm => nitrokeys/hsm}/windows/apache2-tls.rst (100%) rename {hsm => nitrokeys/hsm}/windows/certificate-authority.rst (100%) rename {hsm => nitrokeys/hsm}/windows/gpa.rst (100%) rename {hsm => nitrokeys/hsm}/windows/hard-disk-encryption.rst (100%) rename {hsm => nitrokeys/hsm}/windows/import-keys-certs.rst (100%) rename {hsm => nitrokeys/hsm}/windows/index.rst (100%) rename {hsm => nitrokeys/hsm}/windows/pkcs11-url.rst (100%) rename {hsm => nitrokeys/hsm}/windows/smart-policy.rst (100%) rename {hsm => nitrokeys/hsm}/windows/smime-outlook.rst (100%) rename {hsm => nitrokeys/hsm}/windows/smime-thunderbird.rst (100%) rename {hsm => nitrokeys/hsm}/windows/smime.rst (100%) delete mode 100644 nitrokeys/pro/hard-disk-encryption.rst.inc delete mode 100644 nitrokeys/pro/linux/certificate-authority.rst delete mode 100644 nitrokeys/pro/linux/login-with-pam.rst delete mode 100644 nitrokeys/pro/mac/hard-disk-encryption.rst delete mode 100644 nitrokeys/pro/windows/certificate-authority.rst delete mode 100644 nitrokeys/pro/windows/eidauthenticate.rst delete mode 100644 nitrokeys/pro/windows/hard-disk-encryption.rst delete mode 100644 nitrokeys/pro/windows/smart-policy.rst diff --git a/nitrokeys/pro/linux/automatic-screen-lock.rst b/nitrokeys/features/automatic-screen-lock/index.rst similarity index 100% rename from nitrokeys/pro/linux/automatic-screen-lock.rst rename to nitrokeys/features/automatic-screen-lock/index.rst diff --git a/hsm/certificate-authority.rst.inc b/nitrokeys/features/certificate-authority/index.rst similarity index 100% rename from hsm/certificate-authority.rst.inc rename to nitrokeys/features/certificate-authority/index.rst diff --git a/nitrokeys/features/desktop-login/index.rst b/nitrokeys/features/desktop-login/index.rst new file mode 100644 index 0000000000..4baa5d42ca --- /dev/null +++ b/nitrokeys/features/desktop-login/index.rst @@ -0,0 +1,9 @@ +Desktop Login +============= + +.. toctree:: + :maxdepth: 1 + :glob: + + Pam (Linux) + Smart Policy (Windows) \ No newline at end of file diff --git a/nitrokeys/pro/login-with-pam.rst.inc b/nitrokeys/features/desktop-login/pam.rst similarity index 99% rename from nitrokeys/pro/login-with-pam.rst.inc rename to nitrokeys/features/desktop-login/pam.rst index 42f922fb9a..904ab60d4b 100644 --- a/nitrokeys/pro/login-with-pam.rst.inc +++ b/nitrokeys/features/desktop-login/pam.rst @@ -1,3 +1,7 @@ +PAM +=== + + .. contents:: :local: How to Setup The Login diff --git a/nitrokeys/pro/smart-policy.rst.inc b/nitrokeys/features/desktop-login/smart-policy.rst similarity index 100% rename from nitrokeys/pro/smart-policy.rst.inc rename to nitrokeys/features/desktop-login/smart-policy.rst diff --git a/nitrokeys/pro/linux/hard-disk-encryption.rst b/nitrokeys/features/hard-disk-encryption/index.rst similarity index 100% rename from nitrokeys/pro/linux/hard-disk-encryption.rst rename to nitrokeys/features/hard-disk-encryption/index.rst diff --git a/hsm/apache2-tls.rst.inc b/nitrokeys/hsm/apache2-tls.rst.inc similarity index 100% rename from hsm/apache2-tls.rst.inc rename to nitrokeys/hsm/apache2-tls.rst.inc diff --git a/hsm/faq.rst b/nitrokeys/hsm/faq.rst similarity index 100% rename from hsm/faq.rst rename to nitrokeys/hsm/faq.rst diff --git a/hsm/import-keys-certs.rst.inc b/nitrokeys/hsm/import-keys-certs.rst.inc similarity index 100% rename from hsm/import-keys-certs.rst.inc rename to nitrokeys/hsm/import-keys-certs.rst.inc diff --git a/hsm/index.rst b/nitrokeys/hsm/index.rst similarity index 100% rename from hsm/index.rst rename to nitrokeys/hsm/index.rst diff --git a/hsm/ipsec.rst.inc b/nitrokeys/hsm/ipsec.rst.inc similarity index 100% rename from hsm/ipsec.rst.inc rename to nitrokeys/hsm/ipsec.rst.inc diff --git a/hsm/linux/apache2-tls.rst b/nitrokeys/hsm/linux/apache2-tls.rst similarity index 100% rename from hsm/linux/apache2-tls.rst rename to nitrokeys/hsm/linux/apache2-tls.rst diff --git a/hsm/linux/automatic-screen-lock.rst b/nitrokeys/hsm/linux/automatic-screen-lock.rst similarity index 100% rename from hsm/linux/automatic-screen-lock.rst rename to nitrokeys/hsm/linux/automatic-screen-lock.rst diff --git a/hsm/linux/certificate-authority.rst b/nitrokeys/hsm/linux/certificate-authority.rst similarity index 100% rename from hsm/linux/certificate-authority.rst rename to nitrokeys/hsm/linux/certificate-authority.rst diff --git a/hsm/linux/dnssec.rst b/nitrokeys/hsm/linux/dnssec.rst similarity index 100% rename from hsm/linux/dnssec.rst rename to nitrokeys/hsm/linux/dnssec.rst diff --git a/hsm/linux/gpa.rst b/nitrokeys/hsm/linux/gpa.rst similarity index 100% rename from hsm/linux/gpa.rst rename to nitrokeys/hsm/linux/gpa.rst diff --git a/hsm/linux/hard-disk-encryption.rst b/nitrokeys/hsm/linux/hard-disk-encryption.rst similarity index 100% rename from hsm/linux/hard-disk-encryption.rst rename to nitrokeys/hsm/linux/hard-disk-encryption.rst diff --git a/hsm/linux/import-keys-certs.rst b/nitrokeys/hsm/linux/import-keys-certs.rst similarity index 100% rename from hsm/linux/import-keys-certs.rst rename to nitrokeys/hsm/linux/import-keys-certs.rst diff --git a/hsm/linux/index.rst b/nitrokeys/hsm/linux/index.rst similarity index 100% rename from hsm/linux/index.rst rename to nitrokeys/hsm/linux/index.rst diff --git a/hsm/linux/ipsec.rst b/nitrokeys/hsm/linux/ipsec.rst similarity index 100% rename from hsm/linux/ipsec.rst rename to nitrokeys/hsm/linux/ipsec.rst diff --git a/hsm/linux/n-of-m-schemes.rst b/nitrokeys/hsm/linux/n-of-m-schemes.rst similarity index 100% rename from hsm/linux/n-of-m-schemes.rst rename to nitrokeys/hsm/linux/n-of-m-schemes.rst diff --git a/hsm/linux/pkcs11-url.rst b/nitrokeys/hsm/linux/pkcs11-url.rst similarity index 100% rename from hsm/linux/pkcs11-url.rst rename to nitrokeys/hsm/linux/pkcs11-url.rst diff --git a/hsm/linux/smime-outlook.rst b/nitrokeys/hsm/linux/smime-outlook.rst similarity index 100% rename from hsm/linux/smime-outlook.rst rename to nitrokeys/hsm/linux/smime-outlook.rst diff --git a/hsm/linux/smime-thunderbird.rst b/nitrokeys/hsm/linux/smime-thunderbird.rst similarity index 100% rename from hsm/linux/smime-thunderbird.rst rename to nitrokeys/hsm/linux/smime-thunderbird.rst diff --git a/hsm/linux/smime.rst b/nitrokeys/hsm/linux/smime.rst similarity index 100% rename from hsm/linux/smime.rst rename to nitrokeys/hsm/linux/smime.rst diff --git a/hsm/linux/stunnel.rst b/nitrokeys/hsm/linux/stunnel.rst similarity index 100% rename from hsm/linux/stunnel.rst rename to nitrokeys/hsm/linux/stunnel.rst diff --git a/hsm/mac/apache2-tls.rst b/nitrokeys/hsm/mac/apache2-tls.rst similarity index 100% rename from hsm/mac/apache2-tls.rst rename to nitrokeys/hsm/mac/apache2-tls.rst diff --git a/hsm/mac/certificate-authority.rst b/nitrokeys/hsm/mac/certificate-authority.rst similarity index 100% rename from hsm/mac/certificate-authority.rst rename to nitrokeys/hsm/mac/certificate-authority.rst diff --git a/hsm/mac/gpa.rst b/nitrokeys/hsm/mac/gpa.rst similarity index 100% rename from hsm/mac/gpa.rst rename to nitrokeys/hsm/mac/gpa.rst diff --git a/hsm/mac/hard-disk-encryption.rst b/nitrokeys/hsm/mac/hard-disk-encryption.rst similarity index 100% rename from hsm/mac/hard-disk-encryption.rst rename to nitrokeys/hsm/mac/hard-disk-encryption.rst diff --git a/hsm/mac/import-keys-certs.rst b/nitrokeys/hsm/mac/import-keys-certs.rst similarity index 100% rename from hsm/mac/import-keys-certs.rst rename to nitrokeys/hsm/mac/import-keys-certs.rst diff --git a/hsm/mac/index.rst b/nitrokeys/hsm/mac/index.rst similarity index 100% rename from hsm/mac/index.rst rename to nitrokeys/hsm/mac/index.rst diff --git a/hsm/mac/pkcs11-url.rst b/nitrokeys/hsm/mac/pkcs11-url.rst similarity index 100% rename from hsm/mac/pkcs11-url.rst rename to nitrokeys/hsm/mac/pkcs11-url.rst diff --git a/hsm/mac/smime-outlook.rst b/nitrokeys/hsm/mac/smime-outlook.rst similarity index 100% rename from hsm/mac/smime-outlook.rst rename to nitrokeys/hsm/mac/smime-outlook.rst diff --git a/hsm/mac/smime-thunderbird.rst b/nitrokeys/hsm/mac/smime-thunderbird.rst similarity index 100% rename from hsm/mac/smime-thunderbird.rst rename to nitrokeys/hsm/mac/smime-thunderbird.rst diff --git a/hsm/mac/smime.rst b/nitrokeys/hsm/mac/smime.rst similarity index 100% rename from hsm/mac/smime.rst rename to nitrokeys/hsm/mac/smime.rst diff --git a/hsm/n-of-m-schemes.rst b/nitrokeys/hsm/n-of-m-schemes.rst similarity index 100% rename from hsm/n-of-m-schemes.rst rename to nitrokeys/hsm/n-of-m-schemes.rst diff --git a/hsm/pkcs11-url.rst.inc b/nitrokeys/hsm/pkcs11-url.rst.inc similarity index 100% rename from hsm/pkcs11-url.rst.inc rename to nitrokeys/hsm/pkcs11-url.rst.inc diff --git a/hsm/smime.rst.inc b/nitrokeys/hsm/smime.rst.inc similarity index 100% rename from hsm/smime.rst.inc rename to nitrokeys/hsm/smime.rst.inc diff --git a/hsm/stunnel.rst.inc b/nitrokeys/hsm/stunnel.rst.inc similarity index 100% rename from hsm/stunnel.rst.inc rename to nitrokeys/hsm/stunnel.rst.inc diff --git a/hsm/windows/apache2-tls.rst b/nitrokeys/hsm/windows/apache2-tls.rst similarity index 100% rename from hsm/windows/apache2-tls.rst rename to nitrokeys/hsm/windows/apache2-tls.rst diff --git a/hsm/windows/certificate-authority.rst b/nitrokeys/hsm/windows/certificate-authority.rst similarity index 100% rename from hsm/windows/certificate-authority.rst rename to nitrokeys/hsm/windows/certificate-authority.rst diff --git a/hsm/windows/gpa.rst b/nitrokeys/hsm/windows/gpa.rst similarity index 100% rename from hsm/windows/gpa.rst rename to nitrokeys/hsm/windows/gpa.rst diff --git a/hsm/windows/hard-disk-encryption.rst b/nitrokeys/hsm/windows/hard-disk-encryption.rst similarity index 100% rename from hsm/windows/hard-disk-encryption.rst rename to nitrokeys/hsm/windows/hard-disk-encryption.rst diff --git a/hsm/windows/import-keys-certs.rst b/nitrokeys/hsm/windows/import-keys-certs.rst similarity index 100% rename from hsm/windows/import-keys-certs.rst rename to nitrokeys/hsm/windows/import-keys-certs.rst diff --git a/hsm/windows/index.rst b/nitrokeys/hsm/windows/index.rst similarity index 100% rename from hsm/windows/index.rst rename to nitrokeys/hsm/windows/index.rst diff --git a/hsm/windows/pkcs11-url.rst b/nitrokeys/hsm/windows/pkcs11-url.rst similarity index 100% rename from hsm/windows/pkcs11-url.rst rename to nitrokeys/hsm/windows/pkcs11-url.rst diff --git a/hsm/windows/smart-policy.rst b/nitrokeys/hsm/windows/smart-policy.rst similarity index 100% rename from hsm/windows/smart-policy.rst rename to nitrokeys/hsm/windows/smart-policy.rst diff --git a/hsm/windows/smime-outlook.rst b/nitrokeys/hsm/windows/smime-outlook.rst similarity index 100% rename from hsm/windows/smime-outlook.rst rename to nitrokeys/hsm/windows/smime-outlook.rst diff --git a/hsm/windows/smime-thunderbird.rst b/nitrokeys/hsm/windows/smime-thunderbird.rst similarity index 100% rename from hsm/windows/smime-thunderbird.rst rename to nitrokeys/hsm/windows/smime-thunderbird.rst diff --git a/hsm/windows/smime.rst b/nitrokeys/hsm/windows/smime.rst similarity index 100% rename from hsm/windows/smime.rst rename to nitrokeys/hsm/windows/smime.rst diff --git a/nitrokeys/pro/hard-disk-encryption.rst.inc b/nitrokeys/pro/hard-disk-encryption.rst.inc deleted file mode 100644 index d9b8a1887e..0000000000 --- a/nitrokeys/pro/hard-disk-encryption.rst.inc +++ /dev/null @@ -1,36 +0,0 @@ -.. only:: comment - - .. contents:: :local: - -VeraCrypt (formerly TrueCrypt) ------------------------------- - -`VeraCrypt `__ is a free and Open Source disk encryption software for Windows, macOS, and GNU+Linux. It is the successor of TrueCrypt and thus recommended, although the following instructions should apply to TrueCrypt as well. - -Follow these steps to use the program with `Nitrokey `__: - -1. Install the latest release of - `OpenSC `__, or download the - `PKCS#11 library `__. -2. Choose the library in VeraCrypt under Settings>Preferences>Security - Token (location depends on system, e.g. ``/usr/lib/opensc``). -3. Generate a 64 Byte key file via Tools>Keyfile Generator. -4. Now you should be able to import the generated key file via - Tools>Manage Security Token Keyfiles. You should choose the first - Slot (``[0] User PIN``). The keyfile is then stored on the Nitrokey - as ‘Private Data Object 1’ (``PrivDO1``). -5. After this you should wipe the original keyfile on your Computer - securely! -6. Now you can use VeraCrypt with the Nitrokey: Create a container, - choose the keyfile on the device as an alternative to a password. - -.. warning:: - - Security Consideration - - Please note that VeraCrypt doesn’t make use of the full security - which Nitrokey (and smart cards in general) offer. Instead it stores - a keyfile on the Nitrokey which theoretically could be stolen by a - computer virus after the user enters the PIN. - -Note: `Aloaha Crypt `__ is based on TrueCrypt/VeraCrypt but without the described security limitation. diff --git a/nitrokeys/pro/index.rst b/nitrokeys/pro/index.rst index af5eaabcbf..669db24142 100644 --- a/nitrokeys/pro/index.rst +++ b/nitrokeys/pro/index.rst @@ -29,3 +29,7 @@ or check out the features: ECC <../features/ecc/index> GPA <../features/gpa/index> EID <../features/eid/index> + Automatic Screen Lock (Linux) <../features/automatic-screen-lock/index> + Certificate authority <../features/certificate-authority/index> + Desktop Login <../features/desktop-login/index> + Hard Disk Encryption <../features/hard-disk-encryption/index> diff --git a/nitrokeys/pro/linux/certificate-authority.rst b/nitrokeys/pro/linux/certificate-authority.rst deleted file mode 100644 index a0e4791b50..0000000000 --- a/nitrokeys/pro/linux/certificate-authority.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../hsm/certificate-authority.rst.inc diff --git a/nitrokeys/pro/linux/login-with-pam.rst b/nitrokeys/pro/linux/login-with-pam.rst deleted file mode 100644 index d31038785b..0000000000 --- a/nitrokeys/pro/linux/login-with-pam.rst +++ /dev/null @@ -1,4 +0,0 @@ -Login With PAM -=========================== - -.. include:: ../login-with-pam.rst.inc diff --git a/nitrokeys/pro/mac/hard-disk-encryption.rst b/nitrokeys/pro/mac/hard-disk-encryption.rst deleted file mode 100644 index 8091011fe8..0000000000 --- a/nitrokeys/pro/mac/hard-disk-encryption.rst +++ /dev/null @@ -1,4 +0,0 @@ -Hard Disk Encryption -=========================== - -.. include:: ../hard-disk-encryption.rst.inc diff --git a/nitrokeys/pro/windows/certificate-authority.rst b/nitrokeys/pro/windows/certificate-authority.rst deleted file mode 100644 index a0e4791b50..0000000000 --- a/nitrokeys/pro/windows/certificate-authority.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../hsm/certificate-authority.rst.inc diff --git a/nitrokeys/pro/windows/eidauthenticate.rst b/nitrokeys/pro/windows/eidauthenticate.rst deleted file mode 100644 index 36d4268852..0000000000 --- a/nitrokeys/pro/windows/eidauthenticate.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../eidauthenticate.rst.inc diff --git a/nitrokeys/pro/windows/hard-disk-encryption.rst b/nitrokeys/pro/windows/hard-disk-encryption.rst deleted file mode 100644 index 8091011fe8..0000000000 --- a/nitrokeys/pro/windows/hard-disk-encryption.rst +++ /dev/null @@ -1,4 +0,0 @@ -Hard Disk Encryption -=========================== - -.. include:: ../hard-disk-encryption.rst.inc diff --git a/nitrokeys/pro/windows/smart-policy.rst b/nitrokeys/pro/windows/smart-policy.rst deleted file mode 100644 index 1b921eef8e..0000000000 --- a/nitrokeys/pro/windows/smart-policy.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../smart-policy.rst.inc From d91a663538c691384be412efec07cfb9b72b086e Mon Sep 17 00:00:00 2001 From: Keksmo Date: Tue, 30 Jul 2024 16:14:21 +0200 Subject: [PATCH 08/33] finished NK Pro and its features --- .../images}/App-change-pin.png | Bin .../change-pins}/images/change-pins/1.png | Bin .../change-pins}/images/change-pins/2.png | Bin .../change-pins}/images/change-pins/3.png | Bin .../change-pins}/images/change-pins/4.png | Bin .../change-pins/index.rst} | 8 +- .../desktop-login}/images/smart-policy/1.png | Bin .../desktop-login}/images/smart-policy/2.png | Bin .../desktop-login}/images/smart-policy/3.png | Bin .../desktop-login}/images/smart-policy/4.png | Bin .../desktop-login}/images/smart-policy/5.png | Bin .../desktop-login}/images/smart-policy/6.png | Bin .../features/desktop-login/smart-policy.rst | 12 +-- .../images/luks}/luks_1.png | Bin .../images/luks}/luks_2.png | Bin .../images/luks}/luks_3.png | Bin .../images/luks}/luks_5.png | Bin .../images/luks}/luks_6.png | Bin .../images/luks}/luks_7.png | Bin .../hard-disk-encryption/luks.rst} | 0 .../ipsec/index.rst} | 0 .../stunnel/index.rst} | 0 nitrokeys/pro/getting-started.rst | 73 ++++++++++++++++++ nitrokeys/pro/index.rst | 7 +- nitrokeys/pro/linux/images/App-change-pin.png | Bin 21458 -> 0 bytes nitrokeys/pro/linux/index.rst | 52 ------------- nitrokeys/pro/linux/ipsec.rst | 4 - nitrokeys/pro/linux/stunnel.rst | 4 - nitrokeys/pro/mac/images/App-change-pin.png | Bin 21458 -> 0 bytes nitrokeys/pro/mac/index.rst | 51 ------------ nitrokeys/pro/windows/index.rst | 46 ----------- 31 files changed, 89 insertions(+), 168 deletions(-) rename nitrokeys/features/{ => change-pins/images}/App-change-pin.png (100%) rename nitrokeys/{pro => features/change-pins}/images/change-pins/1.png (100%) rename nitrokeys/{pro => features/change-pins}/images/change-pins/2.png (100%) rename nitrokeys/{pro => features/change-pins}/images/change-pins/3.png (100%) rename nitrokeys/{pro => features/change-pins}/images/change-pins/4.png (100%) rename nitrokeys/{pro/change-pins.rst => features/change-pins/index.rst} (91%) rename nitrokeys/{pro => features/desktop-login}/images/smart-policy/1.png (100%) rename nitrokeys/{pro => features/desktop-login}/images/smart-policy/2.png (100%) rename nitrokeys/{pro => features/desktop-login}/images/smart-policy/3.png (100%) rename nitrokeys/{pro => features/desktop-login}/images/smart-policy/4.png (100%) rename nitrokeys/{pro => features/desktop-login}/images/smart-policy/5.png (100%) rename nitrokeys/{pro => features/desktop-login}/images/smart-policy/6.png (100%) rename nitrokeys/{pro/linux/images => features/hard-disk-encryption/images/luks}/luks_1.png (100%) rename nitrokeys/{pro/linux/images => features/hard-disk-encryption/images/luks}/luks_2.png (100%) rename nitrokeys/{pro/linux/images => features/hard-disk-encryption/images/luks}/luks_3.png (100%) rename nitrokeys/{pro/linux/images => features/hard-disk-encryption/images/luks}/luks_5.png (100%) rename nitrokeys/{pro/linux/images => features/hard-disk-encryption/images/luks}/luks_6.png (100%) rename nitrokeys/{pro/linux/images => features/hard-disk-encryption/images/luks}/luks_7.png (100%) rename nitrokeys/{pro/linux/disk-encryption-luks.rst => features/hard-disk-encryption/luks.rst} (100%) rename nitrokeys/{hsm/ipsec.rst.inc => features/ipsec/index.rst} (100%) rename nitrokeys/{hsm/stunnel.rst.inc => features/stunnel/index.rst} (100%) create mode 100644 nitrokeys/pro/getting-started.rst delete mode 100644 nitrokeys/pro/linux/images/App-change-pin.png delete mode 100644 nitrokeys/pro/linux/index.rst delete mode 100644 nitrokeys/pro/linux/ipsec.rst delete mode 100644 nitrokeys/pro/linux/stunnel.rst delete mode 100644 nitrokeys/pro/mac/images/App-change-pin.png delete mode 100644 nitrokeys/pro/mac/index.rst delete mode 100644 nitrokeys/pro/windows/index.rst diff --git a/nitrokeys/features/App-change-pin.png b/nitrokeys/features/change-pins/images/App-change-pin.png similarity index 100% rename from nitrokeys/features/App-change-pin.png rename to nitrokeys/features/change-pins/images/App-change-pin.png diff --git a/nitrokeys/pro/images/change-pins/1.png b/nitrokeys/features/change-pins/images/change-pins/1.png similarity index 100% rename from nitrokeys/pro/images/change-pins/1.png rename to nitrokeys/features/change-pins/images/change-pins/1.png diff --git a/nitrokeys/pro/images/change-pins/2.png b/nitrokeys/features/change-pins/images/change-pins/2.png similarity index 100% rename from nitrokeys/pro/images/change-pins/2.png rename to nitrokeys/features/change-pins/images/change-pins/2.png diff --git a/nitrokeys/pro/images/change-pins/3.png b/nitrokeys/features/change-pins/images/change-pins/3.png similarity index 100% rename from nitrokeys/pro/images/change-pins/3.png rename to nitrokeys/features/change-pins/images/change-pins/3.png diff --git a/nitrokeys/pro/images/change-pins/4.png b/nitrokeys/features/change-pins/images/change-pins/4.png similarity index 100% rename from nitrokeys/pro/images/change-pins/4.png rename to nitrokeys/features/change-pins/images/change-pins/4.png diff --git a/nitrokeys/pro/change-pins.rst b/nitrokeys/features/change-pins/index.rst similarity index 91% rename from nitrokeys/pro/change-pins.rst rename to nitrokeys/features/change-pins/index.rst index ce87b7b515..3b77932e8f 100644 --- a/nitrokeys/pro/change-pins.rst +++ b/nitrokeys/features/change-pins/index.rst @@ -11,7 +11,7 @@ The user PIN is at least 6-digits long and is used to get access to the content You can change the user PIN with the Nitrokey App if using a Nitrokey Pro or Nitrokey Storage. In the `Nitrokey `__ App open ‘Menu -> Configure -> Change User PIN’ to open the dialog to change the PIN. -.. figure:: /pro/images/change-pins/1.png +.. figure:: images/change-pins/1.png :alt: img1 @@ -20,7 +20,7 @@ You can change the User PIN in the dialog window now. The user PIN can have up to 20 digits and other characters (e.g. alphabetic and special characters). But as the user PIN is blocked as soon three wrong PIN attempts were done, it is sufficiently secure to only have a 6 digits PIN. The default PIN is 123456. -.. figure:: /pro/images/change-pins/2.png +.. figure:: images/change-pins/2.png :alt: img2 @@ -33,7 +33,7 @@ The admin PIN is at least 8-digits long and is used to change contents/settings You can change the admin PIN with the Nitrokey App if using a Nitrokey Pro or Nitrokey Storage. In the `Nitrokey App `__ open ‘Menu -> Configure -> Change Admin PIN’ to open the dialog to change the PIN. -.. figure:: /pro/images/change-pins/3.png +.. figure:: images/change-pins/3.png :alt: img3 @@ -42,7 +42,7 @@ You can change the admin PIN in the dialog window now. The admin PIN can have up to 20 digits and other characters (e.g. alphabetic and special characters). But as the admin PIN is blocked as soon three wrong PIN attempts were done, it is sufficiently secure to only have 8 digits PIN. The default PIN is 12345678. -.. figure:: /pro/images/change-pins/4.png +.. figure:: images/change-pins/4.png :alt: img4 diff --git a/nitrokeys/pro/images/smart-policy/1.png b/nitrokeys/features/desktop-login/images/smart-policy/1.png similarity index 100% rename from nitrokeys/pro/images/smart-policy/1.png rename to nitrokeys/features/desktop-login/images/smart-policy/1.png diff --git a/nitrokeys/pro/images/smart-policy/2.png b/nitrokeys/features/desktop-login/images/smart-policy/2.png similarity index 100% rename from nitrokeys/pro/images/smart-policy/2.png rename to nitrokeys/features/desktop-login/images/smart-policy/2.png diff --git a/nitrokeys/pro/images/smart-policy/3.png b/nitrokeys/features/desktop-login/images/smart-policy/3.png similarity index 100% rename from nitrokeys/pro/images/smart-policy/3.png rename to nitrokeys/features/desktop-login/images/smart-policy/3.png diff --git a/nitrokeys/pro/images/smart-policy/4.png b/nitrokeys/features/desktop-login/images/smart-policy/4.png similarity index 100% rename from nitrokeys/pro/images/smart-policy/4.png rename to nitrokeys/features/desktop-login/images/smart-policy/4.png diff --git a/nitrokeys/pro/images/smart-policy/5.png b/nitrokeys/features/desktop-login/images/smart-policy/5.png similarity index 100% rename from nitrokeys/pro/images/smart-policy/5.png rename to nitrokeys/features/desktop-login/images/smart-policy/5.png diff --git a/nitrokeys/pro/images/smart-policy/6.png b/nitrokeys/features/desktop-login/images/smart-policy/6.png similarity index 100% rename from nitrokeys/pro/images/smart-policy/6.png rename to nitrokeys/features/desktop-login/images/smart-policy/6.png diff --git a/nitrokeys/features/desktop-login/smart-policy.rst b/nitrokeys/features/desktop-login/smart-policy.rst index 4dfe76da02..5dff696fc4 100644 --- a/nitrokeys/features/desktop-login/smart-policy.rst +++ b/nitrokeys/features/desktop-login/smart-policy.rst @@ -57,41 +57,41 @@ Login to Windows Domain Computers With MS Active Directory and install Smart Policy. 6. Select “Read a smart card” -.. figure:: /pro/images/smart-policy/1.png +.. figure:: images/smart-policy/1.png :alt: img1 7. Select the certificate, mapping, and user. -.. figure:: /pro/images/smart-policy/2.png +.. figure:: images/smart-policy/2.png :alt: img2 8. Verify the device status via CRL. -.. figure:: /pro/images/smart-policy/3.png +.. figure:: images/smart-policy/3.png :alt: img3 9. Choose a Group Policy Object (GPO). -.. figure:: /pro/images/smart-policy/4.png +.. figure:: images/smart-policy/4.png :alt: img4 10. Confirm applying the mapping. -.. figure:: /pro/images/smart-policy/5.png +.. figure:: images/smart-policy/5.png :alt: img5 From now on, when logging on to your Windows computer you need to connect the Nitrokey and enter your PIN. -.. figure:: /pro/images/smart-policy/6.png +.. figure:: images/smart-policy/6.png :alt: img6 diff --git a/nitrokeys/pro/linux/images/luks_1.png b/nitrokeys/features/hard-disk-encryption/images/luks/luks_1.png similarity index 100% rename from nitrokeys/pro/linux/images/luks_1.png rename to nitrokeys/features/hard-disk-encryption/images/luks/luks_1.png diff --git a/nitrokeys/pro/linux/images/luks_2.png b/nitrokeys/features/hard-disk-encryption/images/luks/luks_2.png similarity index 100% rename from nitrokeys/pro/linux/images/luks_2.png rename to nitrokeys/features/hard-disk-encryption/images/luks/luks_2.png diff --git a/nitrokeys/pro/linux/images/luks_3.png b/nitrokeys/features/hard-disk-encryption/images/luks/luks_3.png similarity index 100% rename from nitrokeys/pro/linux/images/luks_3.png rename to nitrokeys/features/hard-disk-encryption/images/luks/luks_3.png diff --git a/nitrokeys/pro/linux/images/luks_5.png b/nitrokeys/features/hard-disk-encryption/images/luks/luks_5.png similarity index 100% rename from nitrokeys/pro/linux/images/luks_5.png rename to nitrokeys/features/hard-disk-encryption/images/luks/luks_5.png diff --git a/nitrokeys/pro/linux/images/luks_6.png b/nitrokeys/features/hard-disk-encryption/images/luks/luks_6.png similarity index 100% rename from nitrokeys/pro/linux/images/luks_6.png rename to nitrokeys/features/hard-disk-encryption/images/luks/luks_6.png diff --git a/nitrokeys/pro/linux/images/luks_7.png b/nitrokeys/features/hard-disk-encryption/images/luks/luks_7.png similarity index 100% rename from nitrokeys/pro/linux/images/luks_7.png rename to nitrokeys/features/hard-disk-encryption/images/luks/luks_7.png diff --git a/nitrokeys/pro/linux/disk-encryption-luks.rst b/nitrokeys/features/hard-disk-encryption/luks.rst similarity index 100% rename from nitrokeys/pro/linux/disk-encryption-luks.rst rename to nitrokeys/features/hard-disk-encryption/luks.rst diff --git a/nitrokeys/hsm/ipsec.rst.inc b/nitrokeys/features/ipsec/index.rst similarity index 100% rename from nitrokeys/hsm/ipsec.rst.inc rename to nitrokeys/features/ipsec/index.rst diff --git a/nitrokeys/hsm/stunnel.rst.inc b/nitrokeys/features/stunnel/index.rst similarity index 100% rename from nitrokeys/hsm/stunnel.rst.inc rename to nitrokeys/features/stunnel/index.rst diff --git a/nitrokeys/pro/getting-started.rst b/nitrokeys/pro/getting-started.rst new file mode 100644 index 0000000000..7aec165193 --- /dev/null +++ b/nitrokeys/pro/getting-started.rst @@ -0,0 +1,73 @@ +Getting Started +=============== + +.. contents:: :local: + + +1. + +.. tabs:: + .. tab:: Linux + To access the OpenPGP smart card of the Nitrokey, install the package + libccid. On Debian/Ubuntu based Distributions type in terminal: *sudo + apt-get update && sudo apt-get install libccid* + + If your distribution has a rather old version of libccid (<1.4.21) + you have to add the device information by yourself (for example if + you are using Ubuntu 14.04 or older). In this case please follow + these + `instructions `__. + .. tab:: MacOS + Once you plug in the Nitrokey, your computer will start the Keyboard + Setup Assistant. **Don’t run through this assistant but exit it right + away.** + .. tab:: Windows + Connect your Nitrokey to your computer and confirm all dialogs so + that the USB smart card device driver gets installed almost + automatically. Windows may fail to install an additional device + driver for the smart card. Its safe to ignore this warning. + + +2. Download and start the `Nitrokey + App `__. Follow the + `instructions `_ + to change the default User PIN (default: 123456) and Admin PIN + (default: 12345678) to your own choices. + +.. figure:: ./images/App-change-pin.png + :alt: img + + +Your Nitrokey is now ready to use. + +.. note:: + + - For some Versions of MacOS it is necessary to install custom `ccid + driver `__ + (for information see + `here `__), + but in general MacOS should have the driver onboard. + + - For many use cases described, it is necessary to have either + OpenPGP or S/MIME keys installed on the device (see below). + + +.. tip:: + + Note: For many use cases described, it is necessary to have either + OpenPGP or S/MIME keys installed on the device (see below). + + +Key Creation with OpenPGP or S/MIME +----------------------------------- + +There are two widely used standards for email encryption. While +OpenPGP/GnuPG is popular among individuals, S/MIME/x.509 is mostly used +by enterprises. If you are in doubt which one to choose, you should use +OpenPGP. + +To learn more about how to use OpenPGP for email encryption with the Nitrokey, +please refer to chapter `OpenPGP Email Encryption <../features/openpgp/index.html>`_. + +To learn more about how to use S/MIME for email encryption with the Nitrokey, +please refer to chapter `S/MIME Email Encryption <../features/smime/index.html>`_. diff --git a/nitrokeys/pro/index.rst b/nitrokeys/pro/index.rst index 669db24142..43729540db 100644 --- a/nitrokeys/pro/index.rst +++ b/nitrokeys/pro/index.rst @@ -11,6 +11,7 @@ First check the: :glob: Frequently Asked Questions + Getting Started or check out the features: @@ -18,7 +19,9 @@ or check out the features: :maxdepth: 1 :glob: - Change PIN + Update + Factory Reset + Change PIN <../features/change-pins/index> Two-Factor Authentication (2FA) <../features/2fa/index> OpenPGP <../features/openpgp/index> TOTP <../features/totp/index> @@ -33,3 +36,5 @@ or check out the features: Certificate authority <../features/certificate-authority/index> Desktop Login <../features/desktop-login/index> Hard Disk Encryption <../features/hard-disk-encryption/index> + Stunnel (Linux) <../features/stunnel/index> + Ipsec (Linux) <../features/ipsec/index> diff --git a/nitrokeys/pro/linux/images/App-change-pin.png b/nitrokeys/pro/linux/images/App-change-pin.png deleted file mode 100644 index 17ffc072d2cc9cf4b57719cc5005ec2d531c860a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 21458 zcmag_WmFwo*9Ho1EVxT>cXxMp0s(?UaCdiim*5iIArM@H26qVV?(WdVdAs`?GAz^yMqGp6_o?}VPck=++kTjBY(7U-Lcj#y zkdJKXajUAiwnY&9g0Fwy?}~e5dMjFKk0_g6acq2vV&GhV{BnAI{&;BJzJA`tU*)I! z>b#nK`E>Az^MIoVad$oAQe6@UM$uUvH?g3QJ^`(-kKSS1u7Lf!?(V{~x|0&_t>sLw zEAtL_VHSj*Gb`&9rd`WMOzWr!`bPW?!*0^^td&I6ZaU4!xFj;a{7{%+@>Z4nvjBOd@h^+{VlI zPxhS!OzBg`j=$V-^uP86L3|D6qrX;r5V~wxsTugT8;%~w(9ZLaF~G6^Yr|oRVPVzb z`7O(~uK%Ek>E*`v$-ZXpi}&?4FU8Rafxi7H>qAdi!~%Hg>$Bd9Zqw>*aYbc2zLMvl zaV)BkPx?9In||jS6|dBrtKvZ4?U_UEH~D%*55;v4xUlByI*Zo34*k8=Dx&wDfBw)j z98SCbtFdO02`f_8A;n+o3Q)3diO56xAl%wmjPe>#=n`Q&$h^>o>jr%GRZ$WgAh8!EDzxlZ91Rp}r+p zsvPGlnvxvXr?v$>z1I_t`+ldc`wTA+1;VKNma9z;#?&j$5cDkaM})Y?gA4ZrXc%** z+{Giqo2x8u(@ZLw#6c^@A)b*TBX?%o{TYYz&gY92yH`_{7rL%TeUI_KF7HG+Y>ulV zPD0P8cr{hNbh6DzDp1XU(!Cf2!eXnpXiiS&@@N(}Q;$`%mY_BG7mvks)ek>5JRp@_dpfpIM*D z5F5Jxr=xvCDKA$=o<$$}f|kasyYbjb$xR_b!&d>*0#yt72D7-Gl4G(~1JhGXzohOF zq%IrA>g?>L^o|L3(jUDDQRyp!RZZM%iV&ZtGr*)jVYK#QnR2`|Vzm)nf{2WiGQXZe z%A|2D=JlTK!vEZ~S!|r`gu!mBsA&0@CU@)+{~9@g>J%5VXmm&)uxMqf@b=Z=y&!jw z3wgFhGBPN7@%th^ERJ$0X4IH3Im1L}8{w^T5~dG2(H!{h+l8fHuuW^4b8cbEWeo^J z^c7fQZH+4Did52OzSJB3a}C>mt}_uwE5`a3UTST{8w1C8`HE9CT3<1kwu)xTcG@5< ztBzP9`Z|7xZYlP{Bx;fHJ0#|z+1_a|JGozB{5<2Cz5@Bkm%C5Ho_vesPqy|B_7^K% zYATd*VN#EUwo&lRDWLOIq6urh^q` z4at;fJQzOw41D>I5;N^!Y&e@T;lsrqNxPL8&R$7bI!<-URmf;@ObUJLG3*cJ5~vXS zMO=3u&Qk1Vu`TYe!(3kzbWgh7HWJ4ATfyS~Z3+r9$1-?0dc`GfX9c<%1adEpgq{dj zl7z0dE|rb)bda5Pb=#+{6e$pHM3t|nLlkjTWfQ@ zs-MX(K^W7DSxz&O^!qzh)tug@>=1~O<$0KD#}ZGiw}(@{GDKT-oGOqx*q&|Hk`Qhv z2brzlq7#Ji?`J|p300)sa(~5iUB^q(J0cGh+hm7b<=f|`(TV#>##dEo+&@iRcu^xM z2@rEd!C06PS2GdK#f)u%k8t5Ptd+D9L8}@}PW@u|wnuqHLNR0%FW#yn=DEv}R zvum>*2?9pCooqzRF(zg#hyWp2=R;x}iA z1Y=9d8tcd+b^BM<3q`d2t~oddTYr+MMK->W4NyMBe#5;$IHy?GgiR)|NHgDVD2=YE z*S?rQ=c-`0mI#cI_$yKod^u~^?NbYO#B{2Kt=W2IO;U93;qkeU&&P&)?Jo^qc~o)*lHp-uhen{_;X3JK*q zI}&j$y5q@D>kEoWZfv=1BiFt;cfWYP?^pv|Y0x1B{vyPpEf%ng$2F*@VW_6@22Gx= z<fq5J|ene)9gw{1sqSb|dXEzl^9kU#&xNMQRzjlt@N}UAKb!6QdpGcL_H(2f;`< zT9GYn%(zUD>TI+x!@2^e#n;$1Lge1jkDfVeEoJo*?kZ8B zS(uCA8at!4Z(x8ywHAz%$iheVDUeoa!8C+9dJ+Ze zvsN`S7af)gPwyt8C)~UfOa^~6p#V!#V2_RU_p&mA3Q4#trRIPYv)C3T?R6ZIe#F?Ubv;>(*>s-&KH)De~p_~^I zk_N=Jl`(#Qg1T9v z2Y1&W#yvgb2(4Hu6rTdZO9t2kB#3l>I}nIwQs1S~D=!Ogv#cgn&pIVw(~;|mFSA3h zqtl8!D$WIPeJ4I7m~X6c^eOHB;+DmQ8`>Y>yMWs#z@P$)reHkr$z~iz976zltvV@G z7cpq6NRZeF(%vl6r!D^{xYtqJciGvx;C!mss+L@o^sW~g6b#5f|2(imhu(s<^ZcY* zzdK)phL#c}EknMcmdYgZuYY{|`o4vGMQQz5dx7+V*1vBu$n)wb6xKOHX|z=&1G% zy~tq4!C47$gHH5xA>}_r^`R^w&?t}Cmmt5QA5$lm))6bntQExC4!FClN)n4INgkty zZq84Nus|_RHM?}L!XXtt*#9lJy*+&ZpLKst3({IX#DRQG%g@7f;Lggx{bDQeFD?Ic z)foCe)pEQ>^7g5UL%SPd|3h-vwzSR0ZtB(x(r zk|t8qghN=fb7a3YQ82Sb7HDC+eI+%qL+K*&5(mKk+%+_CTLlm!IbDD_kS-$K=unFS zx>vs`=#3+)UIar6lCoOK0v2|14 zsO1y69i(fT79v`8!&<@^iC49CqNEpTos=4gol*y)QM$J)BgkZbPa&NvaMQ z#qs;0D_pZkq$Tq-hoWaH%~Omk=fNwqD+SM2Mzfk|Q) z{##Fo<)Qvkm*c_kpcOl)2Omgr5SGt~5zd$|t7B3wa03+p2~(!PJx9|#&SFROcDv6u zm1>zXYwDGZw>XUwvif;Q)d;9lrvqDqR*VlQ%1^Or{LiGGRHpte-F zleA(kv}(qNrRDaq`tkKtsLSfj(tPA1ovik8}OaSAiaW7sXg_IkmbB%Po#;w+bcl{G7xae=?5iI$$Jl(BO3TUeh`z>;d0q#x ztzR2*W*YvOSbX6~Z^2quL9rYvY=~+8anIMgn)y@pr+hr!gLu_Kb?W!t;}pujfsoqn zhy$VI4zoXOXoe0ne>dnlR3M^$*TuI^hT))BIzy94AqRHtkBYkQ$=M+{xIT;1T<(li;)b_TRqEJYlw|8#8ITt4#Fk zmZmJk*|LVCpA$4%E*oGR4TJvT=J-p2$jo$HlF)-Hc8Cd4ZXE=*D-@0;3+jt2pEv{e z8jlTV{`#P#R-S?VYSXou|8o>6Mrl4$7)7=Ey(6tbM(034I>Quy$n@1F72Rj+62nVU z$ZHl2e>O77G2TTV7sm9qCwNE1KJha!B~tUk6*Dzn%6bJ6K!){Z;Q-5<-oWMk&Q2Gm<==fC`;eyYmr zdq0T5F9k2*w7~o?mOeR(;`%pV+aoXr{Xh{3c`GfG@Yl41Dg9mhtkLl%ZlI3O^@E9l zJKntvu~1W;utS#C$kCaTcIBx`(pL^!ql#A>A@LhSN2t`}g10DJ>YKAjlGCJDN6fqx zN5t2P`w?_5L#7T|$wzz9Flx3FtO%i?H^w~S>Il>Xb(hFky}_~xdlO~lt^n0`{HB&G zW6JcEIUA)<3nytgZnGu@S(<|^!$WN0xmJ2aN;t#hq|jq=)`R7XNp|=@BISpAtjH!B zNW~S$TrJYW6-R8oo(ImuUmJ+3iVw(2M|oMl#)QP~&l+BvQITo$-sVphiP#~P4<-nc zEoRaDqHfGPqs+HWiM7thjfYekIpPr_QhjDU1^c0#MpT%>$^u4k>uR9 zoTt(JOqFoVv)Zn}V!?_4@s1?vX*OJM%jgesDoH8DgmIa5hXkQ*LD#^s>xEr}L z`A2GFBtstkr+wRdub9u;zqiz!+V^^T+&Bw@O?#RieOWT|AHp8>>KjH8*64CVdCH1{ z>+qU50xwcYOf&K1JB#0XUo+P29wzRseAk%kO>RN@l^X*#8MlsL`L{FQz50%Yv0=&- zd74E=RWxo>(aG2E>5aR!<&tPM%*P*!#4P{PW08D&`y5(Ib`iSoq6+w-pA6-s#6j;L zfATs?l7KU?_R^Y8AP`dD$6v4%IwU;cB($@Pf&}yyED|gl+^Ja!4G2UGk`WhCbzeGN z^>Y8J*2#6D?2>Pc9H?}1F&S*3e zQVr@8EsZ0kzgD2&3T~)zeO&hOxMGIh;qJ4C zw|7QLcE`Nl;)&h-5+5Ib=9nZfut^V*gAZRfm>T#J#Q?rY0OQvm1q%484n1&N_bE{+ z3l`mcxZKwFJS-YXWhyuafega8T^=w~Cj_5QZWr{|o9xzC-PSv-7wa}QHnREL8h`(O zdG30DE?28yWo4a=0NP5R);2NO?L`*K%F6OSnk^&XbIlU+(<@T3S!uppX>qb^zmzmG z+K$FyOH4`{RxnD*<@aEvpeV9pxa2|Wa5EhD()>!)`CfSW5%pMFH=0RscsVqn3d{aAmQ`6 z$H~F5(&}o(+{=rhBq~kV48iTqqobqhDz?)4j#|6*&fwtS+vA0bxuaOUgan79Z}EI~g?8Gw=sH?NMn_3o+-X<8Xx%7z zTc+PqlGb8BP;=n3My?{&D5r!iYrRd2p8xdHL(j-_7ii_Xlf!sZcbJVru0O zLo%Qx>ljN%j+A;7kU{sxW60Yfs-PG zg-J+Aq^GC<`SYiFwUfRZW8LFV_s(jm$*aW z$_fF2nElb6feEiI;N04Wn;IMQKkg*asaK})x*XBfv^zdrY)(&41B;k#La)V9;^!Cs z>rpmj{tIELhCZP-ZJ(oWT}wCy1zS`KE|OU-_S=esrOB*Vr*Ahtj`HUNN*S_znhOm5 zW=#28f#CaTGbumA+)PXHbcuR!=Wxa`s%j@rGvp%avi_TTw}JGR;zDT0*?0H%w)0Lo zX=#+GexcW!B(KM=x7!+MB5!6In#1SwuKP=s!AHfWSyHcvk z-p}^hNmeWic{i`Sgb=D{^UO>xvu)lUp$ok2@L-_4nbsr`fwjb=Bg=EgJ-K{cZL`7q z@ecdVp3!tRsW`$8r~UD=uO(u=k0MHNG_ZKeWbIQ-F4Zpd>&6LE&cn2%Qq5?90a-vh%Ipf z1G@N%(hA)De*srG9Eilk;=rZgqccr&a$V*bYQQW_!`(@M4MksN$^l=q3mN zf6(Oj|9^L(1f34nm_;VLi2tS_r4p58YXKZ`~_=Pd*Ok{4kLmhK(Zuh?IX7SDuM%C_d5^@h#$h7+^(+1Xj6gqj=~QKy*pnDV}wu^d2x{QuAuZc9)a zM;(?a#U^gb-G+kCJB>8?c98YnUcm4I(8i4B^7%d3@Tfu#* zSzB4Pxg7r(GZhO1{KJq#orB*1mZPKQPQ*n=i`)IzK(_tu(cJMu4O{P*XkZnREO8;g zbtZ`$wbbL;epz|sT>0)T*k#3JZD%Lt3J!Wem;yQi0JkMor``Q>x=8Mf!o|g9p<4IY z*rlu-w_?t+N;!emEnMnf_c*X9H;|@)w)H!`J$8pvM%OtrPxr<$pYP8X4xPDdS85ln zfs0i6yCbRkEsi0NZS}z(kB$YM7&MXi0LmGY@LJ7R0zj@=H4kj6&X=o^hK2^xgwo2& z698kR<>gzA!_F=&Ly@QKKSkp&$Iw}wK}V+s)~w$M@RSb=g;rozXNdf5C+*D9vdr3g>Z{v zV{KhoQSrRI{&v^4{(1(m9Ar4Sr4FwqdCE4Q=R3ah_UnD2_s6@_Wy=PwnuQvjmbzcR zF5jNdk(+r7Skr6BNfVDNJw*34l#3}y^HniX`zZ=7O%fr!K#u(E=?vtyv@9~$MNfe$ za(e1zIfct1#xxuW{JAn>-}O3mG^fSM$@5h$e#D3WHRLQRZ;Z;G_-tQE1dHpBN+u~T zArXViaRdZML}cW1#c(}f3H&8=4!vqbo*)0-`3fZ_AYP)F?Rj%B6&@aLG#DEa8j3dc zbbFj$!IF;G9ugev{jeE^ii$e=&i7TfJTgTcD@I(Bw?a)GD~3FEsEO4oM}lngI>s?u zjloo4G*QL2jG}XmT(@dGKd?#x%aAp>)ipFlmjDgeLg4*AE{y0g?qqq9w83`9w5 zZ*kXX<)xU_qbXxEvC=l-;!h+^9L47WvGf+@ly7T}R)zBV@nywRnHIH$kzH0j^6EPH zBuqXMm!Kt`g2O`LZcz)Z!b+7Ar~bE|*0w-7Mum%GRrJLEwUZ1jRrL`NC%^|Ps;hI@ zEzmaa#eeo9>xhVm&rVJnFk>4U8d54`V4$N1Ipte_Jb*@M`&gfDYp-tYzP;v^pYT+& zpU!xcv-St1G4ddA$EbY#9)p(`Qq#^kTRw9SbJ;r6Z9fbrF35fo^?zK==Uby)Up4>o zSAKL%&GS+vNLb5oN;+$T=iQYFQaD^xe|W^JIZnu0n?2FEX8N*z z(UM)T34=EOu)|mS3NQuH~lNB4n=n6u-)No^ljRp1dY202r918lTcskc@ ztKa&%{D3JdJ?zuL&n2x3x&fOFH$`Ru-#2>r$=XzvcmeBXWpluglc)3eSi0Li;a8AD zn8epS6ULXj2DIld#e(ZB>~n1QPNsGtxhAuQdvYq{s8{oPS@tfrsBMx_l;3EkdBTh; z!(uz@l8+=DX<1N|zY0+F@tg@5HfVLMi8TB>)wGJCO(EFRO5ca3s8K|z$Yz5yxzz69 zs~r?nuhrUmHHE!yT-H|kk$U*#bxHk9$Gv7dfoOJ1^>zp$is9M4Ta%fH(NZ4~9;`X7 zy4NOARz5enSkoLl%Qwedz`E!WzY^+9xm%*RXzd{* z`5x<+<;M!A+onSpwU54y?^|?CS`<~d%|DrgEk=XT9Hmrlp9CI3W8gM{v)2!@wpn!` z(2p@XAg;eSgPTF$sYcdmO^39$uiMUt)<2^IOa>x~S+DP@1w3kTM{xLtpK@s;;TPI$ z1KM}J^yP!$miAmagBSX3-~1E-!()<4hON?s2sE?AT0#{a@Hs9ZTEaT?(3h3u4Ju)S`nQ?hsnY+#g$(b2(BqJWG87RIKyYn}cSp+dCuiQ6JWw#g0c< z-S(yJrfY;qV+s$YF;`oPapO~SxW-!&kg~4cB{O1B&uSl&v_TTMNukQ(0gvK5YgN1optlG7=Dj4rc%HB82xHDfN zzGAuhfj7g8d=^e!>3YlCa)XB|2oK-ktw^Ka)5DM2OPP!B^IbO~^+@$)^>0X2Rf~xa zKEh2QU%aH_EGy4A)#=3-8iBdKlJGXoE_3wImpAlUppK>*6e##8-PCQ_y^Y~gp}ALy;P6?*_$Gsob_XNY`}79`}>;hA{2j-;c9UKTs@Y zXP^yuMJAXdw>cl8wYuA5vza3Bf`x)FOvti8IQ#Qq=W}0ycXw|+gc$kzZ}gA?tkahV zEkva3|AAAhJXEq`&u-C|c;i7eP8T^yxL`SJlHsBys{lwF4Ma!8#9+ce0?~aHK^f%# zR{ZlPNjC*cHarkZB|f<9f6j#PI^0cG>6ob(K)tQ3tkSz8sM*<_&sJK#7R!rJ0sL2V zHdn1e{dBQDOzmNquI6N|gO867?-k~Q58DE)#OwYnCNeT{WOrPSg-Nfy+3)>L==D(P zqXXgar`eSi>-t3%6%_yxHt1gf@Vq}?_uCuAaR#P^ppe~M8$P)G=z$Fi3S@G4rl6e{ zdxv*(-F;P0U9$M{&rckej~>+Rj~DSNv1~G`g>GiprQ=e20GPoH$u98|ZRk>=Od)^2TW#iOiTmm)I@c_V;8ukeG;XAsEzD5o?eB;Ob7 zOu8QWneqz&{z2GbF+*u86CutDXb?hdi%SaJn81m97Bh<}=?7Oh2&uB3ZY{iuzj+&S z?4O>u#&7X3DpTsz4=yM3?5n431n2V;n2Yck*r^}TLPUGC(#5x5N9IltFRih!+vFup z>I&5Lml1&hkcf9Z9nlFf0gUYJ^8s2xo!|#$aB(bftO&sTH6)ub4*XihL7NmEffgm1 zSeZJnQ3b>RpPZTegul{ew;50DwD9I_|6_ltuw=h7JQ@_M874Kt5wr>BH0BKN#2gxR zw0p#LB4|=>im*t5U`RtUE(IU)*If3WZ9{p#Exa{V$B$Rko_amk-ag9;MMZ#4S^?bX zZ=StvQ!Jc)A_ge0E94+MzFcbzQo1oq-t^wQHcf$i!jx4xEtQFDo(ok|_EyrvHz&RU z%g44(PpjAEj9INgKmTBGB;D&=yn+dRP9g9OF5(Nr`&h$BDW?b!dIZYa?Cm8L)_ zre4tiaEFO5)(RKC-KBk*MPz_NFg0My%1_ff{762^#K&3Et&D8P8=!28)2>q2v4R9K zJBz9UG=i7%D*%5M&e7|4qDnt1+lf(7>;yv^hXLwPx=5)={p8uRo z<`nbMJk86_0P8cz049_=Vvd8>QC>1bl>-d1un&kvG6Vb9kKPN$Rm?T=RCP5&+u(S= zS|!Vs?ppb2)KqgvfUCd?P-LJay|na_b3B$9^`CGMP^wc&&ZROIGFF*A_&Y{lCS&Co zEykmL&;rZbqW;lh3wcU?j&G|!dVp%b zzn#Amaxa^IxqwHr9KH&6Z)>{`prZ~C$Hm1Je0wko5N7tcGJc`v0wKsEA|g&rP3huC zunx-l{fSzp2ZDwDn)UbPMjNcCex<r_@sH)S!LgxJb&iILn-xM19 z$r&8MA#EJ+M-Rpl%vY(TB9oO+l+S+jqJK60xe!Xc-@y%{_P0xdK)6jf7&{i4!;53} z^SiqbYO-5v_PHK79A+&p{Pk3jx!@;y4~#-GUk}!EdkLxkrFcRp-CqBxfk>MvLy2W~ z@D5AQyb=+I^Tb(VG5C4LY3?1}^BXoVs=;4ND=T=|{|+Riy-WAzY#d_oh;T-B?`&y{+1PY=To?bRD<$(?g*0lo-($0{zJ%U1iL3tfJGNdGO6$Q};Pq3yS!onq zTw>9#E}uC?9-*UQ6S!DN#j2qh{^#hT%!@izuU2vK<{~6Dr}k|Mc``eJ8Z`!=hn1EV zt^*84nKa*zkk9*QJ8_SRHXF9pb8tOKOf-Ue_nrUJv-)9_h76TMooJ?FfwEYRQt90! z&uB7rKGs2;7&XB_tvIh9Q89`z$_#lORBrH%VMLp=(u zt#5m$k-Rb_<%wh9qh$yRg*`5t)~B4W-wj;DLlA}%KDKjG(X0-_aEu8KYU>IYR^`!lj6P1XWFNbGYzElGiZ+?)`lVu(jM4a-#FE;~S;WbH%OZ;HG5Dy%-k=ls4j2XVYgd!%&5asJ7l9)C~tc@F>=Ua(w7gT0!J) zMXX9ZzPhV#wUQFUD|*8bf~EOfUSEq-j&)w4Kt34x6-{_`zR&vOa&vSycB`E(NsrHW zRhcPaQE6Qs{A*-&?IxK~e9GFVsp}31Vt7mmM!~ci6zTddkNnr-8O}0TsLD_62&_Ka z$GG`UF{z216N*%%t^2=Ra0q@Ap9Vy8OBJbkYJRN0U&W;@i_wrBGxQnYRXY3pJMh1kyRs?9}ob#jk^!*#v^<{(Zl?V%}-wX73%r|Sa^C9n7Qufr|9P$ zr~D+c;=l%Fa6g;tbC$_dgWVI1S5?(s^lKC_lbBQExL$vvCqKv@pH%5k&N+SSt@(($ zLn}oGjtc#>2(jQ1k_84z<67)!UJ)%7R<4yjdK(|OO1~>eWHlw7rm|2+7)67DHb2~) zF<72D#|#jKnMCFElhPC*9NcJyd-6FAH`^JVb;h)eLsI0o^^o#ve$z2kRP4vy*Hn6* zYavhL4#nT}wAEhxPPDJ!V|v}k(qI**hKB0nWsqdV%O%J=#FAg--4uAOrW&ld;wxm& zI`4LarO6Jp1nBPlu06Y1o#an?Fg^sT9_0Rn4CkE__ml@)`@Rx>M7r zvSfMw$*o<@@V%Utr3j5Jt>HiL?Qpe<876n4Y@151UA0t;dgY2!V`}?u*kAzgaO_z44TKg=`!*uEP! z5(`y8IeYs8W4{(WH6uzLTB)N_YsiqvwB|`4#UceX1U35J?g&I>V8dQ>uxb?@h=(u( zxF8lGlfgvcQx-yBz#8qi-YKAa(GlnFG{d* z>JHvrNd?SS%4$Cr*0Vyy50_`vmeT^PH?foxyX)h_=e=rXq~tafQB7sOrciup_{URV z1y~9akAgLkGHP=V&87qYv80B`q5Om$S2Od`>K?DLp7#G24`VvXxh=jlvp__>!-2rI zPRER>4qW&=PF(C9Zba>U;)o!W>iuP&?fra%EbcXy=6x>mvwG*-T6vdm{Ppmgulx4O zjMqG;lRgLmf>`4EYF8`$IyzesAsOJ zl-%X@JHGppMnU0Y8z7TGK@La^)w+h9w1i@2J@LC1y}gWbYlo7|{qn!>lDG^6WDDyC3jNbpDml*4Hw$>b*E$6T;St#KQ%y*zYl8ZO9db6~QSjYra^ zU2hVSt<}DKV(nTIfG*F?)n<~t)y`F{PPqiu0;9~Xu6F&lXO3|ZwUE+Z-@k>WQwf=x zDoOJ@+zeO*ITHBb6~AYIlw}Yj;pAv@9So?O z>pzSBW+Z{ypD68=D37@p5?~bgQDC4}_?Z^qhX23L>Gq%e!}DR2+ATLKl+18&a6myr z1LHp|E6Eui8UhlW2W=!0&%4ad;LP^9HvYn5H$zmp?ARwln_fUhld1Dzt7SijEnU8* z^NIEe2?Pq|_M2&uEJ%=9ILudS)|-w2 z8Q#=0z(W2ID{fuS1gJp9Eh7W>hTy}^_Q??Ny4&mxLnac;`tf5Rd8O4Q>d^?uC1ux) ze25OLcZvXhfEP`kizV+aHCWkoK2oBt`rNOwnT?D8*A+W40|SE+|E0LDEKRMuR;)J#SA7U5tQ8+s6aEs0W0QKijZCJe|TmnJ^4>tF@x_qx>Kz z((vE->rb^w^QX6d^X%?F6}zhIu2#1G<{taSP<@+>RZ_)!>V21@vfcpEZ2&t3G@l_) zNxB5&DAASpr(%wxhmAY&(&y8YhdeF*gFzS7ZbjLGI{!xPs(D;Y8Yk3(p!pV?5DS@9 zr|NP5ZGn$I@z-79^+NWtv+~xXBcl2EH;O&BfWdn7jKcmD_ieCGUg4bV?96^Z-l@cE zuBbe%@b}EnY44Z%q4XNos$ZQEujQv6qNHd*1nbBN7Ge9uktAmf0ujo7)B^ZeoTf2+ z`&`5a2U)>713lEZdi}38dP$73MtKi{CzA=&Ba9A&P>tfEmyCytyJW?XaGbSRj`geo zSW=q|c$K}AWVs7_+G)J5l)wQN0#{(_*ginD&Gf2_Caqu)v^iXcC z;ZW7hxCm{v)Fxek>lCOhBee*S?!Hvr@_bEWnAlLI?gn8_o<{&=_Rf**L%xvnq}Mnj z$j+Tj6h|I8J$jQ}Bd|J8mcL%{<$H1GNGEmH9ubnt=BA2dcJfF?faedZMRG{onPo>Y z43XaVmtLw&@AV&wj|Lz8P!Jd2$7NDh3!&GUXg7c3&u@+$h)SZu|AD1g>T~yto5+ed z|2H)27WdYAr^a|>x!S#bjeynE4>wFNS+<3H3$w0xf!n6chF@P*YS+PTJj2z$ebaAs zjtJiy&&ETW-d(@Ms#t_QP$wOwtKVx8+V8aQIbxmA2oaHDz7HsDXh>N`gWy31_`oKv zma+>+LdI~eNAY#aZsi6c>wpwh%fhsKgt!bisn)IaT)7?csB)p2iFHe>dF4H>tdD9k z<(y9%%|R*8p;e)TOn=Ig;MvuEW7muMnIDN1SSwlH;YyWu6Ceki52uTOWGs3sf~VAf zbR@%mVXl0?G3B|{@%ANkY;@(k1z1&2uzL|kmJ5UxtQqiMt=*+g%&QsgLmaH4KpnsX zu-Q76I?r8=?HM6{*coQ~`|iCsgii0tQ9d!3!<1nu@$0XTP2QP`Wy}rll4&8AxbGt4 z8gXoOYNZIjKK1(%`M5qjoc45q?sc7kbjZlzZDDdQ;Gw+VYWk^jB%uJb+V}tU&ruti znhN;*`>i?I+N2U_j1BCDfK6S;L?Oudf)l9sH)rW8+lN_z#>KW|&t*5s4iX9qRas1| z_i}p>3S7j{FkhG$$V$K zS2tT}{1rmr-JurV;7uC`?6XxsegfTp*f6BHKyHjIj{oXrMv01o;^%oN#^Vm&LGT~( z-R)do)!9{|uIIb_!JN^znbzcFivwzZ##r$h-L~Q{)U0f5QIV0Orq?leKpV~9IWvJ@ zfs?sDcZ)#c?&mY;Q|`fm*P6$3Rq9(EtS;DOf5HLKGZwwZ7v;^?ph#)*$mnQ(hppf- zQ!6{W^$ssLpg`xRSXd}BQ7oV)Cw*TowZ!}ENr$siLe@YB0SN~{&Sn*zoq}RFNlEZ= zBM5oLFQF|z-*C0nw0bU ziV!9?u>Hd7`{I6o<+kQg(%9HouZD}^-PyCDNqqUpX0B`e<-%tcz=c*7T|0KPJbm&5 zz%%G0R=~#x#)y@#$%e|eL2_4&SBC-BfRhpiwC^CM}K3yXp`*v%r0f9gYo3xz` zD=YpuQKQ#r4TWmsVKbxursDqwcHkM#x^C)lKhAfK&uzca9RTq$LOz}5ZG(RUE*Ux^vEl#FmL0989PU;6%2Aq_k${}r1(#VmK&ooYpEW?kY06Z#FlixMi ztDe3&N|jl$gapvzMlAPW@46;vFD&z2AUPK;;DiaA3UYH%#8V)`3FbD8iGK>|fa+9| zcb<5EQ@ZSrLL6uMRahvWNgOTU(<;cqLc-3D!AA;YS7w(JDdap4V1|sTQTZfdhQXI? z8?>xcjg{qGoS~nZ zHai;5VOlCS#{U6s-p_XLmd3t>I|?nptV4PJRszA^BDikZlr4+sR*WOyH1Nk|D^Khr zn>=`S{z!ix5s{-_y2kGJwynhYdOBal%>XwUgF?V%i(gUr^XH$1LlHYB@?LU z$(=~Gh`CiDA9pP*{n=Nj#W1ioH*^BvgtKjKNU(>8TR!shRdmp|lf97`{JFcah={2I zDZCh>*ZanWvo_==6|e)zaKWp;WC2~BZ18xEv@x;&HmT@hcJP~92>y%~=d6ieTB=QW z$8(_-d4{&=>|=9i&KVXLgU9se(=abW;P58tN)DQRw$rPBt>*ditZnt>;=|}Y-!AkQ zFK`$O^c?MV@|!lANNJuoay^@X>l8PtOk~6 z_cG`QFp><8W1xc0v4fjhnlTkR>nDZQb7jh$pjyU}yz=0n-F^b#K{}dNe&n-|Y8+t4 zG1!vLA>O^abWIY6z;$!lEJfi~tXciIl<0op>}c(f3$=-yM&af`epyaPaf9 zb(f;8^C)fj+^Ak*QrjBjhj)DRE6vK(m+!D){Ng$-tjT`jhkGIQz9&C!amuBWMVr}a zPG+|)-o8P*aOQBw`GX(}80eK=JSj2p2czzh9%<^x@_z>#8{4Yb2U-C;TAzw_cKZS7 zpZ6>KhbbAYB*AMcs8m_4oNhdtH^&o33%qly^d2aS60^DL z{lX_>;GvNKzNSQMK!XoOPrG-5I$h72v?0BWpUtnV9nZgk;$rkMq7E zR{fANCD3XcB_IF(W(&}NG{nB=KSZaK)w7tJ8BX;+NF2@=kO`dI2PJtPBNqrIta+;nM8;%AQfKYe|C@fPds+Aw!~iZvhPJhP+X^s zCkkuNj5epULl=W<#D3+H)MR${-c zGalpx#z=Ey8Ob_>Q0)O0CAn?2GN)>1yypv)CKTkV4MgE5l>m`)Uh{wh`J7X`$7LYE zNx-czir2*u9CW4{&dQ^up`oFtmy?u)PDCX1Up_swe{gVrXUF?yN-88IMEXn3AJp93 z%2eAyRoib7bL#uzytxw-MfAVUS#a2raz2z^n`E}nn^0<@quI}U{&qI8mI-eA>V3t2 zbJ{x$|F@uTy1HYd^L4hj(8A)T^&asjgh1N6MKIS3>of2BA>aSZ;aDOeMidw{baVi; z#l^+#?U{L@KLr5#?%?3SHbxxm6MC1Vu@|AqgaGxc(o_z+O zTukf+kUW5L^LsvRNH?XJAZ;SyT{eez`($2n;RD==T@c{)DpCY#b1vtQ)R#lw^ zS~oN@0`y65Z!ap)p}D!aySuxwF*zHy#K)|FwV@~u_`ckz1pMytuv30-*SVuz@yLP? z8ykOuSkq5{v8;Fb3Dw*Cqh?fKw3rnG5;5UP_vjK-?(%7{f6mg2$hYSn;Xb#0)qN~NAo_nEA0F` zSg2?C9a_|)c=8x+wA{gkTQ(3uVwtm-?PAjuMMVBTt($o~lJ)0$UGG$UQ1#c8v zW-S@SGB$J?D9NixDmo6HtY8{805lPP412Clikeq{tbvq2ygbH~#4YE}o%Uk(!?;l_ zFb7Vc!&H8(^@6kD@puCR1Mmhww4@rhyz7GTA8bIzJ_2N+o}M1~&ehdbPcPP7jK1Q+ zAro{l9wmbLrC;NDV%DA#FLPl*Now%*UKzt*$B3C$ zOh>~>9^=t)R#DSd*z_1a5+K#}Amr~Z)`~B8wAwpF-_Gc?126}m8my`UCJueVQ=a%Y za%RqlrXe*2Ndj!jAPyPuc)=Tde3M)?r#CZ~D>;R6i#tah>7*BQ(&m z0HvaPjg?OtJF#~1CgA3QGvbH852g)-yWd}kuI>v<*O-$EOw7TS_?3d7rEoz30ZKn3 z#37eS`9v8wB>#1kLg43KIpRj|MUA}{#m>me+O~I6%I^m?BxFaUZ`@Tw1Mp}dNQ571aoJQr zjNR`{lAIQPNKHcnm45{D!$2VcoLK-KkY;1D6Y^^a#;JzqR>L_uE!wz4+fYE~h#lf8%#Lt`s z$TZ-hffJ5u8Xr)BFPNs{B<1ATDS#OTaoI}$-(?0zH{++$gTEtTkK2x1x1$n;|3ll6 zxAxQT{`A}a!f5_`+fil2pKjkz)e^`4-SK7oUE9%+e>(Q~GLDb^C?34lrj?qK^06Ga zY22-NJZ&k%!ooH1S6K_a!U^)nzc`P7>F;017jT#P5!IXudYXX*F)pE}cLbaK+R$PmiNxUw}KLl2dW65gAAU81F>b^F4Z ztLRd|+$S8U@-hU#J6;3 zGS!9LWd5^DqnZVoJ9L^cX!~8(E1sAluq}bKDIZp-&yrH3VP#31DZnp=iB&BmU6MU~ z8G1TG>c&AjM#X0BpzI`pbzT5JC=`=^blGt*mgrPxLDF6t{6eH<$l?Oe{yNper;QR9 zAv^YrXnn#{y9m}+h4oa4M-GWg(JHwKgN??18}q~EzYYKRaih_9*WJv_j7J++S?THX z!itm4YiZi;@xh)s}U9(UjgcrVo?RWZ#D7zExG!gUuqnhmr$xF(nej5zEg7>8u zjUv0H2lb!Y>@^M1nwpxDV{I)lsc~^}zQopiVJ25A8^nC=`=m1T*i{EB8`#ac;8kgN zFBmN&g=N)Ok47fE)%=N*J?Z?ckx(e~hsbg$V(;Ge_X(slsJ{saK{e*7GXv~L8(CrO zZ79>cP|!&$#ECCYmX1hV0wgRx^)6cQc46JVT6aEH)I>zwL6C1Mg@bI)bn|G?vAZpU z)0>TXgLD&72>lA4@)ZQ(H{0IiEJ{T|j$2)}G9UUq+EvwMq!-i(xv=Y{a2K4`M2+i) zAg8{qvz#U@hUnlD+=zeTN8PK|REI?-cz1btK+Bq$zXsk*nw+s}Cl^BP zpcP!-kxpNE3;T52aB$2c(1G^H#&`>4#A#%datYpNq1ne0E*B@a`8Klw3ee;Aj919M znaFS*XVe~{+|B^mo={f8R^-to@AWzMm9jTVHci+xwm`|YKb;ip9g~W_d8l8(=UoB8c&@|)Y<%vPjHgl!5~AC zl_!Gn6kU3wgtB0W7#1PKAR2{I9{qGq*rZzGx%~HZ_S%PDV{5`w3+h!gLUg!@BpJ{@ zR*sV&qqKmMcl)x+{tS5yhjrnPsC&3?{%vT6BNfywXPfd1(6HgsU0&{o&K z&0I31*co4O3s{il%J4IvL)T?u1=5$u+wV?!S%l0xOZ2H$z-=vzBtBfaHzvJV)Ac~S zK{hoEwTD&Db2_hxvl{cZ5qHgXvCTCTt9jY(yv&aGjA9f@Ka1cElznfl3D$zyuY3xI zlPj^PmANjvuyf3?i-HXe8~}5+iI2PoNyg0!n}sgF}DokQ5zmHp2T`@ z>rDkN@eRoXZy^B~Olj*&5SiF~9cAdj@E~&1QkL)2`g+sAz(BrmC)IbbZf`!G5{F$& z&lB#oR*LbupU%A^pXX+#TmBkV-*h+8jf^ki?8ST~|9f7i(-1=JifQ?YS#51dg>*iB zhl}{?s`zdLE~P0C5tM^~-S6^4Mk-mA1`@I%-cr6#SbC%0=jUtea${+EW<%8pWVp}O z{yVN_d5ugPwG1DK?=tJ5JjmUfJNDeZy2VOun41Hqr@_kY)_=Ys$;WJ8eBD|ZD-qX` z5+gI9YcA>6oxQGzkorA;qV@HWhf5>>=yZ9jI8e?Ka?h5))M!{@tZ=&0&R zYU;P39!USzEw3`+oBE&H(@T_G?`0C+&z_q+34Z}FuzOO*$xgGD6S)IGimPMJY?>q1 z4u)%+8$VmZr|+xol4{0l!d#%0L0v+SGIhxrvZE&=cG-e*`< z)8|io;=mG`ih5EQ5!THj9NEp#Wtb-F?`rD1DwIx7__!q>^J%VR5TRhF6rHhpJ~6SU z^_2OI?`4lSOh@!bJd>A`CwCq&3wgjlwBt6-P6T}gS*gW#|Gz+L7GgW zXS1ilSn#T-pNKH%yQtsEvH*fl# z(6dQHivHd57n~kAtvcpy+T!lYjlOf;iYk0v7|8)`sZVw;cX#^cCV=G(CgvKsLzmzQ zwK;A}?>>&uN-!<7T`sKi4D`)SJnPt%E7jG&=I46F)=`A9$7*319^E33~*O!auF*CwB9W3JUysjAPwXaPoa+COk;XlQ$Ns;aW`FlVh9uFtm0 z)i$N=Ue&p&4;y2*Uw_OKnJkuUbzadUHcTV7K_VoKDNj+`+$gN|x-P=MwDYoa#ye#l zXSEy2k^{T3Ej1Tn5~3A!B}o@qa>TDk!Lr^X;zeRwat3WLagGgKUQB%WlQJ1w~Vpv_$rb zSu`j;_>`klR8deMEGAamf~VtD=;QC@FT+^Ziqo)(`K#Nor=5H<~xb81Q)@IS%d6kcPp&fqL3~wkA6GG`_Vpsmm5YBMpZyeXc42 zR!V)nZ@_*My_<kT4_`)_NjWE?D1jqV&Q z`T&awjYeM{WnT zChdQ$Z2pU8{-0|0Sc4zy@}COwj#cXax9VMtid8i81=V3BisfI6ifGdyL&^}|4yWd) ylpYjKFM&|cWQNpIt+^f1hsWbMR?ExZ56HA4a&r4{IS+tRhiIzlAd9bBKK&1Pz1R@| diff --git a/nitrokeys/pro/linux/index.rst b/nitrokeys/pro/linux/index.rst deleted file mode 100644 index e9c7c61de3..0000000000 --- a/nitrokeys/pro/linux/index.rst +++ /dev/null @@ -1,52 +0,0 @@ -Nitrokey Pro, Linux -=================== - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -1. To access the OpenPGP smart card of the Nitrokey, install the package - libccid. On Debian/Ubuntu based Distributions type in terminal: *sudo - apt-get update && sudo apt-get install libccid* - - If your distribution has a rather old version of libccid (<1.4.21) - you have to add the device information by yourself (for example if - you are using Ubuntu 14.04 or older). In this case please follow - these - `instructions `__. - -2. Download and start the `Nitrokey - App `__. Follow the - `instructions `_ - to change the default User PIN (default: 123456) and Admin PIN - (default: 12345678) to your own choices. - -.. figure:: ./images/App-change-pin.png - :alt: img - - -Your Nitrokey is now ready to use. - -.. tip:: - - Note: For many use cases described, it is necessary to have either - OpenPGP or S/MIME keys installed on the device (see below). - -Key Creation with OpenPGP or S/MIME ------------------------------------ - -There are two widely used standards for email encryption. While -OpenPGP/GnuPG is popular among individuals, S/MIME/x.509 is mostly used -by enterprises. If you are in doubt which one to choose, you should use -OpenPGP. - -To learn more about how to use OpenPGP for email encryption with the Nitrokey, -please refer to chapter `OpenPGP Email Encryption `_. - -To learn more about how to use S/MIME for email encryption with the Nitrokey, -please refer to chapter `S/MIME Email Encryption `_. diff --git a/nitrokeys/pro/linux/ipsec.rst b/nitrokeys/pro/linux/ipsec.rst deleted file mode 100644 index cfc9264144..0000000000 --- a/nitrokeys/pro/linux/ipsec.rst +++ /dev/null @@ -1,4 +0,0 @@ -IPsec -===== - -.. include:: ../../hsm/ipsec.rst.inc diff --git a/nitrokeys/pro/linux/stunnel.rst b/nitrokeys/pro/linux/stunnel.rst deleted file mode 100644 index 94a9982dac..0000000000 --- a/nitrokeys/pro/linux/stunnel.rst +++ /dev/null @@ -1,4 +0,0 @@ -Stunnel -======= - -.. include:: ../../hsm/stunnel.rst.inc diff --git a/nitrokeys/pro/mac/images/App-change-pin.png b/nitrokeys/pro/mac/images/App-change-pin.png deleted file mode 100644 index 17ffc072d2cc9cf4b57719cc5005ec2d531c860a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 21458 zcmag_WmFwo*9Ho1EVxT>cXxMp0s(?UaCdiim*5iIArM@H26qVV?(WdVdAs`?GAz^yMqGp6_o?}VPck=++kTjBY(7U-Lcj#y zkdJKXajUAiwnY&9g0Fwy?}~e5dMjFKk0_g6acq2vV&GhV{BnAI{&;BJzJA`tU*)I! z>b#nK`E>Az^MIoVad$oAQe6@UM$uUvH?g3QJ^`(-kKSS1u7Lf!?(V{~x|0&_t>sLw zEAtL_VHSj*Gb`&9rd`WMOzWr!`bPW?!*0^^td&I6ZaU4!xFj;a{7{%+@>Z4nvjBOd@h^+{VlI zPxhS!OzBg`j=$V-^uP86L3|D6qrX;r5V~wxsTugT8;%~w(9ZLaF~G6^Yr|oRVPVzb z`7O(~uK%Ek>E*`v$-ZXpi}&?4FU8Rafxi7H>qAdi!~%Hg>$Bd9Zqw>*aYbc2zLMvl zaV)BkPx?9In||jS6|dBrtKvZ4?U_UEH~D%*55;v4xUlByI*Zo34*k8=Dx&wDfBw)j z98SCbtFdO02`f_8A;n+o3Q)3diO56xAl%wmjPe>#=n`Q&$h^>o>jr%GRZ$WgAh8!EDzxlZ91Rp}r+p zsvPGlnvxvXr?v$>z1I_t`+ldc`wTA+1;VKNma9z;#?&j$5cDkaM})Y?gA4ZrXc%** z+{Giqo2x8u(@ZLw#6c^@A)b*TBX?%o{TYYz&gY92yH`_{7rL%TeUI_KF7HG+Y>ulV zPD0P8cr{hNbh6DzDp1XU(!Cf2!eXnpXiiS&@@N(}Q;$`%mY_BG7mvks)ek>5JRp@_dpfpIM*D z5F5Jxr=xvCDKA$=o<$$}f|kasyYbjb$xR_b!&d>*0#yt72D7-Gl4G(~1JhGXzohOF zq%IrA>g?>L^o|L3(jUDDQRyp!RZZM%iV&ZtGr*)jVYK#QnR2`|Vzm)nf{2WiGQXZe z%A|2D=JlTK!vEZ~S!|r`gu!mBsA&0@CU@)+{~9@g>J%5VXmm&)uxMqf@b=Z=y&!jw z3wgFhGBPN7@%th^ERJ$0X4IH3Im1L}8{w^T5~dG2(H!{h+l8fHuuW^4b8cbEWeo^J z^c7fQZH+4Did52OzSJB3a}C>mt}_uwE5`a3UTST{8w1C8`HE9CT3<1kwu)xTcG@5< ztBzP9`Z|7xZYlP{Bx;fHJ0#|z+1_a|JGozB{5<2Cz5@Bkm%C5Ho_vesPqy|B_7^K% zYATd*VN#EUwo&lRDWLOIq6urh^q` z4at;fJQzOw41D>I5;N^!Y&e@T;lsrqNxPL8&R$7bI!<-URmf;@ObUJLG3*cJ5~vXS zMO=3u&Qk1Vu`TYe!(3kzbWgh7HWJ4ATfyS~Z3+r9$1-?0dc`GfX9c<%1adEpgq{dj zl7z0dE|rb)bda5Pb=#+{6e$pHM3t|nLlkjTWfQ@ zs-MX(K^W7DSxz&O^!qzh)tug@>=1~O<$0KD#}ZGiw}(@{GDKT-oGOqx*q&|Hk`Qhv z2brzlq7#Ji?`J|p300)sa(~5iUB^q(J0cGh+hm7b<=f|`(TV#>##dEo+&@iRcu^xM z2@rEd!C06PS2GdK#f)u%k8t5Ptd+D9L8}@}PW@u|wnuqHLNR0%FW#yn=DEv}R zvum>*2?9pCooqzRF(zg#hyWp2=R;x}iA z1Y=9d8tcd+b^BM<3q`d2t~oddTYr+MMK->W4NyMBe#5;$IHy?GgiR)|NHgDVD2=YE z*S?rQ=c-`0mI#cI_$yKod^u~^?NbYO#B{2Kt=W2IO;U93;qkeU&&P&)?Jo^qc~o)*lHp-uhen{_;X3JK*q zI}&j$y5q@D>kEoWZfv=1BiFt;cfWYP?^pv|Y0x1B{vyPpEf%ng$2F*@VW_6@22Gx= z<fq5J|ene)9gw{1sqSb|dXEzl^9kU#&xNMQRzjlt@N}UAKb!6QdpGcL_H(2f;`< zT9GYn%(zUD>TI+x!@2^e#n;$1Lge1jkDfVeEoJo*?kZ8B zS(uCA8at!4Z(x8ywHAz%$iheVDUeoa!8C+9dJ+Ze zvsN`S7af)gPwyt8C)~UfOa^~6p#V!#V2_RU_p&mA3Q4#trRIPYv)C3T?R6ZIe#F?Ubv;>(*>s-&KH)De~p_~^I zk_N=Jl`(#Qg1T9v z2Y1&W#yvgb2(4Hu6rTdZO9t2kB#3l>I}nIwQs1S~D=!Ogv#cgn&pIVw(~;|mFSA3h zqtl8!D$WIPeJ4I7m~X6c^eOHB;+DmQ8`>Y>yMWs#z@P$)reHkr$z~iz976zltvV@G z7cpq6NRZeF(%vl6r!D^{xYtqJciGvx;C!mss+L@o^sW~g6b#5f|2(imhu(s<^ZcY* zzdK)phL#c}EknMcmdYgZuYY{|`o4vGMQQz5dx7+V*1vBu$n)wb6xKOHX|z=&1G% zy~tq4!C47$gHH5xA>}_r^`R^w&?t}Cmmt5QA5$lm))6bntQExC4!FClN)n4INgkty zZq84Nus|_RHM?}L!XXtt*#9lJy*+&ZpLKst3({IX#DRQG%g@7f;Lggx{bDQeFD?Ic z)foCe)pEQ>^7g5UL%SPd|3h-vwzSR0ZtB(x(r zk|t8qghN=fb7a3YQ82Sb7HDC+eI+%qL+K*&5(mKk+%+_CTLlm!IbDD_kS-$K=unFS zx>vs`=#3+)UIar6lCoOK0v2|14 zsO1y69i(fT79v`8!&<@^iC49CqNEpTos=4gol*y)QM$J)BgkZbPa&NvaMQ z#qs;0D_pZkq$Tq-hoWaH%~Omk=fNwqD+SM2Mzfk|Q) z{##Fo<)Qvkm*c_kpcOl)2Omgr5SGt~5zd$|t7B3wa03+p2~(!PJx9|#&SFROcDv6u zm1>zXYwDGZw>XUwvif;Q)d;9lrvqDqR*VlQ%1^Or{LiGGRHpte-F zleA(kv}(qNrRDaq`tkKtsLSfj(tPA1ovik8}OaSAiaW7sXg_IkmbB%Po#;w+bcl{G7xae=?5iI$$Jl(BO3TUeh`z>;d0q#x ztzR2*W*YvOSbX6~Z^2quL9rYvY=~+8anIMgn)y@pr+hr!gLu_Kb?W!t;}pujfsoqn zhy$VI4zoXOXoe0ne>dnlR3M^$*TuI^hT))BIzy94AqRHtkBYkQ$=M+{xIT;1T<(li;)b_TRqEJYlw|8#8ITt4#Fk zmZmJk*|LVCpA$4%E*oGR4TJvT=J-p2$jo$HlF)-Hc8Cd4ZXE=*D-@0;3+jt2pEv{e z8jlTV{`#P#R-S?VYSXou|8o>6Mrl4$7)7=Ey(6tbM(034I>Quy$n@1F72Rj+62nVU z$ZHl2e>O77G2TTV7sm9qCwNE1KJha!B~tUk6*Dzn%6bJ6K!){Z;Q-5<-oWMk&Q2Gm<==fC`;eyYmr zdq0T5F9k2*w7~o?mOeR(;`%pV+aoXr{Xh{3c`GfG@Yl41Dg9mhtkLl%ZlI3O^@E9l zJKntvu~1W;utS#C$kCaTcIBx`(pL^!ql#A>A@LhSN2t`}g10DJ>YKAjlGCJDN6fqx zN5t2P`w?_5L#7T|$wzz9Flx3FtO%i?H^w~S>Il>Xb(hFky}_~xdlO~lt^n0`{HB&G zW6JcEIUA)<3nytgZnGu@S(<|^!$WN0xmJ2aN;t#hq|jq=)`R7XNp|=@BISpAtjH!B zNW~S$TrJYW6-R8oo(ImuUmJ+3iVw(2M|oMl#)QP~&l+BvQITo$-sVphiP#~P4<-nc zEoRaDqHfGPqs+HWiM7thjfYekIpPr_QhjDU1^c0#MpT%>$^u4k>uR9 zoTt(JOqFoVv)Zn}V!?_4@s1?vX*OJM%jgesDoH8DgmIa5hXkQ*LD#^s>xEr}L z`A2GFBtstkr+wRdub9u;zqiz!+V^^T+&Bw@O?#RieOWT|AHp8>>KjH8*64CVdCH1{ z>+qU50xwcYOf&K1JB#0XUo+P29wzRseAk%kO>RN@l^X*#8MlsL`L{FQz50%Yv0=&- zd74E=RWxo>(aG2E>5aR!<&tPM%*P*!#4P{PW08D&`y5(Ib`iSoq6+w-pA6-s#6j;L zfATs?l7KU?_R^Y8AP`dD$6v4%IwU;cB($@Pf&}yyED|gl+^Ja!4G2UGk`WhCbzeGN z^>Y8J*2#6D?2>Pc9H?}1F&S*3e zQVr@8EsZ0kzgD2&3T~)zeO&hOxMGIh;qJ4C zw|7QLcE`Nl;)&h-5+5Ib=9nZfut^V*gAZRfm>T#J#Q?rY0OQvm1q%484n1&N_bE{+ z3l`mcxZKwFJS-YXWhyuafega8T^=w~Cj_5QZWr{|o9xzC-PSv-7wa}QHnREL8h`(O zdG30DE?28yWo4a=0NP5R);2NO?L`*K%F6OSnk^&XbIlU+(<@T3S!uppX>qb^zmzmG z+K$FyOH4`{RxnD*<@aEvpeV9pxa2|Wa5EhD()>!)`CfSW5%pMFH=0RscsVqn3d{aAmQ`6 z$H~F5(&}o(+{=rhBq~kV48iTqqobqhDz?)4j#|6*&fwtS+vA0bxuaOUgan79Z}EI~g?8Gw=sH?NMn_3o+-X<8Xx%7z zTc+PqlGb8BP;=n3My?{&D5r!iYrRd2p8xdHL(j-_7ii_Xlf!sZcbJVru0O zLo%Qx>ljN%j+A;7kU{sxW60Yfs-PG zg-J+Aq^GC<`SYiFwUfRZW8LFV_s(jm$*aW z$_fF2nElb6feEiI;N04Wn;IMQKkg*asaK})x*XBfv^zdrY)(&41B;k#La)V9;^!Cs z>rpmj{tIELhCZP-ZJ(oWT}wCy1zS`KE|OU-_S=esrOB*Vr*Ahtj`HUNN*S_znhOm5 zW=#28f#CaTGbumA+)PXHbcuR!=Wxa`s%j@rGvp%avi_TTw}JGR;zDT0*?0H%w)0Lo zX=#+GexcW!B(KM=x7!+MB5!6In#1SwuKP=s!AHfWSyHcvk z-p}^hNmeWic{i`Sgb=D{^UO>xvu)lUp$ok2@L-_4nbsr`fwjb=Bg=EgJ-K{cZL`7q z@ecdVp3!tRsW`$8r~UD=uO(u=k0MHNG_ZKeWbIQ-F4Zpd>&6LE&cn2%Qq5?90a-vh%Ipf z1G@N%(hA)De*srG9Eilk;=rZgqccr&a$V*bYQQW_!`(@M4MksN$^l=q3mN zf6(Oj|9^L(1f34nm_;VLi2tS_r4p58YXKZ`~_=Pd*Ok{4kLmhK(Zuh?IX7SDuM%C_d5^@h#$h7+^(+1Xj6gqj=~QKy*pnDV}wu^d2x{QuAuZc9)a zM;(?a#U^gb-G+kCJB>8?c98YnUcm4I(8i4B^7%d3@Tfu#* zSzB4Pxg7r(GZhO1{KJq#orB*1mZPKQPQ*n=i`)IzK(_tu(cJMu4O{P*XkZnREO8;g zbtZ`$wbbL;epz|sT>0)T*k#3JZD%Lt3J!Wem;yQi0JkMor``Q>x=8Mf!o|g9p<4IY z*rlu-w_?t+N;!emEnMnf_c*X9H;|@)w)H!`J$8pvM%OtrPxr<$pYP8X4xPDdS85ln zfs0i6yCbRkEsi0NZS}z(kB$YM7&MXi0LmGY@LJ7R0zj@=H4kj6&X=o^hK2^xgwo2& z698kR<>gzA!_F=&Ly@QKKSkp&$Iw}wK}V+s)~w$M@RSb=g;rozXNdf5C+*D9vdr3g>Z{v zV{KhoQSrRI{&v^4{(1(m9Ar4Sr4FwqdCE4Q=R3ah_UnD2_s6@_Wy=PwnuQvjmbzcR zF5jNdk(+r7Skr6BNfVDNJw*34l#3}y^HniX`zZ=7O%fr!K#u(E=?vtyv@9~$MNfe$ za(e1zIfct1#xxuW{JAn>-}O3mG^fSM$@5h$e#D3WHRLQRZ;Z;G_-tQE1dHpBN+u~T zArXViaRdZML}cW1#c(}f3H&8=4!vqbo*)0-`3fZ_AYP)F?Rj%B6&@aLG#DEa8j3dc zbbFj$!IF;G9ugev{jeE^ii$e=&i7TfJTgTcD@I(Bw?a)GD~3FEsEO4oM}lngI>s?u zjloo4G*QL2jG}XmT(@dGKd?#x%aAp>)ipFlmjDgeLg4*AE{y0g?qqq9w83`9w5 zZ*kXX<)xU_qbXxEvC=l-;!h+^9L47WvGf+@ly7T}R)zBV@nywRnHIH$kzH0j^6EPH zBuqXMm!Kt`g2O`LZcz)Z!b+7Ar~bE|*0w-7Mum%GRrJLEwUZ1jRrL`NC%^|Ps;hI@ zEzmaa#eeo9>xhVm&rVJnFk>4U8d54`V4$N1Ipte_Jb*@M`&gfDYp-tYzP;v^pYT+& zpU!xcv-St1G4ddA$EbY#9)p(`Qq#^kTRw9SbJ;r6Z9fbrF35fo^?zK==Uby)Up4>o zSAKL%&GS+vNLb5oN;+$T=iQYFQaD^xe|W^JIZnu0n?2FEX8N*z z(UM)T34=EOu)|mS3NQuH~lNB4n=n6u-)No^ljRp1dY202r918lTcskc@ ztKa&%{D3JdJ?zuL&n2x3x&fOFH$`Ru-#2>r$=XzvcmeBXWpluglc)3eSi0Li;a8AD zn8epS6ULXj2DIld#e(ZB>~n1QPNsGtxhAuQdvYq{s8{oPS@tfrsBMx_l;3EkdBTh; z!(uz@l8+=DX<1N|zY0+F@tg@5HfVLMi8TB>)wGJCO(EFRO5ca3s8K|z$Yz5yxzz69 zs~r?nuhrUmHHE!yT-H|kk$U*#bxHk9$Gv7dfoOJ1^>zp$is9M4Ta%fH(NZ4~9;`X7 zy4NOARz5enSkoLl%Qwedz`E!WzY^+9xm%*RXzd{* z`5x<+<;M!A+onSpwU54y?^|?CS`<~d%|DrgEk=XT9Hmrlp9CI3W8gM{v)2!@wpn!` z(2p@XAg;eSgPTF$sYcdmO^39$uiMUt)<2^IOa>x~S+DP@1w3kTM{xLtpK@s;;TPI$ z1KM}J^yP!$miAmagBSX3-~1E-!()<4hON?s2sE?AT0#{a@Hs9ZTEaT?(3h3u4Ju)S`nQ?hsnY+#g$(b2(BqJWG87RIKyYn}cSp+dCuiQ6JWw#g0c< z-S(yJrfY;qV+s$YF;`oPapO~SxW-!&kg~4cB{O1B&uSl&v_TTMNukQ(0gvK5YgN1optlG7=Dj4rc%HB82xHDfN zzGAuhfj7g8d=^e!>3YlCa)XB|2oK-ktw^Ka)5DM2OPP!B^IbO~^+@$)^>0X2Rf~xa zKEh2QU%aH_EGy4A)#=3-8iBdKlJGXoE_3wImpAlUppK>*6e##8-PCQ_y^Y~gp}ALy;P6?*_$Gsob_XNY`}79`}>;hA{2j-;c9UKTs@Y zXP^yuMJAXdw>cl8wYuA5vza3Bf`x)FOvti8IQ#Qq=W}0ycXw|+gc$kzZ}gA?tkahV zEkva3|AAAhJXEq`&u-C|c;i7eP8T^yxL`SJlHsBys{lwF4Ma!8#9+ce0?~aHK^f%# zR{ZlPNjC*cHarkZB|f<9f6j#PI^0cG>6ob(K)tQ3tkSz8sM*<_&sJK#7R!rJ0sL2V zHdn1e{dBQDOzmNquI6N|gO867?-k~Q58DE)#OwYnCNeT{WOrPSg-Nfy+3)>L==D(P zqXXgar`eSi>-t3%6%_yxHt1gf@Vq}?_uCuAaR#P^ppe~M8$P)G=z$Fi3S@G4rl6e{ zdxv*(-F;P0U9$M{&rckej~>+Rj~DSNv1~G`g>GiprQ=e20GPoH$u98|ZRk>=Od)^2TW#iOiTmm)I@c_V;8ukeG;XAsEzD5o?eB;Ob7 zOu8QWneqz&{z2GbF+*u86CutDXb?hdi%SaJn81m97Bh<}=?7Oh2&uB3ZY{iuzj+&S z?4O>u#&7X3DpTsz4=yM3?5n431n2V;n2Yck*r^}TLPUGC(#5x5N9IltFRih!+vFup z>I&5Lml1&hkcf9Z9nlFf0gUYJ^8s2xo!|#$aB(bftO&sTH6)ub4*XihL7NmEffgm1 zSeZJnQ3b>RpPZTegul{ew;50DwD9I_|6_ltuw=h7JQ@_M874Kt5wr>BH0BKN#2gxR zw0p#LB4|=>im*t5U`RtUE(IU)*If3WZ9{p#Exa{V$B$Rko_amk-ag9;MMZ#4S^?bX zZ=StvQ!Jc)A_ge0E94+MzFcbzQo1oq-t^wQHcf$i!jx4xEtQFDo(ok|_EyrvHz&RU z%g44(PpjAEj9INgKmTBGB;D&=yn+dRP9g9OF5(Nr`&h$BDW?b!dIZYa?Cm8L)_ zre4tiaEFO5)(RKC-KBk*MPz_NFg0My%1_ff{762^#K&3Et&D8P8=!28)2>q2v4R9K zJBz9UG=i7%D*%5M&e7|4qDnt1+lf(7>;yv^hXLwPx=5)={p8uRo z<`nbMJk86_0P8cz049_=Vvd8>QC>1bl>-d1un&kvG6Vb9kKPN$Rm?T=RCP5&+u(S= zS|!Vs?ppb2)KqgvfUCd?P-LJay|na_b3B$9^`CGMP^wc&&ZROIGFF*A_&Y{lCS&Co zEykmL&;rZbqW;lh3wcU?j&G|!dVp%b zzn#Amaxa^IxqwHr9KH&6Z)>{`prZ~C$Hm1Je0wko5N7tcGJc`v0wKsEA|g&rP3huC zunx-l{fSzp2ZDwDn)UbPMjNcCex<r_@sH)S!LgxJb&iILn-xM19 z$r&8MA#EJ+M-Rpl%vY(TB9oO+l+S+jqJK60xe!Xc-@y%{_P0xdK)6jf7&{i4!;53} z^SiqbYO-5v_PHK79A+&p{Pk3jx!@;y4~#-GUk}!EdkLxkrFcRp-CqBxfk>MvLy2W~ z@D5AQyb=+I^Tb(VG5C4LY3?1}^BXoVs=;4ND=T=|{|+Riy-WAzY#d_oh;T-B?`&y{+1PY=To?bRD<$(?g*0lo-($0{zJ%U1iL3tfJGNdGO6$Q};Pq3yS!onq zTw>9#E}uC?9-*UQ6S!DN#j2qh{^#hT%!@izuU2vK<{~6Dr}k|Mc``eJ8Z`!=hn1EV zt^*84nKa*zkk9*QJ8_SRHXF9pb8tOKOf-Ue_nrUJv-)9_h76TMooJ?FfwEYRQt90! z&uB7rKGs2;7&XB_tvIh9Q89`z$_#lORBrH%VMLp=(u zt#5m$k-Rb_<%wh9qh$yRg*`5t)~B4W-wj;DLlA}%KDKjG(X0-_aEu8KYU>IYR^`!lj6P1XWFNbGYzElGiZ+?)`lVu(jM4a-#FE;~S;WbH%OZ;HG5Dy%-k=ls4j2XVYgd!%&5asJ7l9)C~tc@F>=Ua(w7gT0!J) zMXX9ZzPhV#wUQFUD|*8bf~EOfUSEq-j&)w4Kt34x6-{_`zR&vOa&vSycB`E(NsrHW zRhcPaQE6Qs{A*-&?IxK~e9GFVsp}31Vt7mmM!~ci6zTddkNnr-8O}0TsLD_62&_Ka z$GG`UF{z216N*%%t^2=Ra0q@Ap9Vy8OBJbkYJRN0U&W;@i_wrBGxQnYRXY3pJMh1kyRs?9}ob#jk^!*#v^<{(Zl?V%}-wX73%r|Sa^C9n7Qufr|9P$ zr~D+c;=l%Fa6g;tbC$_dgWVI1S5?(s^lKC_lbBQExL$vvCqKv@pH%5k&N+SSt@(($ zLn}oGjtc#>2(jQ1k_84z<67)!UJ)%7R<4yjdK(|OO1~>eWHlw7rm|2+7)67DHb2~) zF<72D#|#jKnMCFElhPC*9NcJyd-6FAH`^JVb;h)eLsI0o^^o#ve$z2kRP4vy*Hn6* zYavhL4#nT}wAEhxPPDJ!V|v}k(qI**hKB0nWsqdV%O%J=#FAg--4uAOrW&ld;wxm& zI`4LarO6Jp1nBPlu06Y1o#an?Fg^sT9_0Rn4CkE__ml@)`@Rx>M7r zvSfMw$*o<@@V%Utr3j5Jt>HiL?Qpe<876n4Y@151UA0t;dgY2!V`}?u*kAzgaO_z44TKg=`!*uEP! z5(`y8IeYs8W4{(WH6uzLTB)N_YsiqvwB|`4#UceX1U35J?g&I>V8dQ>uxb?@h=(u( zxF8lGlfgvcQx-yBz#8qi-YKAa(GlnFG{d* z>JHvrNd?SS%4$Cr*0Vyy50_`vmeT^PH?foxyX)h_=e=rXq~tafQB7sOrciup_{URV z1y~9akAgLkGHP=V&87qYv80B`q5Om$S2Od`>K?DLp7#G24`VvXxh=jlvp__>!-2rI zPRER>4qW&=PF(C9Zba>U;)o!W>iuP&?fra%EbcXy=6x>mvwG*-T6vdm{Ppmgulx4O zjMqG;lRgLmf>`4EYF8`$IyzesAsOJ zl-%X@JHGppMnU0Y8z7TGK@La^)w+h9w1i@2J@LC1y}gWbYlo7|{qn!>lDG^6WDDyC3jNbpDml*4Hw$>b*E$6T;St#KQ%y*zYl8ZO9db6~QSjYra^ zU2hVSt<}DKV(nTIfG*F?)n<~t)y`F{PPqiu0;9~Xu6F&lXO3|ZwUE+Z-@k>WQwf=x zDoOJ@+zeO*ITHBb6~AYIlw}Yj;pAv@9So?O z>pzSBW+Z{ypD68=D37@p5?~bgQDC4}_?Z^qhX23L>Gq%e!}DR2+ATLKl+18&a6myr z1LHp|E6Eui8UhlW2W=!0&%4ad;LP^9HvYn5H$zmp?ARwln_fUhld1Dzt7SijEnU8* z^NIEe2?Pq|_M2&uEJ%=9ILudS)|-w2 z8Q#=0z(W2ID{fuS1gJp9Eh7W>hTy}^_Q??Ny4&mxLnac;`tf5Rd8O4Q>d^?uC1ux) ze25OLcZvXhfEP`kizV+aHCWkoK2oBt`rNOwnT?D8*A+W40|SE+|E0LDEKRMuR;)J#SA7U5tQ8+s6aEs0W0QKijZCJe|TmnJ^4>tF@x_qx>Kz z((vE->rb^w^QX6d^X%?F6}zhIu2#1G<{taSP<@+>RZ_)!>V21@vfcpEZ2&t3G@l_) zNxB5&DAASpr(%wxhmAY&(&y8YhdeF*gFzS7ZbjLGI{!xPs(D;Y8Yk3(p!pV?5DS@9 zr|NP5ZGn$I@z-79^+NWtv+~xXBcl2EH;O&BfWdn7jKcmD_ieCGUg4bV?96^Z-l@cE zuBbe%@b}EnY44Z%q4XNos$ZQEujQv6qNHd*1nbBN7Ge9uktAmf0ujo7)B^ZeoTf2+ z`&`5a2U)>713lEZdi}38dP$73MtKi{CzA=&Ba9A&P>tfEmyCytyJW?XaGbSRj`geo zSW=q|c$K}AWVs7_+G)J5l)wQN0#{(_*ginD&Gf2_Caqu)v^iXcC z;ZW7hxCm{v)Fxek>lCOhBee*S?!Hvr@_bEWnAlLI?gn8_o<{&=_Rf**L%xvnq}Mnj z$j+Tj6h|I8J$jQ}Bd|J8mcL%{<$H1GNGEmH9ubnt=BA2dcJfF?faedZMRG{onPo>Y z43XaVmtLw&@AV&wj|Lz8P!Jd2$7NDh3!&GUXg7c3&u@+$h)SZu|AD1g>T~yto5+ed z|2H)27WdYAr^a|>x!S#bjeynE4>wFNS+<3H3$w0xf!n6chF@P*YS+PTJj2z$ebaAs zjtJiy&&ETW-d(@Ms#t_QP$wOwtKVx8+V8aQIbxmA2oaHDz7HsDXh>N`gWy31_`oKv zma+>+LdI~eNAY#aZsi6c>wpwh%fhsKgt!bisn)IaT)7?csB)p2iFHe>dF4H>tdD9k z<(y9%%|R*8p;e)TOn=Ig;MvuEW7muMnIDN1SSwlH;YyWu6Ceki52uTOWGs3sf~VAf zbR@%mVXl0?G3B|{@%ANkY;@(k1z1&2uzL|kmJ5UxtQqiMt=*+g%&QsgLmaH4KpnsX zu-Q76I?r8=?HM6{*coQ~`|iCsgii0tQ9d!3!<1nu@$0XTP2QP`Wy}rll4&8AxbGt4 z8gXoOYNZIjKK1(%`M5qjoc45q?sc7kbjZlzZDDdQ;Gw+VYWk^jB%uJb+V}tU&ruti znhN;*`>i?I+N2U_j1BCDfK6S;L?Oudf)l9sH)rW8+lN_z#>KW|&t*5s4iX9qRas1| z_i}p>3S7j{FkhG$$V$K zS2tT}{1rmr-JurV;7uC`?6XxsegfTp*f6BHKyHjIj{oXrMv01o;^%oN#^Vm&LGT~( z-R)do)!9{|uIIb_!JN^znbzcFivwzZ##r$h-L~Q{)U0f5QIV0Orq?leKpV~9IWvJ@ zfs?sDcZ)#c?&mY;Q|`fm*P6$3Rq9(EtS;DOf5HLKGZwwZ7v;^?ph#)*$mnQ(hppf- zQ!6{W^$ssLpg`xRSXd}BQ7oV)Cw*TowZ!}ENr$siLe@YB0SN~{&Sn*zoq}RFNlEZ= zBM5oLFQF|z-*C0nw0bU ziV!9?u>Hd7`{I6o<+kQg(%9HouZD}^-PyCDNqqUpX0B`e<-%tcz=c*7T|0KPJbm&5 zz%%G0R=~#x#)y@#$%e|eL2_4&SBC-BfRhpiwC^CM}K3yXp`*v%r0f9gYo3xz` zD=YpuQKQ#r4TWmsVKbxursDqwcHkM#x^C)lKhAfK&uzca9RTq$LOz}5ZG(RUE*Ux^vEl#FmL0989PU;6%2Aq_k${}r1(#VmK&ooYpEW?kY06Z#FlixMi ztDe3&N|jl$gapvzMlAPW@46;vFD&z2AUPK;;DiaA3UYH%#8V)`3FbD8iGK>|fa+9| zcb<5EQ@ZSrLL6uMRahvWNgOTU(<;cqLc-3D!AA;YS7w(JDdap4V1|sTQTZfdhQXI? z8?>xcjg{qGoS~nZ zHai;5VOlCS#{U6s-p_XLmd3t>I|?nptV4PJRszA^BDikZlr4+sR*WOyH1Nk|D^Khr zn>=`S{z!ix5s{-_y2kGJwynhYdOBal%>XwUgF?V%i(gUr^XH$1LlHYB@?LU z$(=~Gh`CiDA9pP*{n=Nj#W1ioH*^BvgtKjKNU(>8TR!shRdmp|lf97`{JFcah={2I zDZCh>*ZanWvo_==6|e)zaKWp;WC2~BZ18xEv@x;&HmT@hcJP~92>y%~=d6ieTB=QW z$8(_-d4{&=>|=9i&KVXLgU9se(=abW;P58tN)DQRw$rPBt>*ditZnt>;=|}Y-!AkQ zFK`$O^c?MV@|!lANNJuoay^@X>l8PtOk~6 z_cG`QFp><8W1xc0v4fjhnlTkR>nDZQb7jh$pjyU}yz=0n-F^b#K{}dNe&n-|Y8+t4 zG1!vLA>O^abWIY6z;$!lEJfi~tXciIl<0op>}c(f3$=-yM&af`epyaPaf9 zb(f;8^C)fj+^Ak*QrjBjhj)DRE6vK(m+!D){Ng$-tjT`jhkGIQz9&C!amuBWMVr}a zPG+|)-o8P*aOQBw`GX(}80eK=JSj2p2czzh9%<^x@_z>#8{4Yb2U-C;TAzw_cKZS7 zpZ6>KhbbAYB*AMcs8m_4oNhdtH^&o33%qly^d2aS60^DL z{lX_>;GvNKzNSQMK!XoOPrG-5I$h72v?0BWpUtnV9nZgk;$rkMq7E zR{fANCD3XcB_IF(W(&}NG{nB=KSZaK)w7tJ8BX;+NF2@=kO`dI2PJtPBNqrIta+;nM8;%AQfKYe|C@fPds+Aw!~iZvhPJhP+X^s zCkkuNj5epULl=W<#D3+H)MR${-c zGalpx#z=Ey8Ob_>Q0)O0CAn?2GN)>1yypv)CKTkV4MgE5l>m`)Uh{wh`J7X`$7LYE zNx-czir2*u9CW4{&dQ^up`oFtmy?u)PDCX1Up_swe{gVrXUF?yN-88IMEXn3AJp93 z%2eAyRoib7bL#uzytxw-MfAVUS#a2raz2z^n`E}nn^0<@quI}U{&qI8mI-eA>V3t2 zbJ{x$|F@uTy1HYd^L4hj(8A)T^&asjgh1N6MKIS3>of2BA>aSZ;aDOeMidw{baVi; z#l^+#?U{L@KLr5#?%?3SHbxxm6MC1Vu@|AqgaGxc(o_z+O zTukf+kUW5L^LsvRNH?XJAZ;SyT{eez`($2n;RD==T@c{)DpCY#b1vtQ)R#lw^ zS~oN@0`y65Z!ap)p}D!aySuxwF*zHy#K)|FwV@~u_`ckz1pMytuv30-*SVuz@yLP? z8ykOuSkq5{v8;Fb3Dw*Cqh?fKw3rnG5;5UP_vjK-?(%7{f6mg2$hYSn;Xb#0)qN~NAo_nEA0F` zSg2?C9a_|)c=8x+wA{gkTQ(3uVwtm-?PAjuMMVBTt($o~lJ)0$UGG$UQ1#c8v zW-S@SGB$J?D9NixDmo6HtY8{805lPP412Clikeq{tbvq2ygbH~#4YE}o%Uk(!?;l_ zFb7Vc!&H8(^@6kD@puCR1Mmhww4@rhyz7GTA8bIzJ_2N+o}M1~&ehdbPcPP7jK1Q+ zAro{l9wmbLrC;NDV%DA#FLPl*Now%*UKzt*$B3C$ zOh>~>9^=t)R#DSd*z_1a5+K#}Amr~Z)`~B8wAwpF-_Gc?126}m8my`UCJueVQ=a%Y za%RqlrXe*2Ndj!jAPyPuc)=Tde3M)?r#CZ~D>;R6i#tah>7*BQ(&m z0HvaPjg?OtJF#~1CgA3QGvbH852g)-yWd}kuI>v<*O-$EOw7TS_?3d7rEoz30ZKn3 z#37eS`9v8wB>#1kLg43KIpRj|MUA}{#m>me+O~I6%I^m?BxFaUZ`@Tw1Mp}dNQ571aoJQr zjNR`{lAIQPNKHcnm45{D!$2VcoLK-KkY;1D6Y^^a#;JzqR>L_uE!wz4+fYE~h#lf8%#Lt`s z$TZ-hffJ5u8Xr)BFPNs{B<1ATDS#OTaoI}$-(?0zH{++$gTEtTkK2x1x1$n;|3ll6 zxAxQT{`A}a!f5_`+fil2pKjkz)e^`4-SK7oUE9%+e>(Q~GLDb^C?34lrj?qK^06Ga zY22-NJZ&k%!ooH1S6K_a!U^)nzc`P7>F;017jT#P5!IXudYXX*F)pE}cLbaK+R$PmiNxUw}KLl2dW65gAAU81F>b^F4Z ztLRd|+$S8U@-hU#J6;3 zGS!9LWd5^DqnZVoJ9L^cX!~8(E1sAluq}bKDIZp-&yrH3VP#31DZnp=iB&BmU6MU~ z8G1TG>c&AjM#X0BpzI`pbzT5JC=`=^blGt*mgrPxLDF6t{6eH<$l?Oe{yNper;QR9 zAv^YrXnn#{y9m}+h4oa4M-GWg(JHwKgN??18}q~EzYYKRaih_9*WJv_j7J++S?THX z!itm4YiZi;@xh)s}U9(UjgcrVo?RWZ#D7zExG!gUuqnhmr$xF(nej5zEg7>8u zjUv0H2lb!Y>@^M1nwpxDV{I)lsc~^}zQopiVJ25A8^nC=`=m1T*i{EB8`#ac;8kgN zFBmN&g=N)Ok47fE)%=N*J?Z?ckx(e~hsbg$V(;Ge_X(slsJ{saK{e*7GXv~L8(CrO zZ79>cP|!&$#ECCYmX1hV0wgRx^)6cQc46JVT6aEH)I>zwL6C1Mg@bI)bn|G?vAZpU z)0>TXgLD&72>lA4@)ZQ(H{0IiEJ{T|j$2)}G9UUq+EvwMq!-i(xv=Y{a2K4`M2+i) zAg8{qvz#U@hUnlD+=zeTN8PK|REI?-cz1btK+Bq$zXsk*nw+s}Cl^BP zpcP!-kxpNE3;T52aB$2c(1G^H#&`>4#A#%datYpNq1ne0E*B@a`8Klw3ee;Aj919M znaFS*XVe~{+|B^mo={f8R^-to@AWzMm9jTVHci+xwm`|YKb;ip9g~W_d8l8(=UoB8c&@|)Y<%vPjHgl!5~AC zl_!Gn6kU3wgtB0W7#1PKAR2{I9{qGq*rZzGx%~HZ_S%PDV{5`w3+h!gLUg!@BpJ{@ zR*sV&qqKmMcl)x+{tS5yhjrnPsC&3?{%vT6BNfywXPfd1(6HgsU0&{o&K z&0I31*co4O3s{il%J4IvL)T?u1=5$u+wV?!S%l0xOZ2H$z-=vzBtBfaHzvJV)Ac~S zK{hoEwTD&Db2_hxvl{cZ5qHgXvCTCTt9jY(yv&aGjA9f@Ka1cElznfl3D$zyuY3xI zlPj^PmANjvuyf3?i-HXe8~}5+iI2PoNyg0!n}sgF}DokQ5zmHp2T`@ z>rDkN@eRoXZy^B~Olj*&5SiF~9cAdj@E~&1QkL)2`g+sAz(BrmC)IbbZf`!G5{F$& z&lB#oR*LbupU%A^pXX+#TmBkV-*h+8jf^ki?8ST~|9f7i(-1=JifQ?YS#51dg>*iB zhl}{?s`zdLE~P0C5tM^~-S6^4Mk-mA1`@I%-cr6#SbC%0=jUtea${+EW<%8pWVp}O z{yVN_d5ugPwG1DK?=tJ5JjmUfJNDeZy2VOun41Hqr@_kY)_=Ys$;WJ8eBD|ZD-qX` z5+gI9YcA>6oxQGzkorA;qV@HWhf5>>=yZ9jI8e?Ka?h5))M!{@tZ=&0&R zYU;P39!USzEw3`+oBE&H(@T_G?`0C+&z_q+34Z}FuzOO*$xgGD6S)IGimPMJY?>q1 z4u)%+8$VmZr|+xol4{0l!d#%0L0v+SGIhxrvZE&=cG-e*`< z)8|io;=mG`ih5EQ5!THj9NEp#Wtb-F?`rD1DwIx7__!q>^J%VR5TRhF6rHhpJ~6SU z^_2OI?`4lSOh@!bJd>A`CwCq&3wgjlwBt6-P6T}gS*gW#|Gz+L7GgW zXS1ilSn#T-pNKH%yQtsEvH*fl# z(6dQHivHd57n~kAtvcpy+T!lYjlOf;iYk0v7|8)`sZVw;cX#^cCV=G(CgvKsLzmzQ zwK;A}?>>&uN-!<7T`sKi4D`)SJnPt%E7jG&=I46F)=`A9$7*319^E33~*O!auF*CwB9W3JUysjAPwXaPoa+COk;XlQ$Ns;aW`FlVh9uFtm0 z)i$N=Ue&p&4;y2*Uw_OKnJkuUbzadUHcTV7K_VoKDNj+`+$gN|x-P=MwDYoa#ye#l zXSEy2k^{T3Ej1Tn5~3A!B}o@qa>TDk!Lr^X;zeRwat3WLagGgKUQB%WlQJ1w~Vpv_$rb zSu`j;_>`klR8deMEGAamf~VtD=;QC@FT+^Ziqo)(`K#Nor=5H<~xb81Q)@IS%d6kcPp&fqL3~wkA6GG`_Vpsmm5YBMpZyeXc42 zR!V)nZ@_*My_<kT4_`)_NjWE?D1jqV&Q z`T&awjYeM{WnT zChdQ$Z2pU8{-0|0Sc4zy@}COwj#cXax9VMtid8i81=V3BisfI6ifGdyL&^}|4yWd) ylpYjKFM&|cWQNpIt+^f1hsWbMR?ExZ56HA4a&r4{IS+tRhiIzlAd9bBKK&1Pz1R@| diff --git a/nitrokeys/pro/mac/index.rst b/nitrokeys/pro/mac/index.rst deleted file mode 100644 index 91aee577ae..0000000000 --- a/nitrokeys/pro/mac/index.rst +++ /dev/null @@ -1,51 +0,0 @@ -Nitrokey Pro, Mac -================= - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -1. Once you plug in the Nitrokey, your computer will start the Keyboard - Setup Assistant. **Don’t run through this assistant but exit it right - away.** -2. Download and start the `Nitrokey - App `__. Follow the - `instructions `_ - to change the default User PIN (default: 123456) and Admin PIN - (default: 12345678) to your own choices. - -.. figure:: ./images/App-change-pin.png - :alt: img - - -Your Nitrokey is now ready to use. - -.. note:: - - - For some Versions of MacOS it is necessary to install custom `ccid - driver `__ - (for information see - `here `__), - but in general MacOS should have the driver onboard. - - - For many use cases described, it is necessary to have either - OpenPGP or S/MIME keys installed on the device (see below). - -Key Creation with OpenPGP or S/MIME ------------------------------------ - -There are two widely used standards for email encryption. While -OpenPGP/GnuPG is popular among individuals, S/MIME/x.509 is mostly used -by enterprises. If you are in doubt which one to choose, you should use -OpenPGP. - -To learn more about how to use OpenPGP for email encryption with the Nitrokey, -please refer to chapter `OpenPGP Email Encryption `_. - -To learn more about how to use S/MIME for email encryption with the Nitrokey, -please refer to chapter `S/MIME Email Encryption `_. diff --git a/nitrokeys/pro/windows/index.rst b/nitrokeys/pro/windows/index.rst deleted file mode 100644 index 1e0d8956df..0000000000 --- a/nitrokeys/pro/windows/index.rst +++ /dev/null @@ -1,46 +0,0 @@ -Nitrokey Pro, Windows -===================== - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -Getting Started ---------------- - -1. Connect your Nitrokey to your computer and confirm all dialogs so - that the USB smart card device driver gets installed almost - automatically. Windows may fail to install an additional device - driver for the smart card. Its safe to ignore this warning. -2. Download and start the `Nitrokey - App `__. -3. Go to “Menu” -> “Configure” to change the User PIN (default: 123456) - and Admin PIN (default: 12345678) to your own choices. - -.. figure:: ./images/App-change-pin.png - :alt: img - - -Your Nitrokey is now ready to use. - -.. note:: - For many use cases described, it is necessary to have either OpenPGP or S/MIME keys installed on the device (see below). - -Key Creation with OpenPGP or S/MIME -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -There are two widely used standards for email encryption. While -OpenPGP/GnuPG is popular among individuals, S/MIME/x.509 is mostly used -by enterprises. If you are in doubt which one to choose, you should use -OpenPGP. - -To learn more about how to use OpenPGP for email encryption with the Nitrokey, -please refer to chapter `OpenPGP Email Encryption `_. - -To learn more about how to use S/MIME for email encryption with the Nitrokey, -please refer to chapter `S/MIME Email Encryption `_. From 29202e292fd733efd316c80e6177ce6fea64ac76 Mon Sep 17 00:00:00 2001 From: Keksmo Date: Tue, 30 Jul 2024 18:19:08 +0200 Subject: [PATCH 09/33] almost finished nk storage --- nitrokeys/features/fido/2fa-website.rst | 6 - nitrokeys/index.rst | 1 + nitrokeys/pro/index.rst | 2 +- nitrokeys/storage/getting-started.rst | 0 nitrokeys/storage/index.rst | 28 +- nitrokeys/storage/linux/2fa-google.rst | 1 - nitrokeys/storage/linux/2fa-nextcloud.rst | 1 - nitrokeys/storage/linux/2fa-odoo.rst | 1 - .../storage/linux/automatic-screen-lock.rst | 1 - .../storage/linux/certificate-authority.rst | 1 - nitrokeys/storage/linux/change-pins.rst | 1 - .../storage/linux/disk-encryption-luks.rst | 1 - nitrokeys/storage/linux/ecc.rst | 1 - .../linux/encrypted-mobile-storage.rst | 4 - nitrokeys/storage/linux/factory-reset.rst | 4 - .../linux/firmware-update-manually.rst | 4 - nitrokeys/storage/linux/gpa.rst | 1 - .../storage/linux/hard-disk-encryption.rst | 1 - nitrokeys/storage/linux/login-with-pam.rst | 4 - .../storage/linux/openpgp-keygen-backup.rst | 1 - .../storage/linux/openpgp-keygen-gpa.rst | 1 - .../linux/openpgp-keygen-on-device.rst | 1 - nitrokeys/storage/linux/openpgp-outlook.rst | 1 - .../storage/linux/openpgp-thunderbird.rst | 1 - nitrokeys/storage/linux/openpgp.rst | 1 - nitrokeys/storage/linux/openvpn-easyrsa.rst | 678 ------------------ nitrokeys/storage/linux/otp.rst | 1 - nitrokeys/storage/linux/smime-outlook.rst | 1 - nitrokeys/storage/linux/smime-thunderbird.rst | 1 - nitrokeys/storage/linux/smime.rst | 1 - nitrokeys/storage/linux/ssh.rst | 4 - nitrokeys/storage/mac/2fa-google.rst | 1 - nitrokeys/storage/mac/2fa-nextcloud.rst | 1 - nitrokeys/storage/mac/2fa-odoo.rst | 1 - nitrokeys/storage/mac/change-pins.rst | 1 - nitrokeys/storage/mac/ecc.rst | 1 - nitrokeys/storage/mac/eidauthenticate.rst | 1 - .../storage/mac/encrypted-mobile-storage.rst | 4 - nitrokeys/storage/mac/factory-reset.rst | 4 - .../storage/mac/firmware-update-manually.rst | 4 - nitrokeys/storage/mac/gpa.rst | 1 - .../storage/mac/hard-disk-encryption.rst | 4 - .../storage/mac/openpgp-keygen-backup.rst | 1 - nitrokeys/storage/mac/openpgp-keygen-gpa.rst | 1 - .../storage/mac/openpgp-keygen-on-device.rst | 1 - nitrokeys/storage/mac/openpgp-outlook.rst | 1 - nitrokeys/storage/mac/openpgp-thunderbird.rst | 1 - nitrokeys/storage/mac/openpgp.rst | 1 - nitrokeys/storage/mac/otp.rst | 1 - nitrokeys/storage/mac/smime-outlook.rst | 1 - nitrokeys/storage/mac/smime-thunderbird.rst | 1 - nitrokeys/storage/mac/smime.rst | 1 - nitrokeys/storage/windows/2fa-google.rst | 1 - nitrokeys/storage/windows/2fa-microsoft.rst | 1 - nitrokeys/storage/windows/2fa-nextcloud.rst | 1 - nitrokeys/storage/windows/2fa-odoo.rst | 1 - nitrokeys/storage/windows/change-pins.rst | 1 - nitrokeys/storage/windows/ecc.rst | 1 - nitrokeys/storage/windows/eidauthenticate.rst | 1 - .../windows/encrypted-mobile-storage.rst | 4 - nitrokeys/storage/windows/factory-reset.rst | 4 - .../windows/firmware-update-manually.rst | 4 - nitrokeys/storage/windows/gpa.rst | 1 - .../storage/windows/hard-disk-encryption.rst | 4 - nitrokeys/storage/windows/openpgp-csp.rst | 2 - .../storage/windows/openpgp-keygen-backup.rst | 1 - .../storage/windows/openpgp-keygen-gpa.rst | 1 - .../windows/openpgp-keygen-on-device.rst | 1 - nitrokeys/storage/windows/openpgp-outlook.rst | 1 - .../storage/windows/openpgp-thunderbird.rst | 1 - nitrokeys/storage/windows/openpgp.rst | 1 - nitrokeys/storage/windows/otp.rst | 1 - nitrokeys/storage/windows/putty.rst | 1 - nitrokeys/storage/windows/smart-policy.rst | 1 - nitrokeys/storage/windows/smime-outlook.rst | 1 - .../storage/windows/smime-thunderbird.rst | 1 - nitrokeys/storage/windows/smime.rst | 9 - nitrokeys/u2f/index.rst | 2 +- 78 files changed, 24 insertions(+), 812 deletions(-) create mode 100644 nitrokeys/storage/getting-started.rst delete mode 100644 nitrokeys/storage/linux/2fa-google.rst delete mode 100644 nitrokeys/storage/linux/2fa-nextcloud.rst delete mode 100644 nitrokeys/storage/linux/2fa-odoo.rst delete mode 100644 nitrokeys/storage/linux/automatic-screen-lock.rst delete mode 100644 nitrokeys/storage/linux/certificate-authority.rst delete mode 100644 nitrokeys/storage/linux/change-pins.rst delete mode 100644 nitrokeys/storage/linux/disk-encryption-luks.rst delete mode 100644 nitrokeys/storage/linux/ecc.rst delete mode 100644 nitrokeys/storage/linux/encrypted-mobile-storage.rst delete mode 100644 nitrokeys/storage/linux/factory-reset.rst delete mode 100644 nitrokeys/storage/linux/firmware-update-manually.rst delete mode 100644 nitrokeys/storage/linux/gpa.rst delete mode 100644 nitrokeys/storage/linux/hard-disk-encryption.rst delete mode 100644 nitrokeys/storage/linux/login-with-pam.rst delete mode 100644 nitrokeys/storage/linux/openpgp-keygen-backup.rst delete mode 100644 nitrokeys/storage/linux/openpgp-keygen-gpa.rst delete mode 100644 nitrokeys/storage/linux/openpgp-keygen-on-device.rst delete mode 100644 nitrokeys/storage/linux/openpgp-outlook.rst delete mode 100644 nitrokeys/storage/linux/openpgp-thunderbird.rst delete mode 100644 nitrokeys/storage/linux/openpgp.rst delete mode 100644 nitrokeys/storage/linux/openvpn-easyrsa.rst delete mode 100644 nitrokeys/storage/linux/otp.rst delete mode 100644 nitrokeys/storage/linux/smime-outlook.rst delete mode 100644 nitrokeys/storage/linux/smime-thunderbird.rst delete mode 100644 nitrokeys/storage/linux/smime.rst delete mode 100644 nitrokeys/storage/linux/ssh.rst delete mode 100644 nitrokeys/storage/mac/2fa-google.rst delete mode 100644 nitrokeys/storage/mac/2fa-nextcloud.rst delete mode 100644 nitrokeys/storage/mac/2fa-odoo.rst delete mode 100644 nitrokeys/storage/mac/change-pins.rst delete mode 100644 nitrokeys/storage/mac/ecc.rst delete mode 100644 nitrokeys/storage/mac/eidauthenticate.rst delete mode 100644 nitrokeys/storage/mac/encrypted-mobile-storage.rst delete mode 100644 nitrokeys/storage/mac/factory-reset.rst delete mode 100644 nitrokeys/storage/mac/firmware-update-manually.rst delete mode 100644 nitrokeys/storage/mac/gpa.rst delete mode 100644 nitrokeys/storage/mac/hard-disk-encryption.rst delete mode 100644 nitrokeys/storage/mac/openpgp-keygen-backup.rst delete mode 100644 nitrokeys/storage/mac/openpgp-keygen-gpa.rst delete mode 100644 nitrokeys/storage/mac/openpgp-keygen-on-device.rst delete mode 100644 nitrokeys/storage/mac/openpgp-outlook.rst delete mode 100644 nitrokeys/storage/mac/openpgp-thunderbird.rst delete mode 100644 nitrokeys/storage/mac/openpgp.rst delete mode 100644 nitrokeys/storage/mac/otp.rst delete mode 100644 nitrokeys/storage/mac/smime-outlook.rst delete mode 100644 nitrokeys/storage/mac/smime-thunderbird.rst delete mode 100644 nitrokeys/storage/mac/smime.rst delete mode 100644 nitrokeys/storage/windows/2fa-google.rst delete mode 100644 nitrokeys/storage/windows/2fa-microsoft.rst delete mode 100644 nitrokeys/storage/windows/2fa-nextcloud.rst delete mode 100644 nitrokeys/storage/windows/2fa-odoo.rst delete mode 100644 nitrokeys/storage/windows/change-pins.rst delete mode 100644 nitrokeys/storage/windows/ecc.rst delete mode 100644 nitrokeys/storage/windows/eidauthenticate.rst delete mode 100644 nitrokeys/storage/windows/encrypted-mobile-storage.rst delete mode 100644 nitrokeys/storage/windows/factory-reset.rst delete mode 100644 nitrokeys/storage/windows/firmware-update-manually.rst delete mode 100644 nitrokeys/storage/windows/gpa.rst delete mode 100644 nitrokeys/storage/windows/hard-disk-encryption.rst delete mode 100644 nitrokeys/storage/windows/openpgp-csp.rst delete mode 100644 nitrokeys/storage/windows/openpgp-keygen-backup.rst delete mode 100644 nitrokeys/storage/windows/openpgp-keygen-gpa.rst delete mode 100644 nitrokeys/storage/windows/openpgp-keygen-on-device.rst delete mode 100644 nitrokeys/storage/windows/openpgp-outlook.rst delete mode 100644 nitrokeys/storage/windows/openpgp-thunderbird.rst delete mode 100644 nitrokeys/storage/windows/openpgp.rst delete mode 100644 nitrokeys/storage/windows/otp.rst delete mode 100644 nitrokeys/storage/windows/putty.rst delete mode 100644 nitrokeys/storage/windows/smart-policy.rst delete mode 100644 nitrokeys/storage/windows/smime-outlook.rst delete mode 100644 nitrokeys/storage/windows/smime-thunderbird.rst delete mode 100644 nitrokeys/storage/windows/smime.rst diff --git a/nitrokeys/features/fido/2fa-website.rst b/nitrokeys/features/fido/2fa-website.rst index eab66dca4b..018e0f10eb 100644 --- a/nitrokeys/features/fido/2fa-website.rst +++ b/nitrokeys/features/fido/2fa-website.rst @@ -3,12 +3,6 @@ .. contents:: :local: -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * The Nitrokey FIDO2 supports two-factor authentication (2FA) and passwordless authentication: diff --git a/nitrokeys/index.rst b/nitrokeys/index.rst index 0c22ebc7cf..38d96b5e19 100644 --- a/nitrokeys/index.rst +++ b/nitrokeys/index.rst @@ -7,3 +7,4 @@ Nitrokeys U2F Pro + Storage diff --git a/nitrokeys/pro/index.rst b/nitrokeys/pro/index.rst index 43729540db..39966de3e1 100644 --- a/nitrokeys/pro/index.rst +++ b/nitrokeys/pro/index.rst @@ -22,7 +22,7 @@ or check out the features: Update Factory Reset Change PIN <../features/change-pins/index> - Two-Factor Authentication (2FA) <../features/2fa/index> + FIDO <../features/2fa/index> OpenPGP <../features/openpgp/index> TOTP <../features/totp/index> SMIME <../features/smime/index> diff --git a/nitrokeys/storage/getting-started.rst b/nitrokeys/storage/getting-started.rst new file mode 100644 index 0000000000..e69de29bb2 diff --git a/nitrokeys/storage/index.rst b/nitrokeys/storage/index.rst index 3713f0eeb8..30167c3de6 100644 --- a/nitrokeys/storage/index.rst +++ b/nitrokeys/storage/index.rst @@ -10,14 +10,28 @@ First check the: :glob: Frequently Asked Questions + Getting Started -or choose your operating system: +or check out the features: .. toctree:: - :maxdepth: 1 - :glob: + :maxdepth: 1 + :glob: - Windows - macOS - Linux - + FIDO <../features/fido/index> + OpenPGP <../features/openpgp/index> + OpenVPN <../features/openvpn/index> + Stunnel (Linux) <../features/stunnel/index> + Ipsec (Linux) <../features/ipsec/index> + Automatic Screen Lock (Linux) <../features/automatic-screen-lock/index> + Certificate authority <../features/certificate-authority/index> + Change PIN <../features/change-pins/index> + Hard Disk Encryption <../features/hard-disk-encryption/index> + SMIME <../features/smime/index> + Desktop Login <../features/desktop-login/index> + ECC <../features/ecc/index> + GPA <../features/gpa/index> + EID <../features/eid/index> + TOTP <../features/totp/index> + SSH <../features/ssh/index> + Putty <../features/ssh/putty> \ No newline at end of file diff --git a/nitrokeys/storage/linux/2fa-google.rst b/nitrokeys/storage/linux/2fa-google.rst deleted file mode 100644 index 3a1e74fcc1..0000000000 --- a/nitrokeys/storage/linux/2fa-google.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/2fa-google.rst.inc diff --git a/nitrokeys/storage/linux/2fa-nextcloud.rst b/nitrokeys/storage/linux/2fa-nextcloud.rst deleted file mode 100644 index fe77d2b27e..0000000000 --- a/nitrokeys/storage/linux/2fa-nextcloud.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/2fa-nextcloud.rst.inc diff --git a/nitrokeys/storage/linux/2fa-odoo.rst b/nitrokeys/storage/linux/2fa-odoo.rst deleted file mode 100644 index dc5f45a3f0..0000000000 --- a/nitrokeys/storage/linux/2fa-odoo.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/2fa-odoo.rst.inc diff --git a/nitrokeys/storage/linux/automatic-screen-lock.rst b/nitrokeys/storage/linux/automatic-screen-lock.rst deleted file mode 100644 index d8f8332ad1..0000000000 --- a/nitrokeys/storage/linux/automatic-screen-lock.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/linux/automatic-screen-lock.rst diff --git a/nitrokeys/storage/linux/certificate-authority.rst b/nitrokeys/storage/linux/certificate-authority.rst deleted file mode 100644 index a0e4791b50..0000000000 --- a/nitrokeys/storage/linux/certificate-authority.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../hsm/certificate-authority.rst.inc diff --git a/nitrokeys/storage/linux/change-pins.rst b/nitrokeys/storage/linux/change-pins.rst deleted file mode 100644 index c14cd241e1..0000000000 --- a/nitrokeys/storage/linux/change-pins.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/change-pins.rst.inc diff --git a/nitrokeys/storage/linux/disk-encryption-luks.rst b/nitrokeys/storage/linux/disk-encryption-luks.rst deleted file mode 100644 index ae24b6874d..0000000000 --- a/nitrokeys/storage/linux/disk-encryption-luks.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/linux/disk-encryption-luks.rst diff --git a/nitrokeys/storage/linux/ecc.rst b/nitrokeys/storage/linux/ecc.rst deleted file mode 100644 index f9d9992dca..0000000000 --- a/nitrokeys/storage/linux/ecc.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/ecc.rst.inc diff --git a/nitrokeys/storage/linux/encrypted-mobile-storage.rst b/nitrokeys/storage/linux/encrypted-mobile-storage.rst deleted file mode 100644 index cc9287dae7..0000000000 --- a/nitrokeys/storage/linux/encrypted-mobile-storage.rst +++ /dev/null @@ -1,4 +0,0 @@ -Encrypted Mobile Storage -======================== - -.. include:: ../encrypted-mobile-storage.rst diff --git a/nitrokeys/storage/linux/factory-reset.rst b/nitrokeys/storage/linux/factory-reset.rst deleted file mode 100644 index 1fadfcfeee..0000000000 --- a/nitrokeys/storage/linux/factory-reset.rst +++ /dev/null @@ -1,4 +0,0 @@ -Factory Reset -============= - -.. include:: ../factory-reset.rst diff --git a/nitrokeys/storage/linux/firmware-update-manually.rst b/nitrokeys/storage/linux/firmware-update-manually.rst deleted file mode 100644 index 1f0848f0f0..0000000000 --- a/nitrokeys/storage/linux/firmware-update-manually.rst +++ /dev/null @@ -1,4 +0,0 @@ -Activate Update Mode Manually -============================= - -.. include:: ../firmware-update-manually.rst diff --git a/nitrokeys/storage/linux/gpa.rst b/nitrokeys/storage/linux/gpa.rst deleted file mode 100644 index 398ae468bc..0000000000 --- a/nitrokeys/storage/linux/gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/gpa.rst diff --git a/nitrokeys/storage/linux/hard-disk-encryption.rst b/nitrokeys/storage/linux/hard-disk-encryption.rst deleted file mode 100644 index 95e1694368..0000000000 --- a/nitrokeys/storage/linux/hard-disk-encryption.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/linux/hard-disk-encryption.rst diff --git a/nitrokeys/storage/linux/login-with-pam.rst b/nitrokeys/storage/linux/login-with-pam.rst deleted file mode 100644 index 1975c28e82..0000000000 --- a/nitrokeys/storage/linux/login-with-pam.rst +++ /dev/null @@ -1,4 +0,0 @@ -Login With PAM -=========================== - -.. include:: ../../pro/login-with-pam.rst.inc diff --git a/nitrokeys/storage/linux/openpgp-keygen-backup.rst b/nitrokeys/storage/linux/openpgp-keygen-backup.rst deleted file mode 100644 index b4528e0139..0000000000 --- a/nitrokeys/storage/linux/openpgp-keygen-backup.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-backup.rst.inc diff --git a/nitrokeys/storage/linux/openpgp-keygen-gpa.rst b/nitrokeys/storage/linux/openpgp-keygen-gpa.rst deleted file mode 100644 index 472d298006..0000000000 --- a/nitrokeys/storage/linux/openpgp-keygen-gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-gpa.rst.inc diff --git a/nitrokeys/storage/linux/openpgp-keygen-on-device.rst b/nitrokeys/storage/linux/openpgp-keygen-on-device.rst deleted file mode 100644 index fc90850b8e..0000000000 --- a/nitrokeys/storage/linux/openpgp-keygen-on-device.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-on-device.rst.inc diff --git a/nitrokeys/storage/linux/openpgp-outlook.rst b/nitrokeys/storage/linux/openpgp-outlook.rst deleted file mode 100644 index fa4e7dd855..0000000000 --- a/nitrokeys/storage/linux/openpgp-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-outlook.rst.inc diff --git a/nitrokeys/storage/linux/openpgp-thunderbird.rst b/nitrokeys/storage/linux/openpgp-thunderbird.rst deleted file mode 100644 index 59e0956c63..0000000000 --- a/nitrokeys/storage/linux/openpgp-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-thunderbird.rst.inc diff --git a/nitrokeys/storage/linux/openpgp.rst b/nitrokeys/storage/linux/openpgp.rst deleted file mode 100644 index fb8b25042e..0000000000 --- a/nitrokeys/storage/linux/openpgp.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp.rst.inc diff --git a/nitrokeys/storage/linux/openvpn-easyrsa.rst b/nitrokeys/storage/linux/openvpn-easyrsa.rst deleted file mode 100644 index f8412c4186..0000000000 --- a/nitrokeys/storage/linux/openvpn-easyrsa.rst +++ /dev/null @@ -1,678 +0,0 @@ -OpenVPN Configuration with Easy-RSA -=================================== - -.. contents:: :local: - :depth: 2 - -.. note:: - - This guide is work-in-progress, and will be updated accordinlgy. Please take this status into consideration. - -This guide shows how to configure OpenVPN clients to login using a `Nitrokey Pro -2 `__ or a `Nitrokey Storage -2 `__. For software key management we will be using `Easy-RSA `__, a utility that has been evolving alongside OpenVPN. - -To sign the certificates, we will use a `Nitrokey HSM -2 `__ set up as `Certificate Authority <../../hsm/linux/certificate-authority.html#creating-the-intermediate-certificate-authority>`_, however this guide does not cover the set up of the CA itself (it is clear and `well documented here <../../hsm/linux/certificate-authority.html#sign-a-server-certificate>`_). - -We will use Easy-RSA, because it seems to provide some flexibility, and allows key management via external PKIs. We will use it on the server to issue the signing request, and repeat the same process on the client. The Certificate Signing Requests will be signed by the CA on the Nitorkey HSM, and re-transmitted to the server and the client. - - -Prerequisites -------------- - -In the following documentation we will require 3 different machines as following: - -- OpenVPN server (v. 2.5) on Debian 10 (EC2 virtual machine - AWS) - -- OpenVPN client (v. 2.4.9) on Fedora 30 (local machine) - -- The Certificate Authority will be accessible from a standalone - machine with Fedora 30 (local machine) - -To interact with the devices we will require `OpenSC -0.20 `__ installed on the client and CA machine (the local machines). You can follow the instructions to set it up in `this link (*Unix) `__. - -To download the dependencies on Fedora machines we can this instruction: - -.. code-block:: bash - - su -c 'dnf install readline-devel openssl-devel libxslt docbook-style-xsl pcsc-lite-devel automake autoconf libtool gcc zlib-devel' - -For Debian Linux, more recent OpenSC packages are available `here `__. - -We will use the following Nitrokeys for physical key management: - -- An authentication key using the `Nitrokey Pro 2 - (pdf) `__ - -- A Certificate Authority (CA) using the `Nitrokey HSM 2 - (pdf) `__ - -As a reminder, to build a Certificate Authority on Nitrokey HSM 2, you may follow the instructions available `in the documentation `_. - -Alternatively you may set up your own CA on a `on a separate machine `__, or use the OpenVPN tutorial which also relies on `Easy-RSA `__. The last 2 options rely on software solutions for key management. - -Server side ------------ - -Install OpenVPN -^^^^^^^^^^^^^^^ - -1. First we need to enable IP Forwarding by editing ``/etc/sysctl.conf`` file - - .. code-block:: bash - - $ editor /etc/sysctl.conf - -2. Uncomment or edit accordingly the following line - - .. code-block:: bash - - net.ipv4.ip_forward=1 - -3. Close after saving it, and enter this command - - .. code-block:: bash - - $ sysctl -p - - Once IP forwarding is done, we will need to download the latest release of OpenvPN for our Debian 10 server, according to `these instructions `__: - -4. Change to root and download the GPG key that signed the package - - .. code-block:: bash - - $ sudo -s - # wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key add - - -5. Add the URL of the adequate OpenVPN packages to the ``sources.list`` file - - .. code-block:: bash - - # echo "deb http://build.openvpn.net/debian/openvpn/release/2.5 buster main" > /etc/apt/sources.list.d/openvpn-aptrepo.list - # exit - - We downloaded OpenVPN 2.5 as “password prompt” requires at least OpenVPN `version - 2.4.8 `__ to login. - -6. Next we download OpenVPN - - .. code-block:: bash - - $ sudo apt install openvpn - - If you want to check the version, it possible by calling ``--version`` - and print the following: - - .. rstcheck: ignore-next-code-block - .. code-block:: bash - - $ sudo openvpn --version - OpenVPN 2.5_beta3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 1 2020 - library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10 - Originally developed by James Yonan - Copyright (C) 2002-2018 OpenVPN Inc - Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no \ enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes \ enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no \ enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no \ enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no \ enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes \ with_mem_check=no with_sysroot=no - -Install Easy-RSA -^^^^^^^^^^^^^^^^ - -To build the PKI, we will download the latest version of Easy-RSA on the server and client machines. To get the latest release, go to the `Releases page on the official EasyRSA GitHub project `__, copy the download link for the file ending in ``.tgz``, and then paste it into the following command: - -1. Download the latest release - - .. code-block:: bash - - $ cd ~ - wget -P ~/ https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.7/EasyRSA-3.0.7.tgz - -2. Extract the tarball - - .. code-block:: bash - - $ cd ~ - $ tar xvf EasyRSA-3.0.7.tgz - $ mv EasyRSA-3.0.7/ easyrsa/ # rename folder - -Create a PKI for OpenVPN server -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Before you can create your OpenVPN server’s private key and certificate, you need to create a local Public Key Infrastructure directory on your OpenVPN server. You will use this directory to manage the server and clients’ certificate requests, instead of making them directly on your CA server. - -To build a PKI directory on your OpenVPN server, you’ll need to populate a file called ``vars`` with some default values. - -1. Create a ``vars`` file - - .. code-block:: bash - - $ touch ~/easyrsa/vars - $ cd easyrsa/ - $ editor vars - -2. Once the file is opened, paste in the following two lines - - .. code-block:: bash - - set_var EASYRSA_ALGO "ec" - set_var EASYRSA_DIGEST "sha512" - - These are the only two lines that you need in this ``vars`` file on your OpenVPN server since it will not be used as a Certificate Authority. - They will ensure that your private keys and certificate requests are configured to use Elliptic Curve Cryptography (ECC) to generate keys, and secure signatures for your clients and OpenVPN server. - - In regards to the choice of the cryptographic algorithms, I follow the model in `this tutorial `__, and you can customize these according to your specific needs. - -3. Initialize the PKI - - Once you have populated the ``vars`` file you can proceed with creating the PKI directory. - To do so, run the easyrsa script with the init-pki option: - - .. code-block:: bash - - $ ./easyrsa init-pki - -After you’ve initialized your PKI on the OpenVPN server, you are ready to move on to the next step, which is creating an OpenVPN server certificate request and private key. - -Create ``server.req`` and ``server.key`` -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Now that your OpenVPN server has all the prerequisites installed, the next step is to generate a key pair composed of a private key (to keep secret), and a Certificate Signing Request (``.csr``) on your OpenVPN server. - -In general terms, on systems where we generate a key and request, these files are left unencrypted by using the ``nopass`` argument, since servers usually need to start up without any password input. This generates an *unencrypted key*, so mind *protect its access and file permissions* carefully. - -.. tip:: - - Configuration notes from OpenVPN: - - 1. The server, and each client, must have their own cert and key - file. The server and all clients will use the same CA file. - 2. Server certificate should have the following: - - - ``keyUsage: digitalSignature, keyEncipherment`` - - - ``extendedKeyUsage: serverAuth`` - -1. Create the signing request for the server - - Navigate to the ``~/easyrsa`` directory on your OpenVPN Server as your non-root user, and enter the following commands: - - .. code-block:: bash - - $ cd easyrsa/ - $ ./easyrsa gen-req server nopass - - This will create a private key for the server and a certificate request file called ``server.req``. - - Once you have a signed certificate, you’ll transfer it back to the OpenVPN server. - -2. Copy the key to the OpenVPN server directory - - .. code-block:: bash - - $ sudo cp /home/admin/EasyRSA/pki/private/server.key /etc/openvpn/server/ - - After completing these steps, you have successfully created a private key for your OpenVPN server. You have also generated a Certificate Signing Request for the OpenVPN server. - - .. tip:: - - File extensions for certificate signing requests - - The file extension that is adopted by the CA and HSM tutorial - indicates the creation of a ``.csr`` file, however Easy-RSA creates - certificate signing requests with a ``.req`` extension. - - We will use interchangeably both extensions, while making sure that - we transfer the right files to the Certificate Authority, and - generate a final certificate with a ``.crt`` extension. - -In the next section of this guide, we will sign a ``.req`` file with our CA on deployed on the HSM 2 device. For this purpose, I will use a dedicated machine to sign the requests. - -Sign and retrieve ``server.crt`` -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The following instructions require the transfer of the ``server.req`` -(or ``server.csr``) file to the CA system. - -The transfer itself is not security sensitive, though it is wise to verify if the received file matches the sender’s copy, if the transport is untrusted. - -In order to go through these steps, I will extensively rely on `these instructions `_, to sign the certificate signing requests, once we generated them with Easy-RSA. - -Sign the ``server.req`` file -'''''''''''''''''''''''''''' - -On the local machine dedicated to access the HSM, we will use the tools provided by Opensc 0.20 in order to sign the ``.req`` file, and send it back to the OpenVPN server. We assume we have transferred the file from the server machine to the CA machine. - -First we start by plugging the HSM Nitrokey, and enter this instruction for listing the keys available. - -1. Query the list of available devices - - .. code-block:: bash - - $ p11tool --list-all - - **(Required step)** If this is the first time you sign a certificate with the CA, you might want to retrieve the URI of the CA’s private key from the HSM, and include it in the config file. - - - The key’s URI should be in this format: - - .. code-block:: bash - - pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%E0%16%1C%C8%B6%F5%D6%6A%C6%83%5E%CD%EC%B6%23%FC%05%06%A6%75;object=root;type=private - -2. Create ``openvpn/`` directory under ``certificate-authority/`` - - .. code-block:: bash - - $ mkdir/opt/certificate-authority/ - $ cd /opt/certificate-authority/ - -3. Sign the ``server.req`` - - .. code-block:: bash - - $ openssl ca -config sign_server_csrs.ini -engine pkcs11 -keyform engine -days 375 -notext -md sha512 -create_serial -in server.req -out /home/user/pki/issued/server.crt - -Retrieve the ``server.crt`` file to the server machine -'''''''''''''''''''''''''''''''''''''''''''''''''''''' - -1. Transfer the signed certificates to the server - - From the CA machine, copy the files ``server.crt`` and ``chain.crt`` to the OpenVPN server. In this example we will use the ``scp`` command as following: - - .. code-block:: bash - - $ scp openvpn/{server.crt,chain.crt} admin@your_openvpnserver_ip:/tmp - -2. Place the certificates on the server’s directory - - .. code-block:: bash - - $ mv /tmp/{server.crt,chain.crt} /etc/openvpn/server - - .. warning:: - - CA Certificate and ``chain.crt`` - - In the above, the CA returns the signed sever certificate, and - includes the CA certificate ``CA.crt`` which is the ``chain.crt`` - file. This can be done over an insecure channel, though the client is - encouraged to confirm if the received ``chain.crt`` is valid, if the - transport is untrusted. - - It is possible to rename the file ``chain.crt`` file to ``CA.crt`` on - the target machine, however we will use ``chain.crt`` in the next - instructions. - -Configure the OpenVPN server -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -A connection that uses TLS requires multiple `certificates and keys for authentication `__. Now that we issued and signed those, we can place them in the right directories. The breakdown of the certificates and keys that must be located at the root directory are the following: - -- The root certificate file (CA.crt or chain.crt in our setup) -- Server certificate -- Server key -- Diffie Hellman Parameters (optional) - -On your OpenVPN server, now you can create the configuration file ``server.conf`` with your favorite text editor. The file can be configured according to your needs, while we make sure to change the server certificate and key sections according the names you chose for the your the files we signed: - -.. code-block:: bash - - # OpenVPN Server Certificate - CA, server key and certificate - ca chain.crt - cert server.crt - key server.key - -Here is the configuration file we can use for testing these instructions: - -.. code-block:: bash - - port 1194 - proto udp - dev tun - ca ca.crt - cert server.crt - key server.key # This file should be kept secret - dh dh.pem - server 10.8.0.0 255.255.255.0 - push "redirect-gateway def1 bypass-dhcp" - push "dhcp-option DNS 208.67.222.222" - push "dhcp-option DNS 208.67.220.220" - keepalive 10 120 - tls-auth ta.key 0 # This file is secret - cipher AES-256-CBC - user nobody - group nogroup - persist-key - persist-tun - status /var/log/openvpn/openvpn-status.log - log /var/log/openvpn/openvpn.log - log-append /var/log/openvpn/openvpn.log - verb 3 - explicit-exit-notify 1 - tls-version-min 1.2 # Lower boundary for TLS version - tls-version-max 1.2 # Higher boundary for TLS version - -To test if the configuration functions properly, we can use this command: - -.. code-block:: bash - - $ sudo openvpn --server --config server.conf - -Start the OpenVPN service on the server -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Enable the OpenVPN service by adding it to systemctl, and start it using these commands: - -.. code-block:: bash - - $ sudo systemctl -f enable openvpn@server - $ sudo systemctl start openvpn@server - -To Double check if the OpenVPN service is active use this command: - -.. code-block:: bash - - $ sudo systemctl status openvpn@server - -The OpenVPN should be running at this point. - -Client side configuration -------------------------- - -Install OpenVPN and Easy-RSA -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -1. Install the software - - We can use directly ``dnf install`` to install OpenVPN 2.4.9 and Easy-RSA 3.0.7 - - .. code-block:: bash - - $ sudo dnf install openvpn easy-rsa - -2. Then we create as non-root a directory for Easy RSA called ``Easy-RSA`` - - .. code-block:: bash - - $ mkdir ~/easyrsa - -3. And link it to the Easy RSA package we just installed - - .. code-block:: bash - - $ ln -s /usr/share/easy-rsa/3/* ~/easyrsa/ - -Create a PKI for the OpenVPN client -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -In the same manner we created a PKI on the OpenVPN server, we will create a PKI using Easy-RSA on the client side. - -Create a ``client.req`` and ``client.key`` -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -In the same manner we issued the key pair on the sever, we generate a key pair for the client which will be composed of the ``client.req`` -file and the ``client.key`` file. The latter must be kept secret on the client machine. - -Sign ``client.req`` and issue the ``client.crt`` file -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -To transfer the ``client.req`` file to the CA machine, we will use the same method as we did for the ``server.req`` file. - -Once transferred, on the CA machine we sign the certificate signing request file with this command - -.. code-block:: bash - - $ openssl ca -config sign_server_csrs.ini -engine pkcs11 -keyform engine -days 375 -notext -md sha512 -create_serial -in client.req -out /home/user/pki/issued/client.crt - -Import ``client.crt`` on the Nitrokey from the CA machine -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -After creating the ``client.crt`` file, we plug the Nitrokey Pro 2 device in the CA machine, and import the ``.crt`` to the Pro 2 device using this command: - -.. code-block:: bash - - $ pkcs15-init --store-certificate client.crt --id 3 - -You can see if the key is effectively stored on the Nitrokey using this command: - -.. code-block:: bash - - $ pkcs15-tool -c - -Or alternatively - -.. code-block:: bash - - $ pkcs11-tool --list-objects - -Fore more commands you can refer to the `OpenSC wiki `__. - -Retrieve the ``chain.crt`` file from the CA machine -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -While we keep the ``client.crt``\ stored on the nitrokey Pro 2 device, we must retrieve the ``chain.crt`` file on the client machine, and store it in the adequate directory. We may use ``scp`` as in the method explained in the server section of this guide. - -Configure the client to interact with the Nitrokey -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Now back on the client machine, we will plug the Nitrokey Pro and use it to establish the VPN connection with the server. In general terms, a connection that uses TLS requires multiple certificates and keys for authentication: - -- The root certificate file (`chain.crt`) -- Client certificate -- Client key - -For this guide we can the following ``client.conf`` file, and add the required options to it accordingly: - -.. code-block:: bash - - client - dev tun - proto udp - remote 1194 - resolv-retry infinite - nobind - user nobody - group nobody - persist-key - persist-tun - ca ca.crt - remote-cert-tls server - cipher AES-256-CBC - verb 3 - redirect-gateway def1 - tls-version-min 1.2 # Lower boundary for TLS version - tls-version-max 1.2 # Higher boundary for TLS version - -1. Determine the correct object - - Each PKCS#11 provider can support multiple devices. In order to view the available object list you can use the following command: - - .. code-block:: bash - - $ openvpn --show-pkcs11-ids /usr/lib64/pkcs11/opensc-pkcs11.so - - The following objects are available for use. - Each object shown below may be used as parameter to - - --pkcs11-id option please remember to use single quote mark. - - Certificate - DN: CN=client - Serial: E53DA75C5B8F1518F520BCEF0128C09F - Serialized id: pkcs11:model=pkcs11:model=PKCS%NNNN%20emulated;token=User%20PIN%20%28OpenPGP%20card%29;manufacturer=ZeitControl;serial=000NNNNNN;id=%03 - - Each certificate/private key pair have unique ``Serialized id`` string. The serialized id string of the requested certificate should be specified, in the configuration file. We can do this by adding the ``pkcs11-id`` option using single quote marks. - - .. code-block:: bash - - pkcs11-id 'pkcs11:model=pkcs11:model=PKCS%NNNN%20emulated;token=User%20PIN%20%28OpenPGP%20card%29;manufacturer=ZeitControl;serial=000NNNNNN;id=%03' - -2. Add retrieved Serialized ID to the configuration file - - Using your favorite text editor, open the server.conf file, and add the following lines, while taking care to insert your own ``Serialized id``: - - .. code-block:: bash - - pkcs11-providers /usr/lib64/pkcs11/opensc-pkcs11.so - pkcs11-id 'pkcs11:model=pkcs11:model=PKCS%NNNN%20emulated;token=User%20PIN%20%28OpenPGP%20card%29;manufacturer=ZeitControl;serial=000NNNNNN;id=%03' - - For additional `settings related to OpenVPN `__ authentication, you may also add few lines to handle key maganagement, although it is optional. - - .. note:: - - Click to view the code - - .. code-block:: bash - - # nitrokey config - - pkcs11-providers /usr/lib64/pkcs11/opensc-pkcs11.so - pkcs11-id 'pkcs11:model=pkcs11:model=PKCS%NNNN%20emulated;token=User%20PIN%20%28OpenPGP%20card%29;manufacturer=ZeitControl;serial=000NNNNNN;id=%03' - # pkcs11-pin-cache 300 - # daemon - # auth-retry nointeract - # management-hold - # management-signal - # management 127.0.0.1 8888 - # management-query-passwords - pkcs11-cert-private 1 # Prompt for PIN - - Optional step - - - If you need to test the configuration, with and without the token on the Nitrokey, you may add lines to the same ``client.conf`` and comment/uncomment the relevant lines according to your needs: - - .. note:: - - Click to view the code - - .. code-block:: bash - - # non_nitrokey login - - # cert client.crt - # key client.key - # tls-auth ta.key 1 - -3. Configure the OpenVPN client - - The final configuration file ``client.conf`` should look like this one: - - .. code-block:: bash - - client - dev tun - proto udp - remote 1194 - resolv-retry infinite - nobind - user nobody - group nobody - persist-key - persist-tun - ca ca.crt - remote-cert-tls server - cipher AES-256-CBC - verb 3 - redirect-gateway def1 - tls-version-min 1.2 # Lower boundary for TLS version - tls-version-max 1.2 # Higher boundary for TLS version - - # nitrokey login - - pkcs11-providers /usr/lib64/pkcs11/opensc-pkcs11.so - pkcs11-id 'pkcs11:model=pkcs11:model=PKCS%NNNN%20emulated;token=User%20PIN%20%28OpenPGP%20card%29;manufacturer=ZeitControl;serial=000NNNNNN;id=%03' - # pkcs11-pin-cache 300 - # daemon - # auth-retry nointeract - # management-hold - # management-signal - # management 127.0.0.1 8888 - # management-query-passwords - pkcs11-cert-private 1 # Prompt for PIN - - # OR - - # non_nitrokey login - - # cert client.crt - # key client.key - # tls-auth ta.key 1 - -4. Known issues - - There are some known issues related to OpenVPN login with OpenSC. Please consult these issues `here `__. - -Start the OpenVPN client -^^^^^^^^^^^^^^^^^^^^^^^^ - -1. Start the OpenVPN service on the client - - Enable the OpenVPN service, and start it using these commands: - - .. code-block:: bash - - $ sudo systemctl -f enable openvpn-server@server.service - $ sudo systemctl start openvpn-server@server.service - - To double check if the OpenVPN service is active use this command: - - .. code-block:: bash - - $ sudo systemctl status openvpn-server@server.service - -2. Enter your User PIN - - When executing OpenVPN client, Nitrokey’s PIN needs to be entered: - - .. rstcheck: ignore-next-code-block - .. code-block:: bash - - $ sudo openvpn --client --config client.conf - Fri Sep 11 17:42:01 2020 OpenVPN 2.4.9 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2020 - Fri Sep 11 17:42:01 2020 library versions: OpenSSL 1.1.1g FIPS 21 Apr 2020, LZO 2.08 - Fri Sep 11 17:42:01 2020 PKCS#11: Adding PKCS#11 provider '/usr/lib64/pkcs11/opensc-pkcs11.so' - Enter User PIN (OpenPGP card) token Password: ****** - - .. warning:: - - Unfortunately OpenVPN doesn’t seem to be able to establish a handshake and stops at an error as reported `here `__, `here `__ and `here `__ - - .. rstcheck: ignore-next-code-block - .. code-block:: bash - - This is what the error output looks like: - - $ sudo openvpn --client --config client.conf - Fri Sep 11 17:42:01 2020 OpenVPN 2.4.9 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2020 - Fri Sep 11 17:42:01 2020 library versions: OpenSSL 1.1.1g FIPS 21 Apr 2020, LZO 2.08 - Fri Sep 11 17:42:01 2020 PKCS#11: Adding PKCS#11 provider '/usr/lib64/pkcs11/opensc-pkcs11.so' - Enter User PIN (OpenPGP card) token Password: ******`` - Fri Sep 11 17:42:12 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]18.157.180.240:1194`` - Fri Sep 11 17:42:12 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]`` - Fri Sep 11 17:42:12 2020 UDP link local: (not bound) - Fri Sep 11 17:42:12 2020 UDP link remote: [AF_INET]18.157.180.240:1194 - Fri Sep 11 17:42:12 2020 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay - Fri Sep 11 17:42:12 2020 TLS: Initial packet from [AF_INET]18.157.180.240:1194, sid=d79690cf 9e38ce89 - Fri Sep 11 17:42:12 2020 VERIFY OK: depth=1, CN=server_CA - Fri Sep 11 17:42:12 2020 VERIFY KU OK - Fri Sep 11 17:42:12 2020 Validating certificate extended key usage - Fri Sep 11 17:42:12 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication - Fri Sep 11 17:42:12 2020 VERIFY EKU OK - Fri Sep 11 17:42:12 2020 VERIFY OK: depth=0, CN=server - Fri Sep 11 17:42:12 2020 OpenSSL: error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib - Fri Sep 11 17:42:12 2020 TLS_ERROR: BIO read tls_read_plaintext error - Fri Sep 11 17:42:12 2020 TLS Error: TLS object -> incoming plaintext read error - Fri Sep 11 17:42:12 2020 TLS Error: TLS handshake failed - Fri Sep 11 17:42:12 2020 SIGUSR1[soft,tls-error] received, process restarting - Fri Sep 11 17:42:12 2020 Restart pause, 5 second(s) - - In some reported cases it does not prompt for a PIN on the terminal. One workaround would be to use to use this command to login with the PIN: - - .. rstcheck: ignore-next-code-block - .. code-block:: bash - - $ telnet 8888 password 'User PIN (OpenPGP card) token' - - Alternatively, you could `recompile OpenVPN `__ client with systemd support disabled, and it will prompt you for the PIN as expected. - - Another option, would be to login to your OpenVPN instance with the Viscosity client which provides a better user experience especially for entering the PIN. diff --git a/nitrokeys/storage/linux/otp.rst b/nitrokeys/storage/linux/otp.rst deleted file mode 100644 index 3954bcb99d..0000000000 --- a/nitrokeys/storage/linux/otp.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/otp.rst.inc diff --git a/nitrokeys/storage/linux/smime-outlook.rst b/nitrokeys/storage/linux/smime-outlook.rst deleted file mode 100644 index acd45a24a9..0000000000 --- a/nitrokeys/storage/linux/smime-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-outlook.rst.inc diff --git a/nitrokeys/storage/linux/smime-thunderbird.rst b/nitrokeys/storage/linux/smime-thunderbird.rst deleted file mode 100644 index 4ae43d43ba..0000000000 --- a/nitrokeys/storage/linux/smime-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-thunderbird.rst.inc diff --git a/nitrokeys/storage/linux/smime.rst b/nitrokeys/storage/linux/smime.rst deleted file mode 100644 index 5029a3135c..0000000000 --- a/nitrokeys/storage/linux/smime.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime.rst.inc diff --git a/nitrokeys/storage/linux/ssh.rst b/nitrokeys/storage/linux/ssh.rst deleted file mode 100644 index 792071f9a1..0000000000 --- a/nitrokeys/storage/linux/ssh.rst +++ /dev/null @@ -1,4 +0,0 @@ -SSH For Server Administration -============================= - -.. include:: ../../pro/ssh.rst diff --git a/nitrokeys/storage/mac/2fa-google.rst b/nitrokeys/storage/mac/2fa-google.rst deleted file mode 100644 index 3a1e74fcc1..0000000000 --- a/nitrokeys/storage/mac/2fa-google.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/2fa-google.rst.inc diff --git a/nitrokeys/storage/mac/2fa-nextcloud.rst b/nitrokeys/storage/mac/2fa-nextcloud.rst deleted file mode 100644 index fe77d2b27e..0000000000 --- a/nitrokeys/storage/mac/2fa-nextcloud.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/2fa-nextcloud.rst.inc diff --git a/nitrokeys/storage/mac/2fa-odoo.rst b/nitrokeys/storage/mac/2fa-odoo.rst deleted file mode 100644 index dc5f45a3f0..0000000000 --- a/nitrokeys/storage/mac/2fa-odoo.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/2fa-odoo.rst.inc diff --git a/nitrokeys/storage/mac/change-pins.rst b/nitrokeys/storage/mac/change-pins.rst deleted file mode 100644 index c14cd241e1..0000000000 --- a/nitrokeys/storage/mac/change-pins.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/change-pins.rst.inc diff --git a/nitrokeys/storage/mac/ecc.rst b/nitrokeys/storage/mac/ecc.rst deleted file mode 100644 index f9d9992dca..0000000000 --- a/nitrokeys/storage/mac/ecc.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/ecc.rst.inc diff --git a/nitrokeys/storage/mac/eidauthenticate.rst b/nitrokeys/storage/mac/eidauthenticate.rst deleted file mode 100644 index 62f3a2a39f..0000000000 --- a/nitrokeys/storage/mac/eidauthenticate.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/eidauthenticate.rst.inc diff --git a/nitrokeys/storage/mac/encrypted-mobile-storage.rst b/nitrokeys/storage/mac/encrypted-mobile-storage.rst deleted file mode 100644 index cc9287dae7..0000000000 --- a/nitrokeys/storage/mac/encrypted-mobile-storage.rst +++ /dev/null @@ -1,4 +0,0 @@ -Encrypted Mobile Storage -======================== - -.. include:: ../encrypted-mobile-storage.rst diff --git a/nitrokeys/storage/mac/factory-reset.rst b/nitrokeys/storage/mac/factory-reset.rst deleted file mode 100644 index 1fadfcfeee..0000000000 --- a/nitrokeys/storage/mac/factory-reset.rst +++ /dev/null @@ -1,4 +0,0 @@ -Factory Reset -============= - -.. include:: ../factory-reset.rst diff --git a/nitrokeys/storage/mac/firmware-update-manually.rst b/nitrokeys/storage/mac/firmware-update-manually.rst deleted file mode 100644 index 1f0848f0f0..0000000000 --- a/nitrokeys/storage/mac/firmware-update-manually.rst +++ /dev/null @@ -1,4 +0,0 @@ -Activate Update Mode Manually -============================= - -.. include:: ../firmware-update-manually.rst diff --git a/nitrokeys/storage/mac/gpa.rst b/nitrokeys/storage/mac/gpa.rst deleted file mode 100644 index 398ae468bc..0000000000 --- a/nitrokeys/storage/mac/gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/gpa.rst diff --git a/nitrokeys/storage/mac/hard-disk-encryption.rst b/nitrokeys/storage/mac/hard-disk-encryption.rst deleted file mode 100644 index e095906781..0000000000 --- a/nitrokeys/storage/mac/hard-disk-encryption.rst +++ /dev/null @@ -1,4 +0,0 @@ -Hard Disk Encryption -=========================== - -.. include:: ../../pro/hard-disk-encryption.rst.inc diff --git a/nitrokeys/storage/mac/openpgp-keygen-backup.rst b/nitrokeys/storage/mac/openpgp-keygen-backup.rst deleted file mode 100644 index b4528e0139..0000000000 --- a/nitrokeys/storage/mac/openpgp-keygen-backup.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-backup.rst.inc diff --git a/nitrokeys/storage/mac/openpgp-keygen-gpa.rst b/nitrokeys/storage/mac/openpgp-keygen-gpa.rst deleted file mode 100644 index 472d298006..0000000000 --- a/nitrokeys/storage/mac/openpgp-keygen-gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-gpa.rst.inc diff --git a/nitrokeys/storage/mac/openpgp-keygen-on-device.rst b/nitrokeys/storage/mac/openpgp-keygen-on-device.rst deleted file mode 100644 index fc90850b8e..0000000000 --- a/nitrokeys/storage/mac/openpgp-keygen-on-device.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-on-device.rst.inc diff --git a/nitrokeys/storage/mac/openpgp-outlook.rst b/nitrokeys/storage/mac/openpgp-outlook.rst deleted file mode 100644 index fa4e7dd855..0000000000 --- a/nitrokeys/storage/mac/openpgp-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-outlook.rst.inc diff --git a/nitrokeys/storage/mac/openpgp-thunderbird.rst b/nitrokeys/storage/mac/openpgp-thunderbird.rst deleted file mode 100644 index 59e0956c63..0000000000 --- a/nitrokeys/storage/mac/openpgp-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-thunderbird.rst.inc diff --git a/nitrokeys/storage/mac/openpgp.rst b/nitrokeys/storage/mac/openpgp.rst deleted file mode 100644 index fb8b25042e..0000000000 --- a/nitrokeys/storage/mac/openpgp.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp.rst.inc diff --git a/nitrokeys/storage/mac/otp.rst b/nitrokeys/storage/mac/otp.rst deleted file mode 100644 index 3954bcb99d..0000000000 --- a/nitrokeys/storage/mac/otp.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/otp.rst.inc diff --git a/nitrokeys/storage/mac/smime-outlook.rst b/nitrokeys/storage/mac/smime-outlook.rst deleted file mode 100644 index acd45a24a9..0000000000 --- a/nitrokeys/storage/mac/smime-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-outlook.rst.inc diff --git a/nitrokeys/storage/mac/smime-thunderbird.rst b/nitrokeys/storage/mac/smime-thunderbird.rst deleted file mode 100644 index 4ae43d43ba..0000000000 --- a/nitrokeys/storage/mac/smime-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-thunderbird.rst.inc diff --git a/nitrokeys/storage/mac/smime.rst b/nitrokeys/storage/mac/smime.rst deleted file mode 100644 index 5029a3135c..0000000000 --- a/nitrokeys/storage/mac/smime.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime.rst.inc diff --git a/nitrokeys/storage/windows/2fa-google.rst b/nitrokeys/storage/windows/2fa-google.rst deleted file mode 100644 index 7f4cefa9cc..0000000000 --- a/nitrokeys/storage/windows/2fa-google.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../..//pro/2fa-google.rst.inc diff --git a/nitrokeys/storage/windows/2fa-microsoft.rst b/nitrokeys/storage/windows/2fa-microsoft.rst deleted file mode 100644 index 1cab11d8b8..0000000000 --- a/nitrokeys/storage/windows/2fa-microsoft.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: /pro/windows/2fa-microsoft.rst diff --git a/nitrokeys/storage/windows/2fa-nextcloud.rst b/nitrokeys/storage/windows/2fa-nextcloud.rst deleted file mode 100644 index fe77d2b27e..0000000000 --- a/nitrokeys/storage/windows/2fa-nextcloud.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/2fa-nextcloud.rst.inc diff --git a/nitrokeys/storage/windows/2fa-odoo.rst b/nitrokeys/storage/windows/2fa-odoo.rst deleted file mode 100644 index dc5f45a3f0..0000000000 --- a/nitrokeys/storage/windows/2fa-odoo.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/2fa-odoo.rst.inc diff --git a/nitrokeys/storage/windows/change-pins.rst b/nitrokeys/storage/windows/change-pins.rst deleted file mode 100644 index c14cd241e1..0000000000 --- a/nitrokeys/storage/windows/change-pins.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/change-pins.rst.inc diff --git a/nitrokeys/storage/windows/ecc.rst b/nitrokeys/storage/windows/ecc.rst deleted file mode 100644 index f9d9992dca..0000000000 --- a/nitrokeys/storage/windows/ecc.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/ecc.rst.inc diff --git a/nitrokeys/storage/windows/eidauthenticate.rst b/nitrokeys/storage/windows/eidauthenticate.rst deleted file mode 100644 index 62f3a2a39f..0000000000 --- a/nitrokeys/storage/windows/eidauthenticate.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/eidauthenticate.rst.inc diff --git a/nitrokeys/storage/windows/encrypted-mobile-storage.rst b/nitrokeys/storage/windows/encrypted-mobile-storage.rst deleted file mode 100644 index cc9287dae7..0000000000 --- a/nitrokeys/storage/windows/encrypted-mobile-storage.rst +++ /dev/null @@ -1,4 +0,0 @@ -Encrypted Mobile Storage -======================== - -.. include:: ../encrypted-mobile-storage.rst diff --git a/nitrokeys/storage/windows/factory-reset.rst b/nitrokeys/storage/windows/factory-reset.rst deleted file mode 100644 index 1fadfcfeee..0000000000 --- a/nitrokeys/storage/windows/factory-reset.rst +++ /dev/null @@ -1,4 +0,0 @@ -Factory Reset -============= - -.. include:: ../factory-reset.rst diff --git a/nitrokeys/storage/windows/firmware-update-manually.rst b/nitrokeys/storage/windows/firmware-update-manually.rst deleted file mode 100644 index 1f0848f0f0..0000000000 --- a/nitrokeys/storage/windows/firmware-update-manually.rst +++ /dev/null @@ -1,4 +0,0 @@ -Activate Update Mode Manually -============================= - -.. include:: ../firmware-update-manually.rst diff --git a/nitrokeys/storage/windows/gpa.rst b/nitrokeys/storage/windows/gpa.rst deleted file mode 100644 index 398ae468bc..0000000000 --- a/nitrokeys/storage/windows/gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/gpa.rst diff --git a/nitrokeys/storage/windows/hard-disk-encryption.rst b/nitrokeys/storage/windows/hard-disk-encryption.rst deleted file mode 100644 index 7a15e069ec..0000000000 --- a/nitrokeys/storage/windows/hard-disk-encryption.rst +++ /dev/null @@ -1,4 +0,0 @@ -Hard Disk Encryption -=========================== - -.. include:: ../../pro/hard-disk-encryption.rst.inc diff --git a/nitrokeys/storage/windows/openpgp-csp.rst b/nitrokeys/storage/windows/openpgp-csp.rst deleted file mode 100644 index 947e69d379..0000000000 --- a/nitrokeys/storage/windows/openpgp-csp.rst +++ /dev/null @@ -1,2 +0,0 @@ -.. include:: ../../pro/windows/openpgp-csp.rst - diff --git a/nitrokeys/storage/windows/openpgp-keygen-backup.rst b/nitrokeys/storage/windows/openpgp-keygen-backup.rst deleted file mode 100644 index b4528e0139..0000000000 --- a/nitrokeys/storage/windows/openpgp-keygen-backup.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-backup.rst.inc diff --git a/nitrokeys/storage/windows/openpgp-keygen-gpa.rst b/nitrokeys/storage/windows/openpgp-keygen-gpa.rst deleted file mode 100644 index 472d298006..0000000000 --- a/nitrokeys/storage/windows/openpgp-keygen-gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-gpa.rst.inc diff --git a/nitrokeys/storage/windows/openpgp-keygen-on-device.rst b/nitrokeys/storage/windows/openpgp-keygen-on-device.rst deleted file mode 100644 index fc90850b8e..0000000000 --- a/nitrokeys/storage/windows/openpgp-keygen-on-device.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-on-device.rst.inc diff --git a/nitrokeys/storage/windows/openpgp-outlook.rst b/nitrokeys/storage/windows/openpgp-outlook.rst deleted file mode 100644 index fa4e7dd855..0000000000 --- a/nitrokeys/storage/windows/openpgp-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-outlook.rst.inc diff --git a/nitrokeys/storage/windows/openpgp-thunderbird.rst b/nitrokeys/storage/windows/openpgp-thunderbird.rst deleted file mode 100644 index 59e0956c63..0000000000 --- a/nitrokeys/storage/windows/openpgp-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-thunderbird.rst.inc diff --git a/nitrokeys/storage/windows/openpgp.rst b/nitrokeys/storage/windows/openpgp.rst deleted file mode 100644 index fb8b25042e..0000000000 --- a/nitrokeys/storage/windows/openpgp.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp.rst.inc diff --git a/nitrokeys/storage/windows/otp.rst b/nitrokeys/storage/windows/otp.rst deleted file mode 100644 index 3954bcb99d..0000000000 --- a/nitrokeys/storage/windows/otp.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/otp.rst.inc diff --git a/nitrokeys/storage/windows/putty.rst b/nitrokeys/storage/windows/putty.rst deleted file mode 100644 index 6f0427a82f..0000000000 --- a/nitrokeys/storage/windows/putty.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/putty.rst.inc diff --git a/nitrokeys/storage/windows/smart-policy.rst b/nitrokeys/storage/windows/smart-policy.rst deleted file mode 100644 index 7f85805135..0000000000 --- a/nitrokeys/storage/windows/smart-policy.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smart-policy.rst.inc diff --git a/nitrokeys/storage/windows/smime-outlook.rst b/nitrokeys/storage/windows/smime-outlook.rst deleted file mode 100644 index acd45a24a9..0000000000 --- a/nitrokeys/storage/windows/smime-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-outlook.rst.inc diff --git a/nitrokeys/storage/windows/smime-thunderbird.rst b/nitrokeys/storage/windows/smime-thunderbird.rst deleted file mode 100644 index 4ae43d43ba..0000000000 --- a/nitrokeys/storage/windows/smime-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-thunderbird.rst.inc diff --git a/nitrokeys/storage/windows/smime.rst b/nitrokeys/storage/windows/smime.rst deleted file mode 100644 index cd746658c8..0000000000 --- a/nitrokeys/storage/windows/smime.rst +++ /dev/null @@ -1,9 +0,0 @@ -.. include:: ../../pro/smime.rst.inc - :end-line: 20 - -.. note:: - Windows users with 64-bit system (standard) need to install both, the 32-bit and the 64-bit version of OpenSC! - -.. include:: ../../pro/smime.rst.inc - :start-line: 20 - diff --git a/nitrokeys/u2f/index.rst b/nitrokeys/u2f/index.rst index 0a5bfd85a6..3505de89f1 100644 --- a/nitrokeys/u2f/index.rst +++ b/nitrokeys/u2f/index.rst @@ -9,5 +9,5 @@ Check out the features: :maxdepth: 1 :glob: - Two-Factor Authentication (2FA) <../features/2fa/index> + FIDO <../features/fido/index> From 987c46ca53cda709a1c9a8336e88ec47ec324746 Mon Sep 17 00:00:00 2001 From: Keksmo Date: Wed, 31 Jul 2024 12:28:53 +0200 Subject: [PATCH 10/33] completed storage --- .../{ => change-pins}/App-change-pin.png | Bin nitrokeys/pro/firmware-update.rst | 22 ++-- nitrokeys/pro/getting-started.rst | 44 ++++---- {start => nitrokeys/start}/factory-reset.rst | 0 {start => nitrokeys/start}/faq.rst | 0 {start => nitrokeys/start}/index.rst | 0 .../start}/linux/factory-reset.rst | 0 .../start}/linux/firmware-update.rst | 0 {start => nitrokeys/start}/linux/gpa.rst | 0 {start => nitrokeys/start}/linux/index.rst | 0 nitrokeys/{storage => start}/linux/ipsec.rst | 0 .../start}/linux/login-with-pam.rst | 0 .../start}/linux/multiple-identities.rst | 0 .../start}/linux/openpgp-keygen-backup.rst | 0 .../start}/linux/openpgp-keygen-gpa.rst | 0 .../start}/linux/openpgp-keygen-on-device.rst | 0 .../start}/linux/openpgp-outlook.rst | 0 .../start}/linux/openpgp-thunderbird.rst | 0 {start => nitrokeys/start}/linux/openpgp.rst | 0 .../start}/linux/setting-kdf-do.rst | 0 .../start}/linux/smime-outlook.rst | 0 .../start}/linux/smime-thunderbird.rst | 0 {start => nitrokeys/start}/linux/smime.rst | 0 {start => nitrokeys/start}/linux/ssh.rst | 0 .../{storage => start}/linux/stunnel.rst | 0 .../start}/mac/factory-reset.rst | 0 {start => nitrokeys/start}/mac/gpa.rst | 0 {start => nitrokeys/start}/mac/index.rst | 0 .../start}/mac/multiple-identities.rst | 0 .../start}/mac/openpgp-keygen-backup.rst | 0 .../start}/mac/openpgp-keygen-gpa.rst | 0 .../start}/mac/openpgp-keygen-on-device.rst | 0 .../start}/mac/openpgp-outlook.rst | 0 .../start}/mac/openpgp-thunderbird.rst | 0 {start => nitrokeys/start}/mac/openpgp.rst | 0 .../start}/mac/setting-kdf-do.rst | 0 .../start}/mac/smime-outlook.rst | 0 .../start}/mac/smime-thunderbird.rst | 0 {start => nitrokeys/start}/mac/smime.rst | 0 .../start}/multiple-identities.rst.inc | 0 .../start}/setting-kdf-do.rst.inc | 0 .../start}/windows/factory-reset.rst | 0 {start => nitrokeys/start}/windows/gpa.rst | 0 {start => nitrokeys/start}/windows/index.rst | 0 .../start}/windows/multiple-identities.rst | 0 .../start}/windows/openpgp-keygen-backup.rst | 0 .../start}/windows/openpgp-keygen-gpa.rst | 0 .../windows/openpgp-keygen-on-device.rst | 0 .../start}/windows/openpgp-outlook.rst | 0 .../start}/windows/openpgp-thunderbird.rst | 0 .../start}/windows/openpgp.rst | 0 {start => nitrokeys/start}/windows/putty.rst | 0 .../start}/windows/setting-kdf-do.rst | 0 .../start}/windows/smime-outlook.rst | 0 .../start}/windows/smime-thunderbird.rst | 0 {start => nitrokeys/start}/windows/smime.rst | 0 .../storage/encrypted-mobile-storage.rst | 4 + nitrokeys/storage/factory-reset.rst | 5 +- .../storage/firmware-update-manually.rst | 28 +++-- nitrokeys/storage/firmware-update.rst | 104 ++++++++++++++++++ nitrokeys/storage/getting-started.rst | 77 +++++++++++++ nitrokeys/storage/hidden.rst | 40 ++++++- .../factory-reset-menu-item.png | Bin .../enable-firmware-update.png | Bin .../firmware-update}/nitrokey-update-tool.png | Bin .../getting-started}/Windows10-Systemtray.png | Bin .../hidden}/format-dialog.png | Bin .../images => images/hidden}/format-tool.png | Bin .../images/{ => hidden}/hidden-schema.svg | 0 .../hidden}/hidden-storage-partition.png | Bin .../hidden-storage-passphrase.png | Bin .../{ => hidden}/setup_hidden_volume.png | Bin nitrokeys/storage/index.rst | 7 +- nitrokeys/storage/linux/firmware-update.rst | 42 ------- nitrokeys/storage/linux/hidden.rst | 15 --- nitrokeys/storage/linux/index.rst | 49 --------- nitrokeys/storage/mac/firmware-update.rst | 1 - nitrokeys/storage/mac/hidden.rst | 12 -- nitrokeys/storage/mac/index.rst | 52 --------- nitrokeys/storage/windows/firmware-update.rst | 44 -------- nitrokeys/storage/windows/hidden.rst | 19 ---- nitrokeys/storage/windows/index.rst | 46 -------- .../content/shared-index-content1.rst | 0 .../content/shared-index-content2.rst | 0 .../default-boot.rst.inc | 0 .../factory-reset-heads2.rst.inc | 0 .../factory-reset.rst.inc | 0 {nitropadpc/nitropad => nitropad}/faq.rst | 0 .../firmware-update-1.4.rst.inc | 0 .../firmware-update.rst.inc | 0 .../images/NitroPad-boot-options.jpeg | Bin .../images/NitroPad-boot-process-bad.jpeg | Bin .../images/NitroPad-boot-process_0.jpeg | Bin .../images/NitroPad-confirm-boot-details.jpeg | Bin .../images/NitroPad-error-mismatch.jpeg | Bin .../nitropad => nitropad}/images/Schraube.jpg | Bin .../images/SchraubenmarkierungT430.jpg | Bin .../images/SchraubenmarkierungX230.jpg | Bin .../images/boot-menu.jpg | Bin .../change-disk-encryption-passphrase/1.png | Bin .../change-disk-encryption-passphrase/2.png | Bin .../change-disk-encryption-passphrase/3.png | Bin .../change-disk-encryption-passphrase/4.png | Bin .../change-disk-encryption-passphrase/5.png | Bin .../images/default-boot/1.jpg | Bin .../images/default-boot/2.jpg | Bin .../images/default-boot/3.jpg | Bin .../images/default-boot/4.jpg | Bin .../images/factory-reset-heads2/admin-pin.jpg | Bin .../confirm-integrity.jpg | Bin .../images/factory-reset-heads2/confirm.jpg | Bin .../factory-reset-heads2/default-sec.jpg | Bin .../images/factory-reset-heads2/options.jpg | Bin .../images/factory-reset-heads2/otp-sec1.jpg | Bin .../images/factory-reset-heads2/otp-sec2.jpg | Bin .../images/factory-reset-heads2/reboot.jpg | Bin .../images/factory-reset-heads2/reset.jpg | Bin .../factory-reset-heads2/start-menu.jpg | Bin .../images/factory-reset-heads2/totp.jpg | Bin .../images/factory-reset-heads2/tpm.jpg | Bin .../images/factory-reset/1.jpg | Bin .../images/factory-reset/10.jpg | Bin .../images/factory-reset/11.jpg | Bin .../images/factory-reset/2.jpg | Bin .../images/factory-reset/3.jpg | Bin .../images/factory-reset/4.jpg | Bin .../images/factory-reset/5.jpg | Bin .../images/factory-reset/6.jpg | Bin .../images/factory-reset/7.jpg | Bin .../images/factory-reset/8.jpg | Bin .../images/factory-reset/9.jpg | Bin .../images/firmware-update/1.jpg | Bin .../images/firmware-update/2.jpg | Bin .../images/firmware-update/3.jpg | Bin .../images/firmware-update/4.jpg | Bin .../images/firmware-update/5.jpg | Bin .../images/firmware-update/6.jpg | Bin .../images/firmware-update/7.jpg | Bin .../images/firmware-update/8.jpg | Bin .../images/firmware-update/9.jpg | Bin .../images/network-settings/settings_0.png | Bin .../images/network-settings/settings_1.png | Bin .../images/network-settings/settings_2.png | Bin .../images/ns50_sealed.jpg | Bin .../images/nv41_sealed.jpg | Bin .../NitroPad-boot-entry-error.jpeg | Bin .../NitroPad-confirm-boot-details.jpeg | Bin .../NitroPad-update-checksum.jpeg | Bin .../nitropad => nitropad}/images/options.jpg | Bin .../images/system-update/1.jpeg | Bin .../images/system-update/2.jpeg | Bin .../images/system-update/3.jpeg | Bin .../images/system-update/4.jpeg | Bin .../images/system-update/5.jpeg | Bin .../images/system-update/6.jpeg | Bin {nitropadpc/nitropad => nitropad}/index.rst | 0 .../os-reinstallation.rst.inc | 0 .../qubes/change-pins.rst | 0 .../qubes/default-boot.rst | 0 .../qubes/factory-reset-heads2.rst | 0 .../qubes/factory-reset.rst | 0 .../qubes/firmware-update-1.4.rst | 0 .../qubes/firmware-update.rst | 0 .../qubes/images/QubesDiskPassword.jpg | Bin .../images/user-password-reset/step-five.jpg | Bin .../images/user-password-reset/step-four.jpg | Bin .../images/user-password-reset/step-one.jpg | Bin .../images/user-password-reset/step-three.jpg | Bin .../images/user-password-reset/step-two.jpg | Bin .../nitropad => nitropad}/qubes/index.rst | 0 .../qubes/network-settings.rst | 0 .../qubes/nitrokey-app.rst | 0 .../qubes/os-reinstallation.rst | 0 .../qubes/sealed-hardware.rst | 0 .../qubes/system-update.rst | 0 .../qubes/troubleshooting.rst | 0 .../qubes/user-password-reset.rst | 0 .../sealed-hardware.rst.inc | 0 .../system-update.rst.inc | 0 .../troubleshooting.rst.inc | 0 .../change-disk-encryption-passphrase.rst | 0 .../ubuntu/change-pins.rst | 0 .../ubuntu/default-boot.rst | 0 .../ubuntu/factory-reset-heads2.rst | 0 .../ubuntu/factory-reset.rst | 0 .../ubuntu/firmware-update-1.4.rst | 0 .../ubuntu/firmware-update.rst | 0 .../ubuntu/images/NitroPad-boot-options.jpeg | Bin .../ubuntu/images/UbuntuDiskPassword.png | Bin .../nitropad => nitropad}/ubuntu/index.rst | 0 .../ubuntu/nitrokey-app.rst | 0 .../ubuntu/os-reinstallation.rst | 0 .../ubuntu/sealed-hardware.rst | 0 .../ubuntu/system-update.rst | 0 .../ubuntu/troubleshooting.rst | 0 .../nitropc => nitropc}/debian/index.rst | 0 .../debian/os-reinstallation.rst | 0 .../debian/sealed-hardware.rst | 0 {nitropadpc/nitropc => nitropc}/faq.rst | 0 {nitropadpc/nitropc => nitropc}/index.rst | 0 .../os-reinstallation.rst.inc | 0 .../nitropc => nitropc}/qubes/gpu-install.rst | 0 .../nitropc => nitropc}/qubes/index.rst | 0 .../qubes/nitrokey-app.rst | 0 .../qubes/os-reinstallation.rst | 0 .../qubes/sealed-hardware.rst | 0 .../sealed-hardware.rst.inc | 0 .../nitropc => nitropc}/ubuntu/index.rst | 0 .../ubuntu/nitrokey-app.rst | 0 .../ubuntu/os-reinstallation.rst | 0 .../ubuntu/sealed-hardware.rst | 0 start/linux/ipsec.rst | 4 - start/linux/stunnel.rst | 4 - 213 files changed, 281 insertions(+), 338 deletions(-) rename nitrokeys/features/change-pins/images/{ => change-pins}/App-change-pin.png (100%) rename {start => nitrokeys/start}/factory-reset.rst (100%) rename {start => nitrokeys/start}/faq.rst (100%) rename {start => nitrokeys/start}/index.rst (100%) rename {start => nitrokeys/start}/linux/factory-reset.rst (100%) rename {start => nitrokeys/start}/linux/firmware-update.rst (100%) rename {start => nitrokeys/start}/linux/gpa.rst (100%) rename {start => nitrokeys/start}/linux/index.rst (100%) rename nitrokeys/{storage => start}/linux/ipsec.rst (100%) rename {start => nitrokeys/start}/linux/login-with-pam.rst (100%) rename {start => nitrokeys/start}/linux/multiple-identities.rst (100%) rename {start => nitrokeys/start}/linux/openpgp-keygen-backup.rst (100%) rename {start => nitrokeys/start}/linux/openpgp-keygen-gpa.rst (100%) rename {start => nitrokeys/start}/linux/openpgp-keygen-on-device.rst (100%) rename {start => nitrokeys/start}/linux/openpgp-outlook.rst (100%) rename {start => nitrokeys/start}/linux/openpgp-thunderbird.rst (100%) rename {start => nitrokeys/start}/linux/openpgp.rst (100%) rename {start => nitrokeys/start}/linux/setting-kdf-do.rst (100%) rename {start => nitrokeys/start}/linux/smime-outlook.rst (100%) rename {start => nitrokeys/start}/linux/smime-thunderbird.rst (100%) rename {start => nitrokeys/start}/linux/smime.rst (100%) rename {start => nitrokeys/start}/linux/ssh.rst (100%) rename nitrokeys/{storage => start}/linux/stunnel.rst (100%) rename {start => nitrokeys/start}/mac/factory-reset.rst (100%) rename {start => nitrokeys/start}/mac/gpa.rst (100%) rename {start => nitrokeys/start}/mac/index.rst (100%) rename {start => nitrokeys/start}/mac/multiple-identities.rst (100%) rename {start => nitrokeys/start}/mac/openpgp-keygen-backup.rst (100%) rename {start => nitrokeys/start}/mac/openpgp-keygen-gpa.rst (100%) rename {start => nitrokeys/start}/mac/openpgp-keygen-on-device.rst (100%) rename {start => nitrokeys/start}/mac/openpgp-outlook.rst (100%) rename {start => nitrokeys/start}/mac/openpgp-thunderbird.rst (100%) rename {start => nitrokeys/start}/mac/openpgp.rst (100%) rename {start => nitrokeys/start}/mac/setting-kdf-do.rst (100%) rename {start => nitrokeys/start}/mac/smime-outlook.rst (100%) rename {start => nitrokeys/start}/mac/smime-thunderbird.rst (100%) rename {start => nitrokeys/start}/mac/smime.rst (100%) rename {start => nitrokeys/start}/multiple-identities.rst.inc (100%) rename {start => nitrokeys/start}/setting-kdf-do.rst.inc (100%) rename {start => nitrokeys/start}/windows/factory-reset.rst (100%) rename {start => nitrokeys/start}/windows/gpa.rst (100%) rename {start => nitrokeys/start}/windows/index.rst (100%) rename {start => nitrokeys/start}/windows/multiple-identities.rst (100%) rename {start => nitrokeys/start}/windows/openpgp-keygen-backup.rst (100%) rename {start => nitrokeys/start}/windows/openpgp-keygen-gpa.rst (100%) rename {start => nitrokeys/start}/windows/openpgp-keygen-on-device.rst (100%) rename {start => nitrokeys/start}/windows/openpgp-outlook.rst (100%) rename {start => nitrokeys/start}/windows/openpgp-thunderbird.rst (100%) rename {start => nitrokeys/start}/windows/openpgp.rst (100%) rename {start => nitrokeys/start}/windows/putty.rst (100%) rename {start => nitrokeys/start}/windows/setting-kdf-do.rst (100%) rename {start => nitrokeys/start}/windows/smime-outlook.rst (100%) rename {start => nitrokeys/start}/windows/smime-thunderbird.rst (100%) rename {start => nitrokeys/start}/windows/smime.rst (100%) create mode 100644 nitrokeys/storage/firmware-update.rst rename nitrokeys/storage/images/{ => factory-reset}/factory-reset-menu-item.png (100%) rename nitrokeys/storage/images/{ => firmware-update}/enable-firmware-update.png (100%) rename nitrokeys/storage/{windows/images => images/firmware-update}/nitrokey-update-tool.png (100%) rename nitrokeys/storage/{windows/images => images/getting-started}/Windows10-Systemtray.png (100%) rename nitrokeys/storage/{windows/images => images/hidden}/format-dialog.png (100%) rename nitrokeys/storage/{windows/images => images/hidden}/format-tool.png (100%) rename nitrokeys/storage/images/{ => hidden}/hidden-schema.svg (100%) rename nitrokeys/storage/{linux/images => images/hidden}/hidden-storage-partition.png (100%) rename nitrokeys/storage/images/{ => hidden}/hidden-storage-passphrase.png (100%) rename nitrokeys/storage/images/{ => hidden}/setup_hidden_volume.png (100%) delete mode 100644 nitrokeys/storage/linux/firmware-update.rst delete mode 100644 nitrokeys/storage/linux/hidden.rst delete mode 100644 nitrokeys/storage/linux/index.rst delete mode 100644 nitrokeys/storage/mac/firmware-update.rst delete mode 100644 nitrokeys/storage/mac/hidden.rst delete mode 100644 nitrokeys/storage/mac/index.rst delete mode 100644 nitrokeys/storage/windows/firmware-update.rst delete mode 100644 nitrokeys/storage/windows/hidden.rst delete mode 100644 nitrokeys/storage/windows/index.rst rename {nitropadpc/nitropad => nitropad}/content/shared-index-content1.rst (100%) rename {nitropadpc/nitropad => nitropad}/content/shared-index-content2.rst (100%) rename {nitropadpc/nitropad => nitropad}/default-boot.rst.inc (100%) rename {nitropadpc/nitropad => nitropad}/factory-reset-heads2.rst.inc (100%) rename {nitropadpc/nitropad => nitropad}/factory-reset.rst.inc (100%) rename {nitropadpc/nitropad => nitropad}/faq.rst (100%) rename {nitropadpc/nitropad => nitropad}/firmware-update-1.4.rst.inc (100%) rename {nitropadpc/nitropad => nitropad}/firmware-update.rst.inc (100%) rename {nitropadpc/nitropad => nitropad}/images/NitroPad-boot-options.jpeg (100%) rename {nitropadpc/nitropad => nitropad}/images/NitroPad-boot-process-bad.jpeg (100%) rename {nitropadpc/nitropad => nitropad}/images/NitroPad-boot-process_0.jpeg (100%) rename {nitropadpc/nitropad => nitropad}/images/NitroPad-confirm-boot-details.jpeg (100%) rename {nitropadpc/nitropad => nitropad}/images/NitroPad-error-mismatch.jpeg (100%) rename {nitropadpc/nitropad => nitropad}/images/Schraube.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/SchraubenmarkierungT430.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/SchraubenmarkierungX230.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/boot-menu.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/change-disk-encryption-passphrase/1.png (100%) rename {nitropadpc/nitropad => nitropad}/images/change-disk-encryption-passphrase/2.png (100%) rename {nitropadpc/nitropad => nitropad}/images/change-disk-encryption-passphrase/3.png (100%) rename {nitropadpc/nitropad => nitropad}/images/change-disk-encryption-passphrase/4.png (100%) rename {nitropadpc/nitropad => nitropad}/images/change-disk-encryption-passphrase/5.png (100%) rename {nitropadpc/nitropad => nitropad}/images/default-boot/1.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/default-boot/2.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/default-boot/3.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/default-boot/4.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset-heads2/admin-pin.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset-heads2/confirm-integrity.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset-heads2/confirm.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset-heads2/default-sec.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset-heads2/options.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset-heads2/otp-sec1.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset-heads2/otp-sec2.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset-heads2/reboot.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset-heads2/reset.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset-heads2/start-menu.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset-heads2/totp.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset-heads2/tpm.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset/1.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset/10.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset/11.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset/2.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset/3.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset/4.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset/5.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset/6.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset/7.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset/8.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/factory-reset/9.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/firmware-update/1.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/firmware-update/2.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/firmware-update/3.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/firmware-update/4.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/firmware-update/5.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/firmware-update/6.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/firmware-update/7.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/firmware-update/8.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/firmware-update/9.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/network-settings/settings_0.png (100%) rename {nitropadpc/nitropad => nitropad}/images/network-settings/settings_1.png (100%) rename {nitropadpc/nitropad => nitropad}/images/network-settings/settings_2.png (100%) rename {nitropadpc/nitropad => nitropad}/images/ns50_sealed.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/nv41_sealed.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/operating-system-update/NitroPad-boot-entry-error.jpeg (100%) rename {nitropadpc/nitropad => nitropad}/images/operating-system-update/NitroPad-confirm-boot-details.jpeg (100%) rename {nitropadpc/nitropad => nitropad}/images/operating-system-update/NitroPad-update-checksum.jpeg (100%) rename {nitropadpc/nitropad => nitropad}/images/options.jpg (100%) rename {nitropadpc/nitropad => nitropad}/images/system-update/1.jpeg (100%) rename {nitropadpc/nitropad => nitropad}/images/system-update/2.jpeg (100%) rename {nitropadpc/nitropad => nitropad}/images/system-update/3.jpeg (100%) rename {nitropadpc/nitropad => nitropad}/images/system-update/4.jpeg (100%) rename {nitropadpc/nitropad => nitropad}/images/system-update/5.jpeg (100%) rename {nitropadpc/nitropad => nitropad}/images/system-update/6.jpeg (100%) rename {nitropadpc/nitropad => nitropad}/index.rst (100%) rename {nitropadpc/nitropad => nitropad}/os-reinstallation.rst.inc (100%) rename {nitropadpc/nitropad => nitropad}/qubes/change-pins.rst (100%) rename {nitropadpc/nitropad => nitropad}/qubes/default-boot.rst (100%) rename {nitropadpc/nitropad => nitropad}/qubes/factory-reset-heads2.rst (100%) rename {nitropadpc/nitropad => nitropad}/qubes/factory-reset.rst (100%) rename {nitropadpc/nitropad => nitropad}/qubes/firmware-update-1.4.rst (100%) rename {nitropadpc/nitropad => nitropad}/qubes/firmware-update.rst (100%) rename {nitropadpc/nitropad => nitropad}/qubes/images/QubesDiskPassword.jpg (100%) rename {nitropadpc/nitropad => nitropad}/qubes/images/user-password-reset/step-five.jpg (100%) rename {nitropadpc/nitropad => nitropad}/qubes/images/user-password-reset/step-four.jpg (100%) rename {nitropadpc/nitropad => nitropad}/qubes/images/user-password-reset/step-one.jpg (100%) rename {nitropadpc/nitropad => nitropad}/qubes/images/user-password-reset/step-three.jpg (100%) rename {nitropadpc/nitropad => nitropad}/qubes/images/user-password-reset/step-two.jpg (100%) rename {nitropadpc/nitropad => nitropad}/qubes/index.rst (100%) rename {nitropadpc/nitropad => nitropad}/qubes/network-settings.rst (100%) rename {nitropadpc/nitropad => nitropad}/qubes/nitrokey-app.rst (100%) rename {nitropadpc/nitropad => nitropad}/qubes/os-reinstallation.rst (100%) rename {nitropadpc/nitropad => nitropad}/qubes/sealed-hardware.rst (100%) rename {nitropadpc/nitropad => nitropad}/qubes/system-update.rst (100%) rename {nitropadpc/nitropad => nitropad}/qubes/troubleshooting.rst (100%) rename {nitropadpc/nitropad => nitropad}/qubes/user-password-reset.rst (100%) rename {nitropadpc/nitropad => nitropad}/sealed-hardware.rst.inc (100%) rename {nitropadpc/nitropad => nitropad}/system-update.rst.inc (100%) rename {nitropadpc/nitropad => nitropad}/troubleshooting.rst.inc (100%) rename {nitropadpc/nitropad => nitropad}/ubuntu/change-disk-encryption-passphrase.rst (100%) rename {nitropadpc/nitropad => nitropad}/ubuntu/change-pins.rst (100%) rename {nitropadpc/nitropad => nitropad}/ubuntu/default-boot.rst (100%) rename {nitropadpc/nitropad => nitropad}/ubuntu/factory-reset-heads2.rst (100%) rename {nitropadpc/nitropad => nitropad}/ubuntu/factory-reset.rst (100%) rename {nitropadpc/nitropad => nitropad}/ubuntu/firmware-update-1.4.rst (100%) rename {nitropadpc/nitropad => nitropad}/ubuntu/firmware-update.rst (100%) rename {nitropadpc/nitropad => nitropad}/ubuntu/images/NitroPad-boot-options.jpeg (100%) rename {nitropadpc/nitropad => nitropad}/ubuntu/images/UbuntuDiskPassword.png (100%) rename {nitropadpc/nitropad => nitropad}/ubuntu/index.rst (100%) rename {nitropadpc/nitropad => nitropad}/ubuntu/nitrokey-app.rst (100%) rename {nitropadpc/nitropad => nitropad}/ubuntu/os-reinstallation.rst (100%) rename {nitropadpc/nitropad => nitropad}/ubuntu/sealed-hardware.rst (100%) rename {nitropadpc/nitropad => nitropad}/ubuntu/system-update.rst (100%) rename {nitropadpc/nitropad => nitropad}/ubuntu/troubleshooting.rst (100%) rename {nitropadpc/nitropc => nitropc}/debian/index.rst (100%) rename {nitropadpc/nitropc => nitropc}/debian/os-reinstallation.rst (100%) rename {nitropadpc/nitropc => nitropc}/debian/sealed-hardware.rst (100%) rename {nitropadpc/nitropc => nitropc}/faq.rst (100%) rename {nitropadpc/nitropc => nitropc}/index.rst (100%) rename {nitropadpc/nitropc => nitropc}/os-reinstallation.rst.inc (100%) rename {nitropadpc/nitropc => nitropc}/qubes/gpu-install.rst (100%) rename {nitropadpc/nitropc => nitropc}/qubes/index.rst (100%) rename {nitropadpc/nitropc => nitropc}/qubes/nitrokey-app.rst (100%) rename {nitropadpc/nitropc => nitropc}/qubes/os-reinstallation.rst (100%) rename {nitropadpc/nitropc => nitropc}/qubes/sealed-hardware.rst (100%) rename {nitropadpc/nitropc => nitropc}/sealed-hardware.rst.inc (100%) rename {nitropadpc/nitropc => nitropc}/ubuntu/index.rst (100%) rename {nitropadpc/nitropc => nitropc}/ubuntu/nitrokey-app.rst (100%) rename {nitropadpc/nitropc => nitropc}/ubuntu/os-reinstallation.rst (100%) rename {nitropadpc/nitropc => nitropc}/ubuntu/sealed-hardware.rst (100%) delete mode 100644 start/linux/ipsec.rst delete mode 100644 start/linux/stunnel.rst diff --git a/nitrokeys/features/change-pins/images/App-change-pin.png b/nitrokeys/features/change-pins/images/change-pins/App-change-pin.png similarity index 100% rename from nitrokeys/features/change-pins/images/App-change-pin.png rename to nitrokeys/features/change-pins/images/change-pins/App-change-pin.png diff --git a/nitrokeys/pro/firmware-update.rst b/nitrokeys/pro/firmware-update.rst index 4bcad58a94..b43cb39fbe 100644 --- a/nitrokeys/pro/firmware-update.rst +++ b/nitrokeys/pro/firmware-update.rst @@ -21,8 +21,8 @@ How to Update 1. Make sure you have the latest `pynitrokey` version installed, please check the `installation instructions <../../software/nitropy/all-platforms/installation.html>`__ for your OS. 2. Download the latest stable `firmware image `__. -.. important:: - For production use you should choose the latest stable version (so only versions, that don’t contain i.e. “pre-release” or “RC”). + .. important:: + For production use you should choose the latest stable version (so only versions, that don’t contain i.e. “pre-release” or “RC”). 3. To apply the update run: @@ -39,25 +39,25 @@ Alternatively `dfu-util` can be used for the firmware update: 1. Install dfu-util -Binaries for Windows are available at: - * http://dfu-util.sourceforge.net/releases/ + Binaries for Windows are available at: + * http://dfu-util.sourceforge.net/releases/ -For macOS binaries are available via Homebrew: - * https://formulae.brew.sh/formula/dfu-util + For macOS binaries are available via Homebrew: + * https://formulae.brew.sh/formula/dfu-util -*macOS only:* Install `dfu-util` via Homebrew + *macOS only:* Install `dfu-util` via Homebrew -.. code-block:: bash + .. code-block:: bash - brew install dfu-util + brew install dfu-util 2. Use Nitrokey App v1.5-RC7 or higher to change the boot mode of the Nitrokey Pro to update mode. 3. Now the following command to apply the update -.. code-block:: bash + .. code-block:: bash - $ dfu-util -D update_binary.bin + $ dfu-util -D update_binary.bin 4. The boot mode can now be changed back again with the Nitrokey App. diff --git a/nitrokeys/pro/getting-started.rst b/nitrokeys/pro/getting-started.rst index 7aec165193..a09313cb18 100644 --- a/nitrokeys/pro/getting-started.rst +++ b/nitrokeys/pro/getting-started.rst @@ -6,35 +6,35 @@ Getting Started 1. -.. tabs:: - .. tab:: Linux - To access the OpenPGP smart card of the Nitrokey, install the package - libccid. On Debian/Ubuntu based Distributions type in terminal: *sudo - apt-get update && sudo apt-get install libccid* - - If your distribution has a rather old version of libccid (<1.4.21) - you have to add the device information by yourself (for example if - you are using Ubuntu 14.04 or older). In this case please follow - these - `instructions `__. - .. tab:: MacOS - Once you plug in the Nitrokey, your computer will start the Keyboard - Setup Assistant. **Don’t run through this assistant but exit it right - away.** - .. tab:: Windows - Connect your Nitrokey to your computer and confirm all dialogs so - that the USB smart card device driver gets installed almost - automatically. Windows may fail to install an additional device - driver for the smart card. Its safe to ignore this warning. + .. tabs:: + .. tab:: Linux + To access the OpenPGP smart card of the Nitrokey, install the package + libccid. On Debian/Ubuntu based Distributions type in terminal: *sudo + apt-get update && sudo apt-get install libccid* + + If your distribution has a rather old version of libccid (<1.4.21) + you have to add the device information by yourself (for example if + you are using Ubuntu 14.04 or older). In this case please follow + these + `instructions `__. + .. tab:: MacOS + Once you plug in the Nitrokey, your computer will start the Keyboard + Setup Assistant. **Don’t run through this assistant but exit it right + away.** + .. tab:: Windows + Connect your Nitrokey to your computer and confirm all dialogs so + that the USB smart card device driver gets installed almost + automatically. Windows may fail to install an additional device + driver for the smart card. Its safe to ignore this warning. 2. Download and start the `Nitrokey App `__. Follow the - `instructions `_ + `instructions <../features/change-pins/index.html>`_ to change the default User PIN (default: 123456) and Admin PIN (default: 12345678) to your own choices. -.. figure:: ./images/App-change-pin.png +.. figure:: ../features/change-pins/images/change-pins/App-change-pin.png :alt: img diff --git a/start/factory-reset.rst b/nitrokeys/start/factory-reset.rst similarity index 100% rename from start/factory-reset.rst rename to nitrokeys/start/factory-reset.rst diff --git a/start/faq.rst b/nitrokeys/start/faq.rst similarity index 100% rename from start/faq.rst rename to nitrokeys/start/faq.rst diff --git a/start/index.rst b/nitrokeys/start/index.rst similarity index 100% rename from start/index.rst rename to nitrokeys/start/index.rst diff --git a/start/linux/factory-reset.rst b/nitrokeys/start/linux/factory-reset.rst similarity index 100% rename from start/linux/factory-reset.rst rename to nitrokeys/start/linux/factory-reset.rst diff --git a/start/linux/firmware-update.rst b/nitrokeys/start/linux/firmware-update.rst similarity index 100% rename from start/linux/firmware-update.rst rename to nitrokeys/start/linux/firmware-update.rst diff --git a/start/linux/gpa.rst b/nitrokeys/start/linux/gpa.rst similarity index 100% rename from start/linux/gpa.rst rename to nitrokeys/start/linux/gpa.rst diff --git a/start/linux/index.rst b/nitrokeys/start/linux/index.rst similarity index 100% rename from start/linux/index.rst rename to nitrokeys/start/linux/index.rst diff --git a/nitrokeys/storage/linux/ipsec.rst b/nitrokeys/start/linux/ipsec.rst similarity index 100% rename from nitrokeys/storage/linux/ipsec.rst rename to nitrokeys/start/linux/ipsec.rst diff --git a/start/linux/login-with-pam.rst b/nitrokeys/start/linux/login-with-pam.rst similarity index 100% rename from start/linux/login-with-pam.rst rename to nitrokeys/start/linux/login-with-pam.rst diff --git a/start/linux/multiple-identities.rst b/nitrokeys/start/linux/multiple-identities.rst similarity index 100% rename from start/linux/multiple-identities.rst rename to nitrokeys/start/linux/multiple-identities.rst diff --git a/start/linux/openpgp-keygen-backup.rst b/nitrokeys/start/linux/openpgp-keygen-backup.rst similarity index 100% rename from start/linux/openpgp-keygen-backup.rst rename to nitrokeys/start/linux/openpgp-keygen-backup.rst diff --git a/start/linux/openpgp-keygen-gpa.rst b/nitrokeys/start/linux/openpgp-keygen-gpa.rst similarity index 100% rename from start/linux/openpgp-keygen-gpa.rst rename to nitrokeys/start/linux/openpgp-keygen-gpa.rst diff --git a/start/linux/openpgp-keygen-on-device.rst b/nitrokeys/start/linux/openpgp-keygen-on-device.rst similarity index 100% rename from start/linux/openpgp-keygen-on-device.rst rename to nitrokeys/start/linux/openpgp-keygen-on-device.rst diff --git a/start/linux/openpgp-outlook.rst b/nitrokeys/start/linux/openpgp-outlook.rst similarity index 100% rename from start/linux/openpgp-outlook.rst rename to nitrokeys/start/linux/openpgp-outlook.rst diff --git a/start/linux/openpgp-thunderbird.rst b/nitrokeys/start/linux/openpgp-thunderbird.rst similarity index 100% rename from start/linux/openpgp-thunderbird.rst rename to nitrokeys/start/linux/openpgp-thunderbird.rst diff --git a/start/linux/openpgp.rst b/nitrokeys/start/linux/openpgp.rst similarity index 100% rename from start/linux/openpgp.rst rename to nitrokeys/start/linux/openpgp.rst diff --git a/start/linux/setting-kdf-do.rst b/nitrokeys/start/linux/setting-kdf-do.rst similarity index 100% rename from start/linux/setting-kdf-do.rst rename to nitrokeys/start/linux/setting-kdf-do.rst diff --git a/start/linux/smime-outlook.rst b/nitrokeys/start/linux/smime-outlook.rst similarity index 100% rename from start/linux/smime-outlook.rst rename to nitrokeys/start/linux/smime-outlook.rst diff --git a/start/linux/smime-thunderbird.rst b/nitrokeys/start/linux/smime-thunderbird.rst similarity index 100% rename from start/linux/smime-thunderbird.rst rename to nitrokeys/start/linux/smime-thunderbird.rst diff --git a/start/linux/smime.rst b/nitrokeys/start/linux/smime.rst similarity index 100% rename from start/linux/smime.rst rename to nitrokeys/start/linux/smime.rst diff --git a/start/linux/ssh.rst b/nitrokeys/start/linux/ssh.rst similarity index 100% rename from start/linux/ssh.rst rename to nitrokeys/start/linux/ssh.rst diff --git a/nitrokeys/storage/linux/stunnel.rst b/nitrokeys/start/linux/stunnel.rst similarity index 100% rename from nitrokeys/storage/linux/stunnel.rst rename to nitrokeys/start/linux/stunnel.rst diff --git a/start/mac/factory-reset.rst b/nitrokeys/start/mac/factory-reset.rst similarity index 100% rename from start/mac/factory-reset.rst rename to nitrokeys/start/mac/factory-reset.rst diff --git a/start/mac/gpa.rst b/nitrokeys/start/mac/gpa.rst similarity index 100% rename from start/mac/gpa.rst rename to nitrokeys/start/mac/gpa.rst diff --git a/start/mac/index.rst b/nitrokeys/start/mac/index.rst similarity index 100% rename from start/mac/index.rst rename to nitrokeys/start/mac/index.rst diff --git a/start/mac/multiple-identities.rst b/nitrokeys/start/mac/multiple-identities.rst similarity index 100% rename from start/mac/multiple-identities.rst rename to nitrokeys/start/mac/multiple-identities.rst diff --git a/start/mac/openpgp-keygen-backup.rst b/nitrokeys/start/mac/openpgp-keygen-backup.rst similarity index 100% rename from start/mac/openpgp-keygen-backup.rst rename to nitrokeys/start/mac/openpgp-keygen-backup.rst diff --git a/start/mac/openpgp-keygen-gpa.rst b/nitrokeys/start/mac/openpgp-keygen-gpa.rst similarity index 100% rename from start/mac/openpgp-keygen-gpa.rst rename to nitrokeys/start/mac/openpgp-keygen-gpa.rst diff --git a/start/mac/openpgp-keygen-on-device.rst b/nitrokeys/start/mac/openpgp-keygen-on-device.rst similarity index 100% rename from start/mac/openpgp-keygen-on-device.rst rename to nitrokeys/start/mac/openpgp-keygen-on-device.rst diff --git a/start/mac/openpgp-outlook.rst b/nitrokeys/start/mac/openpgp-outlook.rst similarity index 100% rename from start/mac/openpgp-outlook.rst rename to nitrokeys/start/mac/openpgp-outlook.rst diff --git a/start/mac/openpgp-thunderbird.rst b/nitrokeys/start/mac/openpgp-thunderbird.rst similarity index 100% rename from start/mac/openpgp-thunderbird.rst rename to nitrokeys/start/mac/openpgp-thunderbird.rst diff --git a/start/mac/openpgp.rst b/nitrokeys/start/mac/openpgp.rst similarity index 100% rename from start/mac/openpgp.rst rename to nitrokeys/start/mac/openpgp.rst diff --git a/start/mac/setting-kdf-do.rst b/nitrokeys/start/mac/setting-kdf-do.rst similarity index 100% rename from start/mac/setting-kdf-do.rst rename to nitrokeys/start/mac/setting-kdf-do.rst diff --git a/start/mac/smime-outlook.rst b/nitrokeys/start/mac/smime-outlook.rst similarity index 100% rename from start/mac/smime-outlook.rst rename to nitrokeys/start/mac/smime-outlook.rst diff --git a/start/mac/smime-thunderbird.rst b/nitrokeys/start/mac/smime-thunderbird.rst similarity index 100% rename from start/mac/smime-thunderbird.rst rename to nitrokeys/start/mac/smime-thunderbird.rst diff --git a/start/mac/smime.rst b/nitrokeys/start/mac/smime.rst similarity index 100% rename from start/mac/smime.rst rename to nitrokeys/start/mac/smime.rst diff --git a/start/multiple-identities.rst.inc b/nitrokeys/start/multiple-identities.rst.inc similarity index 100% rename from start/multiple-identities.rst.inc rename to nitrokeys/start/multiple-identities.rst.inc diff --git a/start/setting-kdf-do.rst.inc b/nitrokeys/start/setting-kdf-do.rst.inc similarity index 100% rename from start/setting-kdf-do.rst.inc rename to nitrokeys/start/setting-kdf-do.rst.inc diff --git a/start/windows/factory-reset.rst b/nitrokeys/start/windows/factory-reset.rst similarity index 100% rename from start/windows/factory-reset.rst rename to nitrokeys/start/windows/factory-reset.rst diff --git a/start/windows/gpa.rst b/nitrokeys/start/windows/gpa.rst similarity index 100% rename from start/windows/gpa.rst rename to nitrokeys/start/windows/gpa.rst diff --git a/start/windows/index.rst b/nitrokeys/start/windows/index.rst similarity index 100% rename from start/windows/index.rst rename to nitrokeys/start/windows/index.rst diff --git a/start/windows/multiple-identities.rst b/nitrokeys/start/windows/multiple-identities.rst similarity index 100% rename from start/windows/multiple-identities.rst rename to nitrokeys/start/windows/multiple-identities.rst diff --git a/start/windows/openpgp-keygen-backup.rst b/nitrokeys/start/windows/openpgp-keygen-backup.rst similarity index 100% rename from start/windows/openpgp-keygen-backup.rst rename to nitrokeys/start/windows/openpgp-keygen-backup.rst diff --git a/start/windows/openpgp-keygen-gpa.rst b/nitrokeys/start/windows/openpgp-keygen-gpa.rst similarity index 100% rename from start/windows/openpgp-keygen-gpa.rst rename to nitrokeys/start/windows/openpgp-keygen-gpa.rst diff --git a/start/windows/openpgp-keygen-on-device.rst b/nitrokeys/start/windows/openpgp-keygen-on-device.rst similarity index 100% rename from start/windows/openpgp-keygen-on-device.rst rename to nitrokeys/start/windows/openpgp-keygen-on-device.rst diff --git a/start/windows/openpgp-outlook.rst b/nitrokeys/start/windows/openpgp-outlook.rst similarity index 100% rename from start/windows/openpgp-outlook.rst rename to nitrokeys/start/windows/openpgp-outlook.rst diff --git a/start/windows/openpgp-thunderbird.rst b/nitrokeys/start/windows/openpgp-thunderbird.rst similarity index 100% rename from start/windows/openpgp-thunderbird.rst rename to nitrokeys/start/windows/openpgp-thunderbird.rst diff --git a/start/windows/openpgp.rst b/nitrokeys/start/windows/openpgp.rst similarity index 100% rename from start/windows/openpgp.rst rename to nitrokeys/start/windows/openpgp.rst diff --git a/start/windows/putty.rst b/nitrokeys/start/windows/putty.rst similarity index 100% rename from start/windows/putty.rst rename to nitrokeys/start/windows/putty.rst diff --git a/start/windows/setting-kdf-do.rst b/nitrokeys/start/windows/setting-kdf-do.rst similarity index 100% rename from start/windows/setting-kdf-do.rst rename to nitrokeys/start/windows/setting-kdf-do.rst diff --git a/start/windows/smime-outlook.rst b/nitrokeys/start/windows/smime-outlook.rst similarity index 100% rename from start/windows/smime-outlook.rst rename to nitrokeys/start/windows/smime-outlook.rst diff --git a/start/windows/smime-thunderbird.rst b/nitrokeys/start/windows/smime-thunderbird.rst similarity index 100% rename from start/windows/smime-thunderbird.rst rename to nitrokeys/start/windows/smime-thunderbird.rst diff --git a/start/windows/smime.rst b/nitrokeys/start/windows/smime.rst similarity index 100% rename from start/windows/smime.rst rename to nitrokeys/start/windows/smime.rst diff --git a/nitrokeys/storage/encrypted-mobile-storage.rst b/nitrokeys/storage/encrypted-mobile-storage.rst index 02d3b64a73..02f46aab0e 100644 --- a/nitrokeys/storage/encrypted-mobile-storage.rst +++ b/nitrokeys/storage/encrypted-mobile-storage.rst @@ -1,3 +1,7 @@ +Encrypted Mobile Storage +======================== + + Prior of using the encrypted mobile storage you need to install and initialize the Nitrokey Storage and download the latest `Nitrokey App `__. 1. Start the Nitrokey App. diff --git a/nitrokeys/storage/factory-reset.rst b/nitrokeys/storage/factory-reset.rst index 31ff5e779b..fb710c5987 100644 --- a/nitrokeys/storage/factory-reset.rst +++ b/nitrokeys/storage/factory-reset.rst @@ -1,3 +1,6 @@ +Factory reset +============= + .. contents:: :local: There are two types of factory resets for Nitrokey Storage devices: @@ -17,7 +20,7 @@ Password Safe and the Encrypted Volume without performing a factory reset. The factory reset can be triggered in the Nitrokey App with the menu entry ``Configure->Special Configure->Factory reset``. -.. figure:: /storage/images/factory-reset-menu-item.png +.. figure:: images//factory-reset/factory-reset-menu-item.png :alt: factory-reset-menu-item .. note:: diff --git a/nitrokeys/storage/firmware-update-manually.rst b/nitrokeys/storage/firmware-update-manually.rst index 10cfd13c81..6146f335a4 100644 --- a/nitrokeys/storage/firmware-update-manually.rst +++ b/nitrokeys/storage/firmware-update-manually.rst @@ -1,3 +1,7 @@ +Manual Firmware Update +====================== + + .. contents:: :local: .. note:: @@ -24,12 +28,12 @@ Install Balena Etcher Balena Etcher helps us to install the USB image on the USB stick. Please double click on the `previously downloaded installation file `__ and follow the instructions. -.. figure:: /storage/images/firmware-update-manually/1.png +.. figure:: images/firmware-update-manually/1.png :alt: img1 -.. figure:: /storage/images/firmware-update-manually/2.png +.. figure:: images/firmware-update-manually/2.png :alt: img2 @@ -39,29 +43,29 @@ Installing the USB image with Balena Etcher The program usually opens immediately after installation. If not, you will find a shortcut on the desktop. Using the application, select the `previously downloaded image file `__, which ends with “.img.zip”. Now insert the USB stick. It should be recognized automatically. Press “Flash!” to proceed. -.. figure:: /storage/images/firmware-update-manually/3.png +.. figure:: images/firmware-update-manually/3.png :alt: img3 -.. figure:: /storage/images/firmware-update-manually/4.png +.. figure:: images/firmware-update-manually/4.png :alt: img4 You must allow the application to make changes. -.. figure:: /storage/images/firmware-update-manually/5.png +.. figure:: images/firmware-update-manually/5.png :alt: img5 -.. figure:: /storage/images/firmware-update-manually/7.png +.. figure:: images/firmware-update-manually/7.png :alt: img7 -.. figure:: /storage/images/firmware-update-manually/8.png +.. figure:: images/firmware-update-manually/8.png :alt: img8 After the image has been successfully transferred, Windows may ask if the device should be formatted. It is important that you click “Cancel”, otherwise the USB stick will be overwritten by Windows. -.. figure:: /storage/images/firmware-update-manually/9.png +.. figure:: images/firmware-update-manually/9.png :alt: img9 @@ -73,14 +77,14 @@ Now the system must be restarted. The USB stick must remain in the USB port so t After the system has started, please choose the language by typing 1 (English) and hit Enter. -.. figure:: /storage/images/firmware-update-manually/10.png +.. figure:: images/firmware-update-manually/10.png :alt: img10 Please insert the Nitrokey Storage when asked to. -.. figure:: /storage/images/firmware-update-manually/11.png +.. figure:: images/firmware-update-manually/11.png :alt: img11 @@ -88,7 +92,7 @@ Please insert the Nitrokey Storage when asked to. The Firmware Update Mode will be started automatically if the standard password is set. Otherwise you need to input your password and hit enter. -.. figure:: /storage/images/firmware-update-manually/12.png +.. figure:: images/firmware-update-manually/12.png :alt: img12 @@ -99,6 +103,6 @@ Restoring the USB Stick Windows should automatically ask to format your USB Stick as soon as you insert the USB Stick the first time again in Windows. Just accept the request for being able to use the USB Stick as previously. -.. figure:: /storage/images/firmware-update-manually/13.png +.. figure:: images/firmware-update-manually/13.png :alt: img13 diff --git a/nitrokeys/storage/firmware-update.rst b/nitrokeys/storage/firmware-update.rst new file mode 100644 index 0000000000..e90b40eb64 --- /dev/null +++ b/nitrokeys/storage/firmware-update.rst @@ -0,0 +1,104 @@ +Firmware Update +=============== + +.. contents:: :local: + +.. warning:: + + You should backup all data from the device before upgrading, as + firmware upgrades may destroy all data on the device (especially + coming from firmware version <0.45)! + +.. important:: + Never disconnect the Nitrokey Start or abort the process while updating, + this will likely render your device useless + + +.. tabs:: + .. tab:: Linux + 1. Download the `Nitrokey App `__ and the program “dfu-programmer” which should be available through your package-manager, e.g. ``apt-get update && apt-get install dfu-programmer`` on Debian-based systems. + + 2. Download the latest firmware ".hex" file from `here `__ and store it as "firmware.hex" in your home folder. Older releases are `here `__. + + 3. Right click on the icon of the Nitrokey App and go to “Configure” -> “Enable Firmware Update”. The default firmware password is ‘12345678’. + + .. figure:: images/firmware-update/enable-firmware-update.png + :alt: Enable firmware update + + .. note:: + + The Nitrokey Storage is not detected by Nitrokey App anymore once update mode got + activated. You have to proceed with the instructions described below + to make it work again. + + + 4. Open a terminal and execute: + + .. code-block:: bash + + sudo dfu-programmer at32uc3a3256s erase + sudo dfu-programmer at32uc3a3256s flash --suppress-bootloader-mem firmware.hex + sudo dfu-programmer at32uc3a3256s launch + # versions <0.7 of dfu-programmer use "start" instead of "launch" + + whereas “firmware.hex” needs to be the path and file name of the firmware which you downloaded in step 2. + + .. tab:: MacOS + 1. Download the `Nitrokey App `__ and the `Nitrokey Update Tool `__. The Nitrokey Update Tool is currently available for macOS and Windows only. + + 2. Download the latest firmware ".hex" file from `here `__. Older releases are `here `__. + + 3. Right click on the icon of the Nitrokey App and go to “Configure” -> “Enable Firmware Update”. The default firmware password is ‘12345678’. + + .. figure:: images/firmware-update/enable-firmware-update.png + :alt: Enable firmware update + + .. note:: + + The Nitrokey Storage is not detected by Nitrokey App anymore once update mode got + activated. You have to proceed with the instructions described below + to make it work again. + + .. note:: + + If you are using Microsoft Windows Build 1809 and Nitrokey Storage + Firmware 0.52 or lower, you need to use another system or if this is not + feasible use `these + instructions `_ to + enable the Firmware Update mode. + + 4. Start the Nitrokey Update Tool and click “Select firmware file”. Select the previously downloaded firmware ".hex" file. Click on “Update firmware” to start the update process. Your device should get detected by the Nitrokey App again as soon as the update is finished. + + .. figure:: images/firmware-update/nitrokey-update-tool.png + :alt: Nitrokey Update Tool + + .. tab:: Windows + + 1. Download the `Nitrokey App `__ and the `Nitrokey Update Tool `__. The Nitrokey Update Tool is currently available for macOS and Windows only. + + 2. Download the latest firmware ".hex" file from `here `__. Older releases are `here `__. + + 3. Right click on the icon of the Nitrokey App and go to “Configure” -> “Enable Firmware Update”. The default firmware password is ‘12345678’. + + .. figure:: images/firmware-update/enable-firmware-update.png + :alt: Enable firmware update + + .. note:: + + The Nitrokey Storage is not detected by Nitrokey App anymore once update mode got + activated. You have to proceed with the instructions described below + to make it work again. + + .. note:: + + If you are using Microsoft Windows Build 1809 and Nitrokey Storage + Firmware 0.52 or lower, you need to use another system or if this is not + feasible use `these + instructions `_ to + enable the Firmware Update mode. + + 4. Start the Nitrokey Update Tool and click “Select firmware file”. Select the previously downloaded firmware ".hex" file. Click on “Update firmware” to start the update process. Your device should get detected by the Nitrokey App again as soon as the update is finished. + + .. figure:: images/firmware-update/nitrokey-update-tool.png + :alt: Nitrokey Update Tool + diff --git a/nitrokeys/storage/getting-started.rst b/nitrokeys/storage/getting-started.rst index e69de29bb2..e318eb9d30 100644 --- a/nitrokeys/storage/getting-started.rst +++ b/nitrokeys/storage/getting-started.rst @@ -0,0 +1,77 @@ +Getting Started +=============== + +.. contents:: :local: + + +1. + .. tabs:: + .. group-tab:: Linux + To access the OpenPGP smart card of the Nitrokey, install the package + libccid. On Debian/Ubuntu based Distributions type in terminal: + .. code-block:: bash + $ sudo apt-get update && sudo apt-get install libccid + + .. group-tab:: MacOS + Important: Once you plug in the Nitrokey, your computer will start + the Keyboard Setup Assistant. **Don’t run through this assistant but + exit it right away.** + + .. group-tab:: Windows + Connect your Nitrokey to your computer and confirm all dialogs so that the USB smart card device driver gets installed almost automatically. + + .. note:: + + Windows may fail to install an additional device driver for the smart card. Its safe to ignore this warning. + +2. + .. tabs:: + .. group-tab:: Linux + Download and start the `Nitrokey App `__. + + .. group-tab:: MacOS + Download and start the `Nitrokey App `__. Perhaps you want to store + it on the unencrypted partition of your Nitrokey Storage + + .. group-tab:: Windows + Download and start the `Nitrokey App `__. Perhaps you want to store it on the unencrypted partition of your Nitrokey Storage. There won’t open a window, but an icon appears in the system tray (see screenshot below). Please right-click on this icon to use all the options of the App. + + .. figure:: images/getting-started/Windows10-Systemtray.png + :alt: img1 + +3. Open the About window from Nitrokey App’s menu and check if you have + the `latest + firmware `__ + installed. If it’s not the latest, please + `update `_. + +4. Use the Nitrokey App to change the default User PIN (default: 123456) + and Admin PIN (default: 12345678) to your own choices. + +Your Nitrokey is now ready to use. + +.. note:: + + - For some Versions of MacOS it is necessary to install custom `ccid + driver `__ + (for information see + `here `__), + but in general MacOS should have the driver onboard. + + - For many use cases described, it is necessary to have either + OpenPGP or S/MIME keys installed on the device (see below). + +Key Creation with OpenPGP or S/MIME +----------------------------------- + +There are two widely used standards for email encryption. While +OpenPGP/GnuPG is popular among individuals, S/MIME/x.509 is mostly used +by enterprises. If you are in doubt which one to choose, you should use +OpenPGP. + +To learn more about how to use OpenPGP for email encryption with the Nitrokey, +please refer to chapter `OpenPGP Email Encryption <../features/openpgp/index.html>`_. + +To learn more about how to use S/MIME for email encryption with the Nitrokey, +please refer to chapter `S/MIME Email Encryption <../features/smime/index.html>`_. + diff --git a/nitrokeys/storage/hidden.rst b/nitrokeys/storage/hidden.rst index 11d2b103aa..d5d4ba91bc 100644 --- a/nitrokeys/storage/hidden.rst +++ b/nitrokeys/storage/hidden.rst @@ -15,7 +15,7 @@ You can configure up to four hidden volumes. Once unlocked, hidden volumes behav There are no mechanisms to prevent accidental overwritting of hidden data, as they would reveal the existence of hidden volumes. Data written to the encrypted volume before the creation of the hidden volume can still be read. -.. figure:: /storage/images/hidden-schema.svg +.. figure:: images/hidden/hidden-schema.svg :alt: Hidden volume description. The hidden volumes are within the free space of the encrypted volume. @@ -32,11 +32,45 @@ Configuring hidden volumes 1. Unlock the encrypted volume using the Nitrokey App. 2. In the menu, select "setup hidden volume". - .. figure:: /storage/images/setup_hidden_volume.png + .. figure:: images/hidden/setup_hidden_volume.png :alt: menu containing the hidden volume setup utility. 3. Enter a strong passphrase twice. Unlike the encrypted volume PIN, there are no limit to the number of attempts at opening hidden volumes, so the strength of the passphrase is extremely important. 4. Define the storage area to be used. Hidden volumes are stored in the free areas of the encrypted volume. When creating multiple hidden volume, you need to allocate a part of the free area for each volume, making sure they do not overlap. - .. figure:: /storage/images/hidden-storage-passphrase.png + .. figure:: images/hidden/hidden-storage-passphrase.png :alt: Hidden volume dialog box + +Using hidden volumes +-------------------- + +1. Unlock the encrypted volume. + +2. Select "unlock hidden volume" and enter any of the hidden volume's passwords. + +3. + + .. tabs:: + .. tab:: Linux + + If this is the first time you unlock the hidden volume, you may need to create a partition on the hidden volume. You will need to open a partition manager such as `GParted `__ and create one or more partitions manually. Make sure to create the partitions on the device that appeared when unlocking the hidden volume. + + .. figure:: images/hidden/hidden-storage-partition.png + :alt: Hidden volume partitioning + + .. tab:: MacOS + + If this is the first time you unlock the hidden volume, you may need to create a partition on the hidden volume. You will need to use `Disk Utility `__. Make sure to create the partitions on the device that appeared when unlocking the hidden volume. + + .. tab:: Windows + + If this is the first time you unlock the hidden volume, you may need to create a partition on the hidden volume. In this case, Windows will prompt you to do so. You can then format the hidden volume using FAT32, for compatibility with most operating systems. + + + .. figure:: images/hidden/format-dialog.png + :alt: Windows formating prompt + + .. figure:: images/hidden/format-tool.png + :alt: Windows formating tool + +4. Make sure to unmount/eject all partitions on the hidden volumes before locking or disconnecting the Nitrokey. \ No newline at end of file diff --git a/nitrokeys/storage/images/factory-reset-menu-item.png b/nitrokeys/storage/images/factory-reset/factory-reset-menu-item.png similarity index 100% rename from nitrokeys/storage/images/factory-reset-menu-item.png rename to nitrokeys/storage/images/factory-reset/factory-reset-menu-item.png diff --git a/nitrokeys/storage/images/enable-firmware-update.png b/nitrokeys/storage/images/firmware-update/enable-firmware-update.png similarity index 100% rename from nitrokeys/storage/images/enable-firmware-update.png rename to nitrokeys/storage/images/firmware-update/enable-firmware-update.png diff --git a/nitrokeys/storage/windows/images/nitrokey-update-tool.png b/nitrokeys/storage/images/firmware-update/nitrokey-update-tool.png similarity index 100% rename from nitrokeys/storage/windows/images/nitrokey-update-tool.png rename to nitrokeys/storage/images/firmware-update/nitrokey-update-tool.png diff --git a/nitrokeys/storage/windows/images/Windows10-Systemtray.png b/nitrokeys/storage/images/getting-started/Windows10-Systemtray.png similarity index 100% rename from nitrokeys/storage/windows/images/Windows10-Systemtray.png rename to nitrokeys/storage/images/getting-started/Windows10-Systemtray.png diff --git a/nitrokeys/storage/windows/images/format-dialog.png b/nitrokeys/storage/images/hidden/format-dialog.png similarity index 100% rename from nitrokeys/storage/windows/images/format-dialog.png rename to nitrokeys/storage/images/hidden/format-dialog.png diff --git a/nitrokeys/storage/windows/images/format-tool.png b/nitrokeys/storage/images/hidden/format-tool.png similarity index 100% rename from nitrokeys/storage/windows/images/format-tool.png rename to nitrokeys/storage/images/hidden/format-tool.png diff --git a/nitrokeys/storage/images/hidden-schema.svg b/nitrokeys/storage/images/hidden/hidden-schema.svg similarity index 100% rename from nitrokeys/storage/images/hidden-schema.svg rename to nitrokeys/storage/images/hidden/hidden-schema.svg diff --git a/nitrokeys/storage/linux/images/hidden-storage-partition.png b/nitrokeys/storage/images/hidden/hidden-storage-partition.png similarity index 100% rename from nitrokeys/storage/linux/images/hidden-storage-partition.png rename to nitrokeys/storage/images/hidden/hidden-storage-partition.png diff --git a/nitrokeys/storage/images/hidden-storage-passphrase.png b/nitrokeys/storage/images/hidden/hidden-storage-passphrase.png similarity index 100% rename from nitrokeys/storage/images/hidden-storage-passphrase.png rename to nitrokeys/storage/images/hidden/hidden-storage-passphrase.png diff --git a/nitrokeys/storage/images/setup_hidden_volume.png b/nitrokeys/storage/images/hidden/setup_hidden_volume.png similarity index 100% rename from nitrokeys/storage/images/setup_hidden_volume.png rename to nitrokeys/storage/images/hidden/setup_hidden_volume.png diff --git a/nitrokeys/storage/index.rst b/nitrokeys/storage/index.rst index 30167c3de6..0ad0ebe914 100644 --- a/nitrokeys/storage/index.rst +++ b/nitrokeys/storage/index.rst @@ -34,4 +34,9 @@ or check out the features: EID <../features/eid/index> TOTP <../features/totp/index> SSH <../features/ssh/index> - Putty <../features/ssh/putty> \ No newline at end of file + Putty <../features/ssh/putty> + Hidden-Storage + Firmware-Update + Manual Firmware-Update + Factory Reset + Encrypted Mobile Storage \ No newline at end of file diff --git a/nitrokeys/storage/linux/firmware-update.rst b/nitrokeys/storage/linux/firmware-update.rst deleted file mode 100644 index 138d94ede7..0000000000 --- a/nitrokeys/storage/linux/firmware-update.rst +++ /dev/null @@ -1,42 +0,0 @@ -Firmware Update -=============== - -.. contents:: :local: - -.. warning:: - - You should backup all data from the device before upgrading, as - firmware upgrades may destroy all data on the device (especially - coming from firmware version <0.45)! - -.. important:: - Never disconnect the Nitrokey Start or abort the process while updating, - this will likely render your device useless - - -1. Download the `Nitrokey App `__ and the program “dfu-programmer” which should be available through your package-manager, e.g. ``apt-get update && apt-get install dfu-programmer`` on Debian-based systems. - -2. Download the latest firmware ".hex" file from `here `__ and store it as "firmware.hex" in your home folder. Older releases are `here `__. - -3. Right click on the icon of the Nitrokey App and go to “Configure” -> “Enable Firmware Update”. The default firmware password is ‘12345678’. - - .. figure:: /storage/images/enable-firmware-update.png - :alt: Enable firmware update - - .. note:: - - The Nitrokey Storage is not detected by Nitrokey App anymore once update mode got - activated. You have to proceed with the instructions described below - to make it work again. - - -4. Open a terminal and execute: - - .. code-block:: bash - - sudo dfu-programmer at32uc3a3256s erase - sudo dfu-programmer at32uc3a3256s flash --suppress-bootloader-mem firmware.hex - sudo dfu-programmer at32uc3a3256s launch - # versions <0.7 of dfu-programmer use "start" instead of "launch" - - whereas “firmware.hex” needs to be the path and file name of the firmware which you downloaded in step 2. diff --git a/nitrokeys/storage/linux/hidden.rst b/nitrokeys/storage/linux/hidden.rst deleted file mode 100644 index 67076af055..0000000000 --- a/nitrokeys/storage/linux/hidden.rst +++ /dev/null @@ -1,15 +0,0 @@ -.. include:: ../hidden.rst - -Using hidden volumes --------------------- - -1. Unlock the encrypted volume. - -2. Select "unlock hidden volume" and enter any of the hidden volume's passwords. - -3. If this is the first time you unlock the hidden volume, you may need to create a partition on the hidden volume. You will need to open a partition manager such as `GParted `__ and create one or more partitions manually. Make sure to create the partitions on the device that appeared when unlocking the hidden volume. - -.. figure:: ./images/hidden-storage-partition.png - :alt: Hidden volume partitioning - -4. Make sure to unmount/eject all partitions on the hidden volumes before locking or disconnecting the Nitrokey. diff --git a/nitrokeys/storage/linux/index.rst b/nitrokeys/storage/linux/index.rst deleted file mode 100644 index 3b93b376a3..0000000000 --- a/nitrokeys/storage/linux/index.rst +++ /dev/null @@ -1,49 +0,0 @@ -Nitrokey Storage, Linux -======================= - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -1. To access the OpenPGP smart card of the Nitrokey, install the package - libccid. On Debian/Ubuntu based Distributions type in terminal: *sudo - apt-get update && sudo apt-get install libccid* - -2. Download and start the `Nitrokey - App `__. - -3. Open the About window from Nitrokey App’s menu and check if you have - the `latest - firmware `__ - installed. If it’s not the latest, please - `update `_. - -4. Use the Nitrokey App to change the default User PIN (default: 123456) - and Admin PIN (default: 12345678) to your own choices. - -Your Nitrokey is now ready to use. - -.. note:: - - For many use cases described, it is necessary to have either OpenPGP - or S/MIME keys installed on the device (see below). - -Key Creation with OpenPGP or S/MIME ------------------------------------ - -There are two widely used standards for email encryption. While -OpenPGP/GnuPG is popular among individuals, S/MIME/x.509 is mostly used -by enterprises. If you are in doubt which one to choose, you should use -OpenPGP. - -To learn more about how to use OpenPGP for email encryption with the Nitrokey, -please refer to chapter `OpenPGP Email Encryption `_. - -To learn more about how to use S/MIME for email encryption with the Nitrokey, -please refer to chapter `S/MIME Email Encryption `_. - diff --git a/nitrokeys/storage/mac/firmware-update.rst b/nitrokeys/storage/mac/firmware-update.rst deleted file mode 100644 index 8b81a9fdee..0000000000 --- a/nitrokeys/storage/mac/firmware-update.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../..//storage/windows/firmware-update.rst diff --git a/nitrokeys/storage/mac/hidden.rst b/nitrokeys/storage/mac/hidden.rst deleted file mode 100644 index f1403d6f8d..0000000000 --- a/nitrokeys/storage/mac/hidden.rst +++ /dev/null @@ -1,12 +0,0 @@ -.. include:: ../hidden.rst - -Using hidden volumes --------------------- - -1. Unlock the encrypted volume. - -2. Select "unlock hidden volume" and enter any of the hidden volume's passwords. - -3. If this is the first time you unlock the hidden volume, you may need to create a partition on the hidden volume. You will need to use `Disk Utility `__. Make sure to create the partitions on the device that appeared when unlocking the hidden volume. - -4. Make sure to unmount/eject all partitions on the hidden volumes before locking or disconnecting the Nitrokey. diff --git a/nitrokeys/storage/mac/index.rst b/nitrokeys/storage/mac/index.rst deleted file mode 100644 index 28c1764d1c..0000000000 --- a/nitrokeys/storage/mac/index.rst +++ /dev/null @@ -1,52 +0,0 @@ -Nitrokey Storage, Mac -===================== - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -1. Important: Once you plug in the Nitrokey, your computer will start - the Keyboard Setup Assistant. **Don’t run through this assistant but - exit it right away.** -2. Download and start the `Nitrokey - App `__. Perhaps you want to store - it on the unencrypted partition of your Nitrokey Storage -3. Open the About window from Nitrokey App’s menu and check if you have - the `latest - firmware `__ - installed. If it’s not the latest, please - `update `_. -4. Use the Nitrokey App to change the default User PIN (default: 123456) - and Admin PIN (default: 12345678) to your own choices. - -Your Nitrokey is now ready to use. - -.. note:: - - - For some Versions of MacOS it is necessary to install custom `ccid - driver `__ - (for information see - `here `__), - but in general MacOS should have the driver onboard. - - - For many use cases described, it is necessary to have either - OpenPGP or S/MIME keys installed on the device (see below). - -Key Creation with OpenPGP or S/MIME ------------------------------------ - -There are two widely used standards for email encryption. While -OpenPGP/GnuPG is popular among individuals, S/MIME/x.509 is mostly used -by enterprises. If you are in doubt which one to choose, you should use -OpenPGP. - -To learn more about how to use OpenPGP for email encryption with the Nitrokey, -please refer to chapter `OpenPGP Email Encryption `_. - -To learn more about how to use S/MIME for email encryption with the Nitrokey, -please refer to chapter `S/MIME Email Encryption `_. diff --git a/nitrokeys/storage/windows/firmware-update.rst b/nitrokeys/storage/windows/firmware-update.rst deleted file mode 100644 index 825826699d..0000000000 --- a/nitrokeys/storage/windows/firmware-update.rst +++ /dev/null @@ -1,44 +0,0 @@ -Firmware Update -=============== - -.. contents:: :local: - -.. warning:: - - You should backup all data from the device before upgrading, as - firmware upgrades may destroy all data on the device (especially - coming from firmware version <0.45)! - -.. important:: - Never disconnect the Nitrokey Start or abort the process while updating, - this will likely render your device useless - - -1. Download the `Nitrokey App `__ and the `Nitrokey Update Tool `__. The Nitrokey Update Tool is currently available for macOS and Windows only. - -2. Download the latest firmware ".hex" file from `here `__. Older releases are `here `__. - -3. Right click on the icon of the Nitrokey App and go to “Configure” -> “Enable Firmware Update”. The default firmware password is ‘12345678’. - - .. figure:: /storage/images/enable-firmware-update.png - :alt: Enable firmware update - - .. note:: - - The Nitrokey Storage is not detected by Nitrokey App anymore once update mode got - activated. You have to proceed with the instructions described below - to make it work again. - - .. note:: - - If you are using Microsoft Windows Build 1809 and Nitrokey Storage - Firmware 0.52 or lower, you need to use another system or if this is not - feasible use `these - instructions `_ to - enable the Firmware Update mode. - -4. Start the Nitrokey Update Tool and click “Select firmware file”. Select the previously downloaded firmware ".hex" file. Click on “Update firmware” to start the update process. Your device should get detected by the Nitrokey App again as soon as the update is finished. - - .. figure:: /storage/windows/images/nitrokey-update-tool.png - :alt: Nitrokey Update Tool - diff --git a/nitrokeys/storage/windows/hidden.rst b/nitrokeys/storage/windows/hidden.rst deleted file mode 100644 index 8dad5732e6..0000000000 --- a/nitrokeys/storage/windows/hidden.rst +++ /dev/null @@ -1,19 +0,0 @@ -.. include:: ../hidden.rst - -Using hidden volumes --------------------- - -1. Unlock the encrypted volume. - -2. Select "unlock hidden volume" and enter any of the hidden volume's passwords. - -3. If this is the first time you unlock the hidden volume, you may need to create a partition on the hidden volume. In this case, Windows will prompt you to do so. You can then format the hidden volume using FAT32, for compatibility with most operating systems. - - -.. figure:: ./images/format-dialog.png - :alt: Windows formating prompt - -.. figure:: ./images/format-tool.png - :alt: Windows formating tool - -4. Make sure to unmount/eject all partitions on the hidden volumes before locking or disconnecting the Nitrokey. diff --git a/nitrokeys/storage/windows/index.rst b/nitrokeys/storage/windows/index.rst deleted file mode 100644 index 4e973c3959..0000000000 --- a/nitrokeys/storage/windows/index.rst +++ /dev/null @@ -1,46 +0,0 @@ -Nitrokey Storage, Windows -========================= - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -1. Connect your Nitrokey to your computer and confirm all dialogs so that the USB smart card device driver gets installed almost automatically. - - .. note:: - - Windows may fail to install an additional device driver for the smart card. Its safe to ignore this warning. - -2. Download and start the `Nitrokey App `__. Perhaps you want to store it on the unencrypted partition of your Nitrokey Storage. There won’t open a window, but an icon appears in the system tray (see screenshot below). Please right-click on this icon to use all the options of the App. - - .. figure:: ./images/Windows10-Systemtray.png - :alt: img1 - - -3. Open the About window from Nitrokey App’s menu and check if you have the `latest firmware `__ installed. If it’s not the latest, please - `update `_. - -4. Use the Nitrokey App to change the default User PIN (default: 123456) - and Admin PIN (default: 12345678) to your own choices. - -Your Nitrokey is now ready to use. - -.. note:: - - For many use cases described, it is necessary to have either OpenPGP or S/MIME keys installed on the device (see below). - -Key Creation with OpenPGP or S/MIME ------------------------------------ - -There are two widely used standards for email encryption. While OpenPGP/GnuPG is popular among individuals, S/MIME/x.509 is mostly used by enterprises. If you are in doubt which one to choose, you should use OpenPGP. - -To learn more about how to use OpenPGP for email encryption with the Nitrokey, -please refer to chapter `OpenPGP Email Encryption `_. - -To learn more about how to use S/MIME for email encryption with the Nitrokey, -please refer to chapter `S/MIME Email Encryption `_. diff --git a/nitropadpc/nitropad/content/shared-index-content1.rst b/nitropad/content/shared-index-content1.rst similarity index 100% rename from nitropadpc/nitropad/content/shared-index-content1.rst rename to nitropad/content/shared-index-content1.rst diff --git a/nitropadpc/nitropad/content/shared-index-content2.rst b/nitropad/content/shared-index-content2.rst similarity index 100% rename from nitropadpc/nitropad/content/shared-index-content2.rst rename to nitropad/content/shared-index-content2.rst diff --git a/nitropadpc/nitropad/default-boot.rst.inc b/nitropad/default-boot.rst.inc similarity index 100% rename from nitropadpc/nitropad/default-boot.rst.inc rename to nitropad/default-boot.rst.inc diff --git a/nitropadpc/nitropad/factory-reset-heads2.rst.inc b/nitropad/factory-reset-heads2.rst.inc similarity index 100% rename from nitropadpc/nitropad/factory-reset-heads2.rst.inc rename to nitropad/factory-reset-heads2.rst.inc diff --git a/nitropadpc/nitropad/factory-reset.rst.inc b/nitropad/factory-reset.rst.inc similarity index 100% rename from nitropadpc/nitropad/factory-reset.rst.inc rename to nitropad/factory-reset.rst.inc diff --git a/nitropadpc/nitropad/faq.rst b/nitropad/faq.rst similarity index 100% rename from nitropadpc/nitropad/faq.rst rename to nitropad/faq.rst diff --git a/nitropadpc/nitropad/firmware-update-1.4.rst.inc b/nitropad/firmware-update-1.4.rst.inc similarity index 100% rename from nitropadpc/nitropad/firmware-update-1.4.rst.inc rename to nitropad/firmware-update-1.4.rst.inc diff --git a/nitropadpc/nitropad/firmware-update.rst.inc b/nitropad/firmware-update.rst.inc similarity index 100% rename from nitropadpc/nitropad/firmware-update.rst.inc rename to nitropad/firmware-update.rst.inc diff --git a/nitropadpc/nitropad/images/NitroPad-boot-options.jpeg b/nitropad/images/NitroPad-boot-options.jpeg similarity index 100% rename from nitropadpc/nitropad/images/NitroPad-boot-options.jpeg rename to nitropad/images/NitroPad-boot-options.jpeg diff --git a/nitropadpc/nitropad/images/NitroPad-boot-process-bad.jpeg b/nitropad/images/NitroPad-boot-process-bad.jpeg similarity index 100% rename from nitropadpc/nitropad/images/NitroPad-boot-process-bad.jpeg rename to nitropad/images/NitroPad-boot-process-bad.jpeg diff --git a/nitropadpc/nitropad/images/NitroPad-boot-process_0.jpeg b/nitropad/images/NitroPad-boot-process_0.jpeg similarity index 100% rename from nitropadpc/nitropad/images/NitroPad-boot-process_0.jpeg rename to nitropad/images/NitroPad-boot-process_0.jpeg diff --git a/nitropadpc/nitropad/images/NitroPad-confirm-boot-details.jpeg b/nitropad/images/NitroPad-confirm-boot-details.jpeg similarity index 100% rename from nitropadpc/nitropad/images/NitroPad-confirm-boot-details.jpeg rename to nitropad/images/NitroPad-confirm-boot-details.jpeg diff --git a/nitropadpc/nitropad/images/NitroPad-error-mismatch.jpeg b/nitropad/images/NitroPad-error-mismatch.jpeg similarity index 100% rename from nitropadpc/nitropad/images/NitroPad-error-mismatch.jpeg rename to nitropad/images/NitroPad-error-mismatch.jpeg diff --git a/nitropadpc/nitropad/images/Schraube.jpg b/nitropad/images/Schraube.jpg similarity index 100% rename from nitropadpc/nitropad/images/Schraube.jpg rename to nitropad/images/Schraube.jpg diff --git a/nitropadpc/nitropad/images/SchraubenmarkierungT430.jpg b/nitropad/images/SchraubenmarkierungT430.jpg similarity index 100% rename from nitropadpc/nitropad/images/SchraubenmarkierungT430.jpg rename to nitropad/images/SchraubenmarkierungT430.jpg diff --git a/nitropadpc/nitropad/images/SchraubenmarkierungX230.jpg b/nitropad/images/SchraubenmarkierungX230.jpg similarity index 100% rename from nitropadpc/nitropad/images/SchraubenmarkierungX230.jpg rename to nitropad/images/SchraubenmarkierungX230.jpg diff --git a/nitropadpc/nitropad/images/boot-menu.jpg b/nitropad/images/boot-menu.jpg similarity index 100% rename from nitropadpc/nitropad/images/boot-menu.jpg rename to nitropad/images/boot-menu.jpg diff --git a/nitropadpc/nitropad/images/change-disk-encryption-passphrase/1.png b/nitropad/images/change-disk-encryption-passphrase/1.png similarity index 100% rename from nitropadpc/nitropad/images/change-disk-encryption-passphrase/1.png rename to nitropad/images/change-disk-encryption-passphrase/1.png diff --git a/nitropadpc/nitropad/images/change-disk-encryption-passphrase/2.png b/nitropad/images/change-disk-encryption-passphrase/2.png similarity index 100% rename from nitropadpc/nitropad/images/change-disk-encryption-passphrase/2.png rename to nitropad/images/change-disk-encryption-passphrase/2.png diff --git a/nitropadpc/nitropad/images/change-disk-encryption-passphrase/3.png b/nitropad/images/change-disk-encryption-passphrase/3.png similarity index 100% rename from nitropadpc/nitropad/images/change-disk-encryption-passphrase/3.png rename to nitropad/images/change-disk-encryption-passphrase/3.png diff --git a/nitropadpc/nitropad/images/change-disk-encryption-passphrase/4.png b/nitropad/images/change-disk-encryption-passphrase/4.png similarity index 100% rename from nitropadpc/nitropad/images/change-disk-encryption-passphrase/4.png rename to nitropad/images/change-disk-encryption-passphrase/4.png diff --git a/nitropadpc/nitropad/images/change-disk-encryption-passphrase/5.png b/nitropad/images/change-disk-encryption-passphrase/5.png similarity index 100% rename from nitropadpc/nitropad/images/change-disk-encryption-passphrase/5.png rename to nitropad/images/change-disk-encryption-passphrase/5.png diff --git a/nitropadpc/nitropad/images/default-boot/1.jpg b/nitropad/images/default-boot/1.jpg similarity index 100% rename from nitropadpc/nitropad/images/default-boot/1.jpg rename to nitropad/images/default-boot/1.jpg diff --git a/nitropadpc/nitropad/images/default-boot/2.jpg b/nitropad/images/default-boot/2.jpg similarity index 100% rename from nitropadpc/nitropad/images/default-boot/2.jpg rename to nitropad/images/default-boot/2.jpg diff --git a/nitropadpc/nitropad/images/default-boot/3.jpg b/nitropad/images/default-boot/3.jpg similarity index 100% rename from nitropadpc/nitropad/images/default-boot/3.jpg rename to nitropad/images/default-boot/3.jpg diff --git a/nitropadpc/nitropad/images/default-boot/4.jpg b/nitropad/images/default-boot/4.jpg similarity index 100% rename from nitropadpc/nitropad/images/default-boot/4.jpg rename to nitropad/images/default-boot/4.jpg diff --git a/nitropadpc/nitropad/images/factory-reset-heads2/admin-pin.jpg b/nitropad/images/factory-reset-heads2/admin-pin.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset-heads2/admin-pin.jpg rename to nitropad/images/factory-reset-heads2/admin-pin.jpg diff --git a/nitropadpc/nitropad/images/factory-reset-heads2/confirm-integrity.jpg b/nitropad/images/factory-reset-heads2/confirm-integrity.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset-heads2/confirm-integrity.jpg rename to nitropad/images/factory-reset-heads2/confirm-integrity.jpg diff --git a/nitropadpc/nitropad/images/factory-reset-heads2/confirm.jpg b/nitropad/images/factory-reset-heads2/confirm.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset-heads2/confirm.jpg rename to nitropad/images/factory-reset-heads2/confirm.jpg diff --git a/nitropadpc/nitropad/images/factory-reset-heads2/default-sec.jpg b/nitropad/images/factory-reset-heads2/default-sec.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset-heads2/default-sec.jpg rename to nitropad/images/factory-reset-heads2/default-sec.jpg diff --git a/nitropadpc/nitropad/images/factory-reset-heads2/options.jpg b/nitropad/images/factory-reset-heads2/options.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset-heads2/options.jpg rename to nitropad/images/factory-reset-heads2/options.jpg diff --git a/nitropadpc/nitropad/images/factory-reset-heads2/otp-sec1.jpg b/nitropad/images/factory-reset-heads2/otp-sec1.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset-heads2/otp-sec1.jpg rename to nitropad/images/factory-reset-heads2/otp-sec1.jpg diff --git a/nitropadpc/nitropad/images/factory-reset-heads2/otp-sec2.jpg b/nitropad/images/factory-reset-heads2/otp-sec2.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset-heads2/otp-sec2.jpg rename to nitropad/images/factory-reset-heads2/otp-sec2.jpg diff --git a/nitropadpc/nitropad/images/factory-reset-heads2/reboot.jpg b/nitropad/images/factory-reset-heads2/reboot.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset-heads2/reboot.jpg rename to nitropad/images/factory-reset-heads2/reboot.jpg diff --git a/nitropadpc/nitropad/images/factory-reset-heads2/reset.jpg b/nitropad/images/factory-reset-heads2/reset.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset-heads2/reset.jpg rename to nitropad/images/factory-reset-heads2/reset.jpg diff --git a/nitropadpc/nitropad/images/factory-reset-heads2/start-menu.jpg b/nitropad/images/factory-reset-heads2/start-menu.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset-heads2/start-menu.jpg rename to nitropad/images/factory-reset-heads2/start-menu.jpg diff --git a/nitropadpc/nitropad/images/factory-reset-heads2/totp.jpg b/nitropad/images/factory-reset-heads2/totp.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset-heads2/totp.jpg rename to nitropad/images/factory-reset-heads2/totp.jpg diff --git a/nitropadpc/nitropad/images/factory-reset-heads2/tpm.jpg b/nitropad/images/factory-reset-heads2/tpm.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset-heads2/tpm.jpg rename to nitropad/images/factory-reset-heads2/tpm.jpg diff --git a/nitropadpc/nitropad/images/factory-reset/1.jpg b/nitropad/images/factory-reset/1.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset/1.jpg rename to nitropad/images/factory-reset/1.jpg diff --git a/nitropadpc/nitropad/images/factory-reset/10.jpg b/nitropad/images/factory-reset/10.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset/10.jpg rename to nitropad/images/factory-reset/10.jpg diff --git a/nitropadpc/nitropad/images/factory-reset/11.jpg b/nitropad/images/factory-reset/11.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset/11.jpg rename to nitropad/images/factory-reset/11.jpg diff --git a/nitropadpc/nitropad/images/factory-reset/2.jpg b/nitropad/images/factory-reset/2.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset/2.jpg rename to nitropad/images/factory-reset/2.jpg diff --git a/nitropadpc/nitropad/images/factory-reset/3.jpg b/nitropad/images/factory-reset/3.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset/3.jpg rename to nitropad/images/factory-reset/3.jpg diff --git a/nitropadpc/nitropad/images/factory-reset/4.jpg b/nitropad/images/factory-reset/4.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset/4.jpg rename to nitropad/images/factory-reset/4.jpg diff --git a/nitropadpc/nitropad/images/factory-reset/5.jpg b/nitropad/images/factory-reset/5.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset/5.jpg rename to nitropad/images/factory-reset/5.jpg diff --git a/nitropadpc/nitropad/images/factory-reset/6.jpg b/nitropad/images/factory-reset/6.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset/6.jpg rename to nitropad/images/factory-reset/6.jpg diff --git a/nitropadpc/nitropad/images/factory-reset/7.jpg b/nitropad/images/factory-reset/7.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset/7.jpg rename to nitropad/images/factory-reset/7.jpg diff --git a/nitropadpc/nitropad/images/factory-reset/8.jpg b/nitropad/images/factory-reset/8.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset/8.jpg rename to nitropad/images/factory-reset/8.jpg diff --git a/nitropadpc/nitropad/images/factory-reset/9.jpg b/nitropad/images/factory-reset/9.jpg similarity index 100% rename from nitropadpc/nitropad/images/factory-reset/9.jpg rename to nitropad/images/factory-reset/9.jpg diff --git a/nitropadpc/nitropad/images/firmware-update/1.jpg b/nitropad/images/firmware-update/1.jpg similarity index 100% rename from nitropadpc/nitropad/images/firmware-update/1.jpg rename to nitropad/images/firmware-update/1.jpg diff --git a/nitropadpc/nitropad/images/firmware-update/2.jpg b/nitropad/images/firmware-update/2.jpg similarity index 100% rename from nitropadpc/nitropad/images/firmware-update/2.jpg rename to nitropad/images/firmware-update/2.jpg diff --git a/nitropadpc/nitropad/images/firmware-update/3.jpg b/nitropad/images/firmware-update/3.jpg similarity index 100% rename from nitropadpc/nitropad/images/firmware-update/3.jpg rename to nitropad/images/firmware-update/3.jpg diff --git a/nitropadpc/nitropad/images/firmware-update/4.jpg b/nitropad/images/firmware-update/4.jpg similarity index 100% rename from nitropadpc/nitropad/images/firmware-update/4.jpg rename to nitropad/images/firmware-update/4.jpg diff --git a/nitropadpc/nitropad/images/firmware-update/5.jpg b/nitropad/images/firmware-update/5.jpg similarity index 100% rename from nitropadpc/nitropad/images/firmware-update/5.jpg rename to nitropad/images/firmware-update/5.jpg diff --git a/nitropadpc/nitropad/images/firmware-update/6.jpg b/nitropad/images/firmware-update/6.jpg similarity index 100% rename from nitropadpc/nitropad/images/firmware-update/6.jpg rename to nitropad/images/firmware-update/6.jpg diff --git a/nitropadpc/nitropad/images/firmware-update/7.jpg b/nitropad/images/firmware-update/7.jpg similarity index 100% rename from nitropadpc/nitropad/images/firmware-update/7.jpg rename to nitropad/images/firmware-update/7.jpg diff --git a/nitropadpc/nitropad/images/firmware-update/8.jpg b/nitropad/images/firmware-update/8.jpg similarity index 100% rename from nitropadpc/nitropad/images/firmware-update/8.jpg rename to nitropad/images/firmware-update/8.jpg diff --git a/nitropadpc/nitropad/images/firmware-update/9.jpg b/nitropad/images/firmware-update/9.jpg similarity index 100% rename from nitropadpc/nitropad/images/firmware-update/9.jpg rename to nitropad/images/firmware-update/9.jpg diff --git a/nitropadpc/nitropad/images/network-settings/settings_0.png b/nitropad/images/network-settings/settings_0.png similarity index 100% rename from nitropadpc/nitropad/images/network-settings/settings_0.png rename to nitropad/images/network-settings/settings_0.png diff --git a/nitropadpc/nitropad/images/network-settings/settings_1.png b/nitropad/images/network-settings/settings_1.png similarity index 100% rename from nitropadpc/nitropad/images/network-settings/settings_1.png rename to nitropad/images/network-settings/settings_1.png diff --git a/nitropadpc/nitropad/images/network-settings/settings_2.png b/nitropad/images/network-settings/settings_2.png similarity index 100% rename from nitropadpc/nitropad/images/network-settings/settings_2.png rename to nitropad/images/network-settings/settings_2.png diff --git a/nitropadpc/nitropad/images/ns50_sealed.jpg b/nitropad/images/ns50_sealed.jpg similarity index 100% rename from nitropadpc/nitropad/images/ns50_sealed.jpg rename to nitropad/images/ns50_sealed.jpg diff --git a/nitropadpc/nitropad/images/nv41_sealed.jpg b/nitropad/images/nv41_sealed.jpg similarity index 100% rename from nitropadpc/nitropad/images/nv41_sealed.jpg rename to nitropad/images/nv41_sealed.jpg diff --git a/nitropadpc/nitropad/images/operating-system-update/NitroPad-boot-entry-error.jpeg b/nitropad/images/operating-system-update/NitroPad-boot-entry-error.jpeg similarity index 100% rename from nitropadpc/nitropad/images/operating-system-update/NitroPad-boot-entry-error.jpeg rename to nitropad/images/operating-system-update/NitroPad-boot-entry-error.jpeg diff --git a/nitropadpc/nitropad/images/operating-system-update/NitroPad-confirm-boot-details.jpeg b/nitropad/images/operating-system-update/NitroPad-confirm-boot-details.jpeg similarity index 100% rename from nitropadpc/nitropad/images/operating-system-update/NitroPad-confirm-boot-details.jpeg rename to nitropad/images/operating-system-update/NitroPad-confirm-boot-details.jpeg diff --git a/nitropadpc/nitropad/images/operating-system-update/NitroPad-update-checksum.jpeg b/nitropad/images/operating-system-update/NitroPad-update-checksum.jpeg similarity index 100% rename from nitropadpc/nitropad/images/operating-system-update/NitroPad-update-checksum.jpeg rename to nitropad/images/operating-system-update/NitroPad-update-checksum.jpeg diff --git a/nitropadpc/nitropad/images/options.jpg b/nitropad/images/options.jpg similarity index 100% rename from nitropadpc/nitropad/images/options.jpg rename to nitropad/images/options.jpg diff --git a/nitropadpc/nitropad/images/system-update/1.jpeg b/nitropad/images/system-update/1.jpeg similarity index 100% rename from nitropadpc/nitropad/images/system-update/1.jpeg rename to nitropad/images/system-update/1.jpeg diff --git a/nitropadpc/nitropad/images/system-update/2.jpeg b/nitropad/images/system-update/2.jpeg similarity index 100% rename from nitropadpc/nitropad/images/system-update/2.jpeg rename to nitropad/images/system-update/2.jpeg diff --git a/nitropadpc/nitropad/images/system-update/3.jpeg b/nitropad/images/system-update/3.jpeg similarity index 100% rename from nitropadpc/nitropad/images/system-update/3.jpeg rename to nitropad/images/system-update/3.jpeg diff --git a/nitropadpc/nitropad/images/system-update/4.jpeg b/nitropad/images/system-update/4.jpeg similarity index 100% rename from nitropadpc/nitropad/images/system-update/4.jpeg rename to nitropad/images/system-update/4.jpeg diff --git a/nitropadpc/nitropad/images/system-update/5.jpeg b/nitropad/images/system-update/5.jpeg similarity index 100% rename from nitropadpc/nitropad/images/system-update/5.jpeg rename to nitropad/images/system-update/5.jpeg diff --git a/nitropadpc/nitropad/images/system-update/6.jpeg b/nitropad/images/system-update/6.jpeg similarity index 100% rename from nitropadpc/nitropad/images/system-update/6.jpeg rename to nitropad/images/system-update/6.jpeg diff --git a/nitropadpc/nitropad/index.rst b/nitropad/index.rst similarity index 100% rename from nitropadpc/nitropad/index.rst rename to nitropad/index.rst diff --git a/nitropadpc/nitropad/os-reinstallation.rst.inc b/nitropad/os-reinstallation.rst.inc similarity index 100% rename from nitropadpc/nitropad/os-reinstallation.rst.inc rename to nitropad/os-reinstallation.rst.inc diff --git a/nitropadpc/nitropad/qubes/change-pins.rst b/nitropad/qubes/change-pins.rst similarity index 100% rename from nitropadpc/nitropad/qubes/change-pins.rst rename to nitropad/qubes/change-pins.rst diff --git a/nitropadpc/nitropad/qubes/default-boot.rst b/nitropad/qubes/default-boot.rst similarity index 100% rename from nitropadpc/nitropad/qubes/default-boot.rst rename to nitropad/qubes/default-boot.rst diff --git a/nitropadpc/nitropad/qubes/factory-reset-heads2.rst b/nitropad/qubes/factory-reset-heads2.rst similarity index 100% rename from nitropadpc/nitropad/qubes/factory-reset-heads2.rst rename to nitropad/qubes/factory-reset-heads2.rst diff --git a/nitropadpc/nitropad/qubes/factory-reset.rst b/nitropad/qubes/factory-reset.rst similarity index 100% rename from nitropadpc/nitropad/qubes/factory-reset.rst rename to nitropad/qubes/factory-reset.rst diff --git a/nitropadpc/nitropad/qubes/firmware-update-1.4.rst b/nitropad/qubes/firmware-update-1.4.rst similarity index 100% rename from nitropadpc/nitropad/qubes/firmware-update-1.4.rst rename to nitropad/qubes/firmware-update-1.4.rst diff --git a/nitropadpc/nitropad/qubes/firmware-update.rst b/nitropad/qubes/firmware-update.rst similarity index 100% rename from nitropadpc/nitropad/qubes/firmware-update.rst rename to nitropad/qubes/firmware-update.rst diff --git a/nitropadpc/nitropad/qubes/images/QubesDiskPassword.jpg b/nitropad/qubes/images/QubesDiskPassword.jpg similarity index 100% rename from nitropadpc/nitropad/qubes/images/QubesDiskPassword.jpg rename to nitropad/qubes/images/QubesDiskPassword.jpg diff --git a/nitropadpc/nitropad/qubes/images/user-password-reset/step-five.jpg b/nitropad/qubes/images/user-password-reset/step-five.jpg similarity index 100% rename from nitropadpc/nitropad/qubes/images/user-password-reset/step-five.jpg rename to nitropad/qubes/images/user-password-reset/step-five.jpg diff --git a/nitropadpc/nitropad/qubes/images/user-password-reset/step-four.jpg b/nitropad/qubes/images/user-password-reset/step-four.jpg similarity index 100% rename from nitropadpc/nitropad/qubes/images/user-password-reset/step-four.jpg rename to nitropad/qubes/images/user-password-reset/step-four.jpg diff --git a/nitropadpc/nitropad/qubes/images/user-password-reset/step-one.jpg b/nitropad/qubes/images/user-password-reset/step-one.jpg similarity index 100% rename from nitropadpc/nitropad/qubes/images/user-password-reset/step-one.jpg rename to nitropad/qubes/images/user-password-reset/step-one.jpg diff --git a/nitropadpc/nitropad/qubes/images/user-password-reset/step-three.jpg b/nitropad/qubes/images/user-password-reset/step-three.jpg similarity index 100% rename from nitropadpc/nitropad/qubes/images/user-password-reset/step-three.jpg rename to nitropad/qubes/images/user-password-reset/step-three.jpg diff --git a/nitropadpc/nitropad/qubes/images/user-password-reset/step-two.jpg b/nitropad/qubes/images/user-password-reset/step-two.jpg similarity index 100% rename from nitropadpc/nitropad/qubes/images/user-password-reset/step-two.jpg rename to nitropad/qubes/images/user-password-reset/step-two.jpg diff --git a/nitropadpc/nitropad/qubes/index.rst b/nitropad/qubes/index.rst similarity index 100% rename from nitropadpc/nitropad/qubes/index.rst rename to nitropad/qubes/index.rst diff --git a/nitropadpc/nitropad/qubes/network-settings.rst b/nitropad/qubes/network-settings.rst similarity index 100% rename from nitropadpc/nitropad/qubes/network-settings.rst rename to nitropad/qubes/network-settings.rst diff --git a/nitropadpc/nitropad/qubes/nitrokey-app.rst b/nitropad/qubes/nitrokey-app.rst similarity index 100% rename from nitropadpc/nitropad/qubes/nitrokey-app.rst rename to nitropad/qubes/nitrokey-app.rst diff --git a/nitropadpc/nitropad/qubes/os-reinstallation.rst b/nitropad/qubes/os-reinstallation.rst similarity index 100% rename from nitropadpc/nitropad/qubes/os-reinstallation.rst rename to nitropad/qubes/os-reinstallation.rst diff --git a/nitropadpc/nitropad/qubes/sealed-hardware.rst b/nitropad/qubes/sealed-hardware.rst similarity index 100% rename from nitropadpc/nitropad/qubes/sealed-hardware.rst rename to nitropad/qubes/sealed-hardware.rst diff --git a/nitropadpc/nitropad/qubes/system-update.rst b/nitropad/qubes/system-update.rst similarity index 100% rename from nitropadpc/nitropad/qubes/system-update.rst rename to nitropad/qubes/system-update.rst diff --git a/nitropadpc/nitropad/qubes/troubleshooting.rst b/nitropad/qubes/troubleshooting.rst similarity index 100% rename from nitropadpc/nitropad/qubes/troubleshooting.rst rename to nitropad/qubes/troubleshooting.rst diff --git a/nitropadpc/nitropad/qubes/user-password-reset.rst b/nitropad/qubes/user-password-reset.rst similarity index 100% rename from nitropadpc/nitropad/qubes/user-password-reset.rst rename to nitropad/qubes/user-password-reset.rst diff --git a/nitropadpc/nitropad/sealed-hardware.rst.inc b/nitropad/sealed-hardware.rst.inc similarity index 100% rename from nitropadpc/nitropad/sealed-hardware.rst.inc rename to nitropad/sealed-hardware.rst.inc diff --git a/nitropadpc/nitropad/system-update.rst.inc b/nitropad/system-update.rst.inc similarity index 100% rename from nitropadpc/nitropad/system-update.rst.inc rename to nitropad/system-update.rst.inc diff --git a/nitropadpc/nitropad/troubleshooting.rst.inc b/nitropad/troubleshooting.rst.inc similarity index 100% rename from nitropadpc/nitropad/troubleshooting.rst.inc rename to nitropad/troubleshooting.rst.inc diff --git a/nitropadpc/nitropad/ubuntu/change-disk-encryption-passphrase.rst b/nitropad/ubuntu/change-disk-encryption-passphrase.rst similarity index 100% rename from nitropadpc/nitropad/ubuntu/change-disk-encryption-passphrase.rst rename to nitropad/ubuntu/change-disk-encryption-passphrase.rst diff --git a/nitropadpc/nitropad/ubuntu/change-pins.rst b/nitropad/ubuntu/change-pins.rst similarity index 100% rename from nitropadpc/nitropad/ubuntu/change-pins.rst rename to nitropad/ubuntu/change-pins.rst diff --git a/nitropadpc/nitropad/ubuntu/default-boot.rst b/nitropad/ubuntu/default-boot.rst similarity index 100% rename from nitropadpc/nitropad/ubuntu/default-boot.rst rename to nitropad/ubuntu/default-boot.rst diff --git a/nitropadpc/nitropad/ubuntu/factory-reset-heads2.rst b/nitropad/ubuntu/factory-reset-heads2.rst similarity index 100% rename from nitropadpc/nitropad/ubuntu/factory-reset-heads2.rst rename to nitropad/ubuntu/factory-reset-heads2.rst diff --git a/nitropadpc/nitropad/ubuntu/factory-reset.rst b/nitropad/ubuntu/factory-reset.rst similarity index 100% rename from nitropadpc/nitropad/ubuntu/factory-reset.rst rename to nitropad/ubuntu/factory-reset.rst diff --git a/nitropadpc/nitropad/ubuntu/firmware-update-1.4.rst b/nitropad/ubuntu/firmware-update-1.4.rst similarity index 100% rename from nitropadpc/nitropad/ubuntu/firmware-update-1.4.rst rename to nitropad/ubuntu/firmware-update-1.4.rst diff --git a/nitropadpc/nitropad/ubuntu/firmware-update.rst b/nitropad/ubuntu/firmware-update.rst similarity index 100% rename from nitropadpc/nitropad/ubuntu/firmware-update.rst rename to nitropad/ubuntu/firmware-update.rst diff --git a/nitropadpc/nitropad/ubuntu/images/NitroPad-boot-options.jpeg b/nitropad/ubuntu/images/NitroPad-boot-options.jpeg similarity index 100% rename from nitropadpc/nitropad/ubuntu/images/NitroPad-boot-options.jpeg rename to nitropad/ubuntu/images/NitroPad-boot-options.jpeg diff --git a/nitropadpc/nitropad/ubuntu/images/UbuntuDiskPassword.png b/nitropad/ubuntu/images/UbuntuDiskPassword.png similarity index 100% rename from nitropadpc/nitropad/ubuntu/images/UbuntuDiskPassword.png rename to nitropad/ubuntu/images/UbuntuDiskPassword.png diff --git a/nitropadpc/nitropad/ubuntu/index.rst b/nitropad/ubuntu/index.rst similarity index 100% rename from nitropadpc/nitropad/ubuntu/index.rst rename to nitropad/ubuntu/index.rst diff --git a/nitropadpc/nitropad/ubuntu/nitrokey-app.rst b/nitropad/ubuntu/nitrokey-app.rst similarity index 100% rename from nitropadpc/nitropad/ubuntu/nitrokey-app.rst rename to nitropad/ubuntu/nitrokey-app.rst diff --git a/nitropadpc/nitropad/ubuntu/os-reinstallation.rst b/nitropad/ubuntu/os-reinstallation.rst similarity index 100% rename from nitropadpc/nitropad/ubuntu/os-reinstallation.rst rename to nitropad/ubuntu/os-reinstallation.rst diff --git a/nitropadpc/nitropad/ubuntu/sealed-hardware.rst b/nitropad/ubuntu/sealed-hardware.rst similarity index 100% rename from nitropadpc/nitropad/ubuntu/sealed-hardware.rst rename to nitropad/ubuntu/sealed-hardware.rst diff --git a/nitropadpc/nitropad/ubuntu/system-update.rst b/nitropad/ubuntu/system-update.rst similarity index 100% rename from nitropadpc/nitropad/ubuntu/system-update.rst rename to nitropad/ubuntu/system-update.rst diff --git a/nitropadpc/nitropad/ubuntu/troubleshooting.rst b/nitropad/ubuntu/troubleshooting.rst similarity index 100% rename from nitropadpc/nitropad/ubuntu/troubleshooting.rst rename to nitropad/ubuntu/troubleshooting.rst diff --git a/nitropadpc/nitropc/debian/index.rst b/nitropc/debian/index.rst similarity index 100% rename from nitropadpc/nitropc/debian/index.rst rename to nitropc/debian/index.rst diff --git a/nitropadpc/nitropc/debian/os-reinstallation.rst b/nitropc/debian/os-reinstallation.rst similarity index 100% rename from nitropadpc/nitropc/debian/os-reinstallation.rst rename to nitropc/debian/os-reinstallation.rst diff --git a/nitropadpc/nitropc/debian/sealed-hardware.rst b/nitropc/debian/sealed-hardware.rst similarity index 100% rename from nitropadpc/nitropc/debian/sealed-hardware.rst rename to nitropc/debian/sealed-hardware.rst diff --git a/nitropadpc/nitropc/faq.rst b/nitropc/faq.rst similarity index 100% rename from nitropadpc/nitropc/faq.rst rename to nitropc/faq.rst diff --git a/nitropadpc/nitropc/index.rst b/nitropc/index.rst similarity index 100% rename from nitropadpc/nitropc/index.rst rename to nitropc/index.rst diff --git a/nitropadpc/nitropc/os-reinstallation.rst.inc b/nitropc/os-reinstallation.rst.inc similarity index 100% rename from nitropadpc/nitropc/os-reinstallation.rst.inc rename to nitropc/os-reinstallation.rst.inc diff --git a/nitropadpc/nitropc/qubes/gpu-install.rst b/nitropc/qubes/gpu-install.rst similarity index 100% rename from nitropadpc/nitropc/qubes/gpu-install.rst rename to nitropc/qubes/gpu-install.rst diff --git a/nitropadpc/nitropc/qubes/index.rst b/nitropc/qubes/index.rst similarity index 100% rename from nitropadpc/nitropc/qubes/index.rst rename to nitropc/qubes/index.rst diff --git a/nitropadpc/nitropc/qubes/nitrokey-app.rst b/nitropc/qubes/nitrokey-app.rst similarity index 100% rename from nitropadpc/nitropc/qubes/nitrokey-app.rst rename to nitropc/qubes/nitrokey-app.rst diff --git a/nitropadpc/nitropc/qubes/os-reinstallation.rst b/nitropc/qubes/os-reinstallation.rst similarity index 100% rename from nitropadpc/nitropc/qubes/os-reinstallation.rst rename to nitropc/qubes/os-reinstallation.rst diff --git a/nitropadpc/nitropc/qubes/sealed-hardware.rst b/nitropc/qubes/sealed-hardware.rst similarity index 100% rename from nitropadpc/nitropc/qubes/sealed-hardware.rst rename to nitropc/qubes/sealed-hardware.rst diff --git a/nitropadpc/nitropc/sealed-hardware.rst.inc b/nitropc/sealed-hardware.rst.inc similarity index 100% rename from nitropadpc/nitropc/sealed-hardware.rst.inc rename to nitropc/sealed-hardware.rst.inc diff --git a/nitropadpc/nitropc/ubuntu/index.rst b/nitropc/ubuntu/index.rst similarity index 100% rename from nitropadpc/nitropc/ubuntu/index.rst rename to nitropc/ubuntu/index.rst diff --git a/nitropadpc/nitropc/ubuntu/nitrokey-app.rst b/nitropc/ubuntu/nitrokey-app.rst similarity index 100% rename from nitropadpc/nitropc/ubuntu/nitrokey-app.rst rename to nitropc/ubuntu/nitrokey-app.rst diff --git a/nitropadpc/nitropc/ubuntu/os-reinstallation.rst b/nitropc/ubuntu/os-reinstallation.rst similarity index 100% rename from nitropadpc/nitropc/ubuntu/os-reinstallation.rst rename to nitropc/ubuntu/os-reinstallation.rst diff --git a/nitropadpc/nitropc/ubuntu/sealed-hardware.rst b/nitropc/ubuntu/sealed-hardware.rst similarity index 100% rename from nitropadpc/nitropc/ubuntu/sealed-hardware.rst rename to nitropc/ubuntu/sealed-hardware.rst diff --git a/start/linux/ipsec.rst b/start/linux/ipsec.rst deleted file mode 100644 index cfc9264144..0000000000 --- a/start/linux/ipsec.rst +++ /dev/null @@ -1,4 +0,0 @@ -IPsec -===== - -.. include:: ../../hsm/ipsec.rst.inc diff --git a/start/linux/stunnel.rst b/start/linux/stunnel.rst deleted file mode 100644 index 94a9982dac..0000000000 --- a/start/linux/stunnel.rst +++ /dev/null @@ -1,4 +0,0 @@ -Stunnel -======= - -.. include:: ../../hsm/stunnel.rst.inc From 494c83e462bf6461648bc96a9720a954f4ba9cc7 Mon Sep 17 00:00:00 2001 From: Keksmo Date: Wed, 31 Jul 2024 13:05:22 +0200 Subject: [PATCH 11/33] completed nitrokey start --- nitrokeys/index.rst | 1 + nitrokeys/start/factory-reset.rst | 2 +- .../start/{linux => }/firmware-update.rst | 21 ++----- .../{linux/index.rst => getting-started.rst} | 28 +++++---- nitrokeys/start/index.rst | 19 ++++-- nitrokeys/start/linux/factory-reset.rst | 1 - nitrokeys/start/linux/gpa.rst | 1 - nitrokeys/start/linux/ipsec.rst | 4 -- nitrokeys/start/linux/login-with-pam.rst | 4 -- nitrokeys/start/linux/multiple-identities.rst | 1 - .../start/linux/openpgp-keygen-backup.rst | 1 - nitrokeys/start/linux/openpgp-keygen-gpa.rst | 1 - .../start/linux/openpgp-keygen-on-device.rst | 1 - nitrokeys/start/linux/openpgp-outlook.rst | 1 - nitrokeys/start/linux/openpgp-thunderbird.rst | 1 - nitrokeys/start/linux/openpgp.rst | 1 - nitrokeys/start/linux/setting-kdf-do.rst | 1 - nitrokeys/start/linux/smime-outlook.rst | 1 - nitrokeys/start/linux/smime-thunderbird.rst | 1 - nitrokeys/start/linux/smime.rst | 1 - nitrokeys/start/linux/ssh.rst | 4 -- nitrokeys/start/linux/stunnel.rst | 4 -- nitrokeys/start/mac/factory-reset.rst | 1 - nitrokeys/start/mac/gpa.rst | 1 - nitrokeys/start/mac/index.rst | 58 ------------------- nitrokeys/start/mac/multiple-identities.rst | 1 - nitrokeys/start/mac/openpgp-keygen-backup.rst | 1 - nitrokeys/start/mac/openpgp-keygen-gpa.rst | 1 - .../start/mac/openpgp-keygen-on-device.rst | 1 - nitrokeys/start/mac/openpgp-outlook.rst | 1 - nitrokeys/start/mac/openpgp-thunderbird.rst | 1 - nitrokeys/start/mac/openpgp.rst | 1 - nitrokeys/start/mac/setting-kdf-do.rst | 1 - nitrokeys/start/mac/smime-outlook.rst | 1 - nitrokeys/start/mac/smime-thunderbird.rst | 1 - nitrokeys/start/mac/smime.rst | 1 - ...tities.rst.inc => multiple-identities.rst} | 0 ...ting-kdf-do.rst.inc => setting-kdf-do.rst} | 0 nitrokeys/start/windows/factory-reset.rst | 1 - nitrokeys/start/windows/gpa.rst | 1 - nitrokeys/start/windows/index.rst | 57 ------------------ .../start/windows/multiple-identities.rst | 1 - .../start/windows/openpgp-keygen-backup.rst | 1 - .../start/windows/openpgp-keygen-gpa.rst | 1 - .../windows/openpgp-keygen-on-device.rst | 1 - nitrokeys/start/windows/openpgp-outlook.rst | 1 - .../start/windows/openpgp-thunderbird.rst | 1 - nitrokeys/start/windows/openpgp.rst | 1 - nitrokeys/start/windows/putty.rst | 1 - nitrokeys/start/windows/setting-kdf-do.rst | 1 - nitrokeys/start/windows/smime-outlook.rst | 1 - nitrokeys/start/windows/smime-thunderbird.rst | 1 - nitrokeys/start/windows/smime.rst | 1 - 53 files changed, 39 insertions(+), 203 deletions(-) rename nitrokeys/start/{linux => }/firmware-update.rst (83%) rename nitrokeys/start/{linux/index.rst => getting-started.rst} (80%) delete mode 100644 nitrokeys/start/linux/factory-reset.rst delete mode 100644 nitrokeys/start/linux/gpa.rst delete mode 100644 nitrokeys/start/linux/ipsec.rst delete mode 100644 nitrokeys/start/linux/login-with-pam.rst delete mode 100644 nitrokeys/start/linux/multiple-identities.rst delete mode 100644 nitrokeys/start/linux/openpgp-keygen-backup.rst delete mode 100644 nitrokeys/start/linux/openpgp-keygen-gpa.rst delete mode 100644 nitrokeys/start/linux/openpgp-keygen-on-device.rst delete mode 100644 nitrokeys/start/linux/openpgp-outlook.rst delete mode 100644 nitrokeys/start/linux/openpgp-thunderbird.rst delete mode 100644 nitrokeys/start/linux/openpgp.rst delete mode 100644 nitrokeys/start/linux/setting-kdf-do.rst delete mode 100644 nitrokeys/start/linux/smime-outlook.rst delete mode 100644 nitrokeys/start/linux/smime-thunderbird.rst delete mode 100644 nitrokeys/start/linux/smime.rst delete mode 100644 nitrokeys/start/linux/ssh.rst delete mode 100644 nitrokeys/start/linux/stunnel.rst delete mode 100644 nitrokeys/start/mac/factory-reset.rst delete mode 100644 nitrokeys/start/mac/gpa.rst delete mode 100644 nitrokeys/start/mac/index.rst delete mode 100644 nitrokeys/start/mac/multiple-identities.rst delete mode 100644 nitrokeys/start/mac/openpgp-keygen-backup.rst delete mode 100644 nitrokeys/start/mac/openpgp-keygen-gpa.rst delete mode 100644 nitrokeys/start/mac/openpgp-keygen-on-device.rst delete mode 100644 nitrokeys/start/mac/openpgp-outlook.rst delete mode 100644 nitrokeys/start/mac/openpgp-thunderbird.rst delete mode 100644 nitrokeys/start/mac/openpgp.rst delete mode 100644 nitrokeys/start/mac/setting-kdf-do.rst delete mode 100644 nitrokeys/start/mac/smime-outlook.rst delete mode 100644 nitrokeys/start/mac/smime-thunderbird.rst delete mode 100644 nitrokeys/start/mac/smime.rst rename nitrokeys/start/{multiple-identities.rst.inc => multiple-identities.rst} (100%) rename nitrokeys/start/{setting-kdf-do.rst.inc => setting-kdf-do.rst} (100%) delete mode 100644 nitrokeys/start/windows/factory-reset.rst delete mode 100644 nitrokeys/start/windows/gpa.rst delete mode 100644 nitrokeys/start/windows/index.rst delete mode 100644 nitrokeys/start/windows/multiple-identities.rst delete mode 100644 nitrokeys/start/windows/openpgp-keygen-backup.rst delete mode 100644 nitrokeys/start/windows/openpgp-keygen-gpa.rst delete mode 100644 nitrokeys/start/windows/openpgp-keygen-on-device.rst delete mode 100644 nitrokeys/start/windows/openpgp-outlook.rst delete mode 100644 nitrokeys/start/windows/openpgp-thunderbird.rst delete mode 100644 nitrokeys/start/windows/openpgp.rst delete mode 100644 nitrokeys/start/windows/putty.rst delete mode 100644 nitrokeys/start/windows/setting-kdf-do.rst delete mode 100644 nitrokeys/start/windows/smime-outlook.rst delete mode 100644 nitrokeys/start/windows/smime-thunderbird.rst delete mode 100644 nitrokeys/start/windows/smime.rst diff --git a/nitrokeys/index.rst b/nitrokeys/index.rst index 38d96b5e19..8646bbe4d8 100644 --- a/nitrokeys/index.rst +++ b/nitrokeys/index.rst @@ -8,3 +8,4 @@ Nitrokeys U2F Pro Storage + Start diff --git a/nitrokeys/start/factory-reset.rst b/nitrokeys/start/factory-reset.rst index 3bc5fe81db..dca659a0af 100644 --- a/nitrokeys/start/factory-reset.rst +++ b/nitrokeys/start/factory-reset.rst @@ -14,7 +14,7 @@ Usage To change the identity it suffices to send a custom CCID command. This could be achieved with ``pynitrokey`` tool: -1. `Install pynitrokey `__. +1. `Install pynitrokey <../../software/nitropy/all-platforms/installation.html>`. 2. Connect your Nitrokey Start and verify that it got recognized. diff --git a/nitrokeys/start/linux/firmware-update.rst b/nitrokeys/start/firmware-update.rst similarity index 83% rename from nitrokeys/start/linux/firmware-update.rst rename to nitrokeys/start/firmware-update.rst index 6ba94be8c8..d319d3e169 100644 --- a/nitrokeys/start/linux/firmware-update.rst +++ b/nitrokeys/start/firmware-update.rst @@ -14,19 +14,10 @@ Firmware Update To update the firmware of your Nitrokey Start, proceed as follows. -1. Install pip3. - .. code-block:: bash - - $ sudo apt install python3-pip - -2. Install pynitrokey. For this you need an Internet connection. - - .. code-block:: bash - - $ pip3 install --user pynitrokey +1. First `install pynitrokey <../../software/nitropy/all-platforms/installation.html>`_. For this you need an Internet connection. -3. Connect your Nitrokey Start and verify its recognition. +2. Connect your Nitrokey Start and verify its recognition. .. rstcheck: ignore-next-code-block .. code-block:: bash @@ -36,13 +27,13 @@ To update the firmware of your Nitrokey Start, proceed as follows. :: 'Nitrokey Start' keys: FSIJ-1.2.15-87042524: Nitrokey Nitrokey Start (RTM.8) -4. Start the update process. For this you need an Internet connection. +3. Start the update process. For this you need an Internet connection. .. code-block:: bash $ nitropy start update -5. You will then be asked to enter the Admin PIN of your Nitrokey Start. +4. You will then be asked to enter the Admin PIN of your Nitrokey Start. (Default PIN: 12345678) .. code-block:: bash @@ -55,7 +46,7 @@ To update the firmware of your Nitrokey Start, proceed as follows. Saving run log to: /tmp/nitropy.log.d4erqux4 Admin password: "your admin PIN" -6. Under “Device” you will find information about the current version of +5. Under “Device” you will find information about the current version of your Nitrokey Start. In the first item under “Please note” you can see the latest firmware version available. Now you have to confirm the update with “yes”. @@ -88,7 +79,7 @@ To update the firmware of your Nitrokey Start, proceed as follows. - Whole process should not take more than 1 minute Do you want to continue? [yes/no]: yes -7. You can check the firmware version after the upgrade process has +6. You can check the firmware version after the upgrade process has completed. .. rstcheck: ignore-next-code-block diff --git a/nitrokeys/start/linux/index.rst b/nitrokeys/start/getting-started.rst similarity index 80% rename from nitrokeys/start/linux/index.rst rename to nitrokeys/start/getting-started.rst index 7882065b82..7253b9beb7 100644 --- a/nitrokeys/start/linux/index.rst +++ b/nitrokeys/start/getting-started.rst @@ -1,18 +1,24 @@ -Nitrokey Start, Linux -===================== +Getting Started +=============== -.. contents:: :local: -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: +1. + .. tabs:: + .. tab:: Linux + Install ``scdaemon`` and GnuPG 2.1 or higher by using your package + manager (e.g. ``apt update && apt install scdaemon gnupg2`` on Ubuntu). + Install ``scdaemon`` and GnuPG 2.1 or higher by using your package + manager (e.g. ``apt update && apt install scdaemon gnupg2`` on Ubuntu). - * + .. tab:: MacOS + Install `GnuPG 2.1 `__ or higher. -1. Install ``scdaemon`` and GnuPG 2.1 or higher by using your package - manager (e.g. ``apt update && apt install scdaemon gnupg2`` on Ubuntu). -2. Connect your Nitrokey to your computer. + .. tab:: Windows + Install `Gpg4win `__ on your Computer. + +2. Connect your Nitrokey to your computer and confirm all dialogs (if there are any) so + that the USB smart card device driver gets installed almost + automatically. 3. Use GnuPG to `generate new keys or import existing ones `_. diff --git a/nitrokeys/start/index.rst b/nitrokeys/start/index.rst index 05f3ccd653..86ad19cef1 100644 --- a/nitrokeys/start/index.rst +++ b/nitrokeys/start/index.rst @@ -10,14 +10,23 @@ First check the: :glob: Frequently Asked Questions + Getting Started -or choose your operating system: +or check out the features: .. toctree:: :maxdepth: 1 :glob: - Windows - macOS - Linux - + GPA <../features/gpa/index> + Ipsec (Linux) <../features/ipsec/index> + Stunnel (Linux) <../features/stunnel/index> + Desktop Login <../features/desktop-login/index> + OpenPGP <../features/openpgp/index> + SMIME <../features/smime/index> + SSH <../features/ssh/index> + Putty <../features/ssh/putty> + Multiple Identities + Setting KDF-DO + Factory Reset + Firmware Update \ No newline at end of file diff --git a/nitrokeys/start/linux/factory-reset.rst b/nitrokeys/start/linux/factory-reset.rst deleted file mode 100644 index c1fcf5041f..0000000000 --- a/nitrokeys/start/linux/factory-reset.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../factory-reset.rst diff --git a/nitrokeys/start/linux/gpa.rst b/nitrokeys/start/linux/gpa.rst deleted file mode 100644 index 398ae468bc..0000000000 --- a/nitrokeys/start/linux/gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/gpa.rst diff --git a/nitrokeys/start/linux/ipsec.rst b/nitrokeys/start/linux/ipsec.rst deleted file mode 100644 index cfc9264144..0000000000 --- a/nitrokeys/start/linux/ipsec.rst +++ /dev/null @@ -1,4 +0,0 @@ -IPsec -===== - -.. include:: ../../hsm/ipsec.rst.inc diff --git a/nitrokeys/start/linux/login-with-pam.rst b/nitrokeys/start/linux/login-with-pam.rst deleted file mode 100644 index 4eee0f04a2..0000000000 --- a/nitrokeys/start/linux/login-with-pam.rst +++ /dev/null @@ -1,4 +0,0 @@ -Login With PAM -=========================== - -.. include:: ../../pro/login-with-pam.rst.inc diff --git a/nitrokeys/start/linux/multiple-identities.rst b/nitrokeys/start/linux/multiple-identities.rst deleted file mode 100644 index 46ed8387d4..0000000000 --- a/nitrokeys/start/linux/multiple-identities.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../multiple-identities.rst.inc diff --git a/nitrokeys/start/linux/openpgp-keygen-backup.rst b/nitrokeys/start/linux/openpgp-keygen-backup.rst deleted file mode 100644 index b4528e0139..0000000000 --- a/nitrokeys/start/linux/openpgp-keygen-backup.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-backup.rst.inc diff --git a/nitrokeys/start/linux/openpgp-keygen-gpa.rst b/nitrokeys/start/linux/openpgp-keygen-gpa.rst deleted file mode 100644 index 472d298006..0000000000 --- a/nitrokeys/start/linux/openpgp-keygen-gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-gpa.rst.inc diff --git a/nitrokeys/start/linux/openpgp-keygen-on-device.rst b/nitrokeys/start/linux/openpgp-keygen-on-device.rst deleted file mode 100644 index fc90850b8e..0000000000 --- a/nitrokeys/start/linux/openpgp-keygen-on-device.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-on-device.rst.inc diff --git a/nitrokeys/start/linux/openpgp-outlook.rst b/nitrokeys/start/linux/openpgp-outlook.rst deleted file mode 100644 index fa4e7dd855..0000000000 --- a/nitrokeys/start/linux/openpgp-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-outlook.rst.inc diff --git a/nitrokeys/start/linux/openpgp-thunderbird.rst b/nitrokeys/start/linux/openpgp-thunderbird.rst deleted file mode 100644 index 59e0956c63..0000000000 --- a/nitrokeys/start/linux/openpgp-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-thunderbird.rst.inc diff --git a/nitrokeys/start/linux/openpgp.rst b/nitrokeys/start/linux/openpgp.rst deleted file mode 100644 index fb8b25042e..0000000000 --- a/nitrokeys/start/linux/openpgp.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp.rst.inc diff --git a/nitrokeys/start/linux/setting-kdf-do.rst b/nitrokeys/start/linux/setting-kdf-do.rst deleted file mode 100644 index f9ff6236c0..0000000000 --- a/nitrokeys/start/linux/setting-kdf-do.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../setting-kdf-do.rst.inc diff --git a/nitrokeys/start/linux/smime-outlook.rst b/nitrokeys/start/linux/smime-outlook.rst deleted file mode 100644 index acd45a24a9..0000000000 --- a/nitrokeys/start/linux/smime-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-outlook.rst.inc diff --git a/nitrokeys/start/linux/smime-thunderbird.rst b/nitrokeys/start/linux/smime-thunderbird.rst deleted file mode 100644 index 4ae43d43ba..0000000000 --- a/nitrokeys/start/linux/smime-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-thunderbird.rst.inc diff --git a/nitrokeys/start/linux/smime.rst b/nitrokeys/start/linux/smime.rst deleted file mode 100644 index 5029a3135c..0000000000 --- a/nitrokeys/start/linux/smime.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime.rst.inc diff --git a/nitrokeys/start/linux/ssh.rst b/nitrokeys/start/linux/ssh.rst deleted file mode 100644 index 792071f9a1..0000000000 --- a/nitrokeys/start/linux/ssh.rst +++ /dev/null @@ -1,4 +0,0 @@ -SSH For Server Administration -============================= - -.. include:: ../../pro/ssh.rst diff --git a/nitrokeys/start/linux/stunnel.rst b/nitrokeys/start/linux/stunnel.rst deleted file mode 100644 index 94a9982dac..0000000000 --- a/nitrokeys/start/linux/stunnel.rst +++ /dev/null @@ -1,4 +0,0 @@ -Stunnel -======= - -.. include:: ../../hsm/stunnel.rst.inc diff --git a/nitrokeys/start/mac/factory-reset.rst b/nitrokeys/start/mac/factory-reset.rst deleted file mode 100644 index c1fcf5041f..0000000000 --- a/nitrokeys/start/mac/factory-reset.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../factory-reset.rst diff --git a/nitrokeys/start/mac/gpa.rst b/nitrokeys/start/mac/gpa.rst deleted file mode 100644 index 398ae468bc..0000000000 --- a/nitrokeys/start/mac/gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/gpa.rst diff --git a/nitrokeys/start/mac/index.rst b/nitrokeys/start/mac/index.rst deleted file mode 100644 index 04e1917cea..0000000000 --- a/nitrokeys/start/mac/index.rst +++ /dev/null @@ -1,58 +0,0 @@ -Nitrokey Start, Mac -=================== - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -1. Install `GnuPG 2.1 `__ or higher. -2. Connect your Nitrokey to your computer and confirm all dialogs so - that the USB smart card device driver gets installed almost - automatically. -3. Use GnuPG to `generate new keys or import existing - ones `_. - - .. note:: - It is indeed necessary to first import or create new keys and - change the PINs afterwards. Otherwise changing User PIN will fail! - Furthermore overriding keys results in PIN reset (default values), - please keep this in mind! - -4. Change the Admin PIN (default: ``12345678``) and then the User PIN (default: ``123456``) to your own choices. - - * The PIN must consist of at least 14 characters (starting from RTM.8), can contain any character (not only numbers). Do not select only numbers. If your environment allows that, use emoticons or national characters. - * The longer the PIN the better. It is possible to use 6 randomly selected words instead as well for the same or better security than random character string. - * Use ‘gpg –card-edit’ -> ‘admin’ -> ‘passwd’ to achieve this (for Admin PIN case). - * Please be careful to change Admin PIN first and User PIN second! Otherwise the admin-less mode got activated, see `this instructions `__ for further information. - * Optionally Reset code can be set up (`guide `__). The minimum length accepted is 8 characters, however it should be as long as User PIN. - * KDF-DO allows for a shorter PIN of 8 characters minimum, by executing part of the calculations on the PC. - -**Firmware version 1.2.5 or below: In case you forget a PIN or enter it -wrongly three times you need the reset code to unblock the PIN. -Otherwise the device wouldn’t be usable anymore! Therefore -please** `set the reset -code `__ **as -well when initialising the key!** - -Your Nitrokey is now ready to use. - -Key Creation with OpenPGP or S/MIME -################################### - -There are two widely used standards for email -encryption. While OpenPGP/GnuPG is popular among individuals, -S/MIME/x.509 is mostly used by enterprises. If you are in doubt which -one to choose, you should use OpenPGP. - -To learn more about how to use OpenPGP for email encryption with the Nitrokey, -please refer to chapter `OpenPGP Email Encryption `_. - -To learn more about how to use S/MIME for email encryption with the Nitrokey, -please refer to chapter `S/MIME Email Encryption `_. - -Please note that the Nitrokey App can not be used for this device! diff --git a/nitrokeys/start/mac/multiple-identities.rst b/nitrokeys/start/mac/multiple-identities.rst deleted file mode 100644 index 46ed8387d4..0000000000 --- a/nitrokeys/start/mac/multiple-identities.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../multiple-identities.rst.inc diff --git a/nitrokeys/start/mac/openpgp-keygen-backup.rst b/nitrokeys/start/mac/openpgp-keygen-backup.rst deleted file mode 100644 index b4528e0139..0000000000 --- a/nitrokeys/start/mac/openpgp-keygen-backup.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-backup.rst.inc diff --git a/nitrokeys/start/mac/openpgp-keygen-gpa.rst b/nitrokeys/start/mac/openpgp-keygen-gpa.rst deleted file mode 100644 index 472d298006..0000000000 --- a/nitrokeys/start/mac/openpgp-keygen-gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-gpa.rst.inc diff --git a/nitrokeys/start/mac/openpgp-keygen-on-device.rst b/nitrokeys/start/mac/openpgp-keygen-on-device.rst deleted file mode 100644 index fc90850b8e..0000000000 --- a/nitrokeys/start/mac/openpgp-keygen-on-device.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-on-device.rst.inc diff --git a/nitrokeys/start/mac/openpgp-outlook.rst b/nitrokeys/start/mac/openpgp-outlook.rst deleted file mode 100644 index fa4e7dd855..0000000000 --- a/nitrokeys/start/mac/openpgp-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-outlook.rst.inc diff --git a/nitrokeys/start/mac/openpgp-thunderbird.rst b/nitrokeys/start/mac/openpgp-thunderbird.rst deleted file mode 100644 index 59e0956c63..0000000000 --- a/nitrokeys/start/mac/openpgp-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-thunderbird.rst.inc diff --git a/nitrokeys/start/mac/openpgp.rst b/nitrokeys/start/mac/openpgp.rst deleted file mode 100644 index fb8b25042e..0000000000 --- a/nitrokeys/start/mac/openpgp.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp.rst.inc diff --git a/nitrokeys/start/mac/setting-kdf-do.rst b/nitrokeys/start/mac/setting-kdf-do.rst deleted file mode 100644 index f9ff6236c0..0000000000 --- a/nitrokeys/start/mac/setting-kdf-do.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../setting-kdf-do.rst.inc diff --git a/nitrokeys/start/mac/smime-outlook.rst b/nitrokeys/start/mac/smime-outlook.rst deleted file mode 100644 index acd45a24a9..0000000000 --- a/nitrokeys/start/mac/smime-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-outlook.rst.inc diff --git a/nitrokeys/start/mac/smime-thunderbird.rst b/nitrokeys/start/mac/smime-thunderbird.rst deleted file mode 100644 index 4ae43d43ba..0000000000 --- a/nitrokeys/start/mac/smime-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-thunderbird.rst.inc diff --git a/nitrokeys/start/mac/smime.rst b/nitrokeys/start/mac/smime.rst deleted file mode 100644 index 5029a3135c..0000000000 --- a/nitrokeys/start/mac/smime.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime.rst.inc diff --git a/nitrokeys/start/multiple-identities.rst.inc b/nitrokeys/start/multiple-identities.rst similarity index 100% rename from nitrokeys/start/multiple-identities.rst.inc rename to nitrokeys/start/multiple-identities.rst diff --git a/nitrokeys/start/setting-kdf-do.rst.inc b/nitrokeys/start/setting-kdf-do.rst similarity index 100% rename from nitrokeys/start/setting-kdf-do.rst.inc rename to nitrokeys/start/setting-kdf-do.rst diff --git a/nitrokeys/start/windows/factory-reset.rst b/nitrokeys/start/windows/factory-reset.rst deleted file mode 100644 index c1fcf5041f..0000000000 --- a/nitrokeys/start/windows/factory-reset.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../factory-reset.rst diff --git a/nitrokeys/start/windows/gpa.rst b/nitrokeys/start/windows/gpa.rst deleted file mode 100644 index 398ae468bc..0000000000 --- a/nitrokeys/start/windows/gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/gpa.rst diff --git a/nitrokeys/start/windows/index.rst b/nitrokeys/start/windows/index.rst deleted file mode 100644 index 9333e86a0d..0000000000 --- a/nitrokeys/start/windows/index.rst +++ /dev/null @@ -1,57 +0,0 @@ -Nitrokey Start, Windows -======================= - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -1. Install `Gpg4win `__ on your Computer. -2. Connect your Nitrokey to your computer and confirm all dialogs so - that the USB smart card device driver gets installed almost - automatically. - - .. note:: - Windows may fail to install an additional device driver for the smart card. Its safe to ignore this warning. - -3. Use GnuPG to `generate new keys or import existing ones `_. - - .. note:: - It is indeed necessary to first import or create new keys and change the PINs afterwards. Otherwise changing User PIN will fail! Furthermore overriding keys results in PIN reset (default values), please keep this in mind! - -4. Change the Admin PIN (default: ``12345678``) and then the User PIN (default: ``123456``) to your own choices. - - * The PIN must consist of at least 14 characters (starting from RTM.8), can contain any character (not only numbers). Do not select only numbers. If your environment allows that, use emoticons or national characters. - * The longer the PIN the better. It is possible to use 6 randomly selected words instead as well for the same or better security than random character string. - * Use ‘gpg –card-edit’ -> ‘admin’ -> ‘passwd’ to achieve this (for Admin PIN case). - Please be careful to change Admin PIN first and User PIN second! Otherwise the admin-less mode got activated, see `this instructions `__ for further information. - * Optionally Reset code can be set up (`guide `__). The minimum length accepted is 8 characters, however it should be as long as User PIN. - * KDF-DO allows for a shorter PIN of 8 characters minimum, by executing part of the calculations on the PC. - -**Firmware version 1.2.5 or below: In case you forget a PIN or enter it -wrongly three times you need the reset code to unblock the PIN. -Otherwise the device wouldn’t be usable anymore! Therefore -please** `set the reset -code `__ **as -well when initialising the key!** - -Your Nitrokey is now ready to use. - -Key Creation with OpenPGP or S/MIME -################################### - -There are two widely used standards for email -encryption. While OpenPGP/GnuPG is popular among individuals, -S/MIME/x.509 is mostly used by enterprises. If you are in doubt which -one to choose, you should use OpenPGP. - -To learn more about how to use OpenPGP for email encryption with the Nitrokey, -please refer to chapter `OpenPGP Email Encryption `_. - -To learn more about how to use S/MIME for email encryption with the Nitrokey, -please refer to chapter `S/MIME Email Encryption `_. - -Please note that the Nitrokey App can not be used for this device! diff --git a/nitrokeys/start/windows/multiple-identities.rst b/nitrokeys/start/windows/multiple-identities.rst deleted file mode 100644 index 46ed8387d4..0000000000 --- a/nitrokeys/start/windows/multiple-identities.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../multiple-identities.rst.inc diff --git a/nitrokeys/start/windows/openpgp-keygen-backup.rst b/nitrokeys/start/windows/openpgp-keygen-backup.rst deleted file mode 100644 index b4528e0139..0000000000 --- a/nitrokeys/start/windows/openpgp-keygen-backup.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-backup.rst.inc diff --git a/nitrokeys/start/windows/openpgp-keygen-gpa.rst b/nitrokeys/start/windows/openpgp-keygen-gpa.rst deleted file mode 100644 index 472d298006..0000000000 --- a/nitrokeys/start/windows/openpgp-keygen-gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-gpa.rst.inc diff --git a/nitrokeys/start/windows/openpgp-keygen-on-device.rst b/nitrokeys/start/windows/openpgp-keygen-on-device.rst deleted file mode 100644 index fc90850b8e..0000000000 --- a/nitrokeys/start/windows/openpgp-keygen-on-device.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-on-device.rst.inc diff --git a/nitrokeys/start/windows/openpgp-outlook.rst b/nitrokeys/start/windows/openpgp-outlook.rst deleted file mode 100644 index fa4e7dd855..0000000000 --- a/nitrokeys/start/windows/openpgp-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-outlook.rst.inc diff --git a/nitrokeys/start/windows/openpgp-thunderbird.rst b/nitrokeys/start/windows/openpgp-thunderbird.rst deleted file mode 100644 index 59e0956c63..0000000000 --- a/nitrokeys/start/windows/openpgp-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-thunderbird.rst.inc diff --git a/nitrokeys/start/windows/openpgp.rst b/nitrokeys/start/windows/openpgp.rst deleted file mode 100644 index fb8b25042e..0000000000 --- a/nitrokeys/start/windows/openpgp.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp.rst.inc diff --git a/nitrokeys/start/windows/putty.rst b/nitrokeys/start/windows/putty.rst deleted file mode 100644 index 6f0427a82f..0000000000 --- a/nitrokeys/start/windows/putty.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/putty.rst.inc diff --git a/nitrokeys/start/windows/setting-kdf-do.rst b/nitrokeys/start/windows/setting-kdf-do.rst deleted file mode 100644 index f9ff6236c0..0000000000 --- a/nitrokeys/start/windows/setting-kdf-do.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../setting-kdf-do.rst.inc diff --git a/nitrokeys/start/windows/smime-outlook.rst b/nitrokeys/start/windows/smime-outlook.rst deleted file mode 100644 index acd45a24a9..0000000000 --- a/nitrokeys/start/windows/smime-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-outlook.rst.inc diff --git a/nitrokeys/start/windows/smime-thunderbird.rst b/nitrokeys/start/windows/smime-thunderbird.rst deleted file mode 100644 index 4ae43d43ba..0000000000 --- a/nitrokeys/start/windows/smime-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-thunderbird.rst.inc diff --git a/nitrokeys/start/windows/smime.rst b/nitrokeys/start/windows/smime.rst deleted file mode 100644 index 5029a3135c..0000000000 --- a/nitrokeys/start/windows/smime.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime.rst.inc From 810e5766fdc45703821f96e78406697d62497fe4 Mon Sep 17 00:00:00 2001 From: Keksmo Date: Wed, 31 Jul 2024 15:13:42 +0200 Subject: [PATCH 12/33] mostly finished nk3, still needs restructure of index and features + some minor issues --- index.rst | 3 +- .../images/smart-policy/1.png | Bin .../images/smart-policy/2.png | Bin .../images/smart-policy/3.png | Bin .../images/smart-policy/4.png | Bin .../images/smart-policy/5.png | Bin .../images/smart-policy/6.png | Bin .../desktop-login/{ => third-party}/index.rst | 0 .../desktop-login/{ => third-party}/pam.rst | 0 .../{ => third-party}/smart-policy.rst | 0 .../features/fido/{ => 2fa}/2fa-nextcloud.rst | 0 .../features/fido/{ => 2fa}/2fa-odoo.rst | 0 .../features/fido/{ => 2fa}/2fa-website.rst | 0 .../features/fido/{ => 2fa}/desktop-login.rst | 0 .../fido/{ => 2fa}/images/fidou2f-1.png | Bin .../fido/{ => 2fa}/images/fidou2f-2.png | Bin .../fido/{ => 2fa}/images/fidou2f-3.png | Bin .../fido/{ => 2fa}/images/fidou2f-4.png | Bin .../fido/{ => 2fa}/images/fidou2f-5.png | Bin .../fido/{ => 2fa}/images/u2f-fido-pam-2.png | Bin nitrokeys/features/fido/{ => 2fa}/index.rst | 0 nitrokeys/features/openpgp/index.rst | 2 ++ .../openpgp/uif.rst} | 0 .../piv/access_control.rst | 0 .../piv/certificate_management.rst | 0 .../piv/factory_reset.rst | 0 .../client_logon_with_active_directory.rst | 0 .../windows => features}/piv/guides/index.rst | 0 .../windows => features}/piv/index.rst | 0 .../piv/key_management.rst | 0 nitrokeys/index.rst | 1 + nitrokeys/nitrokey3/features.rst | 16 +++++++---- ...are-update.rst.inc => firmware-update.rst} | 15 ++++++++++ nitrokeys/nitrokey3/index.rst | 26 ++++++++---------- nitrokeys/nitrokey3/{linux => }/keepassxc.rst | 0 nitrokeys/nitrokey3/linux/2fa-odoo.rst | 2 -- nitrokeys/nitrokey3/linux/adsk.rst | 1 - nitrokeys/nitrokey3/linux/desktop-login.rst | 3 -- nitrokeys/nitrokey3/linux/firmware-update.rst | 16 ----------- nitrokeys/nitrokey3/linux/images | 1 - nitrokeys/nitrokey3/linux/index.rst | 13 --------- nitrokeys/nitrokey3/linux/nitropy.rst | 1 - .../nitrokey3/linux/openpgp-keygen-backup.rst | 1 - .../nitrokey3/linux/openpgp-keygen-gpa.rst | 1 - .../linux/openpgp-keygen-on-device.rst | 1 - nitrokeys/nitrokey3/linux/openpgp-outlook.rst | 1 - .../nitrokey3/linux/openpgp-thunderbird.rst | 1 - nitrokeys/nitrokey3/linux/openpgp-uif.rst | 1 - nitrokeys/nitrokey3/linux/openpgp.rst | 1 - nitrokeys/nitrokey3/linux/reset.rst | 1 - nitrokeys/nitrokey3/linux/set-pins.rst | 21 -------------- nitrokeys/nitrokey3/linux/smime-outlook.rst | 1 - .../nitrokey3/linux/smime-thunderbird.rst | 1 - nitrokeys/nitrokey3/linux/smime.rst | 1 - nitrokeys/nitrokey3/linux/troubleshooting.rst | 1 - nitrokeys/nitrokey3/mac/2fa-odoo.rst | 2 -- nitrokeys/nitrokey3/mac/adsk.rst | 1 - nitrokeys/nitrokey3/mac/firmware-update.rst | 1 - nitrokeys/nitrokey3/mac/index.rst | 13 --------- nitrokeys/nitrokey3/mac/keepassxc.rst | 2 -- nitrokeys/nitrokey3/mac/nitropy.rst | 1 - .../nitrokey3/mac/openpgp-keygen-backup.rst | 1 - .../nitrokey3/mac/openpgp-keygen-gpa.rst | 1 - .../mac/openpgp-keygen-on-device.rst | 1 - nitrokeys/nitrokey3/mac/openpgp-outlook.rst | 1 - .../nitrokey3/mac/openpgp-thunderbird.rst | 1 - nitrokeys/nitrokey3/mac/openpgp-uif.rst | 2 -- nitrokeys/nitrokey3/mac/openpgp.rst | 1 - nitrokeys/nitrokey3/mac/reset.rst | 1 - nitrokeys/nitrokey3/mac/set-pins.rst | 21 -------------- nitrokeys/nitrokey3/mac/smime-outlook.rst | 1 - nitrokeys/nitrokey3/mac/smime-thunderbird.rst | 1 - nitrokeys/nitrokey3/mac/smime.rst | 1 - nitrokeys/nitrokey3/mac/troubleshooting.rst | 1 - nitrokeys/nitrokey3/{shared => }/main.rst | 0 nitrokeys/nitrokey3/{shared => }/nitropy.rst | 0 .../{shared/reset.rst.inc => reset.rst} | 0 .../{shared/set-pins.rst.inc => set-pins.rst} | 4 +-- nitrokeys/nitrokey3/shared/openpgp.rst.inc | 10 ------- nitrokeys/nitrokey3/windows/2fa-odoo.rst | 2 -- nitrokeys/nitrokey3/windows/adsk.rst | 1 - .../nitrokey3/windows/firmware-update.rst | 1 - .../windows/images/enabling-u2f-on-firefox | 1 - .../windows/images/passwordless-microsoft | 1 - nitrokeys/nitrokey3/windows/index.rst | 14 ---------- nitrokeys/nitrokey3/windows/keepassxc.rst | 2 -- nitrokeys/nitrokey3/windows/openpgp-csp.rst | 2 -- .../windows/openpgp-keygen-backup.rst | 1 - .../nitrokey3/windows/openpgp-keygen-gpa.rst | 1 - .../windows/openpgp-keygen-on-device.rst | 1 - .../nitrokey3/windows/openpgp-outlook.rst | 1 - .../nitrokey3/windows/openpgp-thunderbird.rst | 1 - nitrokeys/nitrokey3/windows/openpgp-uif.rst | 1 - nitrokeys/nitrokey3/windows/openpgp.rst | 1 - .../windows/passwordless-microsoft.rst | 4 --- nitrokeys/nitrokey3/windows/reset.rst | 1 - nitrokeys/nitrokey3/windows/set-pins.rst | 24 ---------------- nitrokeys/nitrokey3/windows/smime-outlook.rst | 1 - .../nitrokey3/windows/smime-thunderbird.rst | 1 - nitrokeys/nitrokey3/windows/smime.rst | 9 ------ .../nitrokey3/windows/troubleshooting.rst | 1 - 101 files changed, 45 insertions(+), 228 deletions(-) rename nitrokeys/features/desktop-login/{ => third-party}/images/smart-policy/1.png (100%) rename nitrokeys/features/desktop-login/{ => third-party}/images/smart-policy/2.png (100%) rename nitrokeys/features/desktop-login/{ => third-party}/images/smart-policy/3.png (100%) rename nitrokeys/features/desktop-login/{ => third-party}/images/smart-policy/4.png (100%) rename nitrokeys/features/desktop-login/{ => third-party}/images/smart-policy/5.png (100%) rename nitrokeys/features/desktop-login/{ => third-party}/images/smart-policy/6.png (100%) rename nitrokeys/features/desktop-login/{ => third-party}/index.rst (100%) rename nitrokeys/features/desktop-login/{ => third-party}/pam.rst (100%) rename nitrokeys/features/desktop-login/{ => third-party}/smart-policy.rst (100%) rename nitrokeys/features/fido/{ => 2fa}/2fa-nextcloud.rst (100%) rename nitrokeys/features/fido/{ => 2fa}/2fa-odoo.rst (100%) rename nitrokeys/features/fido/{ => 2fa}/2fa-website.rst (100%) rename nitrokeys/features/fido/{ => 2fa}/desktop-login.rst (100%) rename nitrokeys/features/fido/{ => 2fa}/images/fidou2f-1.png (100%) rename nitrokeys/features/fido/{ => 2fa}/images/fidou2f-2.png (100%) rename nitrokeys/features/fido/{ => 2fa}/images/fidou2f-3.png (100%) rename nitrokeys/features/fido/{ => 2fa}/images/fidou2f-4.png (100%) rename nitrokeys/features/fido/{ => 2fa}/images/fidou2f-5.png (100%) rename nitrokeys/features/fido/{ => 2fa}/images/u2f-fido-pam-2.png (100%) rename nitrokeys/features/fido/{ => 2fa}/index.rst (100%) rename nitrokeys/{nitrokey3/shared/openpgp-uif.rst.inc => features/openpgp/uif.rst} (100%) rename nitrokeys/{nitrokey3/windows => features}/piv/access_control.rst (100%) rename nitrokeys/{nitrokey3/windows => features}/piv/certificate_management.rst (100%) rename nitrokeys/{nitrokey3/windows => features}/piv/factory_reset.rst (100%) rename nitrokeys/{nitrokey3/windows => features}/piv/guides/client_logon_with_active_directory.rst (100%) rename nitrokeys/{nitrokey3/windows => features}/piv/guides/index.rst (100%) rename nitrokeys/{nitrokey3/windows => features}/piv/index.rst (100%) rename nitrokeys/{nitrokey3/windows => features}/piv/key_management.rst (100%) rename nitrokeys/nitrokey3/{firmware-update.rst.inc => firmware-update.rst} (84%) rename nitrokeys/nitrokey3/{linux => }/keepassxc.rst (100%) delete mode 100644 nitrokeys/nitrokey3/linux/2fa-odoo.rst delete mode 100644 nitrokeys/nitrokey3/linux/adsk.rst delete mode 100644 nitrokeys/nitrokey3/linux/desktop-login.rst delete mode 100644 nitrokeys/nitrokey3/linux/firmware-update.rst delete mode 120000 nitrokeys/nitrokey3/linux/images delete mode 100644 nitrokeys/nitrokey3/linux/index.rst delete mode 100644 nitrokeys/nitrokey3/linux/nitropy.rst delete mode 100644 nitrokeys/nitrokey3/linux/openpgp-keygen-backup.rst delete mode 100644 nitrokeys/nitrokey3/linux/openpgp-keygen-gpa.rst delete mode 100644 nitrokeys/nitrokey3/linux/openpgp-keygen-on-device.rst delete mode 100644 nitrokeys/nitrokey3/linux/openpgp-outlook.rst delete mode 100644 nitrokeys/nitrokey3/linux/openpgp-thunderbird.rst delete mode 100644 nitrokeys/nitrokey3/linux/openpgp-uif.rst delete mode 100644 nitrokeys/nitrokey3/linux/openpgp.rst delete mode 100644 nitrokeys/nitrokey3/linux/reset.rst delete mode 100644 nitrokeys/nitrokey3/linux/set-pins.rst delete mode 100644 nitrokeys/nitrokey3/linux/smime-outlook.rst delete mode 100644 nitrokeys/nitrokey3/linux/smime-thunderbird.rst delete mode 100644 nitrokeys/nitrokey3/linux/smime.rst delete mode 100644 nitrokeys/nitrokey3/linux/troubleshooting.rst delete mode 100644 nitrokeys/nitrokey3/mac/2fa-odoo.rst delete mode 100644 nitrokeys/nitrokey3/mac/adsk.rst delete mode 100644 nitrokeys/nitrokey3/mac/firmware-update.rst delete mode 100644 nitrokeys/nitrokey3/mac/index.rst delete mode 100644 nitrokeys/nitrokey3/mac/keepassxc.rst delete mode 100644 nitrokeys/nitrokey3/mac/nitropy.rst delete mode 100644 nitrokeys/nitrokey3/mac/openpgp-keygen-backup.rst delete mode 100644 nitrokeys/nitrokey3/mac/openpgp-keygen-gpa.rst delete mode 100644 nitrokeys/nitrokey3/mac/openpgp-keygen-on-device.rst delete mode 100644 nitrokeys/nitrokey3/mac/openpgp-outlook.rst delete mode 100644 nitrokeys/nitrokey3/mac/openpgp-thunderbird.rst delete mode 100644 nitrokeys/nitrokey3/mac/openpgp-uif.rst delete mode 100644 nitrokeys/nitrokey3/mac/openpgp.rst delete mode 100644 nitrokeys/nitrokey3/mac/reset.rst delete mode 100644 nitrokeys/nitrokey3/mac/set-pins.rst delete mode 100644 nitrokeys/nitrokey3/mac/smime-outlook.rst delete mode 100644 nitrokeys/nitrokey3/mac/smime-thunderbird.rst delete mode 100644 nitrokeys/nitrokey3/mac/smime.rst delete mode 100644 nitrokeys/nitrokey3/mac/troubleshooting.rst rename nitrokeys/nitrokey3/{shared => }/main.rst (100%) rename nitrokeys/nitrokey3/{shared => }/nitropy.rst (100%) rename nitrokeys/nitrokey3/{shared/reset.rst.inc => reset.rst} (100%) rename nitrokeys/nitrokey3/{shared/set-pins.rst.inc => set-pins.rst} (98%) delete mode 100644 nitrokeys/nitrokey3/shared/openpgp.rst.inc delete mode 100644 nitrokeys/nitrokey3/windows/2fa-odoo.rst delete mode 100644 nitrokeys/nitrokey3/windows/adsk.rst delete mode 100644 nitrokeys/nitrokey3/windows/firmware-update.rst delete mode 120000 nitrokeys/nitrokey3/windows/images/enabling-u2f-on-firefox delete mode 120000 nitrokeys/nitrokey3/windows/images/passwordless-microsoft delete mode 100644 nitrokeys/nitrokey3/windows/index.rst delete mode 100644 nitrokeys/nitrokey3/windows/keepassxc.rst delete mode 100644 nitrokeys/nitrokey3/windows/openpgp-csp.rst delete mode 100644 nitrokeys/nitrokey3/windows/openpgp-keygen-backup.rst delete mode 100644 nitrokeys/nitrokey3/windows/openpgp-keygen-gpa.rst delete mode 100644 nitrokeys/nitrokey3/windows/openpgp-keygen-on-device.rst delete mode 100644 nitrokeys/nitrokey3/windows/openpgp-outlook.rst delete mode 100644 nitrokeys/nitrokey3/windows/openpgp-thunderbird.rst delete mode 100644 nitrokeys/nitrokey3/windows/openpgp-uif.rst delete mode 100644 nitrokeys/nitrokey3/windows/openpgp.rst delete mode 100644 nitrokeys/nitrokey3/windows/passwordless-microsoft.rst delete mode 100644 nitrokeys/nitrokey3/windows/reset.rst delete mode 100644 nitrokeys/nitrokey3/windows/set-pins.rst delete mode 100644 nitrokeys/nitrokey3/windows/smime-outlook.rst delete mode 100644 nitrokeys/nitrokey3/windows/smime-thunderbird.rst delete mode 100644 nitrokeys/nitrokey3/windows/smime.rst delete mode 100644 nitrokeys/nitrokey3/windows/troubleshooting.rst diff --git a/index.rst b/index.rst index 5bee15e757..492f1a1162 100644 --- a/index.rst +++ b/index.rst @@ -8,7 +8,8 @@ Nitrokey Documentation nitrokeys/index hsm/index start/index - nitropadpc/index + nitropad/index + nitropc/index nitrophone/index nextbox/index nethsm/index diff --git a/nitrokeys/features/desktop-login/images/smart-policy/1.png b/nitrokeys/features/desktop-login/third-party/images/smart-policy/1.png similarity index 100% rename from nitrokeys/features/desktop-login/images/smart-policy/1.png rename to nitrokeys/features/desktop-login/third-party/images/smart-policy/1.png diff --git a/nitrokeys/features/desktop-login/images/smart-policy/2.png b/nitrokeys/features/desktop-login/third-party/images/smart-policy/2.png similarity index 100% rename from nitrokeys/features/desktop-login/images/smart-policy/2.png rename to nitrokeys/features/desktop-login/third-party/images/smart-policy/2.png diff --git a/nitrokeys/features/desktop-login/images/smart-policy/3.png b/nitrokeys/features/desktop-login/third-party/images/smart-policy/3.png similarity index 100% rename from nitrokeys/features/desktop-login/images/smart-policy/3.png rename to nitrokeys/features/desktop-login/third-party/images/smart-policy/3.png diff --git a/nitrokeys/features/desktop-login/images/smart-policy/4.png b/nitrokeys/features/desktop-login/third-party/images/smart-policy/4.png similarity index 100% rename from nitrokeys/features/desktop-login/images/smart-policy/4.png rename to nitrokeys/features/desktop-login/third-party/images/smart-policy/4.png diff --git a/nitrokeys/features/desktop-login/images/smart-policy/5.png b/nitrokeys/features/desktop-login/third-party/images/smart-policy/5.png similarity index 100% rename from nitrokeys/features/desktop-login/images/smart-policy/5.png rename to nitrokeys/features/desktop-login/third-party/images/smart-policy/5.png diff --git a/nitrokeys/features/desktop-login/images/smart-policy/6.png b/nitrokeys/features/desktop-login/third-party/images/smart-policy/6.png similarity index 100% rename from nitrokeys/features/desktop-login/images/smart-policy/6.png rename to nitrokeys/features/desktop-login/third-party/images/smart-policy/6.png diff --git a/nitrokeys/features/desktop-login/index.rst b/nitrokeys/features/desktop-login/third-party/index.rst similarity index 100% rename from nitrokeys/features/desktop-login/index.rst rename to nitrokeys/features/desktop-login/third-party/index.rst diff --git a/nitrokeys/features/desktop-login/pam.rst b/nitrokeys/features/desktop-login/third-party/pam.rst similarity index 100% rename from nitrokeys/features/desktop-login/pam.rst rename to nitrokeys/features/desktop-login/third-party/pam.rst diff --git a/nitrokeys/features/desktop-login/smart-policy.rst b/nitrokeys/features/desktop-login/third-party/smart-policy.rst similarity index 100% rename from nitrokeys/features/desktop-login/smart-policy.rst rename to nitrokeys/features/desktop-login/third-party/smart-policy.rst diff --git a/nitrokeys/features/fido/2fa-nextcloud.rst b/nitrokeys/features/fido/2fa/2fa-nextcloud.rst similarity index 100% rename from nitrokeys/features/fido/2fa-nextcloud.rst rename to nitrokeys/features/fido/2fa/2fa-nextcloud.rst diff --git a/nitrokeys/features/fido/2fa-odoo.rst b/nitrokeys/features/fido/2fa/2fa-odoo.rst similarity index 100% rename from nitrokeys/features/fido/2fa-odoo.rst rename to nitrokeys/features/fido/2fa/2fa-odoo.rst diff --git a/nitrokeys/features/fido/2fa-website.rst b/nitrokeys/features/fido/2fa/2fa-website.rst similarity index 100% rename from nitrokeys/features/fido/2fa-website.rst rename to nitrokeys/features/fido/2fa/2fa-website.rst diff --git a/nitrokeys/features/fido/desktop-login.rst b/nitrokeys/features/fido/2fa/desktop-login.rst similarity index 100% rename from nitrokeys/features/fido/desktop-login.rst rename to nitrokeys/features/fido/2fa/desktop-login.rst diff --git a/nitrokeys/features/fido/images/fidou2f-1.png b/nitrokeys/features/fido/2fa/images/fidou2f-1.png similarity index 100% rename from nitrokeys/features/fido/images/fidou2f-1.png rename to nitrokeys/features/fido/2fa/images/fidou2f-1.png diff --git a/nitrokeys/features/fido/images/fidou2f-2.png b/nitrokeys/features/fido/2fa/images/fidou2f-2.png similarity index 100% rename from nitrokeys/features/fido/images/fidou2f-2.png rename to nitrokeys/features/fido/2fa/images/fidou2f-2.png diff --git a/nitrokeys/features/fido/images/fidou2f-3.png b/nitrokeys/features/fido/2fa/images/fidou2f-3.png similarity index 100% rename from nitrokeys/features/fido/images/fidou2f-3.png rename to nitrokeys/features/fido/2fa/images/fidou2f-3.png diff --git a/nitrokeys/features/fido/images/fidou2f-4.png b/nitrokeys/features/fido/2fa/images/fidou2f-4.png similarity index 100% rename from nitrokeys/features/fido/images/fidou2f-4.png rename to nitrokeys/features/fido/2fa/images/fidou2f-4.png diff --git a/nitrokeys/features/fido/images/fidou2f-5.png b/nitrokeys/features/fido/2fa/images/fidou2f-5.png similarity index 100% rename from nitrokeys/features/fido/images/fidou2f-5.png rename to nitrokeys/features/fido/2fa/images/fidou2f-5.png diff --git a/nitrokeys/features/fido/images/u2f-fido-pam-2.png b/nitrokeys/features/fido/2fa/images/u2f-fido-pam-2.png similarity index 100% rename from nitrokeys/features/fido/images/u2f-fido-pam-2.png rename to nitrokeys/features/fido/2fa/images/u2f-fido-pam-2.png diff --git a/nitrokeys/features/fido/index.rst b/nitrokeys/features/fido/2fa/index.rst similarity index 100% rename from nitrokeys/features/fido/index.rst rename to nitrokeys/features/fido/2fa/index.rst diff --git a/nitrokeys/features/openpgp/index.rst b/nitrokeys/features/openpgp/index.rst index 30805df115..4e910cd5d6 100644 --- a/nitrokeys/features/openpgp/index.rst +++ b/nitrokeys/features/openpgp/index.rst @@ -52,6 +52,8 @@ You can find further information about the usage on these pages: - to use `OpenPGP encryption with Outlook `_ +- `OpenPGP Touch Confirmation (Nitrokey 3 only) `_ + - to use `Claws Mail `__, an email client (and news reader) for Linux and Windows diff --git a/nitrokeys/nitrokey3/shared/openpgp-uif.rst.inc b/nitrokeys/features/openpgp/uif.rst similarity index 100% rename from nitrokeys/nitrokey3/shared/openpgp-uif.rst.inc rename to nitrokeys/features/openpgp/uif.rst diff --git a/nitrokeys/nitrokey3/windows/piv/access_control.rst b/nitrokeys/features/piv/access_control.rst similarity index 100% rename from nitrokeys/nitrokey3/windows/piv/access_control.rst rename to nitrokeys/features/piv/access_control.rst diff --git a/nitrokeys/nitrokey3/windows/piv/certificate_management.rst b/nitrokeys/features/piv/certificate_management.rst similarity index 100% rename from nitrokeys/nitrokey3/windows/piv/certificate_management.rst rename to nitrokeys/features/piv/certificate_management.rst diff --git a/nitrokeys/nitrokey3/windows/piv/factory_reset.rst b/nitrokeys/features/piv/factory_reset.rst similarity index 100% rename from nitrokeys/nitrokey3/windows/piv/factory_reset.rst rename to nitrokeys/features/piv/factory_reset.rst diff --git a/nitrokeys/nitrokey3/windows/piv/guides/client_logon_with_active_directory.rst b/nitrokeys/features/piv/guides/client_logon_with_active_directory.rst similarity index 100% rename from nitrokeys/nitrokey3/windows/piv/guides/client_logon_with_active_directory.rst rename to nitrokeys/features/piv/guides/client_logon_with_active_directory.rst diff --git a/nitrokeys/nitrokey3/windows/piv/guides/index.rst b/nitrokeys/features/piv/guides/index.rst similarity index 100% rename from nitrokeys/nitrokey3/windows/piv/guides/index.rst rename to nitrokeys/features/piv/guides/index.rst diff --git a/nitrokeys/nitrokey3/windows/piv/index.rst b/nitrokeys/features/piv/index.rst similarity index 100% rename from nitrokeys/nitrokey3/windows/piv/index.rst rename to nitrokeys/features/piv/index.rst diff --git a/nitrokeys/nitrokey3/windows/piv/key_management.rst b/nitrokeys/features/piv/key_management.rst similarity index 100% rename from nitrokeys/nitrokey3/windows/piv/key_management.rst rename to nitrokeys/features/piv/key_management.rst diff --git a/nitrokeys/index.rst b/nitrokeys/index.rst index 8646bbe4d8..4455189ab7 100644 --- a/nitrokeys/index.rst +++ b/nitrokeys/index.rst @@ -9,3 +9,4 @@ Nitrokeys Pro Storage Start + Nitrokey3 diff --git a/nitrokeys/nitrokey3/features.rst b/nitrokeys/nitrokey3/features.rst index 57ac7d1798..5bfd9b6032 100644 --- a/nitrokeys/nitrokey3/features.rst +++ b/nitrokeys/nitrokey3/features.rst @@ -27,6 +27,11 @@ features are realized. - USB - yes + * - `SMIME`_ + - Asymmetric cryptography; keep your private key(s) secure; email encryption + - USB + - yes + * - `Password Safe`_ - (One-Time-)Passwords securely stored on your Nitrokey 3 - USB @@ -70,15 +75,16 @@ data migrations from test to stable firmwares will not be implemented.** - no -.. _FIDO2: https://github.com/Nitrokey/fido-authenticator -.. _OpenPGP Card: https://github.com/Nitrokey/opcard-rs +.. _FIDO2: ../features/fido/index.html +.. _OpenPGP Card: ../features/openpgp/index.html .. _Password Safe: https://github.com/Nitrokey/trussed-secrets-app .. _Admin App: https://github.com/Nitrokey/admin-app -.. _PIV: https://github.com/Nitrokey/piv-authenticator +.. _PIV: ../features/piv/index .. _WebSmartCard: https://github.com/Nitrokey/nitrokey-websmartcard +.. _SMIME: ../features/smime/index.html -.. _pynitrokey: ../software/nitropy -.. _NitrokeyApp2: ../software/nk-app2 +.. _pynitrokey: ../software/nitropy/index.html +.. _NitrokeyApp2: ../software/nk-app2/index.html .. _Test Firmware: linux/firmware-update#firmware-release-types diff --git a/nitrokeys/nitrokey3/firmware-update.rst.inc b/nitrokeys/nitrokey3/firmware-update.rst similarity index 84% rename from nitrokeys/nitrokey3/firmware-update.rst.inc rename to nitrokeys/nitrokey3/firmware-update.rst index 1ea0e3ed90..4d947502e8 100644 --- a/nitrokeys/nitrokey3/firmware-update.rst.inc +++ b/nitrokeys/nitrokey3/firmware-update.rst @@ -88,3 +88,18 @@ Examples: This is mostly relevant for users that rely on a feature from the test releases. Users of the stable firmware can always update to the latest available firmware version. + +Troubleshooting (Linux): +---------------- + +**Issue:** I get ``permission denied for /dev/hidrawX`` during update. + This likely means your user has not the needed permissions to + read/write the device. Please make sure you have set up the correct + `udev-rules`_. Download this `udev-rules`_ set and place it in your + udev rules directory (e.g., ``/etc/udev/rules.d``). Then remove + your Nitrokey 3 from the USB slot and run: + ``udevadm control --reload-rules && udevadm trigger`` or reboot + your machine. Afterwards the update should work without the + permission issue. + +.. _udev-rules: https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules diff --git a/nitrokeys/nitrokey3/index.rst b/nitrokeys/nitrokey3/index.rst index aac91a3f88..b01485d7c8 100644 --- a/nitrokeys/nitrokey3/index.rst +++ b/nitrokeys/nitrokey3/index.rst @@ -3,18 +3,6 @@ Nitrokey 3 .. contents:: :local: - -The Nitrokey 3 currently supports: - -* FIDO2 -* Password-Safe & One-Time Passwords (OTP) -* OpenPGP Card (`Secure Element Backend or Software Backend`_) - -Additional features like PIV are available in test firmware releases. See the `release notes`_ on GitHub for more information. - -.. _Secure Element Backend or Software Backend: faq#how-can-I-use-the-se050-secure-element -.. _release notes: https://github.com/Nitrokey/nitrokey-3-firmware/releases - First check the: .. toctree:: @@ -22,9 +10,8 @@ First check the: :glob: Frequently Asked Questions - features + Getting Started -Or choose your operating system: or check out the features: @@ -33,4 +20,15 @@ or check out the features: :glob: Features + set pin + firmware-update + main
+ nitropy + desktop login <../features/desktop-login/index> + reset + passwordless microsoft <../features/fido/passwordless-microsoft> +Additional features like PIV (Windows only) are available in test firmware releases. See the `release notes`_ on GitHub for more information. + +.. _Secure Element Backend or Software Backend: faq#how-can-I-use-the-se050-secure-element +.. _release notes: https://github.com/Nitrokey/nitrokey-3-firmware/releases diff --git a/nitrokeys/nitrokey3/linux/keepassxc.rst b/nitrokeys/nitrokey3/keepassxc.rst similarity index 100% rename from nitrokeys/nitrokey3/linux/keepassxc.rst rename to nitrokeys/nitrokey3/keepassxc.rst diff --git a/nitrokeys/nitrokey3/linux/2fa-odoo.rst b/nitrokeys/nitrokey3/linux/2fa-odoo.rst deleted file mode 100644 index b4591596e0..0000000000 --- a/nitrokeys/nitrokey3/linux/2fa-odoo.rst +++ /dev/null @@ -1,2 +0,0 @@ - -.. include:: ../../fido2/2fa-odoo.rst.inc diff --git a/nitrokeys/nitrokey3/linux/adsk.rst b/nitrokeys/nitrokey3/linux/adsk.rst deleted file mode 100644 index 00ce644292..0000000000 --- a/nitrokeys/nitrokey3/linux/adsk.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../nitrokey3/adsk.rst.inc diff --git a/nitrokeys/nitrokey3/linux/desktop-login.rst b/nitrokeys/nitrokey3/linux/desktop-login.rst deleted file mode 100644 index 11e6d5e5c6..0000000000 --- a/nitrokeys/nitrokey3/linux/desktop-login.rst +++ /dev/null @@ -1,3 +0,0 @@ - -.. include:: ../../fido2/linux/desktop-login.rst - diff --git a/nitrokeys/nitrokey3/linux/firmware-update.rst b/nitrokeys/nitrokey3/linux/firmware-update.rst deleted file mode 100644 index ba622ba13a..0000000000 --- a/nitrokeys/nitrokey3/linux/firmware-update.rst +++ /dev/null @@ -1,16 +0,0 @@ -.. include:: ../firmware-update.rst.inc - -Troubleshooting: ----------------- - -**Issue:** I get ``permission denied for /dev/hidrawX`` during update. - This likely means your user has not the needed permissions to - read/write the device. Please make sure you have set up the correct - `udev-rules`_. Download this `udev-rules`_ set and place it in your - udev rules directory (e.g., ``/etc/udev/rules.d``). Then remove - your Nitrokey 3 from the USB slot and run: - ``udevadm control --reload-rules && udevadm trigger`` or reboot - your machine. Afterwards the update should work without the - permission issue. - -.. _udev-rules: https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules diff --git a/nitrokeys/nitrokey3/linux/images b/nitrokeys/nitrokey3/linux/images deleted file mode 120000 index c7bda842dd..0000000000 --- a/nitrokeys/nitrokey3/linux/images +++ /dev/null @@ -1 +0,0 @@ -../../fido2/linux/images/ \ No newline at end of file diff --git a/nitrokeys/nitrokey3/linux/index.rst b/nitrokeys/nitrokey3/linux/index.rst deleted file mode 100644 index 18d9b204cf..0000000000 --- a/nitrokeys/nitrokey3/linux/index.rst +++ /dev/null @@ -1,13 +0,0 @@ -Nitrokey 3 With Linux -=========================== - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -.. include:: ../shared/main.rst diff --git a/nitrokeys/nitrokey3/linux/nitropy.rst b/nitrokeys/nitrokey3/linux/nitropy.rst deleted file mode 100644 index 4cb4985709..0000000000 --- a/nitrokeys/nitrokey3/linux/nitropy.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../shared/nitropy.rst diff --git a/nitrokeys/nitrokey3/linux/openpgp-keygen-backup.rst b/nitrokeys/nitrokey3/linux/openpgp-keygen-backup.rst deleted file mode 100644 index b4528e0139..0000000000 --- a/nitrokeys/nitrokey3/linux/openpgp-keygen-backup.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-backup.rst.inc diff --git a/nitrokeys/nitrokey3/linux/openpgp-keygen-gpa.rst b/nitrokeys/nitrokey3/linux/openpgp-keygen-gpa.rst deleted file mode 100644 index 472d298006..0000000000 --- a/nitrokeys/nitrokey3/linux/openpgp-keygen-gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-gpa.rst.inc diff --git a/nitrokeys/nitrokey3/linux/openpgp-keygen-on-device.rst b/nitrokeys/nitrokey3/linux/openpgp-keygen-on-device.rst deleted file mode 100644 index fc90850b8e..0000000000 --- a/nitrokeys/nitrokey3/linux/openpgp-keygen-on-device.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-on-device.rst.inc diff --git a/nitrokeys/nitrokey3/linux/openpgp-outlook.rst b/nitrokeys/nitrokey3/linux/openpgp-outlook.rst deleted file mode 100644 index fa4e7dd855..0000000000 --- a/nitrokeys/nitrokey3/linux/openpgp-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-outlook.rst.inc diff --git a/nitrokeys/nitrokey3/linux/openpgp-thunderbird.rst b/nitrokeys/nitrokey3/linux/openpgp-thunderbird.rst deleted file mode 100644 index 59e0956c63..0000000000 --- a/nitrokeys/nitrokey3/linux/openpgp-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-thunderbird.rst.inc diff --git a/nitrokeys/nitrokey3/linux/openpgp-uif.rst b/nitrokeys/nitrokey3/linux/openpgp-uif.rst deleted file mode 100644 index 05f0ae6925..0000000000 --- a/nitrokeys/nitrokey3/linux/openpgp-uif.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../shared/openpgp-uif.rst.inc diff --git a/nitrokeys/nitrokey3/linux/openpgp.rst b/nitrokeys/nitrokey3/linux/openpgp.rst deleted file mode 100644 index ce0f581887..0000000000 --- a/nitrokeys/nitrokey3/linux/openpgp.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../shared/openpgp.rst.inc diff --git a/nitrokeys/nitrokey3/linux/reset.rst b/nitrokeys/nitrokey3/linux/reset.rst deleted file mode 100644 index 3454a004c3..0000000000 --- a/nitrokeys/nitrokey3/linux/reset.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../shared/reset.rst.inc diff --git a/nitrokeys/nitrokey3/linux/set-pins.rst b/nitrokeys/nitrokey3/linux/set-pins.rst deleted file mode 100644 index 9c6dfe6d81..0000000000 --- a/nitrokeys/nitrokey3/linux/set-pins.rst +++ /dev/null @@ -1,21 +0,0 @@ -.. include:: ../shared/set-pins.rst.inc - :start-after: start-header - :end-before: end-header -.. include:: ../shared/set-pins.rst.inc - :start-after: start-fido2-header - :end-before: end-fido2-header -.. include:: ../shared/set-pins.rst.inc - :start-after: start-fido2-nitropy - :end-before: end-fido2-nitropy -.. include:: ../shared/set-pins.rst.inc - :start-after: start-fido2-chromeium - :end-before: end-fido2-chromeium -.. include:: ../shared/set-pins.rst.inc - :start-after: start-passwords-otp-secrets - :end-before: end-passwords-otp-secrets -.. include:: ../shared/set-pins.rst.inc - :start-after: start-openpgp-card - :end-before: end-openpgp-card -.. include:: ../shared/set-pins.rst.inc - :start-after: start-piv-card - :end-before: end-piv-card diff --git a/nitrokeys/nitrokey3/linux/smime-outlook.rst b/nitrokeys/nitrokey3/linux/smime-outlook.rst deleted file mode 100644 index acd45a24a9..0000000000 --- a/nitrokeys/nitrokey3/linux/smime-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-outlook.rst.inc diff --git a/nitrokeys/nitrokey3/linux/smime-thunderbird.rst b/nitrokeys/nitrokey3/linux/smime-thunderbird.rst deleted file mode 100644 index 4ae43d43ba..0000000000 --- a/nitrokeys/nitrokey3/linux/smime-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-thunderbird.rst.inc diff --git a/nitrokeys/nitrokey3/linux/smime.rst b/nitrokeys/nitrokey3/linux/smime.rst deleted file mode 100644 index 5029a3135c..0000000000 --- a/nitrokeys/nitrokey3/linux/smime.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime.rst.inc diff --git a/nitrokeys/nitrokey3/linux/troubleshooting.rst b/nitrokeys/nitrokey3/linux/troubleshooting.rst deleted file mode 100644 index 71e54fdba1..0000000000 --- a/nitrokeys/nitrokey3/linux/troubleshooting.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../nitrokey3/troubleshooting.rst.inc diff --git a/nitrokeys/nitrokey3/mac/2fa-odoo.rst b/nitrokeys/nitrokey3/mac/2fa-odoo.rst deleted file mode 100644 index b4591596e0..0000000000 --- a/nitrokeys/nitrokey3/mac/2fa-odoo.rst +++ /dev/null @@ -1,2 +0,0 @@ - -.. include:: ../../fido2/2fa-odoo.rst.inc diff --git a/nitrokeys/nitrokey3/mac/adsk.rst b/nitrokeys/nitrokey3/mac/adsk.rst deleted file mode 100644 index 00ce644292..0000000000 --- a/nitrokeys/nitrokey3/mac/adsk.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../nitrokey3/adsk.rst.inc diff --git a/nitrokeys/nitrokey3/mac/firmware-update.rst b/nitrokeys/nitrokey3/mac/firmware-update.rst deleted file mode 100644 index 97c722b20c..0000000000 --- a/nitrokeys/nitrokey3/mac/firmware-update.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../firmware-update.rst.inc diff --git a/nitrokeys/nitrokey3/mac/index.rst b/nitrokeys/nitrokey3/mac/index.rst deleted file mode 100644 index be61a80b8a..0000000000 --- a/nitrokeys/nitrokey3/mac/index.rst +++ /dev/null @@ -1,13 +0,0 @@ -Nitrokey 3 With macOS -===================== - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -.. include:: ../shared/main.rst diff --git a/nitrokeys/nitrokey3/mac/keepassxc.rst b/nitrokeys/nitrokey3/mac/keepassxc.rst deleted file mode 100644 index 148bcb82bd..0000000000 --- a/nitrokeys/nitrokey3/mac/keepassxc.rst +++ /dev/null @@ -1,2 +0,0 @@ - -.. include:: ../../software/nk-app2/keepassxc.rst diff --git a/nitrokeys/nitrokey3/mac/nitropy.rst b/nitrokeys/nitrokey3/mac/nitropy.rst deleted file mode 100644 index 4cb4985709..0000000000 --- a/nitrokeys/nitrokey3/mac/nitropy.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../shared/nitropy.rst diff --git a/nitrokeys/nitrokey3/mac/openpgp-keygen-backup.rst b/nitrokeys/nitrokey3/mac/openpgp-keygen-backup.rst deleted file mode 100644 index b4528e0139..0000000000 --- a/nitrokeys/nitrokey3/mac/openpgp-keygen-backup.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-backup.rst.inc diff --git a/nitrokeys/nitrokey3/mac/openpgp-keygen-gpa.rst b/nitrokeys/nitrokey3/mac/openpgp-keygen-gpa.rst deleted file mode 100644 index 472d298006..0000000000 --- a/nitrokeys/nitrokey3/mac/openpgp-keygen-gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-gpa.rst.inc diff --git a/nitrokeys/nitrokey3/mac/openpgp-keygen-on-device.rst b/nitrokeys/nitrokey3/mac/openpgp-keygen-on-device.rst deleted file mode 100644 index fc90850b8e..0000000000 --- a/nitrokeys/nitrokey3/mac/openpgp-keygen-on-device.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-on-device.rst.inc diff --git a/nitrokeys/nitrokey3/mac/openpgp-outlook.rst b/nitrokeys/nitrokey3/mac/openpgp-outlook.rst deleted file mode 100644 index fa4e7dd855..0000000000 --- a/nitrokeys/nitrokey3/mac/openpgp-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-outlook.rst.inc diff --git a/nitrokeys/nitrokey3/mac/openpgp-thunderbird.rst b/nitrokeys/nitrokey3/mac/openpgp-thunderbird.rst deleted file mode 100644 index 59e0956c63..0000000000 --- a/nitrokeys/nitrokey3/mac/openpgp-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-thunderbird.rst.inc diff --git a/nitrokeys/nitrokey3/mac/openpgp-uif.rst b/nitrokeys/nitrokey3/mac/openpgp-uif.rst deleted file mode 100644 index 3a7dcc6aa7..0000000000 --- a/nitrokeys/nitrokey3/mac/openpgp-uif.rst +++ /dev/null @@ -1,2 +0,0 @@ -.. include:: ../shared/openpgp-uif.rst.inc - diff --git a/nitrokeys/nitrokey3/mac/openpgp.rst b/nitrokeys/nitrokey3/mac/openpgp.rst deleted file mode 100644 index ce0f581887..0000000000 --- a/nitrokeys/nitrokey3/mac/openpgp.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../shared/openpgp.rst.inc diff --git a/nitrokeys/nitrokey3/mac/reset.rst b/nitrokeys/nitrokey3/mac/reset.rst deleted file mode 100644 index 3454a004c3..0000000000 --- a/nitrokeys/nitrokey3/mac/reset.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../shared/reset.rst.inc diff --git a/nitrokeys/nitrokey3/mac/set-pins.rst b/nitrokeys/nitrokey3/mac/set-pins.rst deleted file mode 100644 index 9c6dfe6d81..0000000000 --- a/nitrokeys/nitrokey3/mac/set-pins.rst +++ /dev/null @@ -1,21 +0,0 @@ -.. include:: ../shared/set-pins.rst.inc - :start-after: start-header - :end-before: end-header -.. include:: ../shared/set-pins.rst.inc - :start-after: start-fido2-header - :end-before: end-fido2-header -.. include:: ../shared/set-pins.rst.inc - :start-after: start-fido2-nitropy - :end-before: end-fido2-nitropy -.. include:: ../shared/set-pins.rst.inc - :start-after: start-fido2-chromeium - :end-before: end-fido2-chromeium -.. include:: ../shared/set-pins.rst.inc - :start-after: start-passwords-otp-secrets - :end-before: end-passwords-otp-secrets -.. include:: ../shared/set-pins.rst.inc - :start-after: start-openpgp-card - :end-before: end-openpgp-card -.. include:: ../shared/set-pins.rst.inc - :start-after: start-piv-card - :end-before: end-piv-card diff --git a/nitrokeys/nitrokey3/mac/smime-outlook.rst b/nitrokeys/nitrokey3/mac/smime-outlook.rst deleted file mode 100644 index acd45a24a9..0000000000 --- a/nitrokeys/nitrokey3/mac/smime-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-outlook.rst.inc diff --git a/nitrokeys/nitrokey3/mac/smime-thunderbird.rst b/nitrokeys/nitrokey3/mac/smime-thunderbird.rst deleted file mode 100644 index 4ae43d43ba..0000000000 --- a/nitrokeys/nitrokey3/mac/smime-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-thunderbird.rst.inc diff --git a/nitrokeys/nitrokey3/mac/smime.rst b/nitrokeys/nitrokey3/mac/smime.rst deleted file mode 100644 index 5029a3135c..0000000000 --- a/nitrokeys/nitrokey3/mac/smime.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime.rst.inc diff --git a/nitrokeys/nitrokey3/mac/troubleshooting.rst b/nitrokeys/nitrokey3/mac/troubleshooting.rst deleted file mode 100644 index 71e54fdba1..0000000000 --- a/nitrokeys/nitrokey3/mac/troubleshooting.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../nitrokey3/troubleshooting.rst.inc diff --git a/nitrokeys/nitrokey3/shared/main.rst b/nitrokeys/nitrokey3/main.rst similarity index 100% rename from nitrokeys/nitrokey3/shared/main.rst rename to nitrokeys/nitrokey3/main.rst diff --git a/nitrokeys/nitrokey3/shared/nitropy.rst b/nitrokeys/nitrokey3/nitropy.rst similarity index 100% rename from nitrokeys/nitrokey3/shared/nitropy.rst rename to nitrokeys/nitrokey3/nitropy.rst diff --git a/nitrokeys/nitrokey3/shared/reset.rst.inc b/nitrokeys/nitrokey3/reset.rst similarity index 100% rename from nitrokeys/nitrokey3/shared/reset.rst.inc rename to nitrokeys/nitrokey3/reset.rst diff --git a/nitrokeys/nitrokey3/shared/set-pins.rst.inc b/nitrokeys/nitrokey3/set-pins.rst similarity index 98% rename from nitrokeys/nitrokey3/shared/set-pins.rst.inc rename to nitrokeys/nitrokey3/set-pins.rst index 979574a514..dc79dccf61 100644 --- a/nitrokeys/nitrokey3/shared/set-pins.rst.inc +++ b/nitrokeys/nitrokey3/set-pins.rst @@ -54,8 +54,8 @@ Setting PIN with the Chrom(e|ium) webbrowser .. start-fido2-windows-settings-application -Settings PIN with Windows Settings application -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Settings PIN with Windows Settings application (Windows only) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 1. Open the Windows "Settings" application. 2. Open the "Accounts" menu. diff --git a/nitrokeys/nitrokey3/shared/openpgp.rst.inc b/nitrokeys/nitrokey3/shared/openpgp.rst.inc deleted file mode 100644 index c7efd1430d..0000000000 --- a/nitrokeys/nitrokey3/shared/openpgp.rst.inc +++ /dev/null @@ -1,10 +0,0 @@ -OpenPGP Email Encryption -======================== - -.. contents:: :local: - -.. note:: - OpenPGP support was introduced with the `1.4.0 release of the Nitrokey 3 `_ firmware. - If you have an older version, `update your firmware `_ - -.. include:: ../../shared/openpgp.rst.inc diff --git a/nitrokeys/nitrokey3/windows/2fa-odoo.rst b/nitrokeys/nitrokey3/windows/2fa-odoo.rst deleted file mode 100644 index b4591596e0..0000000000 --- a/nitrokeys/nitrokey3/windows/2fa-odoo.rst +++ /dev/null @@ -1,2 +0,0 @@ - -.. include:: ../../fido2/2fa-odoo.rst.inc diff --git a/nitrokeys/nitrokey3/windows/adsk.rst b/nitrokeys/nitrokey3/windows/adsk.rst deleted file mode 100644 index 00ce644292..0000000000 --- a/nitrokeys/nitrokey3/windows/adsk.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../nitrokey3/adsk.rst.inc diff --git a/nitrokeys/nitrokey3/windows/firmware-update.rst b/nitrokeys/nitrokey3/windows/firmware-update.rst deleted file mode 100644 index 97c722b20c..0000000000 --- a/nitrokeys/nitrokey3/windows/firmware-update.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../firmware-update.rst.inc diff --git a/nitrokeys/nitrokey3/windows/images/enabling-u2f-on-firefox b/nitrokeys/nitrokey3/windows/images/enabling-u2f-on-firefox deleted file mode 120000 index 93ed840643..0000000000 --- a/nitrokeys/nitrokey3/windows/images/enabling-u2f-on-firefox +++ /dev/null @@ -1 +0,0 @@ -../../../fido2/windows/images/enabling-u2f-on-firefox \ No newline at end of file diff --git a/nitrokeys/nitrokey3/windows/images/passwordless-microsoft b/nitrokeys/nitrokey3/windows/images/passwordless-microsoft deleted file mode 120000 index 0164bec391..0000000000 --- a/nitrokeys/nitrokey3/windows/images/passwordless-microsoft +++ /dev/null @@ -1 +0,0 @@ -../../../fido2/windows/images/passwordless-microsoft \ No newline at end of file diff --git a/nitrokeys/nitrokey3/windows/index.rst b/nitrokeys/nitrokey3/windows/index.rst deleted file mode 100644 index 12fbaee4f2..0000000000 --- a/nitrokeys/nitrokey3/windows/index.rst +++ /dev/null @@ -1,14 +0,0 @@ -Nitrokey 3 With Windows -=========================== - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - piv/index.rst - -.. include:: ../shared/main.rst diff --git a/nitrokeys/nitrokey3/windows/keepassxc.rst b/nitrokeys/nitrokey3/windows/keepassxc.rst deleted file mode 100644 index 148bcb82bd..0000000000 --- a/nitrokeys/nitrokey3/windows/keepassxc.rst +++ /dev/null @@ -1,2 +0,0 @@ - -.. include:: ../../software/nk-app2/keepassxc.rst diff --git a/nitrokeys/nitrokey3/windows/openpgp-csp.rst b/nitrokeys/nitrokey3/windows/openpgp-csp.rst deleted file mode 100644 index 947e69d379..0000000000 --- a/nitrokeys/nitrokey3/windows/openpgp-csp.rst +++ /dev/null @@ -1,2 +0,0 @@ -.. include:: ../../pro/windows/openpgp-csp.rst - diff --git a/nitrokeys/nitrokey3/windows/openpgp-keygen-backup.rst b/nitrokeys/nitrokey3/windows/openpgp-keygen-backup.rst deleted file mode 100644 index b4528e0139..0000000000 --- a/nitrokeys/nitrokey3/windows/openpgp-keygen-backup.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-backup.rst.inc diff --git a/nitrokeys/nitrokey3/windows/openpgp-keygen-gpa.rst b/nitrokeys/nitrokey3/windows/openpgp-keygen-gpa.rst deleted file mode 100644 index 472d298006..0000000000 --- a/nitrokeys/nitrokey3/windows/openpgp-keygen-gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-gpa.rst.inc diff --git a/nitrokeys/nitrokey3/windows/openpgp-keygen-on-device.rst b/nitrokeys/nitrokey3/windows/openpgp-keygen-on-device.rst deleted file mode 100644 index fc90850b8e..0000000000 --- a/nitrokeys/nitrokey3/windows/openpgp-keygen-on-device.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-keygen-on-device.rst.inc diff --git a/nitrokeys/nitrokey3/windows/openpgp-outlook.rst b/nitrokeys/nitrokey3/windows/openpgp-outlook.rst deleted file mode 100644 index fa4e7dd855..0000000000 --- a/nitrokeys/nitrokey3/windows/openpgp-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-outlook.rst.inc diff --git a/nitrokeys/nitrokey3/windows/openpgp-thunderbird.rst b/nitrokeys/nitrokey3/windows/openpgp-thunderbird.rst deleted file mode 100644 index 59e0956c63..0000000000 --- a/nitrokeys/nitrokey3/windows/openpgp-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/openpgp-thunderbird.rst.inc diff --git a/nitrokeys/nitrokey3/windows/openpgp-uif.rst b/nitrokeys/nitrokey3/windows/openpgp-uif.rst deleted file mode 100644 index 05f0ae6925..0000000000 --- a/nitrokeys/nitrokey3/windows/openpgp-uif.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../shared/openpgp-uif.rst.inc diff --git a/nitrokeys/nitrokey3/windows/openpgp.rst b/nitrokeys/nitrokey3/windows/openpgp.rst deleted file mode 100644 index ce0f581887..0000000000 --- a/nitrokeys/nitrokey3/windows/openpgp.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../shared/openpgp.rst.inc diff --git a/nitrokeys/nitrokey3/windows/passwordless-microsoft.rst b/nitrokeys/nitrokey3/windows/passwordless-microsoft.rst deleted file mode 100644 index d934d793b4..0000000000 --- a/nitrokeys/nitrokey3/windows/passwordless-microsoft.rst +++ /dev/null @@ -1,4 +0,0 @@ - - - -.. include:: ../../fido2/windows/passwordless-microsoft.rst diff --git a/nitrokeys/nitrokey3/windows/reset.rst b/nitrokeys/nitrokey3/windows/reset.rst deleted file mode 100644 index 3454a004c3..0000000000 --- a/nitrokeys/nitrokey3/windows/reset.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../shared/reset.rst.inc diff --git a/nitrokeys/nitrokey3/windows/set-pins.rst b/nitrokeys/nitrokey3/windows/set-pins.rst deleted file mode 100644 index 5d41ae818e..0000000000 --- a/nitrokeys/nitrokey3/windows/set-pins.rst +++ /dev/null @@ -1,24 +0,0 @@ -.. include:: ../shared/set-pins.rst.inc - :start-after: start-header - :end-before: end-header -.. include:: ../shared/set-pins.rst.inc - :start-after: start-fido2-header - :end-before: end-fido2-header -.. include:: ../shared/set-pins.rst.inc - :start-after: start-fido2-nitropy - :end-before: end-fido2-nitropy -.. include:: ../shared/set-pins.rst.inc - :start-after: start-fido2-windows-settings-application - :end-before: start-fido2-windows-settings-application -.. include:: ../shared/set-pins.rst.inc - :start-after: start-fido2-chromeium - :end-before: end-fido2-chromeium -.. include:: ../shared/set-pins.rst.inc - :start-after: start-passwords-otp-secrets - :end-before: end-passwords-otp-secrets -.. include:: ../shared/set-pins.rst.inc - :start-after: start-openpgp-card - :end-before: end-openpgp-card -.. include:: ../shared/set-pins.rst.inc - :start-after: start-piv-card - :end-before: end-piv-card diff --git a/nitrokeys/nitrokey3/windows/smime-outlook.rst b/nitrokeys/nitrokey3/windows/smime-outlook.rst deleted file mode 100644 index acd45a24a9..0000000000 --- a/nitrokeys/nitrokey3/windows/smime-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-outlook.rst.inc diff --git a/nitrokeys/nitrokey3/windows/smime-thunderbird.rst b/nitrokeys/nitrokey3/windows/smime-thunderbird.rst deleted file mode 100644 index 4ae43d43ba..0000000000 --- a/nitrokeys/nitrokey3/windows/smime-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-thunderbird.rst.inc diff --git a/nitrokeys/nitrokey3/windows/smime.rst b/nitrokeys/nitrokey3/windows/smime.rst deleted file mode 100644 index cd746658c8..0000000000 --- a/nitrokeys/nitrokey3/windows/smime.rst +++ /dev/null @@ -1,9 +0,0 @@ -.. include:: ../../pro/smime.rst.inc - :end-line: 20 - -.. note:: - Windows users with 64-bit system (standard) need to install both, the 32-bit and the 64-bit version of OpenSC! - -.. include:: ../../pro/smime.rst.inc - :start-line: 20 - diff --git a/nitrokeys/nitrokey3/windows/troubleshooting.rst b/nitrokeys/nitrokey3/windows/troubleshooting.rst deleted file mode 100644 index 71e54fdba1..0000000000 --- a/nitrokeys/nitrokey3/windows/troubleshooting.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../nitrokey3/troubleshooting.rst.inc From 3316457d3af10ab752665955a2c43469bc9e1806 Mon Sep 17 00:00:00 2001 From: Keksmo Date: Wed, 31 Jul 2024 15:20:03 +0200 Subject: [PATCH 13/33] updated github CI test --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 781c02bb14..3750ba3341 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ jobs: - name: Syntax check run: | . venv/bin/activate - rstcheck --recursive --ignore-directives "tabs" fido2/ hsm/ nethsm/ nextbox/ nitrokey3/ nitropad/ nitropc/ nitrophone/ nitrowall/ pro/ software/ start/ storage/ u2f/ + rstcheck --recursive --ignore-directives "tabs" nitrokeys/ nethsm/ nextbox/ nitropad/ nitropc/ nitrophone/ nitrowall/ software/ build-error-check: name: Check build error runs-on: ubuntu-latest From 47962126989600e0d6ad37b18e58d6399b14f588 Mon Sep 17 00:00:00 2001 From: Keksmo Date: Wed, 31 Jul 2024 16:20:21 +0200 Subject: [PATCH 14/33] mostly finished fido2 --- .../desktop-login}/desktop-login.rst | 0 .../fido}/passwordless-microsoft.rst | 0 .../fido}/passwordless-microsoft/1.png | Bin .../fido}/passwordless-microsoft/10.png | Bin .../fido}/passwordless-microsoft/11.png | Bin .../fido}/passwordless-microsoft/12.png | Bin .../fido}/passwordless-microsoft/2.png | Bin .../fido}/passwordless-microsoft/3.png | Bin .../fido}/passwordless-microsoft/4.png | Bin .../fido}/passwordless-microsoft/5.png | Bin .../fido}/passwordless-microsoft/6.png | Bin .../fido}/passwordless-microsoft/7.png | Bin .../fido}/passwordless-microsoft/8.png | Bin .../fido}/passwordless-microsoft/9.png | Bin nitrokeys/fido2/features.rst | 7 ++++- ...are-update.rst.inc => firmware-update.rst} | 0 ...x-content1.rst.inc => getting-started.rst} | 17 ++++++++++++ nitrokeys/fido2/index.rst | 1 + nitrokeys/fido2/linux/2fa-nextcloud.rst | 4 --- nitrokeys/fido2/linux/2fa-odoo.rst | 1 - nitrokeys/fido2/linux/firmware-update.rst | 1 - nitrokeys/fido2/linux/index.rst | 26 ------------------ nitrokeys/fido2/linux/reset.rst | 1 - nitrokeys/fido2/mac/2fa-nextcloud.rst | 4 --- nitrokeys/fido2/mac/2fa-odoo.rst | 1 - nitrokeys/fido2/mac/firmware-update.rst | 1 - nitrokeys/fido2/mac/index.rst | 13 --------- nitrokeys/fido2/mac/reset.rst | 1 - nitrokeys/fido2/{windows => }/reset.rst | 20 +++++++------- nitrokeys/fido2/shared/index-content2.rst.inc | 17 ------------ nitrokeys/fido2/windows/2fa-nextcloud.rst | 4 --- nitrokeys/fido2/windows/2fa-odoo.rst | 1 - nitrokeys/fido2/windows/firmware-update.rst | 1 - .../images/enabling-u2f-on-firefox/1.png | Bin 11311 -> 0 bytes nitrokeys/fido2/windows/index.rst | 13 --------- 35 files changed, 34 insertions(+), 100 deletions(-) rename nitrokeys/{fido2/linux => features/desktop-login}/desktop-login.rst (100%) rename nitrokeys/{fido2/windows => features/fido}/passwordless-microsoft.rst (100%) rename nitrokeys/{fido2/windows/images => features/fido}/passwordless-microsoft/1.png (100%) rename nitrokeys/{fido2/windows/images => features/fido}/passwordless-microsoft/10.png (100%) rename nitrokeys/{fido2/windows/images => features/fido}/passwordless-microsoft/11.png (100%) rename nitrokeys/{fido2/windows/images => features/fido}/passwordless-microsoft/12.png (100%) rename nitrokeys/{fido2/windows/images => features/fido}/passwordless-microsoft/2.png (100%) rename nitrokeys/{fido2/windows/images => features/fido}/passwordless-microsoft/3.png (100%) rename nitrokeys/{fido2/windows/images => features/fido}/passwordless-microsoft/4.png (100%) rename nitrokeys/{fido2/windows/images => features/fido}/passwordless-microsoft/5.png (100%) rename nitrokeys/{fido2/windows/images => features/fido}/passwordless-microsoft/6.png (100%) rename nitrokeys/{fido2/windows/images => features/fido}/passwordless-microsoft/7.png (100%) rename nitrokeys/{fido2/windows/images => features/fido}/passwordless-microsoft/8.png (100%) rename nitrokeys/{fido2/windows/images => features/fido}/passwordless-microsoft/9.png (100%) rename nitrokeys/fido2/{shared/firmware-update.rst.inc => firmware-update.rst} (100%) rename nitrokeys/fido2/{shared/index-content1.rst.inc => getting-started.rst} (94%) delete mode 100644 nitrokeys/fido2/linux/2fa-nextcloud.rst delete mode 100644 nitrokeys/fido2/linux/2fa-odoo.rst delete mode 100644 nitrokeys/fido2/linux/firmware-update.rst delete mode 100644 nitrokeys/fido2/linux/index.rst delete mode 100644 nitrokeys/fido2/linux/reset.rst delete mode 100644 nitrokeys/fido2/mac/2fa-nextcloud.rst delete mode 100644 nitrokeys/fido2/mac/2fa-odoo.rst delete mode 100644 nitrokeys/fido2/mac/firmware-update.rst delete mode 100644 nitrokeys/fido2/mac/index.rst delete mode 100644 nitrokeys/fido2/mac/reset.rst rename nitrokeys/fido2/{windows => }/reset.rst (67%) delete mode 100644 nitrokeys/fido2/shared/index-content2.rst.inc delete mode 100644 nitrokeys/fido2/windows/2fa-nextcloud.rst delete mode 100644 nitrokeys/fido2/windows/2fa-odoo.rst delete mode 100644 nitrokeys/fido2/windows/firmware-update.rst delete mode 100644 nitrokeys/fido2/windows/images/enabling-u2f-on-firefox/1.png delete mode 100644 nitrokeys/fido2/windows/index.rst diff --git a/nitrokeys/fido2/linux/desktop-login.rst b/nitrokeys/features/desktop-login/desktop-login.rst similarity index 100% rename from nitrokeys/fido2/linux/desktop-login.rst rename to nitrokeys/features/desktop-login/desktop-login.rst diff --git a/nitrokeys/fido2/windows/passwordless-microsoft.rst b/nitrokeys/features/fido/passwordless-microsoft.rst similarity index 100% rename from nitrokeys/fido2/windows/passwordless-microsoft.rst rename to nitrokeys/features/fido/passwordless-microsoft.rst diff --git a/nitrokeys/fido2/windows/images/passwordless-microsoft/1.png b/nitrokeys/features/fido/passwordless-microsoft/1.png similarity index 100% rename from nitrokeys/fido2/windows/images/passwordless-microsoft/1.png rename to nitrokeys/features/fido/passwordless-microsoft/1.png diff --git a/nitrokeys/fido2/windows/images/passwordless-microsoft/10.png b/nitrokeys/features/fido/passwordless-microsoft/10.png similarity index 100% rename from nitrokeys/fido2/windows/images/passwordless-microsoft/10.png rename to nitrokeys/features/fido/passwordless-microsoft/10.png diff --git a/nitrokeys/fido2/windows/images/passwordless-microsoft/11.png b/nitrokeys/features/fido/passwordless-microsoft/11.png similarity index 100% rename from nitrokeys/fido2/windows/images/passwordless-microsoft/11.png rename to nitrokeys/features/fido/passwordless-microsoft/11.png diff --git a/nitrokeys/fido2/windows/images/passwordless-microsoft/12.png b/nitrokeys/features/fido/passwordless-microsoft/12.png similarity index 100% rename from nitrokeys/fido2/windows/images/passwordless-microsoft/12.png rename to nitrokeys/features/fido/passwordless-microsoft/12.png diff --git a/nitrokeys/fido2/windows/images/passwordless-microsoft/2.png b/nitrokeys/features/fido/passwordless-microsoft/2.png similarity index 100% rename from nitrokeys/fido2/windows/images/passwordless-microsoft/2.png rename to nitrokeys/features/fido/passwordless-microsoft/2.png diff --git a/nitrokeys/fido2/windows/images/passwordless-microsoft/3.png b/nitrokeys/features/fido/passwordless-microsoft/3.png similarity index 100% rename from nitrokeys/fido2/windows/images/passwordless-microsoft/3.png rename to nitrokeys/features/fido/passwordless-microsoft/3.png diff --git a/nitrokeys/fido2/windows/images/passwordless-microsoft/4.png b/nitrokeys/features/fido/passwordless-microsoft/4.png similarity index 100% rename from nitrokeys/fido2/windows/images/passwordless-microsoft/4.png rename to nitrokeys/features/fido/passwordless-microsoft/4.png diff --git a/nitrokeys/fido2/windows/images/passwordless-microsoft/5.png b/nitrokeys/features/fido/passwordless-microsoft/5.png similarity index 100% rename from nitrokeys/fido2/windows/images/passwordless-microsoft/5.png rename to nitrokeys/features/fido/passwordless-microsoft/5.png diff --git a/nitrokeys/fido2/windows/images/passwordless-microsoft/6.png b/nitrokeys/features/fido/passwordless-microsoft/6.png similarity index 100% rename from nitrokeys/fido2/windows/images/passwordless-microsoft/6.png rename to nitrokeys/features/fido/passwordless-microsoft/6.png diff --git a/nitrokeys/fido2/windows/images/passwordless-microsoft/7.png b/nitrokeys/features/fido/passwordless-microsoft/7.png similarity index 100% rename from nitrokeys/fido2/windows/images/passwordless-microsoft/7.png rename to nitrokeys/features/fido/passwordless-microsoft/7.png diff --git a/nitrokeys/fido2/windows/images/passwordless-microsoft/8.png b/nitrokeys/features/fido/passwordless-microsoft/8.png similarity index 100% rename from nitrokeys/fido2/windows/images/passwordless-microsoft/8.png rename to nitrokeys/features/fido/passwordless-microsoft/8.png diff --git a/nitrokeys/fido2/windows/images/passwordless-microsoft/9.png b/nitrokeys/features/fido/passwordless-microsoft/9.png similarity index 100% rename from nitrokeys/fido2/windows/images/passwordless-microsoft/9.png rename to nitrokeys/features/fido/passwordless-microsoft/9.png diff --git a/nitrokeys/fido2/features.rst b/nitrokeys/fido2/features.rst index ab022193c1..a5579a409e 100644 --- a/nitrokeys/fido2/features.rst +++ b/nitrokeys/fido2/features.rst @@ -5,4 +5,9 @@ The Nitrokey FIDO2 currently supports the following features: .. toctree:: :maxdepth: 1 - :glob: \ No newline at end of file + :glob: + + FIDO <../features/2fa/index> + passwordless microsoft <../features/fido/passwordless-microsoft> + desktop login <../feature/desktop-login/desktop-login> + firmware update \ No newline at end of file diff --git a/nitrokeys/fido2/shared/firmware-update.rst.inc b/nitrokeys/fido2/firmware-update.rst similarity index 100% rename from nitrokeys/fido2/shared/firmware-update.rst.inc rename to nitrokeys/fido2/firmware-update.rst diff --git a/nitrokeys/fido2/shared/index-content1.rst.inc b/nitrokeys/fido2/getting-started.rst similarity index 94% rename from nitrokeys/fido2/shared/index-content1.rst.inc rename to nitrokeys/fido2/getting-started.rst index 5acb9a02b5..5e08e1384e 100644 --- a/nitrokeys/fido2/shared/index-content1.rst.inc +++ b/nitrokeys/fido2/getting-started.rst @@ -1,3 +1,6 @@ +Getting Started +=============== + The Nitrokey FIDO2 supports two-factor authentication (2FA) and passwordless authentication: @@ -172,3 +175,17 @@ seconds until the green or blue LED lights up. Note: white LED blinking is used as well to signalize the selected device (the so called WINK command). + +Troubleshooting (Linux) +----------------------- + +If the Nitrokey is not detected, proceed the following: + +1. Copy this file + `41-nitrokey.rules `__ + to ``/etc/udev/rules.d/``. In very rare cases, the system will need + the `older + version `__ + of this file. +2. Restart udev via ``sudo service udev restart`` or ``udevadm control --reload-rules && udevadm trigger`` if you are using Fedora. + diff --git a/nitrokeys/fido2/index.rst b/nitrokeys/fido2/index.rst index 5d16dc88a5..b92d6812ec 100644 --- a/nitrokeys/fido2/index.rst +++ b/nitrokeys/fido2/index.rst @@ -10,6 +10,7 @@ First check the: :glob: Frequently Asked Questions + Getting Started or check out the features: diff --git a/nitrokeys/fido2/linux/2fa-nextcloud.rst b/nitrokeys/fido2/linux/2fa-nextcloud.rst deleted file mode 100644 index d71d6f6144..0000000000 --- a/nitrokeys/fido2/linux/2fa-nextcloud.rst +++ /dev/null @@ -1,4 +0,0 @@ -Two-Factor Authentication And Passwordless Login For Nextcloud Accounts -======================================================================= - -.. include:: ../2fa-nextcloud.rst diff --git a/nitrokeys/fido2/linux/2fa-odoo.rst b/nitrokeys/fido2/linux/2fa-odoo.rst deleted file mode 100644 index 374fbfa5dc..0000000000 --- a/nitrokeys/fido2/linux/2fa-odoo.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../2fa-odoo.rst.inc diff --git a/nitrokeys/fido2/linux/firmware-update.rst b/nitrokeys/fido2/linux/firmware-update.rst deleted file mode 100644 index a24e2be178..0000000000 --- a/nitrokeys/fido2/linux/firmware-update.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../shared/firmware-update.rst.inc diff --git a/nitrokeys/fido2/linux/index.rst b/nitrokeys/fido2/linux/index.rst deleted file mode 100644 index 7a78f34194..0000000000 --- a/nitrokeys/fido2/linux/index.rst +++ /dev/null @@ -1,26 +0,0 @@ -FIDO2 With Linux -================ - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -.. include:: ../shared/index-content1.rst.inc - -Troubleshooting ---------------- - -If the Nitrokey is not detected, proceed the following: - -1. Copy this file - `41-nitrokey.rules `__ - to ``/etc/udev/rules.d/``. In very rare cases, the system will need - the `older - version `__ - of this file. -2. Restart udev via ``sudo service udev restart`` or ``udevadm control --reload-rules && udevadm trigger`` if you are using Fedora. diff --git a/nitrokeys/fido2/linux/reset.rst b/nitrokeys/fido2/linux/reset.rst deleted file mode 100644 index fdfea9ff6b..0000000000 --- a/nitrokeys/fido2/linux/reset.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../shared/index-content2.rst.inc diff --git a/nitrokeys/fido2/mac/2fa-nextcloud.rst b/nitrokeys/fido2/mac/2fa-nextcloud.rst deleted file mode 100644 index d71d6f6144..0000000000 --- a/nitrokeys/fido2/mac/2fa-nextcloud.rst +++ /dev/null @@ -1,4 +0,0 @@ -Two-Factor Authentication And Passwordless Login For Nextcloud Accounts -======================================================================= - -.. include:: ../2fa-nextcloud.rst diff --git a/nitrokeys/fido2/mac/2fa-odoo.rst b/nitrokeys/fido2/mac/2fa-odoo.rst deleted file mode 100644 index 374fbfa5dc..0000000000 --- a/nitrokeys/fido2/mac/2fa-odoo.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../2fa-odoo.rst.inc diff --git a/nitrokeys/fido2/mac/firmware-update.rst b/nitrokeys/fido2/mac/firmware-update.rst deleted file mode 100644 index a24e2be178..0000000000 --- a/nitrokeys/fido2/mac/firmware-update.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../shared/firmware-update.rst.inc diff --git a/nitrokeys/fido2/mac/index.rst b/nitrokeys/fido2/mac/index.rst deleted file mode 100644 index 553cd2c90f..0000000000 --- a/nitrokeys/fido2/mac/index.rst +++ /dev/null @@ -1,13 +0,0 @@ -FIDO2 With macOS -================ - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -.. include:: ../shared/index-content1.rst.inc diff --git a/nitrokeys/fido2/mac/reset.rst b/nitrokeys/fido2/mac/reset.rst deleted file mode 100644 index fdfea9ff6b..0000000000 --- a/nitrokeys/fido2/mac/reset.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../shared/index-content2.rst.inc diff --git a/nitrokeys/fido2/windows/reset.rst b/nitrokeys/fido2/reset.rst similarity index 67% rename from nitrokeys/fido2/windows/reset.rst rename to nitrokeys/fido2/reset.rst index c568a0757d..3a2bed2fe6 100644 --- a/nitrokeys/fido2/windows/reset.rst +++ b/nitrokeys/fido2/reset.rst @@ -3,14 +3,21 @@ Nitrokey Reset .. contents:: :local: -The Factory Reset operation deletes the FIDO secret keys stored on the Nitrokey and generates new ones. Afterwards the Nitrokey behaves like a new device. +Factory Reset operation regenerates the secret material stored on the Nitrokey FIDO U2F / Nitrokey FIDO2, which makes it a completely new key logic-side. New owner cannot use it to login to account of the previous one. In case of the FIDO2 Resident Keys the material is erased. To avoid accidental and malicious reset of the Nitrokey, the required touch confirmation time for the FIDO2 reset operation is longer and with a distinct LED behavior (red LED light) than normal operations. To reset -the Nitrokey, confirm by touching the touch button for at least 5 +the Nitrokey FIDO2, confirm by touching the touch button for at least 5 seconds until the green or blue LED lights up. +Nitrokey FIDO2 could be reset by: + +* pynitrokey tool: ``nitropy fido2 reset`` (requires Administrator rights to execute) +* Google Chrome: `Manage security keys` via the direct link: `chrome://settings/securityKeys` + +Or by using these instructions (Windows only): + Windows 10 ~~~~~~~~~~ @@ -30,11 +37,4 @@ Windows 10 on a Virtual Machine Please keep in mind Nitrokey has internal timeout for accepting the FIDO reset operation of 10 seconds since powering up. If the Nitrokey will connect to a virtual machine later than that, it will return error and -the operation will be aborted. - -Other Ways to Reset -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Nitrokey can also be reset by: - -* pynitrokey tool: ``nitropy fido2 reset`` (requires Administrator rights to execute) +the operation will be aborted. \ No newline at end of file diff --git a/nitrokeys/fido2/shared/index-content2.rst.inc b/nitrokeys/fido2/shared/index-content2.rst.inc deleted file mode 100644 index 53e137388d..0000000000 --- a/nitrokeys/fido2/shared/index-content2.rst.inc +++ /dev/null @@ -1,17 +0,0 @@ -Nitrokey Reset --------------- - -.. contents:: :local: - -Factory Reset operation regenerates the secret material stored on the Nitrokey FIDO U2F / Nitrokey FIDO2, which makes it a completely new key logic-side. New owner cannot use it to login to account of the previous one. In case of the FIDO2 Resident Keys the material is erased. - -To avoid accidental and malicious reset of the Nitrokey, the required -touch confirmation time for the FIDO2 reset operation is longer and with -a distinct LED behavior (red LED light) than normal operations. To reset -the Nitrokey FIDO2, confirm by touching the touch button for at least 5 -seconds until the green or blue LED lights up. - -Nitrokey FIDO2 could be reset by: - -* pynitrokey tool: ``nitropy fido2 reset`` (requires Administrator rights to execute) -* Google Chrome: `Manage security keys` via the direct link: `chrome://settings/securityKeys` diff --git a/nitrokeys/fido2/windows/2fa-nextcloud.rst b/nitrokeys/fido2/windows/2fa-nextcloud.rst deleted file mode 100644 index d71d6f6144..0000000000 --- a/nitrokeys/fido2/windows/2fa-nextcloud.rst +++ /dev/null @@ -1,4 +0,0 @@ -Two-Factor Authentication And Passwordless Login For Nextcloud Accounts -======================================================================= - -.. include:: ../2fa-nextcloud.rst diff --git a/nitrokeys/fido2/windows/2fa-odoo.rst b/nitrokeys/fido2/windows/2fa-odoo.rst deleted file mode 100644 index 374fbfa5dc..0000000000 --- a/nitrokeys/fido2/windows/2fa-odoo.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../2fa-odoo.rst.inc diff --git a/nitrokeys/fido2/windows/firmware-update.rst b/nitrokeys/fido2/windows/firmware-update.rst deleted file mode 100644 index a24e2be178..0000000000 --- a/nitrokeys/fido2/windows/firmware-update.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../shared/firmware-update.rst.inc diff --git a/nitrokeys/fido2/windows/images/enabling-u2f-on-firefox/1.png b/nitrokeys/fido2/windows/images/enabling-u2f-on-firefox/1.png deleted file mode 100644 index 150e64d2d69cbdf644deb76e8eb4d2fb8fc9236d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 11311 zcmeHt1y>x+*6t8OAP_uA(1Z{OAwY1KAi*UN+(Lr8`^-S_BtQtk-Q6L$ySokk65N?V zhZ(-+J@>okoO{pr1MXV4R>SnF?yl;p-g`gKeyYOMRAljSsc=Cc5Wc*ev^ofMFAD_1 zcz|;cs9Em9y9It8I?Cy~fItLYcYhc$tOV2`&{L4S^xF@f$p=eN9Sx6Ej$;o4$Y-_t z7$$*!Shg|}wS6_n;`IIN&r_vSDY3ux<|~976i*cP4iI0L+;S(JuIGXVO!Yiq1lAS` zDQ<{@YV`Is=7mwc9L3wuteHe=FUQjFeIcr@hbG@J1QPv}=vYH}Un3qeGq1qIlA}FZ zR^X!8VYXVYdJGnmx4H4q;Qd-f)13a+guQj@?fqAwp)?Rfa(`+Sv-*9f{nNg4BW}?qM}jpLpS4(EaD`jP3ituV`8FVYEDj0s;Z-^&})t8 z4SF!*y{YM+pDz@X)yatKixVAGbUpdb!*V`r^uM55v3>)8Dwx0R zsrxST%~$|>9vKj~Km(@~mv>+efxZ{GI-SIxg_a%`%`rsV6>KAg^f%jj`i-dh?F}kT zPj)6P5GKYtbr(YkRf@5%NBa64?d_zcWAO=md_K|9G}lV`N)}fsre~O0IAAzlBc6b$ z!rz5@nPi}xYj30HSv=`)&f|K-mm5%q%L_-srr)G_GH^^dvKv!43F8j#2Glt@d3V4! zqJwjIeWFD~MMOn^B9>fo+{1to+RLmTHXdL88B8rA{Ok0$4&i8=>R*4}jb=Ar&r&eq z`(CNxliMSBY++;Rhq6oLG1s^k4U0R$Va&ol-^QvuY==mrvZj1p20EZ4r6c`;<+b9Q zYn9+@Gx|cL*nP)Sv(d#4+QCXQ5WB;If1+58QawM*`4OHrG=)w0%6b2H;OI2jAZTMb zdyW~;W+)<)16h7VDdIvJXrW3s!KO{l)J@~L#0;)-_adq5J_0`8!%AvDo-Kum#mN1@2TRUc|t&gFO zAt&{&aC|*w@+3#Eh0&?N4&} zxQs@`>x|lk8n=oWwepB%Tpx*wa$xG**6UF!-IklHsuzbagSw6iuJnW*TWp%QCh4#- zijB*tC5_Lc&x+C_&gOojb<#}UNW>aC6~nlDT&M&2#0|`Uw-ZmH*0x~Ey+`v^blA4O zNK<}e;}y*!ExX0KaZeNXb8>q6mGtzd7Me2Br9(2CAcARdZJq^3)UZNL)obdZ1X9$N zcz-XX@v|&oD8Ie6S7e{xluDF-GVk)GUy<0Gr9d~~mlZr`p!o9>e0_5Cr_?TP{o>dg z85ZzFRhs>q{E-AO>+yE5FswcCqXh;RYhEC{e4G&e^}11VIBZE;`j5JS^C1vsfY1}2 z8X77$6#qX4ppv{sAe_NqyMpJ`FDi|U9Vk} bAo|GfU$B34sna~IXdJH~w&7#KL$ zMNj)k!r!g$lZ5s?WF$##CW$0w1Vf>>DZ(Cl`ufOgZzK{aEZhjXypms9S`rm){t^(7 zr<}BTcqnF_GeOCz;sFFd&NJHl`g%bg9@p>u)|wL@?(WM?UR5tN3k#i{ z;DKK(AR!^4sa-TSA)W7qAv{Mh4rt6`IB{cZi+{ju(vmoH>GD>Z2g8bo>e=cGk}x!9 zxJKttpU?5?TRS^Def@=GK^I9$NfD9PZu8T-=-AlUBJHvVSXeT$vOYdO!VP*318;t;hCD55j&fbH2JmcO-Fag$;sK?-cG^(3wSSCY3Vsb#&F^c)s>aoADpVv zplo$32ZyvV{EtJC#+zl8HkOu_*47G&iquv^d&&u1FWA^h3JMA`GTI|fEsIYUMTiqt zdpkTWnC{-##>R$%-M|tR+N=xoBQLKyGc&VXzaF@79EHy`b>fRWw*vr$$6hI)5c`Bv z`5KsLgL>zUg1r53FaOBMQ4LkL;^HR6YC9%UKWqH?_l1C7Zesk*TgTO{P64w-L`_Xi zmATBkh^6@4FBT2+;je`yC2k)A08=z=#*kl`pP!$ZVTzU!a;N6fH3iS}-Q3)wqMmPGhXfAgm$umIhoz*Xkdcu^;37{?Pgibo zkI`T$as3Rnmyf@WiXr!7v@4^dqhl0uQj*4co0OO^)r^ffewW{B2pNfFffu#DrauN* zir(WLQxA;D@@&FAY-;$~M@B2`uH>nvuFepVO@EV7G73Sq-hWI%0X?6$=q#Oq!L$qv zipMRvxVUVWW5be@X$HL>KY3!cq0eo)1$b?6GhV9GP%G+uVMY@V1enRQXU|GXN&t(T zX~mULS67#j3Cij~4<&F11qFcuReYVDojp8iB{N>Ku)KfyxY6SX0!-n)6+Px>$ZV-0 z$bEnASz&qW4OS^y-1jCf{x9rdQIV(uM;sgyXt(oOzIwB&F zM2>n`u0F@uR)g46AMb_*Sc~?{#{jYUU8Ae+{HU$*sD+x0EXO!LH5Kxwk9d80cX!vw z=b*-AYeeYHPKX)mzPywpFzFAlv2}H(88>CA^xE6s@-a3iB_(Bbv@|v%FIsOYCEVT5 z0cI2!1o&qE-z6x>XEa$5xo3RzyTl2_^!>BZB{QtXCN96DW&ggA$a^GPZvGk^=L8Mg zm?Y0Sr-1d+YF^qioA2{@?JTXx(@jxAe!VVDBW|d=BGjZS)5g++oqcD~^orVT`~lQg zsGE->%lpHW3N#>O?8oBLn;u&QhCO5CqsAf0A! zUcb!D%%4Ahf@m!$wm|_tZFuC2z@=nSpPtR^qr*cCA~LcXtI1Iqtc4IavBhDfmC#7} zlJ28dAT;|F4yT>|^^DiYhu+f%`KTrpAV+Nr3wgD(u{H-ZWaqsRw2jbKVL>l{vCVLR zXc4zu&yQ8M*$!bIpPiAZ&eig*4Q3s~K_I#Goz5`){7Z_aeCdz4U-;AATHS|(ji0{6 zhMIVHK-45Df(Tq%Ed7wi#qY6c35VSd@@snX!4_)d#r^Ukr3HEfASBJQNI18qrl!S6 za=qK0ma1xGIpfo(65G81y;RCkZ$=(Af_!~_&4J6N{Xe_9q%C6iEQ_>CUa_#$d!A&X zloRkTPdeUQpw~J>r0|z6&d*^_;2;r^MS3y731cMZkXKg^O&s)vH#Rmvso)vc9%&U7 z74N&!AoYpP&uIuRusq~286}V!4*i28B>EiF(+RsxJ@-;1(QF z2XQ-P7)t#=vh!Wr_@$mRh3Qt;5HNuPs4knWo&$V z10U75=X~{QU_beWMI#pnIO{`TPY-U`W9x6Y*bA8E##fmt+DX_ONa z6JNi61&LfNx-iiv0q6%5(7?bzpc`-{S?#Zv`ar(WOMi?0tJ}FMtA2(WDTc})>T~(! zEf4mlwvGeO+UaLaO`vgENChB?GsVMzya^jJfjL zzo_gY()xIK8Z%$D8dYgBRaejx2;a)GtH@nsW->e*#J-3^aHb_Bu;k8rc`L?dgKtib z1_wFZJvta;rzRMds&&80K(WJdv~|DkKxe- zXZz(obDbfCK^kWe2t;09p6~HfMkhnV6yBxlD3TWT?7Y0axNQw%N&-$@mt^%2X;JU( zgK7M*u{@|KX3$toRT^L6ZX3~- zWmTt#In2Z8;J@_&bSY%)liEUfIWGRl{%vKQm}?}{-7&g)b^b8A<2$4wX|i5|xKt#zJBsQXU1y==&7PjYE7?5e!^SMa_*Cmz^G&n5rQw}xNkIgzu;|T&_~p{W zwY$nzR?jA<}|sb#!}!Orqm#3R3O3o)pq(Fe_GI{dQVDM&GA!Ttn4R=Dyg`)neKZt zY#=c)G33S3N(&fyey{+Xa3FSq^175MCu`RJx@T-m54vum{8}!lHs+dC$gK)BoKrIb zpJ}otaoyjlwwh!&Y{=HS(63WYB|2ZIb)e{29zZT*sudyi_4I7()Fo8^?z`D3QneGy&+dX$K0dzZk?=L>XoaZF_Eufb^TcFs8I7 ziO&B9>OD4Fi2-cD`0*pH6+^RunU7}lWvrZ*CB04HT#Q|bkkJd>XPipY6nw81ym?yt zY`F)y`HFQil6)NItfMwPbES3Y<@(B2Ug_JnY(zCDWM1D$gP-)mNtY?TsCiN!ih6>8 z;m&e2Ij(g8E`eYTUEdUx(rxnWPvEv-eZ_9SSmz|oVNhdzW|0OyhuM@Ryyj1hF>4}Q zP^1yuv-l%_eLZze|B98>VhHCUAz|(DJrIzvbR3>8`yA=kC-n669JSaurL;P_?9Wx4 zo;sUMBr7o~s;C$>d)J`&t95G+W!8cfq@L`e6;$%Zuhv57*^Qd&Je>+R&XUfxYmP48 ztiDHmC~I6kBxLd`TFVPIroWl$8|m#ZVefXus&!aFk4HlO?7vDjF<9J=q}jbb+v}ip z2E8_@Q>&9*uK3&=NT>rUYd%kOWPp}eS&Xvjlz*JamM2N6D46#a6chvjED&4#O(RTh zfrFi0%;#K5f8m0B<{>~9Jx@q%?1L5-7ip-dgeIu=d7kbF3k!1?HO0rq^6jTpQ4`lR z+#+@+@yK5v!{II;tJvi-)E<)`(prb$;3lR5wy~MS6;T+)BW4sNECG0tQr-wS@dvla1eLh z9xKtW1+oPbE?w2pvuKE~6J!Fj&iAVFgOFD~hsW=F2+CV~7Ik^)iTztX!c1x+(u0&` zC;X@4g^{K!o4a}KgBT5sPp`oETczD9#>+0doOQ7SNoUP7|4hDw(Mlf#p zL(~p`YT$DQ(rZF&h}d@xDWe8*V&b)p4YxJP`C{GoT)Nq3RVUNCkeo{N=5WIme5-OJ-J2fcecJ&k|r<_`NU!H3HyAXw%sk-Xl!K#x;2t=r!OpH6Vi+A@9*DR-C}lg zae<$n5)cr$_m!CThkeIPl~?77N=Qz!2w8q_Ai874@P@#%M`T>ud@<5uDAIO^M>L1#pqIp)+6*%8nCM*4^9sakr zWsauv0zM=ofs*%~RP}j+l$bc|$-k;!e5s{*M+XO*1&8_5s1f$S(9k{^FV8yc`}YA- zzZ>^GFWbQmQ0xM|JUs;(iGW5Zrf2h7z>Qv;LvK(&Pk6jUPX6HO>({m$12O6a2%xta{?lo5@q#JUS7$y7%jw39G1u~G*LDHj z6ePsN^R~L}SA+@G||_fQ|vA%uINs zq@;VhyTx{yYqhhp?(S}G?ryXZ&~+>?OusTdad=UC7@uG^ zPt}J>DynhWG{5;I;FtgURltKwRST?aQ?s0H2p!@cs0L;RbMg&|*v5YFfPmmEH#fKa zgb;LTU4zIq{B%q zy(=w**u{fYh{M$B7!Y#b&1cC{xuv~Z3XzT6x9v~d+v((w`(0~1pdmv2!;Q+aSW_ZO znByr>R_8x;$LL9{6hME^9T(PZL1_p;;l_}{zDtTpr`x)wfTT{0Y|&^88N25{m>f9V z=KB5f^Ya0!%h7sMSy1p$LPKLR&KOdlRV3?~VHj}3(h5!S2^v?Cmi}C@>e%g1s=0^0 zu5g2*=73YI5Y~OG;oYMB4u1L}r0a5;>L8Th>H3cr7lO{>W*#2MkILm#YZ}QMb?`|y z#givb0Gwmz;Bc_FC&0%C(wbg+=*>wK&*W3+E|xFM%b!IR=td5`^$ppY?`x$iIRe81 z9UqUQInWD+nf=~9J&hfYX7j{R{`NdACxfbFPA*x*bhOx=l%gMbY|8Fx0`zchPvB0N zv;3{kdXw`gK0yGd@b~u*3kw?+fe*2kHJuJ|kLrBCim!J8lwAVQac13^dHNW{FWN$K0#`qx)4iTLNjr9r*LEs?A zM$S+Y#g8KWm$zQa99zS9eKH2`-Yu>&b@0d0HISqmLRT&Q0?y9Pc0NNG%f9tpcjHZ1 z+@L|L-4sUmK|BVnU&L?T7lwm}mcSd5u>nOd0C(TtcQEGD{n_f4BZ{v8(30~e$m{88 z-l0@f{D#~0^);}<)tgIq7pGhgVBz^MJJS*Qi}>2&xS;grW-t#Q=i|SFRmFSxYe0Ah z?xVuJwPyS0+9R;i2*gYCe~p*(o(kUl{IyQ5XW~Fun%g@#aPgpbG+FX&a8UseMZrzB zP|1Cx`VVbxa4%fXF<{~ZRYRI@Jbz*PNT+x)i}yg38N`xB=qLh+l`eFXqX z`=XeX6Ccyi{F#}_P2?LMo$n?B-f+F(L!mqXB+l+n?%I2Gjif&n`IlwWf4;iLiZ498 zN|BO`!PA(*6Hod}#bQFj|G3yO{MGHT?4O)rSnq_Ojj;lL#kGu9*`eCk=cf~!W50?K z0$DF&&?7H{qz4^!9?ebn@UBZ4t|mX9BghSD_$#!D&wK1BgdPWw%+tic`FSn3XdhPU z3Z|V5@n!uHS^?kP#r-uxqHf~od|DfIEA1U(nPfRJKdV2$LPoAq0+(J%ZL+Z1*I&iO z0wA`n5f(pz!8J~?%opsUtOS%C(}`phw0e3)_o{PPt&^m(CR6lDqEZlHV&H4n_1>A< zHC&v@{hmC&$Mt%!d;J>>Y>s?b^pdunFar zHz*WliMKiIN;NH^YEyh6@8Gpk>x-_m(Y-TOm8#=r{l7$^Fttmi( zxu!C+1Byxho1LfcI@SEp^9TXOvT3nBaakZu< zQbEgmv2E!QW?InuNZl15_u-V{jYa=XkFCAkadK)MbJxDQMH3P(VFT|vE&nB$Ak6w48Ho3?)Hkf1TorQMXEvy(pB;oYO@$)6D zcRyNVRfvT%PPmjLyvyd8av}MLQi};ZJKcF&1R_fOgrjeDX}i|gRETFd3?uVX zoA!%KgwCAW$?=nFFis*M~9vwqM?C*b!iaI+|c_Rx3fQK;$9^IwVE|FK`6Yp@qMo^x2tHg zCD-_&w5BR(h(PwUuI}^dbw^NoQrv=bNd+s9(8%=Pb5W<~t*Kv;V;oYy5@gd%k%>`t zY`ZtJAo6@v$KYCT+P|}5ycBQ^S6R^_il5i&1H|=fk0reqS1AZi$PBjK9u{@8C2M$H zmfyU}&d5+tTA^*-Q}uN6_t9>d(POz?E_G+6?#JJWQZvZ-(WgtUvAK6LP{E9V;#* zNf%cIfYr96@Vrf3sndhn8h?KcT0P3~%X461Oys1CbfmQ7#1>+V=^(y7RCLgNU6k?A za>(60W|!_LSW%k1Cb@`bsQY>5N$)ct>N6^IxNY18Rp$zBTxp(r00K|}#;&Makc;Q0 zokuz@@DHAz+5IGV&4|V+Pfkt_cf3}Ctu>bWbr_d}osoi#j{pR7 zZn`z{3HTdi{?l%nf5O85&H(1)Z>C|I+bV6%4+6nlbbL{PxjFHLUyfRco3<})bpGUk zebJA#K3LKpEd;vxOK=!LDV!S>vrb;v&@P8bDD!T9ZbMtmv05KTxFJh23P>6UE8!oX z1au~Z(pV265k+Gu-v%^4H_w~Q8Edlo!dH_*s6LLX;~0}v&X^cJJ>+eR<5U$|WTolk z6_*b+n21O0D6SUmh3?}~f5VUXh0-h;J9BvTArxQQlO%m_ruNjR)6^9Qr`o4GeZ%y{ z>B|IocRC^dW4s<-s*gv@?5%ur|ZFJ<9sWh`HuhkR&X5@psjC~3;SA* zp?Rfs55z=ht8nXJT8g!fF@4+*8q>)D&y4NMjbQyyBsxzsT7*v=%J9DGdT?)y_UYIm z;XRb!Z?v{U`hwkZPg`?lza``1qLE!Li|h$)bx4vA$0o%teyLYz0Kql%oosUdL@N4? zkohoVHJ&b83T#glmSTc{tT1)m+fr@kS4FaDu_Tv{1RSv}!aIbM9;JcHw%Yj}E=k=a zZIWEY?O`FRA3$mv_$%O-R#<+QI!_4`W_d2#0Ot)<``NSd^AnVXcosnXWB9Z<=|9wa*I9+Dj7B?OPn zJ4)c2<$s>}gW21qmPRd|X(8wR%$R~rCfd=lRPwc-gzHwO{)LPHE4fBEgBNA<%Yt%5 zQ`3VBzk(K+Imc`~yX>3X^UPcdjesb!V*OqNlY1F&ItMWrGgxNFSf2PJe_)>a_#KOO z;>Og&*04uDki;N^n^8vmAfDw}^vg$2XL&Fhn%Vhm+a%ZGE5Ft^!+LUyKRcH{LK-3P z*k&I+avFPr;@0z$2#?<&OwJJJ50xH$lcV^9OV}9jE;QbPpDLWtTje?@@PF@8R&q6EG(3y}*(3y`Wn48O<%H4_hyLMoy4O zrA(?i^Wo!|QS)exaEjElh&lFBXnaYm;$u<|Gzvux2uZwS_a)CU8BULAb0Ft7&aaXr(wzKbpX}zC`6v zd*)kBq;j87%4zoqf$l~f@9T>_ne>IU%b+g z!0PbJ&GBTWINEM`nikoe34Fr8jE;^MqM={H>x1R3PpNDp$M6SxsY=`lkEA~qQYa{Z z(wQ(St}E^v;$z~Hdak7yfP%*kRN69gLT4$oKDEFwG&S{nF*o(bAo*CC!rB*vmag)m zVOkG;{SWUS9HEQ?+{?bL1iBFir?kJ?Jh#4L=HoTXd5isR{^FB)2IOYQV3^hV0j+CR z=LDzC`J39~`nQbkKOI_2P&uO39$fSEI_4C&^`zF7AyGt4^ND=R8IiOAd{FX zT6pWxTb~vQEaQ==XFv`>JEC;0j0|o%jRDv*cEFi diff --git a/nitrokeys/fido2/windows/index.rst b/nitrokeys/fido2/windows/index.rst deleted file mode 100644 index cb732798f3..0000000000 --- a/nitrokeys/fido2/windows/index.rst +++ /dev/null @@ -1,13 +0,0 @@ -Nitrokey FIDO2 With Windows -=========================== - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -.. include:: ../shared/index-content1.rst.inc From c4d75a0519662f609bedd40b36758be81c4831b8 Mon Sep 17 00:00:00 2001 From: Keksmo Date: Fri, 2 Aug 2024 15:50:06 +0200 Subject: [PATCH 15/33] finished hsm --- nitrokeys/features/openpgp/index.rst | 2 +- nitrokeys/hsm/certificate-authority.rst | 683 ++++++++++++++++++ nitrokeys/hsm/{linux => }/dnssec.rst | 0 nitrokeys/hsm/getting-started.rst | 40 + ...ys-certs.rst.inc => import-keys-certs.rst} | 0 nitrokeys/hsm/index.rst | 19 +- nitrokeys/hsm/ipsec.rst | 46 ++ nitrokeys/hsm/linux/apache2-tls.rst | 4 - nitrokeys/hsm/linux/automatic-screen-lock.rst | 1 - nitrokeys/hsm/linux/certificate-authority.rst | 1 - nitrokeys/hsm/linux/gpa.rst | 1 - nitrokeys/hsm/linux/hard-disk-encryption.rst | 1 - nitrokeys/hsm/linux/import-keys-certs.rst | 4 - nitrokeys/hsm/linux/index.rst | 30 - nitrokeys/hsm/linux/ipsec.rst | 4 - nitrokeys/hsm/linux/n-of-m-schemes.rst | 5 - nitrokeys/hsm/linux/pkcs11-url.rst | 4 - nitrokeys/hsm/linux/smime-outlook.rst | 1 - nitrokeys/hsm/linux/smime-thunderbird.rst | 1 - nitrokeys/hsm/linux/smime.rst | 1 - nitrokeys/hsm/linux/stunnel.rst | 4 - nitrokeys/hsm/mac/apache2-tls.rst | 4 - nitrokeys/hsm/mac/certificate-authority.rst | 1 - nitrokeys/hsm/mac/gpa.rst | 1 - nitrokeys/hsm/mac/hard-disk-encryption.rst | 4 - nitrokeys/hsm/mac/import-keys-certs.rst | 4 - nitrokeys/hsm/mac/index.rst | 27 - nitrokeys/hsm/mac/pkcs11-url.rst | 4 - nitrokeys/hsm/mac/smime-outlook.rst | 1 - nitrokeys/hsm/mac/smime-thunderbird.rst | 1 - nitrokeys/hsm/mac/smime.rst | 1 - nitrokeys/hsm/{smime.rst.inc => smime.rst} | 3 + nitrokeys/hsm/stunnel.rst | 19 + nitrokeys/hsm/windows/apache2-tls.rst | 4 - .../hsm/windows/certificate-authority.rst | 1 - nitrokeys/hsm/windows/gpa.rst | 1 - .../hsm/windows/hard-disk-encryption.rst | 4 - nitrokeys/hsm/windows/import-keys-certs.rst | 4 - nitrokeys/hsm/windows/index.rst | 27 - nitrokeys/hsm/windows/pkcs11-url.rst | 4 - nitrokeys/hsm/windows/smart-policy.rst | 1 - nitrokeys/hsm/windows/smime-outlook.rst | 1 - nitrokeys/hsm/windows/smime-thunderbird.rst | 2 - nitrokeys/hsm/windows/smime.rst | 8 - nitrokeys/index.rst | 1 + 45 files changed, 807 insertions(+), 173 deletions(-) create mode 100644 nitrokeys/hsm/certificate-authority.rst rename nitrokeys/hsm/{linux => }/dnssec.rst (100%) create mode 100644 nitrokeys/hsm/getting-started.rst rename nitrokeys/hsm/{import-keys-certs.rst.inc => import-keys-certs.rst} (100%) create mode 100644 nitrokeys/hsm/ipsec.rst delete mode 100644 nitrokeys/hsm/linux/apache2-tls.rst delete mode 100644 nitrokeys/hsm/linux/automatic-screen-lock.rst delete mode 100644 nitrokeys/hsm/linux/certificate-authority.rst delete mode 100644 nitrokeys/hsm/linux/gpa.rst delete mode 100644 nitrokeys/hsm/linux/hard-disk-encryption.rst delete mode 100644 nitrokeys/hsm/linux/import-keys-certs.rst delete mode 100644 nitrokeys/hsm/linux/index.rst delete mode 100644 nitrokeys/hsm/linux/ipsec.rst delete mode 100644 nitrokeys/hsm/linux/n-of-m-schemes.rst delete mode 100644 nitrokeys/hsm/linux/pkcs11-url.rst delete mode 100644 nitrokeys/hsm/linux/smime-outlook.rst delete mode 100644 nitrokeys/hsm/linux/smime-thunderbird.rst delete mode 100644 nitrokeys/hsm/linux/smime.rst delete mode 100644 nitrokeys/hsm/linux/stunnel.rst delete mode 100644 nitrokeys/hsm/mac/apache2-tls.rst delete mode 100644 nitrokeys/hsm/mac/certificate-authority.rst delete mode 100644 nitrokeys/hsm/mac/gpa.rst delete mode 100644 nitrokeys/hsm/mac/hard-disk-encryption.rst delete mode 100644 nitrokeys/hsm/mac/import-keys-certs.rst delete mode 100644 nitrokeys/hsm/mac/index.rst delete mode 100644 nitrokeys/hsm/mac/pkcs11-url.rst delete mode 100644 nitrokeys/hsm/mac/smime-outlook.rst delete mode 100644 nitrokeys/hsm/mac/smime-thunderbird.rst delete mode 100644 nitrokeys/hsm/mac/smime.rst rename nitrokeys/hsm/{smime.rst.inc => smime.rst} (96%) create mode 100644 nitrokeys/hsm/stunnel.rst delete mode 100644 nitrokeys/hsm/windows/apache2-tls.rst delete mode 100644 nitrokeys/hsm/windows/certificate-authority.rst delete mode 100644 nitrokeys/hsm/windows/gpa.rst delete mode 100644 nitrokeys/hsm/windows/hard-disk-encryption.rst delete mode 100644 nitrokeys/hsm/windows/import-keys-certs.rst delete mode 100644 nitrokeys/hsm/windows/index.rst delete mode 100644 nitrokeys/hsm/windows/pkcs11-url.rst delete mode 100644 nitrokeys/hsm/windows/smart-policy.rst delete mode 100644 nitrokeys/hsm/windows/smime-outlook.rst delete mode 100644 nitrokeys/hsm/windows/smime-thunderbird.rst delete mode 100644 nitrokeys/hsm/windows/smime.rst diff --git a/nitrokeys/features/openpgp/index.rst b/nitrokeys/features/openpgp/index.rst index 4e910cd5d6..27f585a4f3 100644 --- a/nitrokeys/features/openpgp/index.rst +++ b/nitrokeys/features/openpgp/index.rst @@ -52,7 +52,7 @@ You can find further information about the usage on these pages: - to use `OpenPGP encryption with Outlook `_ -- `OpenPGP Touch Confirmation (Nitrokey 3 only) `_ +- to use `OpenPGP Touch Confirmation (Nitrokey 3 only) `_ - to use `Claws Mail `__, an email diff --git a/nitrokeys/hsm/certificate-authority.rst b/nitrokeys/hsm/certificate-authority.rst new file mode 100644 index 0000000000..2742c19f0e --- /dev/null +++ b/nitrokeys/hsm/certificate-authority.rst @@ -0,0 +1,683 @@ +Creating a Certificate Authority +================================ + +.. contents:: :local: + +This article shows you how to setup your own private certificate authority backed by a Nitrokey HSM. This certificate authority has no automation and does not really scale. Other open source projects can be referenced for automation and scalability. + +Choose Cryptographic Algorithms +------------------------------- + +I’m going to assume that you’re as paranoid as I am, so I will be using the following command for generating private keys: + +.. code-block:: bash + + pkcs11-tool -l --keypairgen --key-type EC:secp384r1 --label root + +But, if you’re less paranoid that I am, you can safely choose the following options: + +.. code-block:: bash + + pkcs11-tool -l --keypairgen --key-type EC:secp256r1 --label root + pkcs11-tool -l --keypairgen --key-type rsa:4096 --label root + +Likewise, I will be using the sha512 algorithm throughout this article, but sha256 can safely be used. + +Preparing to Start +------------------ + +To start with, you need to pick a directory to store your CA. + +.. code-block:: bash + + pki_dir=/opt/certificate-authority + mkdir $pki_dir + cd $pki_dir + mkdir certs config crl newcerts intermediate intermediate/certs intermediate/crl intermediate/csr intermediate/newcerts + touch index.txt intermediate/index.txt + cd config + +Install the necessary tools: + +.. code-block:: bash + + # Arch Linux + pacman -S community/opensc community/libp11 + + # Ubuntu + sudo apt-get install opensc gnutls-bin + +For Windows download the official `OpenSC releases `__ +and make sure you install `p11tool as described `__. +Using the PowerShell most commands should be identical as long as both tools and their binaries +are within your ``PATH``. + +Creating The Root Certificate Authority +--------------------------------------- + +We start by generating the private key for the certificate authority directly on the Nitrokey HSM. This allows us to use the private key in the future, but not access it. + +.. code-block:: bash + + # Generate private key on HSM + $ pkcs11-tool -l --keypairgen --key-type EC:secp384r1 --label root + Using slot 0 with a present token (0x0) + Logging in to "SmartCard-HSM (UserPIN)". + Please enter User PIN: + Key pair generated: + Private Key Object; EC + label: root + ID: e0161cc8b6f5d66ac6835ecdecb623fc0506a675 + Usage: sign, derive + Access: none + Public Key Object; EC EC_POINT 384 bits + EC_POINT: 046104c1e7b40e1ef9e5d47399aeeda695026c9eb626462059eb696e8f2b647b42d64ac3b7fc7a5b31aa3edf9bce46b2cdcf8e5d190b13601d3d14ffb119c8cf60033c6b78ba579b85113ca536eef1cf85ba418ff0110a56ec881b329e0562e090a3e7 + EC_PARAMS: 06052b81040022 + label: root + ID: e0161cc8b6f5d66ac6835ecdecb623fc0506a675 + Usage: verify, derive + Access: none + +Note the ID number (e0161cc8b6f5d66ac6835ecdecb623fc0506a675), we’ll need it later. + +If you need the ID in the future, you can list the keys on the Nitrokey HSM: + +.. code-block:: bash + + pkcs11-tool -O + +We need to create a config file to generate a self-signed public certificate. + +.. code-block:: bash + + vim create_root_cert.ini + +Fill out the request information in with information for your CA. + +.. code-block:: ini + + [ ca ] + # `man ca` + default_ca = CA_default + + [ CA_default ] + # Directory and file locations. + dir = /opt/certificate-authority + certs = $dir/certs + crl_dir = $dir/crl + new_certs_dir = $dir/newcerts + database = $dir/index.txt + serial = $dir/serial + + # SHA-1 is deprecated, so use SHA-2 instead. + default_md = sha512 + + name_opt = ca_default + cert_opt = ca_default + default_days = 375 + preserve = no + policy = policy_strict + + [ policy_strict ] + # The root CA should only sign intermediate certificates that match. + # See the POLICY FORMAT section of `man ca`. + countryName = match + stateOrProvinceName = match + organizationName = match + organizationalUnitName = optional + commonName = supplied + emailAddress = optional + + [ req ] + # Options for the `req` tool (`man req`). + default_bits = 4096 + distinguished_name = req_distinguished_name + string_mask = utf8only + prompt = no + + # SHA-1 is deprecated, so use SHA-2 instead. + default_md = sha512 + + [ req_distinguished_name ] + C = + ST = + O = + OU = Certificate Authority + CN = Root CA + + [ v3_ca ] + # Extensions for a typical CA (`man x509v3_config`). + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer + basicConstraints = critical, CA:true + keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +Generate the self-signed public certificate from the private key. Use the private key id value from earlier. + +.. code-block:: bash + + $ openssl req -config create_root_cert.ini -engine pkcs11 -keyform engine -key e0161cc8b6f5d66ac6835ecdecb623fc0506a675 -new -x509 -days 3650 -sha512 -extensions v3_ca -out ../certs/root.crt + engine "pkcs11" set. + Enter PKCS#11 token PIN for SmartCard-HSM (UserPIN): + +Verify that the root certificate was generated correctly. Verify that Signature-Algorithm matches above and below. Verify that Issuer and Subject match, all root certificates are self signed. Verify that Key Usage matches what was in the v3_ca information in our config file. + +.. code-block:: bash + + $ openssl x509 -noout -text -in ../certs/root.crt + Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 25:ac:e1:36:75:67:26:1d:bb:96:4b:84:c2:2d:83:25:7b:cc:e0:e5 + Signature Algorithm: ecdsa-with-SHA512 + Issuer: C = US, ST = My State, O = My Company, OU = My Company Certificate Authority, CN = My Company Root CA + Validity + Not Before: Aug 18 20:13:20 2020 GMT + Not After : Aug 16 20:13:20 2030 GMT + Subject: C = US, ST = My State, O = My Company, OU = My Company Certificate Authority, CN = My Company Root CA + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:c1:e7:b4:0e:1e:f9:e5:d4:73:99:ae:ed:a6:95: + 02:6c:9e:b6:26:46:20:59:eb:69:6e:8f:2b:64:7b: + 42:d6:4a:c3:b7:fc:7a:5b:31:aa:3e:df:9b:ce:46: + b2:cd:cf:8e:5d:19:0b:13:60:1d:3d:14:ff:b1:19: + c8:cf:60:03:3c:6b:78:ba:57:9b:85:11:3c:a5:36: + ee:f1:cf:85:ba:41:8f:f0:11:0a:56:ec:88:1b:32: + 9e:05:62:e0:90:a3:e7 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Subject Key Identifier: + F1:FA:61:75:0B:AC:3C:95:97:EF:73:3C:3F:38:22:B1:DB:D9:BF:41 + X509v3 Authority Key Identifier: + keyid:F1:FA:61:75:0B:AC:3C:95:97:EF:73:3C:3F:38:22:B1:DB:D9:BF:41 + + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Signature Algorithm: ecdsa-with-SHA512 + 30:64:02:30:53:b8:b6:5a:41:4b:4f:6a:d1:a6:76:88:df:13: + d6:da:c7:48:aa:8b:aa:ff:13:6c:d1:00:53:90:92:b5:71:57: + eb:d0:bf:3e:5d:2e:62:c0:3e:40:0f:64:25:a5:92:0f:02:30: + 15:0a:19:d5:a2:09:86:d8:9d:07:67:71:c3:84:f2:6b:90:20: + 2d:29:10:9e:4c:73:7a:55:56:4b:dc:fe:8d:3f:f0:9c:20:e1: + 5a:74:fb:41:86:ad:a4:66:61:74:d7:fd + +Creating The Intermediate Certificate Authority +----------------------------------------------- + +We continue by generating the private key for the intermediate certificate authority directly on the Nitrokey HSM. This allows us to use the private key in the future, but not access it. + +.. code-block:: bash + + # Generate private key on HSM + $ pkcs11-tool -l --keypairgen --key-type EC:secp384r1 --label intermediate + Using slot 0 with a present token (0x0) + Logging in to "SmartCard-HSM (UserPIN)". + Please enter User PIN: + Key pair generated: + Private Key Object; EC + label: intermediate + ID: bcb48fe9b566ae61891aabbfde6a23d4ff3ab639 + Usage: sign, derive + Access: none + Public Key Object; EC EC_POINT 384 bits + EC_POINT: 046104d0fb5c0cd10c0b6e4d0f6986755824b624ec9fcd8ff9ae5f0109fe6ff3ad887ca760717da894f3ff84dc8c24fe8c93b0cd840a6aa941bb2866c061cef60e47b893d71852b50d6762af10c951426e55ec8925a6cd83aeae1730311108afdbcdee + EC_PARAMS: 06052b81040022 + label: intermediate + ID: bcb48fe9b566ae61891aabbfde6a23d4ff3ab639 + Usage: verify, derive + Access: none + +Note the ID number (bcb48fe9b566ae61891aabbfde6a23d4ff3ab639), we’ll need it later. + +If you need the ID in the future, you can list the keys on the Nitrokey HSM: + +.. code-block:: bash + + pkcs11-tool -O + +We need to create a config file to generate a self-signed public certificate. + +.. code-block:: bash + + vim create_intermediate_csr.ini + +Fill out the request information in with information for your CA. + +.. code-block:: ini + + [ req ] + # Options for the `req` tool (`man req`). + default_bits = 4096 + distinguished_name = req_distinguished_name + string_mask = utf8only + prompt = no + + # SHA-1 is deprecated, so use SHA-2 instead. + [ v3_ca ] + # Extensions for a typical CA (`man x509v3_config`). + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer + basicConstraints = critical, CA:true + keyUsage = critical, digitalSignature, cRLSign, keyCertSign + default_md = sha512 + + [ req_distinguished_name ] + C = + ST = + O = + OU = Certificate Authority + CN = Intermediate CA + +Generate the certificate signing request for the intermediate CA from the intermediate CA’s private key. Use the private key ID value from earlier. + +.. code-block:: bash + + $ openssl req -config create_intermediate_csr.ini -engine pkcs11 -keyform engine -key bcb48fe9b566ae61891aabbfde6a23d4ff3ab639 -new -sha512 -out ../intermediate/csr/intermediate.csr + engine "pkcs11" set. + Enter PKCS#11 token PIN for SmartCard-HSM (UserPIN): + +Verify that the CSR was created correctly. Verify that your Subject is correct. Verify that your Public Key and Signature Algorithm are correct. + +.. code-block:: bash + + $ openssl req -text -noout -verify -in ../intermediate/csr/intermediate.csr + verify OK + Certificate Request: + Data: + Version: 1 (0x0) + Subject: C = US, ST = My State, O = My Company, OU = My Company Certificate Authority, CN = My Company Intermediate CA + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:d0:fb:5c:0c:d1:0c:0b:6e:4d:0f:69:86:75:58: + 24:b6:24:ec:9f:cd:8f:f9:ae:5f:01:09:fe:6f:f3: + ad:88:7c:a7:60:71:7d:a8:94:f3:ff:84:dc:8c:24: + fe:8c:93:b0:cd:84:0a:6a:a9:41:bb:28:66:c0:61: + ce:f6:0e:47:b8:93:d7:18:52:b5:0d:67:62:af:10: + c9:51:42:6e:55:ec:89:25:a6:cd:83:ae:ae:17:30: + 31:11:08:af:db:cd:ee + ASN1 OID: secp384r1 + NIST CURVE: P-384 + Attributes: + a0:00 + Signature Algorithm: ecdsa-with-SHA512 + 30:64:02:30:6a:1d:75:8b:59:99:2c:a8:5d:a0:7f:02:7d:9a: + aa:40:74:7a:65:20:03:6b:bc:65:fb:7d:d1:7f:5b:24:ae:6f: + 40:16:ac:82:0b:80:9b:81:f9:d9:64:ea:0f:41:4c:d7:02:30: + 4d:28:7f:e3:76:52:c7:10:e1:bd:b7:2e:ea:65:78:41:0c:96: + 50:5f:e9:1f:be:18:ac:14:ba:65:3f:b0:2a:f4:0f:d0:56:ab: + d0:8c:bf:d0:92:9e:f6:e5:f6:8a:af:a5 + +We need to find out the fully qualified PKCS#11 URI for your private key: + +.. code-block:: bash + + $ p11tool --list-all + warning: no token URL was provided for this operation; the available tokens are: + + pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00 + + $ p11tool --login --list-all pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00 + Token 'SmartCard-HSM (UserPIN)' with URL 'pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00' requires user PIN + Enter PIN: + Object 0: + URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%E0%16%1C%C8%B6%F5%D6%6A%C6%83%5E%CD%EC%B6%23%FC%05%06%A6%75;object=root;type=private + Type: Private key (EC/ECDSA-SECP384R1) + Label: root + Flags: CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE; + ID: e0:16:1c:c8:b6:f5:d6:6a:c6:83:5e:cd:ec:b6:23:fc:05:06:a6:75 + + Object 1: + URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%E0%16%1C%C8%B6%F5%D6%6A%C6%83%5E%CD%EC%B6%23%FC%05%06%A6%75;object=root;type=public + Type: Public key (EC/ECDSA-SECP384R1) + Label: root + ID: e0:16:1c:c8:b6:f5:d6:6a:c6:83:5e:cd:ec:b6:23:fc:05:06:a6:75 + + Object 2: + URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%BC%B4%8F%E9%B5%66%AE%61%89%1A%AB%BF%DE%6A%23%D4%FF%3A%B6%39;object=intermediate;type=private + Type: Private key (EC/ECDSA-SECP384R1) + Label: intermediate + Flags: CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE; + ID: bc:b4:8f:e9:b5:66:ae:61:89:1a:ab:bf:de:6a:23:d4:ff:3a:b6:39 + + Object 3: + URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%BC%B4%8F%E9%B5%66%AE%61%89%1A%AB%BF%DE%6A%23%D4%FF%3A%B6%39;object=intermediate;type=public + Type: Public key (EC/ECDSA-SECP384R1) + Label: intermediate + ID: bc:b4:8f:e9:b5:66:ae:61:89:1a:ab:bf:de:6a:23:d4:ff:3a:b6:39 + +In this instance, the fully qualified PKCS#11 URI is: + +.. code-block:: bash + + pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%E0%16%1C%C8%B6%F5%D6%6A%C6%83%5E%CD%EC%B6%23%FC%05%06%A6%75;object=root;type=private + +Now, we need to create a config file to use the private key of the root certificate to sign the csr of the intermediate certificate. + +.. code-block:: bash + + vim sign_intermediate_csr.ini + +.. code-block:: ini + + [ ca ] + # `man ca` + default_ca = CA_default + + [ CA_default ] + # Directory and file locations. + dir = /opt/certificate-authority + certs = $dir/certs + crl_dir = $dir/crl + new_certs_dir = $dir/newcerts + database = $dir/index.txt + serial = $dir/serial + + # The root key and root certificate. + private_key = pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%E0%16%1C%C8%B6%F5%D6%6A%C6%83%5E%CD%EC%B6%23%FC%05%06%A6%75;object=root;type=private + certificate = ../certs/root.crt + + # SHA-1 is deprecated, so use SHA-2 instead. + default_md = sha512 + + name_opt = ca_default + cert_opt = ca_default + default_days = 375 + preserve = no + policy = policy_loose + + [ policy_loose ] + # Allow the intermediate CA to sign a more diverse range of certificates. + # See the POLICY FORMAT section of the `ca` man page. + countryName = optional + stateOrProvinceName = optional + localityName = optional + organizationName = optional + organizationalUnitName = optional + commonName = supplied + emailAddress = optional + + [ v3_intermediate_ca ] + # Extensions for a typical intermediate CA (`man x509v3_config`). + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer + basicConstraints = critical, CA:true, pathlen:0 + keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +Then sign the intermediate certificate with the root certificate. + +.. code-block:: bash + + $ openssl ca -config sign_intermediate_csr.ini -engine pkcs11 -keyform engine -extensions v3_intermediate_ca -days 1825 -notext -md sha512 -create_serial -in ../intermediate/csr/intermediate.csr -out ../intermediate/certs/intermediate.crt + engine "pkcs11" set. + Using configuration from sign_intermediate_csr.ini + Enter PKCS#11 token PIN for SmartCard-HSM (UserPIN): + Check that the request matches the signature + Signature ok + Certificate Details: + Serial Number: + 35:47:4d:05:12:cc:e1:a8:b6:bf:dd:3e:c8:29:7b:18:c0:a1:5c:68 + Validity + Not Before: Aug 18 20:44:17 2020 GMT + Not After : Aug 17 20:44:17 2025 GMT + Subject: + countryName = US + stateOrProvinceName = My State + organizationName = My Company + organizationalUnitName = My Company Certificate Authority + commonName = My Company Intermediate CA + X509v3 extensions: + X509v3 Subject Key Identifier: + 1D:4F:E5:ED:11:42:9A:AC:25:E4:51:A3:42:67:97:39:A0:10:AE:82 + X509v3 Authority Key Identifier: + keyid:F1:FA:61:75:0B:AC:3C:95:97:EF:73:3C:3F:38:22:B1:DB:D9:BF:41 + + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Certificate is to be certified until Aug 17 20:44:17 2025 GMT (1825 days) + Sign the certificate? [y/n]:y + + + 1 out of 1 certificate requests certified, commit? [y/n]y + Write out database with 1 new entries + Data Base Updated + +Verify that the root certificate was generated correctly. Verify that the Issuer and Subject are different, and correct. Verify that the Key Usage matches the config file. Verify that the signature algorithm are correct above and below. + +.. code-block:: bash + + $ openssl x509 -noout -text -in ../intermediate/certs/intermediate.crt + Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 35:47:4d:05:12:cc:e1:a8:b6:bf:dd:3e:c8:29:7b:18:c0:a1:5c:68 + Signature Algorithm: ecdsa-with-SHA512 + Issuer: C = US, ST = My State, O = My Company, OU = My Company Certificate Authority, CN = My Company Root CA + Validity + Not Before: Aug 18 20:44:17 2020 GMT + Not After : Aug 17 20:44:17 2025 GMT + Subject: C = US, ST = My State, O = My Company, OU = My Company Certificate Authority, CN = My Company Intermediate CA + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:d0:fb:5c:0c:d1:0c:0b:6e:4d:0f:69:86:75:58: + 24:b6:24:ec:9f:cd:8f:f9:ae:5f:01:09:fe:6f:f3: + ad:88:7c:a7:60:71:7d:a8:94:f3:ff:84:dc:8c:24: + fe:8c:93:b0:cd:84:0a:6a:a9:41:bb:28:66:c0:61: + ce:f6:0e:47:b8:93:d7:18:52:b5:0d:67:62:af:10: + c9:51:42:6e:55:ec:89:25:a6:cd:83:ae:ae:17:30: + 31:11:08:af:db:cd:ee + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Subject Key Identifier: + 1D:4F:E5:ED:11:42:9A:AC:25:E4:51:A3:42:67:97:39:A0:10:AE:82 + X509v3 Authority Key Identifier: + keyid:F1:FA:61:75:0B:AC:3C:95:97:EF:73:3C:3F:38:22:B1:DB:D9:BF:41 + + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Signature Algorithm: ecdsa-with-SHA512 + 30:66:02:31:00:9a:6e:08:d2:d6:3a:29:f6:ba:0c:4c:3a:f4: + af:40:5e:e0:71:f2:bc:e4:47:f5:b4:ee:10:d7:27:b1:25:0b: + 4b:09:78:a1:b8:f2:b8:71:c5:4e:41:33:8e:64:db:ec:eb:02: + 31:00:fc:39:26:c2:ad:7b:3c:ab:75:06:34:02:47:79:40:31: + 1d:eb:17:ad:32:10:67:97:37:6f:7f:3c:ce:3e:12:3c:e9:7c: + fa:43:3e:34:5d:5e:f4:f3:2f:fd:6a:2f:14:da + +Verify that the intermediate certificate verifies against the root certificate. + +.. code-block:: bash + + $ openssl verify -CAfile ../certs/root.crt ../intermediate/certs/intermediate.crt + ../intermediate/certs/intermediate.crt: OK + +Create a certificate chain file: + +.. code-block:: bash + + cat ../intermediate/certs/intermediate.crt ../certs/root.crt > ../intermediate/certs/chain.crt + +You now have a certificate authority backed by an HSM. + +Sign a Server Certificate +------------------------- + +Now that you have a certificate authority, you’d probably like to know how to use it. + +Create a CSR in the normal method for your application. Proper creation of your certificate, including SAN, for your particular application is outside the scope of this document. + +We need to find out the fully qualified PKCS#11 URI for your private key: + +.. code-block:: bash + + $ p11tool --list-all + warning: no token URL was provided for this operation; the available tokens are: + + *pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00* + + $ p11tool --login --list-all pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00 + Token 'SmartCard-HSM (UserPIN)' with URL 'pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00' requires user PIN + Enter PIN: + Object 0: + URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%E0%16%1C%C8%B6%F5%D6%6A%C6%83%5E%CD%EC%B6%23%FC%05%06%A6%75;object=root;type=private + Type: Private key (EC/ECDSA-SECP384R1) + Label: root + Flags: CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE; + ID: e0:16:1c:c8:b6:f5:d6:6a:c6:83:5e:cd:ec:b6:23:fc:05:06:a6:75 + + Object 1: + URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%E0%16%1C%C8%B6%F5%D6%6A%C6%83%5E%CD%EC%B6%23%FC%05%06%A6%75;object=root;type=public + Type: Public key (EC/ECDSA-SECP384R1) + Label: root + ID: e0:16:1c:c8:b6:f5:d6:6a:c6:83:5e:cd:ec:b6:23:fc:05:06:a6:75 + + Object 2: + URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%BC%B4%8F%E9%B5%66%AE%61%89%1A%AB%BF%DE%6A%23%D4%FF%3A%B6%39;object=intermediate;type=private + Type: Private key (EC/ECDSA-SECP384R1) + Label: intermediate + Flags: CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE; + ID: bc:b4:8f:e9:b5:66:ae:61:89:1a:ab:bf:de:6a:23:d4:ff:3a:b6:39 + + Object 3: + URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%BC%B4%8F%E9%B5%66%AE%61%89%1A%AB%BF%DE%6A%23%D4%FF%3A%B6%39;object=intermediate;type=public + Type: Public key (EC/ECDSA-SECP384R1) + Label: intermediate + ID: bc:b4:8f:e9:b5:66:ae:61:89:1a:ab:bf:de:6a:23:d4:ff:3a:b6:39 + +In this instance, the fully qualified PKCS#11 URI is: + +.. code-block:: bash + + pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%BC%B4%8F%E9%B5%66%AE%61%89%1A%AB%BF%DE%6A%23%D4%FF%3A%B6%39;object=intermediate;type=private + +Create a config file to use the private key of the intermediate certificate to sign the CSRs of your servers. + +.. code-block:: bash + + vim sign_server_csrs.ini + +.. code-block:: ini + + [ ca ] + # `man ca` + default_ca = CA_default + + [ CA_default ] + # Directory and file locations. + dir = /opt/certificate-authority/intermediate + certs = $dir/certs + crl_dir = $dir/crl + new_certs_dir = $dir/newcerts + database = $dir/index.txt + serial = $dir/serial + + # The root key and root certificate. + private_key = pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%BC%B4%8F%E9%B5%66%AE%61%89%1A%AB%BF%DE%6A%23%D4%FF%3A%B6%39;object=intermediate;type=private + certificate = $dir/certs/intermediate.crt + + # SHA-1 is deprecated, so use SHA-2 instead. + default_md = sha512 + + name_opt = ca_default + cert_opt = ca_default + default_days = 375 + preserve = no + policy = policy_loose + + [ policy_loose ] + # Allow the intermediate CA to sign a more diverse range of certificates. + # See the POLICY FORMAT section of the `ca` man page. + countryName = optional + stateOrProvinceName = optional + localityName = optional + organizationName = optional + organizationalUnitName = optional + commonName = supplied + emailAddress = optional + + [ server_cert ] + # Extensions for server certificates (`man x509v3_config`). + basicConstraints = CA:FALSE + nsCertType = server + nsComment = "OpenSSL Generated Server Certificate" + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid,issuer:always + keyUsage = critical, digitalSignature, keyEncipherment + extendedKeyUsage = serverAuth + +Then run openssl to sign the server’s CSR. + +.. code-block:: bash + + $ openssl ca -config sign_server_csrs.ini -engine pkcs11 -keyform engine -extensions server_cert -days 375 -notext -md sha512 -create_serial -in server_cert.csr -out server_cert.crt + engine "pkcs11" set. + Using configuration from sign_server_csrs.ini + Enter PKCS#11 token PIN for SmartCard-HSM (UserPIN): + Check that the request matches the signature + Signature ok + Certificate Details: + Serial Number: + 40:7f:dc:90:b0:3a:1b:fb:d3:e2:74:8d:40:28:a8:12:f7:7e:c3:74 + Validity + Not Before: Aug 18 21:32:42 2020 GMT + Not After : Aug 28 21:32:42 2021 GMT + Subject: + countryName = US + stateOrProvinceName = My State + organizationName = My Company + organizationalUnitName = media + commonName = media + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Server + Netscape Comment: + OpenSSL Generated Server Certificate + X509v3 Subject Key Identifier: + 26:89:19:95:6C:93:8C:DD:6E:AA:61:D5:C0:E6:78:CC:F1:47:64:FC + X509v3 Authority Key Identifier: + keyid:1D:4F:E5:ED:11:42:9A:AC:25:E4:51:A3:42:67:97:39:A0:10:AE:82 + DirName:/C=US/ST=My State/O=My Company/OU=My Company Certificate Authority/CN=My Company Root CA + serial:35:47:4D:05:12:CC:E1:A8:B6:BF:DD:3E:C8:29:7B:18:C0:A1:5C:68 + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + Certificate is to be certified until Aug 28 21:32:42 2021 GMT (375 days) + Sign the certificate? [y/n]:y + + + 1 out of 1 certificate requests certified, commit? [y/n]y + Write out database with 1 new entries + Data Base Updated + +References +---------- + +I used the following resources to help in compiling this document. + +- `How to initialize your Nitrokey HSM `__ +- `How to create a root and intermediate CA `__ +- `How to ensure the serial numbers of your intermediate CA and server certs are up to spec `__ +- `How to generate ECC private keys `__ +- `How to find the PCKS11 URI from your HSM `__ +- `Troubleshooting (forum) `__ + + +This document was originally `written by lyntux `__ \ No newline at end of file diff --git a/nitrokeys/hsm/linux/dnssec.rst b/nitrokeys/hsm/dnssec.rst similarity index 100% rename from nitrokeys/hsm/linux/dnssec.rst rename to nitrokeys/hsm/dnssec.rst diff --git a/nitrokeys/hsm/getting-started.rst b/nitrokeys/hsm/getting-started.rst new file mode 100644 index 0000000000..8c962725ad --- /dev/null +++ b/nitrokeys/hsm/getting-started.rst @@ -0,0 +1,40 @@ +Getting Started +=============== + +.. contents:: :local: + + +1. + .. tabs:: + .. tab:: Linux + Install `OpenSC `__. You need + at least version 0.19. You can find recent builds for debian-based + systems like Ubuntu + `here `__ if your system + does not have the newest version of OpenSC. Alternatively, install + `this `__ + driver (`source `__). + + .. tab:: MacOS + Install `OpenSC `__. + Alternatively, install + `this `__ + driver (`source `__). + + .. tab:: Windows + Install `OpenSC `__. + Alternatively, install + `this `__ + driver (`source `__). + +2. Define SO-PIN and PIN of your own choices. See `these + instructions `__. + Afterwards you can begin to `generate new + keys `__. + +Your Nitrokey is now ready to use. + +* There is `nitrotool `__ as a more comfortable frontend to OpenSC. (hsmwiz) +* Embedded Systems: For systems with minimal memory footprint a read/only PKCS#11 module is provided by the `sc-hsm-embedded `__ project. +* `This PKCS#11 module `__ is useful for deployments where key generation at the user's workplace is not required. The PKCS#11 module also supports major electronic signature cards available in the German market. +* OpenSCDP: The SmartCard-HSM is fully integrated with `OpenSCDP `__, the open smart card development platform. See the `public support scripts `__ for details. diff --git a/nitrokeys/hsm/import-keys-certs.rst.inc b/nitrokeys/hsm/import-keys-certs.rst similarity index 100% rename from nitrokeys/hsm/import-keys-certs.rst.inc rename to nitrokeys/hsm/import-keys-certs.rst diff --git a/nitrokeys/hsm/index.rst b/nitrokeys/hsm/index.rst index 9a6a47b6bd..a1ef9d3069 100644 --- a/nitrokeys/hsm/index.rst +++ b/nitrokeys/hsm/index.rst @@ -10,14 +10,23 @@ First check the: :glob: Frequently Asked Questions + Getting Started -or choose your operating system: +or check out the features: .. toctree:: :maxdepth: 1 :glob: - Windows - macOS - Linux - + SMIME <../features/smime/index> + Smart <../features/desktop-login/third-party/smart-policy> + GPA <../features/gpa/index> + DNSSEC (Linux only) + Hard Disk Encryption <../features/hard-disk-encryption> + Automatic Screen Lock (Linux only) <../features/automatic-screen-lock/index> + Import Keys Certs + Stunnel (Linux only) + Certificate Authority + Ipsec (Linux only) + N of M Schemes (Linux only? ) + Pkcs11-URL \ No newline at end of file diff --git a/nitrokeys/hsm/ipsec.rst b/nitrokeys/hsm/ipsec.rst new file mode 100644 index 0000000000..f206b18b45 --- /dev/null +++ b/nitrokeys/hsm/ipsec.rst @@ -0,0 +1,46 @@ +.. contents:: :local: + +`Strong Swan `__ works using the `PKCS#11 driver `__. Basically follow these steps: + +1. Generate a key on Nitrokey via pkcs11-tool. In this example it's a 4096 bit RSA key. + +.. code-block:: bash + + $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so -l -k --key-type rsa:4096 --id 10 --label 'Staging Access' + +2. Generate a certificate signing request via openssl + pkcs11 module + +.. code-block:: bash + + $ openssl + OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so + OpenSSL> req -engine pkcs11 -sha256 -new -key id_10 -keyform engine -out user@email.com-staging-cert.csr -subj '/C=GB/L=Cambridge/O=Organization/OU=Staging Access/CN=user@email.com/emailAddress=user@email.com' + +3. Sign the certificate with your certificate authority + +4. Convert the certificate to DER + +.. code-block:: bash + + $ openssl x509 -in user@email.com-staging-cert.csr -out user@email.com-staging-cert.der -outform DER + +5. Import the certificate into the Nitrokey via pkcs11-tool + +.. code-block:: bash + + $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so -l -y cert -w user@email.com-staging-cert.der --id 10 --label 'Staging Access' + +6. Configure Strongswan to load opensc-pkcs11 module then to load the certificate on Nitrokey. Edit /etc/strongswan.d/charon/pkcs11.conf and add the following module: + +.. code-block:: bash + + modules { + Nitrokey { + path = /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so + } + } + + +7. Initiate the VPN connection via IPSec/Strongswan, then prompt for Nitrokey PIN + +8. VPN is now connected \ No newline at end of file diff --git a/nitrokeys/hsm/linux/apache2-tls.rst b/nitrokeys/hsm/linux/apache2-tls.rst deleted file mode 100644 index 9d6b689cb1..0000000000 --- a/nitrokeys/hsm/linux/apache2-tls.rst +++ /dev/null @@ -1,4 +0,0 @@ - - -.. include:: ../apache2-tls.rst.inc - diff --git a/nitrokeys/hsm/linux/automatic-screen-lock.rst b/nitrokeys/hsm/linux/automatic-screen-lock.rst deleted file mode 100644 index d8f8332ad1..0000000000 --- a/nitrokeys/hsm/linux/automatic-screen-lock.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/linux/automatic-screen-lock.rst diff --git a/nitrokeys/hsm/linux/certificate-authority.rst b/nitrokeys/hsm/linux/certificate-authority.rst deleted file mode 100644 index d414fc892f..0000000000 --- a/nitrokeys/hsm/linux/certificate-authority.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../certificate-authority.rst.inc diff --git a/nitrokeys/hsm/linux/gpa.rst b/nitrokeys/hsm/linux/gpa.rst deleted file mode 100644 index 398ae468bc..0000000000 --- a/nitrokeys/hsm/linux/gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/gpa.rst diff --git a/nitrokeys/hsm/linux/hard-disk-encryption.rst b/nitrokeys/hsm/linux/hard-disk-encryption.rst deleted file mode 100644 index 95e1694368..0000000000 --- a/nitrokeys/hsm/linux/hard-disk-encryption.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/linux/hard-disk-encryption.rst diff --git a/nitrokeys/hsm/linux/import-keys-certs.rst b/nitrokeys/hsm/linux/import-keys-certs.rst deleted file mode 100644 index 95ee7978a4..0000000000 --- a/nitrokeys/hsm/linux/import-keys-certs.rst +++ /dev/null @@ -1,4 +0,0 @@ - - -.. include:: ../import-keys-certs.rst.inc - diff --git a/nitrokeys/hsm/linux/index.rst b/nitrokeys/hsm/linux/index.rst deleted file mode 100644 index edb30900b2..0000000000 --- a/nitrokeys/hsm/linux/index.rst +++ /dev/null @@ -1,30 +0,0 @@ -Nitrokey HSM with GNU/Linux -=========================== - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -1. Install `OpenSC `__. You need - at least version 0.19. You can find recent builds for debian-based - systems like Ubuntu - `here `__ if your system - does not have the newest version of OpenSC. Alternatively, install - `this `__ - driver (`source `__). -2. Define SO-PIN and PIN of your own choices. See `these - instructions `__. - Afterwards you can begin to `generate new - keys `__. - -Your Nitrokey is now ready to use. - -* There is `nitrotool `__ as a more comfortable frontend to OpenSC. (hsmwiz) -* Embedded Systems: For systems with minimal memory footprint a read/only PKCS#11 module is provided by the `sc-hsm-embedded `__ project. -* `This PKCS#11 module `__ is useful for deployments where key generation at the user's workplace is not required. The PKCS#11 module also supports major electronic signature cards available in the German market. -* OpenSCDP: The SmartCard-HSM is fully integrated with `OpenSCDP `__, the open smart card development platform. See the `public support scripts `__ for details. diff --git a/nitrokeys/hsm/linux/ipsec.rst b/nitrokeys/hsm/linux/ipsec.rst deleted file mode 100644 index 4e0695fd04..0000000000 --- a/nitrokeys/hsm/linux/ipsec.rst +++ /dev/null @@ -1,4 +0,0 @@ -IPsec -===== - -.. include:: ../ipsec.rst.inc diff --git a/nitrokeys/hsm/linux/n-of-m-schemes.rst b/nitrokeys/hsm/linux/n-of-m-schemes.rst deleted file mode 100644 index 37e1d8d430..0000000000 --- a/nitrokeys/hsm/linux/n-of-m-schemes.rst +++ /dev/null @@ -1,5 +0,0 @@ -N-of-m Schemes -============== - -.. include:: ../n-of-m-schemes.rst - diff --git a/nitrokeys/hsm/linux/pkcs11-url.rst b/nitrokeys/hsm/linux/pkcs11-url.rst deleted file mode 100644 index 5ad8f40b7a..0000000000 --- a/nitrokeys/hsm/linux/pkcs11-url.rst +++ /dev/null @@ -1,4 +0,0 @@ - - -.. include:: ../pkcs11-url.rst.inc - diff --git a/nitrokeys/hsm/linux/smime-outlook.rst b/nitrokeys/hsm/linux/smime-outlook.rst deleted file mode 100644 index acd45a24a9..0000000000 --- a/nitrokeys/hsm/linux/smime-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-outlook.rst.inc diff --git a/nitrokeys/hsm/linux/smime-thunderbird.rst b/nitrokeys/hsm/linux/smime-thunderbird.rst deleted file mode 100644 index 4ae43d43ba..0000000000 --- a/nitrokeys/hsm/linux/smime-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-thunderbird.rst.inc diff --git a/nitrokeys/hsm/linux/smime.rst b/nitrokeys/hsm/linux/smime.rst deleted file mode 100644 index 9a7ca24e7c..0000000000 --- a/nitrokeys/hsm/linux/smime.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../smime.rst.inc diff --git a/nitrokeys/hsm/linux/stunnel.rst b/nitrokeys/hsm/linux/stunnel.rst deleted file mode 100644 index 263c7fdc22..0000000000 --- a/nitrokeys/hsm/linux/stunnel.rst +++ /dev/null @@ -1,4 +0,0 @@ -Stunnel -======= - -.. include:: ../stunnel.rst.inc diff --git a/nitrokeys/hsm/mac/apache2-tls.rst b/nitrokeys/hsm/mac/apache2-tls.rst deleted file mode 100644 index 9d6b689cb1..0000000000 --- a/nitrokeys/hsm/mac/apache2-tls.rst +++ /dev/null @@ -1,4 +0,0 @@ - - -.. include:: ../apache2-tls.rst.inc - diff --git a/nitrokeys/hsm/mac/certificate-authority.rst b/nitrokeys/hsm/mac/certificate-authority.rst deleted file mode 100644 index d414fc892f..0000000000 --- a/nitrokeys/hsm/mac/certificate-authority.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../certificate-authority.rst.inc diff --git a/nitrokeys/hsm/mac/gpa.rst b/nitrokeys/hsm/mac/gpa.rst deleted file mode 100644 index 398ae468bc..0000000000 --- a/nitrokeys/hsm/mac/gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/gpa.rst diff --git a/nitrokeys/hsm/mac/hard-disk-encryption.rst b/nitrokeys/hsm/mac/hard-disk-encryption.rst deleted file mode 100644 index 97111bfd66..0000000000 --- a/nitrokeys/hsm/mac/hard-disk-encryption.rst +++ /dev/null @@ -1,4 +0,0 @@ -Hard Disk Encryption -=========================== - -.. include:: ../../pro/hard-disk-encryption.rst.inc diff --git a/nitrokeys/hsm/mac/import-keys-certs.rst b/nitrokeys/hsm/mac/import-keys-certs.rst deleted file mode 100644 index 95ee7978a4..0000000000 --- a/nitrokeys/hsm/mac/import-keys-certs.rst +++ /dev/null @@ -1,4 +0,0 @@ - - -.. include:: ../import-keys-certs.rst.inc - diff --git a/nitrokeys/hsm/mac/index.rst b/nitrokeys/hsm/mac/index.rst deleted file mode 100644 index 66fe944024..0000000000 --- a/nitrokeys/hsm/mac/index.rst +++ /dev/null @@ -1,27 +0,0 @@ -Nitrokey HSM with macOS -======================= - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -1. Install `OpenSC `__. - Alternatively, install - `this `__ - driver (`source `__). -2. Define SO-PIN and PIN of your own choices. See `these - instructions `__. - Afterwards you can begin to `generate new - keys `__. - -Your Nitrokey is now ready to use. - -* There is `nitrotool `__ as a more comfortable frontend to OpenSC. (hsmwiz) -* Embedded Systems: For systems with minimal memory footprint a read/only PKCS#11 module is provided by the `sc-hsm-embedded `__ project. -* `This PKCS#11 module `__ is useful for deployments where key generation at the user's workplace is not required. The PKCS#11 module also supports major electronic signature cards available in the German market. -* OpenSCDP: The SmartCard-HSM is fully integrated with `OpenSCDP `__, the open smart card development platform. See the `public support scripts `__ for details. diff --git a/nitrokeys/hsm/mac/pkcs11-url.rst b/nitrokeys/hsm/mac/pkcs11-url.rst deleted file mode 100644 index 5ad8f40b7a..0000000000 --- a/nitrokeys/hsm/mac/pkcs11-url.rst +++ /dev/null @@ -1,4 +0,0 @@ - - -.. include:: ../pkcs11-url.rst.inc - diff --git a/nitrokeys/hsm/mac/smime-outlook.rst b/nitrokeys/hsm/mac/smime-outlook.rst deleted file mode 100644 index acd45a24a9..0000000000 --- a/nitrokeys/hsm/mac/smime-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-outlook.rst.inc diff --git a/nitrokeys/hsm/mac/smime-thunderbird.rst b/nitrokeys/hsm/mac/smime-thunderbird.rst deleted file mode 100644 index 4ae43d43ba..0000000000 --- a/nitrokeys/hsm/mac/smime-thunderbird.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-thunderbird.rst.inc diff --git a/nitrokeys/hsm/mac/smime.rst b/nitrokeys/hsm/mac/smime.rst deleted file mode 100644 index 9a7ca24e7c..0000000000 --- a/nitrokeys/hsm/mac/smime.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../smime.rst.inc diff --git a/nitrokeys/hsm/smime.rst.inc b/nitrokeys/hsm/smime.rst similarity index 96% rename from nitrokeys/hsm/smime.rst.inc rename to nitrokeys/hsm/smime.rst index 906c5be8b1..e248dbcf2a 100644 --- a/nitrokeys/hsm/smime.rst.inc +++ b/nitrokeys/hsm/smime.rst @@ -16,6 +16,9 @@ The Nitrokey HSM 2 currently supports the S/MIME/X.509 standard. This page descr You need to purchase a S/MIME certificate (e.g. at `CERTUM `__) or may already got one by your company. Furthermore, you need to install `OpenSC `__ on your System. While GNU/Linux users usually can install OpenSC over the package manager (e.g. ``sudo apt install opensc`` on Ubuntu), macOS and Windows users can download the installation files from the `OpenSC `__ page. +.. note:: + Windows users with 64-bit system (standard) need to install both, the 32-bit and the 64-bit version of OpenSC! + Import Existing Key and Certificate ----------------------------------- diff --git a/nitrokeys/hsm/stunnel.rst b/nitrokeys/hsm/stunnel.rst new file mode 100644 index 0000000000..2f43e7ed18 --- /dev/null +++ b/nitrokeys/hsm/stunnel.rst @@ -0,0 +1,19 @@ +.. contents:: :local: + +`Stunnel `__ works as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. + +Stunnel is able to load OpenSC PKCS#11 engine using this configuration: + +.. code-block:: bash + + engine=dynamic + engineCtrl=SO_PATH:/usr/lib/opensc/engine_pkcs11.so + engineCtrl=ID:pkcs11 + engineCtrl=LIST_ADD:1 + engineCtrl=LOAD + engineCtrl=MODULE_PATH:/usr/lib/pkcs11/opensc-pkcs11.so + engineCtrl=INIT + + [service] + engineNum=1 + key=id_45 \ No newline at end of file diff --git a/nitrokeys/hsm/windows/apache2-tls.rst b/nitrokeys/hsm/windows/apache2-tls.rst deleted file mode 100644 index 9d6b689cb1..0000000000 --- a/nitrokeys/hsm/windows/apache2-tls.rst +++ /dev/null @@ -1,4 +0,0 @@ - - -.. include:: ../apache2-tls.rst.inc - diff --git a/nitrokeys/hsm/windows/certificate-authority.rst b/nitrokeys/hsm/windows/certificate-authority.rst deleted file mode 100644 index d414fc892f..0000000000 --- a/nitrokeys/hsm/windows/certificate-authority.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../certificate-authority.rst.inc diff --git a/nitrokeys/hsm/windows/gpa.rst b/nitrokeys/hsm/windows/gpa.rst deleted file mode 100644 index 398ae468bc..0000000000 --- a/nitrokeys/hsm/windows/gpa.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/gpa.rst diff --git a/nitrokeys/hsm/windows/hard-disk-encryption.rst b/nitrokeys/hsm/windows/hard-disk-encryption.rst deleted file mode 100644 index 7a15e069ec..0000000000 --- a/nitrokeys/hsm/windows/hard-disk-encryption.rst +++ /dev/null @@ -1,4 +0,0 @@ -Hard Disk Encryption -=========================== - -.. include:: ../../pro/hard-disk-encryption.rst.inc diff --git a/nitrokeys/hsm/windows/import-keys-certs.rst b/nitrokeys/hsm/windows/import-keys-certs.rst deleted file mode 100644 index 95ee7978a4..0000000000 --- a/nitrokeys/hsm/windows/import-keys-certs.rst +++ /dev/null @@ -1,4 +0,0 @@ - - -.. include:: ../import-keys-certs.rst.inc - diff --git a/nitrokeys/hsm/windows/index.rst b/nitrokeys/hsm/windows/index.rst deleted file mode 100644 index b508ac7ff0..0000000000 --- a/nitrokeys/hsm/windows/index.rst +++ /dev/null @@ -1,27 +0,0 @@ -Nitrokey HSM With Windows -========================= - -.. contents:: :local: - -.. toctree:: - :maxdepth: 1 - :glob: - :hidden: - - * - -1. Install `OpenSC `__. - Alternatively, install - `this `__ - driver (`source `__). -2. Define SO-PIN and PIN of your own choices. See `these - instructions `__. - Afterwards you can begin to `generate new - keys `__. - -Your Nitrokey is now ready to use. - -* There is `nitrotool `__ as a more comfortable frontend to OpenSC. (hsmwiz) -* Embedded Systems: For systems with minimal memory footprint a read/only PKCS#11 module is provided by the `sc-hsm-embedded `__ project. -* `This PKCS#11 module `__ is useful for deployments where key generation at the user's workplace is not required. The PKCS#11 module also supports major electronic signature cards available in the German market. -* OpenSCDP: The SmartCard-HSM is fully integrated with `OpenSCDP `__, the open smart card development platform. See the `public support scripts `__ for details. diff --git a/nitrokeys/hsm/windows/pkcs11-url.rst b/nitrokeys/hsm/windows/pkcs11-url.rst deleted file mode 100644 index 5ad8f40b7a..0000000000 --- a/nitrokeys/hsm/windows/pkcs11-url.rst +++ /dev/null @@ -1,4 +0,0 @@ - - -.. include:: ../pkcs11-url.rst.inc - diff --git a/nitrokeys/hsm/windows/smart-policy.rst b/nitrokeys/hsm/windows/smart-policy.rst deleted file mode 100644 index 7f85805135..0000000000 --- a/nitrokeys/hsm/windows/smart-policy.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smart-policy.rst.inc diff --git a/nitrokeys/hsm/windows/smime-outlook.rst b/nitrokeys/hsm/windows/smime-outlook.rst deleted file mode 100644 index acd45a24a9..0000000000 --- a/nitrokeys/hsm/windows/smime-outlook.rst +++ /dev/null @@ -1 +0,0 @@ -.. include:: ../../pro/smime-outlook.rst.inc diff --git a/nitrokeys/hsm/windows/smime-thunderbird.rst b/nitrokeys/hsm/windows/smime-thunderbird.rst deleted file mode 100644 index 2167f1b220..0000000000 --- a/nitrokeys/hsm/windows/smime-thunderbird.rst +++ /dev/null @@ -1,2 +0,0 @@ -.. include:: ../../pro/smime-thunderbird.rst.inc - diff --git a/nitrokeys/hsm/windows/smime.rst b/nitrokeys/hsm/windows/smime.rst deleted file mode 100644 index 7080df4aeb..0000000000 --- a/nitrokeys/hsm/windows/smime.rst +++ /dev/null @@ -1,8 +0,0 @@ -.. include:: ../smime.rst.inc - :end-line: 20 - -.. note:: - Windows users with 64-bit system (standard) need to install both, the 32-bit and the 64-bit version of OpenSC! - -.. include:: ../smime.rst.inc - :start-line: 20 diff --git a/nitrokeys/index.rst b/nitrokeys/index.rst index 4455189ab7..b2776738f3 100644 --- a/nitrokeys/index.rst +++ b/nitrokeys/index.rst @@ -10,3 +10,4 @@ Nitrokeys Storage Start Nitrokey3 + FIDO 2 From f5484e26ae7af79bb564d651a5fffa0cbf9adda5 Mon Sep 17 00:00:00 2001 From: Keksmo Date: Mon, 5 Aug 2024 14:09:46 +0200 Subject: [PATCH 16/33] put most features into their corresponding category --- .../encrypted-mobile-storage/index.rst} | 2 +- nitrokeys/features/fido/2fa/index.rst | 12 - .../desktop-login.rst | 0 .../images}/passwordless-microsoft/1.png | Bin .../images}/passwordless-microsoft/10.png | Bin .../images}/passwordless-microsoft/11.png | Bin .../images}/passwordless-microsoft/12.png | Bin .../images}/passwordless-microsoft/2.png | Bin .../images}/passwordless-microsoft/3.png | Bin .../images}/passwordless-microsoft/4.png | Bin .../images}/passwordless-microsoft/5.png | Bin .../images}/passwordless-microsoft/6.png | Bin .../images}/passwordless-microsoft/7.png | Bin .../images}/passwordless-microsoft/8.png | Bin .../images}/passwordless-microsoft/9.png | Bin nitrokeys/features/fido2/index.rst | 11 + .../passwordless-microsoft.rst | 0 .../2fa/2fa-website.rst => fido2/website.rst} | 15 - .../images/hidden/format-dialog.png | Bin .../images/hidden/format-tool.png | Bin .../images/hidden/hidden-schema.svg | 0 .../hidden/hidden-storage-partition.png | Bin .../hidden/hidden-storage-passphrase.png | Bin .../images/hidden/setup_hidden_volume.png | Bin .../hidden-storage/index.rst} | 0 nitrokeys/features/index.rst | 9 +- .../desktop-login}/images/smart-policy/1.png | Bin .../desktop-login}/images/smart-policy/2.png | Bin .../desktop-login}/images/smart-policy/3.png | Bin .../desktop-login}/images/smart-policy/4.png | Bin .../desktop-login}/images/smart-policy/5.png | Bin .../desktop-login}/images/smart-policy/6.png | Bin .../desktop-login}/index.rst | 0 .../desktop-login}/pam.rst | 0 .../desktop-login}/smart-policy.rst | 0 .../{ => openpgp-card}/gpa/images/gpa/1.png | Bin .../{ => openpgp-card}/gpa/images/gpa/2.png | Bin .../{ => openpgp-card}/gpa/images/gpa/3.png | Bin .../{ => openpgp-card}/gpa/images/gpa/4.png | Bin .../{ => openpgp-card}/gpa/images/gpa/5.png | Bin .../{ => openpgp-card}/gpa/images/gpa/6.png | Bin .../{ => openpgp-card}/gpa/images/gpa/7.png | Bin .../{ => openpgp-card}/gpa/images/gpa/8.png | Bin .../{ => openpgp-card}/gpa/images/gpa/9.png | Bin .../features/{ => openpgp-card}/gpa/index.rst | 0 .../images/luks/luks_1.png | Bin .../images/luks/luks_2.png | Bin .../images/luks/luks_3.png | Bin .../images/luks/luks_5.png | Bin .../images/luks/luks_6.png | Bin .../images/luks/luks_7.png | Bin .../hard-disk-encryption/index.rst | 0 .../hard-disk-encryption/luks.rst | 0 .../images/gpa/1.png | Bin .../images/gpa/2.png | Bin .../images/gpa/3.png | Bin .../images/gpa/4.png | Bin .../images/gpa/5.png | Bin .../images/gpa/6.png | Bin .../images/gpa/7.png | Bin .../images/openpgp-csp/1.png | Bin .../images/openpgp-csp/10.png | Bin .../images/openpgp-csp/11.png | Bin .../images/openpgp-csp/2.png | Bin .../images/openpgp-csp/3.png | Bin .../images/openpgp-csp/4.png | Bin .../images/openpgp-csp/5.png | Bin .../images/openpgp-csp/6.png | Bin .../images/openpgp-csp/7.png | Bin .../images/openpgp-csp/8.png | Bin .../images/openpgp-csp/9.png | Bin .../images/outlook/1.png | Bin .../images/outlook/2.png | Bin .../images/outlook/3.png | Bin .../images/outlook/4.png | Bin .../images/thunderbird/1.png | Bin .../images/thunderbird/10.png | Bin .../images/thunderbird/11.png | Bin .../images/thunderbird/12.png | Bin .../images/thunderbird/13.png | Bin .../images/thunderbird/14.png | Bin .../images/thunderbird/2.png | Bin .../images/thunderbird/3.png | Bin .../images/thunderbird/4.png | Bin .../images/thunderbird/5.png | Bin .../images/thunderbird/6.png | Bin .../images/thunderbird/7.png | Bin .../images/thunderbird/8.png | Bin .../images/thunderbird/9.png | Bin .../{openpgp => openpgp-card}/index.rst | 15 +- .../{ => openpgp-card}/ipsec/index.rst | 0 .../{openpgp => openpgp-card}/openpgp-csp.rst | 0 .../openpgp-keygen-backup.rst | 0 .../openpgp-keygen-gpa.rst | 0 .../openpgp-keygen-on-device.rst | 0 .../openpgp-outlook.rst | 0 .../openpgp-thunderbird.rst | 0 .../openvpn/easyrsa.rst} | 0 .../openvpn/images/viscosity/viscosity-1.jpg | Bin .../openvpn/images/viscosity/viscosity-2.jpg | Bin .../openvpn/images/viscosity/viscosity-3.jpg | Bin .../openvpn/images/viscosity/viscosity-4.jpg | Bin .../features/openpgp-card/openvpn/index.rst | 8 + .../openvpn/viscosity.rst} | 0 .../smime/images/smime-outlook/1.png | Bin .../smime/images/smime-outlook/2.png | Bin .../smime/images/smime-outlook/3.png | Bin .../smime/images/smime-thunderbird/1.png | Bin .../smime/images/smime-thunderbird/2.png | Bin .../smime/images/smime-thunderbird/3.png | Bin .../smime/images/smime-thunderbird/4.png | Bin .../smime/images/smime/1.png | Bin .../{ => openpgp-card}/smime/index.rst | 0 .../smime/smime-outlook.rst | 0 .../smime/smime-thunderbird.rst | 0 .../{ => openpgp-card}/ssh/images/putty/1.png | Bin .../{ => openpgp-card}/ssh/images/putty/2.png | Bin .../{ => openpgp-card}/ssh/images/putty/3.png | Bin .../{ => openpgp-card}/ssh/images/putty/4.png | Bin .../{ => openpgp-card}/ssh/images/putty/5.png | Bin .../{ => openpgp-card}/ssh/images/putty/6.png | Bin .../{ => openpgp-card}/ssh/images/putty/7.png | Bin .../features/{ => openpgp-card}/ssh/index.rst | 0 .../features/{ => openpgp-card}/ssh/putty.rst | 0 .../{ => openpgp-card}/stunnel/index.rst | 0 .../{openpgp => openpgp-card}/uif.rst | 0 nitrokeys/features/piv/index.rst | 11 +- nitrokeys/features/totp/index.rst | 2 + nitrokeys/features/u2f/2fa.rst | 33 + .../{fido/2fa => u2f}/desktop-login.rst | 12 +- .../images/desktop-login}/fidou2f-1.png | Bin .../images/desktop-login}/fidou2f-2.png | Bin .../images/desktop-login}/fidou2f-3.png | Bin .../images/desktop-login}/fidou2f-4.png | Bin .../images/desktop-login}/fidou2f-5.png | Bin .../images/desktop-login}/u2f-fido-pam-2.png | Bin nitrokeys/features/u2f/index.rst | 9 + .../2fa-nextcloud.rst => u2f/nextcloud.rst} | 0 .../{fido/2fa/2fa-odoo.rst => u2f/odoo.rst} | 0 nitrokeys/fido2/features.rst | 6 +- nitrokeys/fido2/index.rst | 5 +- nitrokeys/hsm/certificate-authority.rst | 683 ------------------ nitrokeys/hsm/index.rst | 2 +- nitrokeys/index.rst | 5 +- nitrokeys/pro/features.rst | 8 + nitrokeys/pro/index.rst | 22 +- nitrokeys/start/features.rst | 7 + nitrokeys/start/index.rst | 14 +- nitrokeys/storage/features.rst | 11 + nitrokeys/storage/index.rst | 18 +- nitrokeys/u2f/features.rst | 5 + nitrokeys/u2f/index.rst | 4 +- 152 files changed, 156 insertions(+), 773 deletions(-) rename nitrokeys/{storage/encrypted-mobile-storage.rst => features/encrypted-mobile-storage/index.rst} (96%) delete mode 100644 nitrokeys/features/fido/2fa/index.rst rename nitrokeys/features/{desktop-login => fido2}/desktop-login.rst (100%) rename nitrokeys/features/{fido => fido2/images}/passwordless-microsoft/1.png (100%) rename nitrokeys/features/{fido => fido2/images}/passwordless-microsoft/10.png (100%) rename nitrokeys/features/{fido => fido2/images}/passwordless-microsoft/11.png (100%) rename nitrokeys/features/{fido => fido2/images}/passwordless-microsoft/12.png (100%) rename nitrokeys/features/{fido => fido2/images}/passwordless-microsoft/2.png (100%) rename nitrokeys/features/{fido => fido2/images}/passwordless-microsoft/3.png (100%) rename nitrokeys/features/{fido => fido2/images}/passwordless-microsoft/4.png (100%) rename nitrokeys/features/{fido => fido2/images}/passwordless-microsoft/5.png (100%) rename nitrokeys/features/{fido => fido2/images}/passwordless-microsoft/6.png (100%) rename nitrokeys/features/{fido => fido2/images}/passwordless-microsoft/7.png (100%) rename nitrokeys/features/{fido => fido2/images}/passwordless-microsoft/8.png (100%) rename nitrokeys/features/{fido => fido2/images}/passwordless-microsoft/9.png (100%) create mode 100644 nitrokeys/features/fido2/index.rst rename nitrokeys/features/{fido => fido2}/passwordless-microsoft.rst (100%) rename nitrokeys/features/{fido/2fa/2fa-website.rst => fido2/website.rst} (94%) rename nitrokeys/{storage => features/hidden-storage}/images/hidden/format-dialog.png (100%) rename nitrokeys/{storage => features/hidden-storage}/images/hidden/format-tool.png (100%) rename nitrokeys/{storage => features/hidden-storage}/images/hidden/hidden-schema.svg (100%) rename nitrokeys/{storage => features/hidden-storage}/images/hidden/hidden-storage-partition.png (100%) rename nitrokeys/{storage => features/hidden-storage}/images/hidden/hidden-storage-passphrase.png (100%) rename nitrokeys/{storage => features/hidden-storage}/images/hidden/setup_hidden_volume.png (100%) rename nitrokeys/{storage/hidden.rst => features/hidden-storage/index.rst} (100%) rename nitrokeys/features/{desktop-login/third-party => openpgp-card/desktop-login}/images/smart-policy/1.png (100%) rename nitrokeys/features/{desktop-login/third-party => openpgp-card/desktop-login}/images/smart-policy/2.png (100%) rename nitrokeys/features/{desktop-login/third-party => openpgp-card/desktop-login}/images/smart-policy/3.png (100%) rename nitrokeys/features/{desktop-login/third-party => openpgp-card/desktop-login}/images/smart-policy/4.png (100%) rename nitrokeys/features/{desktop-login/third-party => openpgp-card/desktop-login}/images/smart-policy/5.png (100%) rename nitrokeys/features/{desktop-login/third-party => openpgp-card/desktop-login}/images/smart-policy/6.png (100%) rename nitrokeys/features/{desktop-login/third-party => openpgp-card/desktop-login}/index.rst (100%) rename nitrokeys/features/{desktop-login/third-party => openpgp-card/desktop-login}/pam.rst (100%) rename nitrokeys/features/{desktop-login/third-party => openpgp-card/desktop-login}/smart-policy.rst (100%) rename nitrokeys/features/{ => openpgp-card}/gpa/images/gpa/1.png (100%) rename nitrokeys/features/{ => openpgp-card}/gpa/images/gpa/2.png (100%) rename nitrokeys/features/{ => openpgp-card}/gpa/images/gpa/3.png (100%) rename nitrokeys/features/{ => openpgp-card}/gpa/images/gpa/4.png (100%) rename nitrokeys/features/{ => openpgp-card}/gpa/images/gpa/5.png (100%) rename nitrokeys/features/{ => openpgp-card}/gpa/images/gpa/6.png (100%) rename nitrokeys/features/{ => openpgp-card}/gpa/images/gpa/7.png (100%) rename nitrokeys/features/{ => openpgp-card}/gpa/images/gpa/8.png (100%) rename nitrokeys/features/{ => openpgp-card}/gpa/images/gpa/9.png (100%) rename nitrokeys/features/{ => openpgp-card}/gpa/index.rst (100%) rename nitrokeys/features/{ => openpgp-card}/hard-disk-encryption/images/luks/luks_1.png (100%) rename nitrokeys/features/{ => openpgp-card}/hard-disk-encryption/images/luks/luks_2.png (100%) rename nitrokeys/features/{ => openpgp-card}/hard-disk-encryption/images/luks/luks_3.png (100%) rename nitrokeys/features/{ => openpgp-card}/hard-disk-encryption/images/luks/luks_5.png (100%) rename nitrokeys/features/{ => openpgp-card}/hard-disk-encryption/images/luks/luks_6.png (100%) rename nitrokeys/features/{ => openpgp-card}/hard-disk-encryption/images/luks/luks_7.png (100%) rename nitrokeys/features/{ => openpgp-card}/hard-disk-encryption/index.rst (100%) rename nitrokeys/features/{ => openpgp-card}/hard-disk-encryption/luks.rst (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/gpa/1.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/gpa/2.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/gpa/3.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/gpa/4.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/gpa/5.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/gpa/6.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/gpa/7.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/openpgp-csp/1.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/openpgp-csp/10.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/openpgp-csp/11.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/openpgp-csp/2.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/openpgp-csp/3.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/openpgp-csp/4.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/openpgp-csp/5.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/openpgp-csp/6.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/openpgp-csp/7.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/openpgp-csp/8.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/openpgp-csp/9.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/outlook/1.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/outlook/2.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/outlook/3.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/outlook/4.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/thunderbird/1.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/thunderbird/10.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/thunderbird/11.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/thunderbird/12.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/thunderbird/13.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/thunderbird/14.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/thunderbird/2.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/thunderbird/3.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/thunderbird/4.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/thunderbird/5.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/thunderbird/6.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/thunderbird/7.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/thunderbird/8.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/images/thunderbird/9.png (100%) rename nitrokeys/features/{openpgp => openpgp-card}/index.rst (89%) rename nitrokeys/features/{ => openpgp-card}/ipsec/index.rst (100%) rename nitrokeys/features/{openpgp => openpgp-card}/openpgp-csp.rst (100%) rename nitrokeys/features/{openpgp => openpgp-card}/openpgp-keygen-backup.rst (100%) rename nitrokeys/features/{openpgp => openpgp-card}/openpgp-keygen-gpa.rst (100%) rename nitrokeys/features/{openpgp => openpgp-card}/openpgp-keygen-on-device.rst (100%) rename nitrokeys/features/{openpgp => openpgp-card}/openpgp-outlook.rst (100%) rename nitrokeys/features/{openpgp => openpgp-card}/openpgp-thunderbird.rst (100%) rename nitrokeys/features/{openvpn/openvpn-easyrsa.rst => openpgp-card/openvpn/easyrsa.rst} (100%) rename nitrokeys/features/{ => openpgp-card}/openvpn/images/viscosity/viscosity-1.jpg (100%) rename nitrokeys/features/{ => openpgp-card}/openvpn/images/viscosity/viscosity-2.jpg (100%) rename nitrokeys/features/{ => openpgp-card}/openvpn/images/viscosity/viscosity-3.jpg (100%) rename nitrokeys/features/{ => openpgp-card}/openvpn/images/viscosity/viscosity-4.jpg (100%) create mode 100644 nitrokeys/features/openpgp-card/openvpn/index.rst rename nitrokeys/features/{openvpn/openvpn-viscosity.rst => openpgp-card/openvpn/viscosity.rst} (100%) rename nitrokeys/features/{ => openpgp-card}/smime/images/smime-outlook/1.png (100%) rename nitrokeys/features/{ => openpgp-card}/smime/images/smime-outlook/2.png (100%) rename nitrokeys/features/{ => openpgp-card}/smime/images/smime-outlook/3.png (100%) rename nitrokeys/features/{ => openpgp-card}/smime/images/smime-thunderbird/1.png (100%) rename nitrokeys/features/{ => openpgp-card}/smime/images/smime-thunderbird/2.png (100%) rename nitrokeys/features/{ => openpgp-card}/smime/images/smime-thunderbird/3.png (100%) rename nitrokeys/features/{ => openpgp-card}/smime/images/smime-thunderbird/4.png (100%) rename nitrokeys/features/{ => openpgp-card}/smime/images/smime/1.png (100%) rename nitrokeys/features/{ => openpgp-card}/smime/index.rst (100%) rename nitrokeys/features/{ => openpgp-card}/smime/smime-outlook.rst (100%) rename nitrokeys/features/{ => openpgp-card}/smime/smime-thunderbird.rst (100%) rename nitrokeys/features/{ => openpgp-card}/ssh/images/putty/1.png (100%) rename nitrokeys/features/{ => openpgp-card}/ssh/images/putty/2.png (100%) rename nitrokeys/features/{ => openpgp-card}/ssh/images/putty/3.png (100%) rename nitrokeys/features/{ => openpgp-card}/ssh/images/putty/4.png (100%) rename nitrokeys/features/{ => openpgp-card}/ssh/images/putty/5.png (100%) rename nitrokeys/features/{ => openpgp-card}/ssh/images/putty/6.png (100%) rename nitrokeys/features/{ => openpgp-card}/ssh/images/putty/7.png (100%) rename nitrokeys/features/{ => openpgp-card}/ssh/index.rst (100%) rename nitrokeys/features/{ => openpgp-card}/ssh/putty.rst (100%) rename nitrokeys/features/{ => openpgp-card}/stunnel/index.rst (100%) rename nitrokeys/features/{openpgp => openpgp-card}/uif.rst (100%) create mode 100644 nitrokeys/features/u2f/2fa.rst rename nitrokeys/features/{fido/2fa => u2f}/desktop-login.rst (97%) rename nitrokeys/features/{fido/2fa/images => u2f/images/desktop-login}/fidou2f-1.png (100%) rename nitrokeys/features/{fido/2fa/images => u2f/images/desktop-login}/fidou2f-2.png (100%) rename nitrokeys/features/{fido/2fa/images => u2f/images/desktop-login}/fidou2f-3.png (100%) rename nitrokeys/features/{fido/2fa/images => u2f/images/desktop-login}/fidou2f-4.png (100%) rename nitrokeys/features/{fido/2fa/images => u2f/images/desktop-login}/fidou2f-5.png (100%) rename nitrokeys/features/{fido/2fa/images => u2f/images/desktop-login}/u2f-fido-pam-2.png (100%) create mode 100644 nitrokeys/features/u2f/index.rst rename nitrokeys/features/{fido/2fa/2fa-nextcloud.rst => u2f/nextcloud.rst} (100%) rename nitrokeys/features/{fido/2fa/2fa-odoo.rst => u2f/odoo.rst} (100%) delete mode 100644 nitrokeys/hsm/certificate-authority.rst create mode 100644 nitrokeys/pro/features.rst create mode 100644 nitrokeys/start/features.rst create mode 100644 nitrokeys/storage/features.rst create mode 100644 nitrokeys/u2f/features.rst diff --git a/nitrokeys/storage/encrypted-mobile-storage.rst b/nitrokeys/features/encrypted-mobile-storage/index.rst similarity index 96% rename from nitrokeys/storage/encrypted-mobile-storage.rst rename to nitrokeys/features/encrypted-mobile-storage/index.rst index 02f46aab0e..d5b1903614 100644 --- a/nitrokeys/storage/encrypted-mobile-storage.rst +++ b/nitrokeys/features/encrypted-mobile-storage/index.rst @@ -12,5 +12,5 @@ Prior of using the encrypted mobile storage you need to install and initialize t 6. To remove or lock the encrypted volume you should unmount/eject it first. 7. Afterwards you can disconnect the Nitrokey or select "lock encrypted volume" from the Nitrokey App menu. -The Nitrokey Storage is able to create hidden volumes as well. Please have a look at the corresponding instructions for `hidden volumes `_. +The Nitrokey Storage is able to create hidden volumes as well. Please have a look at the corresponding instructions for `hidden volumes <../hidden-storage/index.html>`_. diff --git a/nitrokeys/features/fido/2fa/index.rst b/nitrokeys/features/fido/2fa/index.rst deleted file mode 100644 index 09441eb430..0000000000 --- a/nitrokeys/features/fido/2fa/index.rst +++ /dev/null @@ -1,12 +0,0 @@ -Two-Factor Authentication (2FA) -=============================== - - -.. toctree:: - :maxdepth: 1 - :glob: - - Website Login <2fa-website> - Nextcloud Login <2fa-nextcloud> - Odoo Login <2fa-odoo> - Desktop Login \ No newline at end of file diff --git a/nitrokeys/features/desktop-login/desktop-login.rst b/nitrokeys/features/fido2/desktop-login.rst similarity index 100% rename from nitrokeys/features/desktop-login/desktop-login.rst rename to nitrokeys/features/fido2/desktop-login.rst diff --git a/nitrokeys/features/fido/passwordless-microsoft/1.png b/nitrokeys/features/fido2/images/passwordless-microsoft/1.png similarity index 100% rename from nitrokeys/features/fido/passwordless-microsoft/1.png rename to nitrokeys/features/fido2/images/passwordless-microsoft/1.png diff --git a/nitrokeys/features/fido/passwordless-microsoft/10.png b/nitrokeys/features/fido2/images/passwordless-microsoft/10.png similarity index 100% rename from nitrokeys/features/fido/passwordless-microsoft/10.png rename to nitrokeys/features/fido2/images/passwordless-microsoft/10.png diff --git a/nitrokeys/features/fido/passwordless-microsoft/11.png b/nitrokeys/features/fido2/images/passwordless-microsoft/11.png similarity index 100% rename from nitrokeys/features/fido/passwordless-microsoft/11.png rename to nitrokeys/features/fido2/images/passwordless-microsoft/11.png diff --git a/nitrokeys/features/fido/passwordless-microsoft/12.png b/nitrokeys/features/fido2/images/passwordless-microsoft/12.png similarity index 100% rename from nitrokeys/features/fido/passwordless-microsoft/12.png rename to nitrokeys/features/fido2/images/passwordless-microsoft/12.png diff --git a/nitrokeys/features/fido/passwordless-microsoft/2.png b/nitrokeys/features/fido2/images/passwordless-microsoft/2.png similarity index 100% rename from nitrokeys/features/fido/passwordless-microsoft/2.png rename to nitrokeys/features/fido2/images/passwordless-microsoft/2.png diff --git a/nitrokeys/features/fido/passwordless-microsoft/3.png b/nitrokeys/features/fido2/images/passwordless-microsoft/3.png similarity index 100% rename from nitrokeys/features/fido/passwordless-microsoft/3.png rename to nitrokeys/features/fido2/images/passwordless-microsoft/3.png diff --git a/nitrokeys/features/fido/passwordless-microsoft/4.png b/nitrokeys/features/fido2/images/passwordless-microsoft/4.png similarity index 100% rename from nitrokeys/features/fido/passwordless-microsoft/4.png rename to nitrokeys/features/fido2/images/passwordless-microsoft/4.png diff --git a/nitrokeys/features/fido/passwordless-microsoft/5.png b/nitrokeys/features/fido2/images/passwordless-microsoft/5.png similarity index 100% rename from nitrokeys/features/fido/passwordless-microsoft/5.png rename to nitrokeys/features/fido2/images/passwordless-microsoft/5.png diff --git a/nitrokeys/features/fido/passwordless-microsoft/6.png b/nitrokeys/features/fido2/images/passwordless-microsoft/6.png similarity index 100% rename from nitrokeys/features/fido/passwordless-microsoft/6.png rename to nitrokeys/features/fido2/images/passwordless-microsoft/6.png diff --git a/nitrokeys/features/fido/passwordless-microsoft/7.png b/nitrokeys/features/fido2/images/passwordless-microsoft/7.png similarity index 100% rename from nitrokeys/features/fido/passwordless-microsoft/7.png rename to nitrokeys/features/fido2/images/passwordless-microsoft/7.png diff --git a/nitrokeys/features/fido/passwordless-microsoft/8.png b/nitrokeys/features/fido2/images/passwordless-microsoft/8.png similarity index 100% rename from nitrokeys/features/fido/passwordless-microsoft/8.png rename to nitrokeys/features/fido2/images/passwordless-microsoft/8.png diff --git a/nitrokeys/features/fido/passwordless-microsoft/9.png b/nitrokeys/features/fido2/images/passwordless-microsoft/9.png similarity index 100% rename from nitrokeys/features/fido/passwordless-microsoft/9.png rename to nitrokeys/features/fido2/images/passwordless-microsoft/9.png diff --git a/nitrokeys/features/fido2/index.rst b/nitrokeys/features/fido2/index.rst new file mode 100644 index 0000000000..df54c81dcc --- /dev/null +++ b/nitrokeys/features/fido2/index.rst @@ -0,0 +1,11 @@ +FIDO2 +===== + + +.. toctree:: + :maxdepth: 1 + :glob: + + Website Login + Desktop Login + Passwordless Microsoft Login (Windows only) \ No newline at end of file diff --git a/nitrokeys/features/fido/passwordless-microsoft.rst b/nitrokeys/features/fido2/passwordless-microsoft.rst similarity index 100% rename from nitrokeys/features/fido/passwordless-microsoft.rst rename to nitrokeys/features/fido2/passwordless-microsoft.rst diff --git a/nitrokeys/features/fido/2fa/2fa-website.rst b/nitrokeys/features/fido2/website.rst similarity index 94% rename from nitrokeys/features/fido/2fa/2fa-website.rst rename to nitrokeys/features/fido2/website.rst index 018e0f10eb..5c16e09070 100644 --- a/nitrokeys/features/fido/2fa/2fa-website.rst +++ b/nitrokeys/features/fido2/website.rst @@ -39,21 +39,6 @@ Passwordless Authentication activate your Nitrokey FIDO2 this way each time you log in, after entering your PIN. -Two-Factor Authentication (2FA) -------------------------------- - -1. Open one of the `websites that support FIDO - U2F `__. -2. Log in to the website and enable two-factor authentication in your - account settings. (In most cases you will find a link to the - documentation of the supported web service at - `dongleauth.com `__) -3. Register your Nitrokey FIDO2 in the account settings by touching the - button to activate the Nitrokey FIDO2. After you have successfully - configured the device, you must activate the Nitrokey FIDO2 this way - each time you log in. - -You are now ready to go. Touch Button And LED Behavior ----------------------------- diff --git a/nitrokeys/storage/images/hidden/format-dialog.png b/nitrokeys/features/hidden-storage/images/hidden/format-dialog.png similarity index 100% rename from nitrokeys/storage/images/hidden/format-dialog.png rename to nitrokeys/features/hidden-storage/images/hidden/format-dialog.png diff --git a/nitrokeys/storage/images/hidden/format-tool.png b/nitrokeys/features/hidden-storage/images/hidden/format-tool.png similarity index 100% rename from nitrokeys/storage/images/hidden/format-tool.png rename to nitrokeys/features/hidden-storage/images/hidden/format-tool.png diff --git a/nitrokeys/storage/images/hidden/hidden-schema.svg b/nitrokeys/features/hidden-storage/images/hidden/hidden-schema.svg similarity index 100% rename from nitrokeys/storage/images/hidden/hidden-schema.svg rename to nitrokeys/features/hidden-storage/images/hidden/hidden-schema.svg diff --git a/nitrokeys/storage/images/hidden/hidden-storage-partition.png b/nitrokeys/features/hidden-storage/images/hidden/hidden-storage-partition.png similarity index 100% rename from nitrokeys/storage/images/hidden/hidden-storage-partition.png rename to nitrokeys/features/hidden-storage/images/hidden/hidden-storage-partition.png diff --git a/nitrokeys/storage/images/hidden/hidden-storage-passphrase.png b/nitrokeys/features/hidden-storage/images/hidden/hidden-storage-passphrase.png similarity index 100% rename from nitrokeys/storage/images/hidden/hidden-storage-passphrase.png rename to nitrokeys/features/hidden-storage/images/hidden/hidden-storage-passphrase.png diff --git a/nitrokeys/storage/images/hidden/setup_hidden_volume.png b/nitrokeys/features/hidden-storage/images/hidden/setup_hidden_volume.png similarity index 100% rename from nitrokeys/storage/images/hidden/setup_hidden_volume.png rename to nitrokeys/features/hidden-storage/images/hidden/setup_hidden_volume.png diff --git a/nitrokeys/storage/hidden.rst b/nitrokeys/features/hidden-storage/index.rst similarity index 100% rename from nitrokeys/storage/hidden.rst rename to nitrokeys/features/hidden-storage/index.rst diff --git a/nitrokeys/features/index.rst b/nitrokeys/features/index.rst index 53b3340059..dbc625a855 100644 --- a/nitrokeys/features/index.rst +++ b/nitrokeys/features/index.rst @@ -1,5 +1,12 @@ +Features +======== + .. toctree:: :maxdepth: 1 :glob: - * + FIDO2 + U2F + TOTP + HSM + PIV (Windows only) diff --git a/nitrokeys/features/desktop-login/third-party/images/smart-policy/1.png b/nitrokeys/features/openpgp-card/desktop-login/images/smart-policy/1.png similarity index 100% rename from nitrokeys/features/desktop-login/third-party/images/smart-policy/1.png rename to nitrokeys/features/openpgp-card/desktop-login/images/smart-policy/1.png diff --git a/nitrokeys/features/desktop-login/third-party/images/smart-policy/2.png b/nitrokeys/features/openpgp-card/desktop-login/images/smart-policy/2.png similarity index 100% rename from nitrokeys/features/desktop-login/third-party/images/smart-policy/2.png rename to nitrokeys/features/openpgp-card/desktop-login/images/smart-policy/2.png diff --git a/nitrokeys/features/desktop-login/third-party/images/smart-policy/3.png b/nitrokeys/features/openpgp-card/desktop-login/images/smart-policy/3.png similarity index 100% rename from nitrokeys/features/desktop-login/third-party/images/smart-policy/3.png rename to nitrokeys/features/openpgp-card/desktop-login/images/smart-policy/3.png diff --git a/nitrokeys/features/desktop-login/third-party/images/smart-policy/4.png b/nitrokeys/features/openpgp-card/desktop-login/images/smart-policy/4.png similarity index 100% rename from nitrokeys/features/desktop-login/third-party/images/smart-policy/4.png rename to nitrokeys/features/openpgp-card/desktop-login/images/smart-policy/4.png diff --git a/nitrokeys/features/desktop-login/third-party/images/smart-policy/5.png b/nitrokeys/features/openpgp-card/desktop-login/images/smart-policy/5.png similarity index 100% rename from nitrokeys/features/desktop-login/third-party/images/smart-policy/5.png rename to nitrokeys/features/openpgp-card/desktop-login/images/smart-policy/5.png diff --git a/nitrokeys/features/desktop-login/third-party/images/smart-policy/6.png b/nitrokeys/features/openpgp-card/desktop-login/images/smart-policy/6.png similarity index 100% rename from nitrokeys/features/desktop-login/third-party/images/smart-policy/6.png rename to nitrokeys/features/openpgp-card/desktop-login/images/smart-policy/6.png diff --git a/nitrokeys/features/desktop-login/third-party/index.rst b/nitrokeys/features/openpgp-card/desktop-login/index.rst similarity index 100% rename from nitrokeys/features/desktop-login/third-party/index.rst rename to nitrokeys/features/openpgp-card/desktop-login/index.rst diff --git a/nitrokeys/features/desktop-login/third-party/pam.rst b/nitrokeys/features/openpgp-card/desktop-login/pam.rst similarity index 100% rename from nitrokeys/features/desktop-login/third-party/pam.rst rename to nitrokeys/features/openpgp-card/desktop-login/pam.rst diff --git a/nitrokeys/features/desktop-login/third-party/smart-policy.rst b/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst similarity index 100% rename from nitrokeys/features/desktop-login/third-party/smart-policy.rst rename to nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst diff --git a/nitrokeys/features/gpa/images/gpa/1.png b/nitrokeys/features/openpgp-card/gpa/images/gpa/1.png similarity index 100% rename from nitrokeys/features/gpa/images/gpa/1.png rename to nitrokeys/features/openpgp-card/gpa/images/gpa/1.png diff --git a/nitrokeys/features/gpa/images/gpa/2.png b/nitrokeys/features/openpgp-card/gpa/images/gpa/2.png similarity index 100% rename from nitrokeys/features/gpa/images/gpa/2.png rename to nitrokeys/features/openpgp-card/gpa/images/gpa/2.png diff --git a/nitrokeys/features/gpa/images/gpa/3.png b/nitrokeys/features/openpgp-card/gpa/images/gpa/3.png similarity index 100% rename from nitrokeys/features/gpa/images/gpa/3.png rename to nitrokeys/features/openpgp-card/gpa/images/gpa/3.png diff --git a/nitrokeys/features/gpa/images/gpa/4.png b/nitrokeys/features/openpgp-card/gpa/images/gpa/4.png similarity index 100% rename from nitrokeys/features/gpa/images/gpa/4.png rename to nitrokeys/features/openpgp-card/gpa/images/gpa/4.png diff --git a/nitrokeys/features/gpa/images/gpa/5.png b/nitrokeys/features/openpgp-card/gpa/images/gpa/5.png similarity index 100% rename from nitrokeys/features/gpa/images/gpa/5.png rename to nitrokeys/features/openpgp-card/gpa/images/gpa/5.png diff --git a/nitrokeys/features/gpa/images/gpa/6.png b/nitrokeys/features/openpgp-card/gpa/images/gpa/6.png similarity index 100% rename from nitrokeys/features/gpa/images/gpa/6.png rename to nitrokeys/features/openpgp-card/gpa/images/gpa/6.png diff --git a/nitrokeys/features/gpa/images/gpa/7.png b/nitrokeys/features/openpgp-card/gpa/images/gpa/7.png similarity index 100% rename from nitrokeys/features/gpa/images/gpa/7.png rename to nitrokeys/features/openpgp-card/gpa/images/gpa/7.png diff --git a/nitrokeys/features/gpa/images/gpa/8.png b/nitrokeys/features/openpgp-card/gpa/images/gpa/8.png similarity index 100% rename from nitrokeys/features/gpa/images/gpa/8.png rename to nitrokeys/features/openpgp-card/gpa/images/gpa/8.png diff --git a/nitrokeys/features/gpa/images/gpa/9.png b/nitrokeys/features/openpgp-card/gpa/images/gpa/9.png similarity index 100% rename from nitrokeys/features/gpa/images/gpa/9.png rename to nitrokeys/features/openpgp-card/gpa/images/gpa/9.png diff --git a/nitrokeys/features/gpa/index.rst b/nitrokeys/features/openpgp-card/gpa/index.rst similarity index 100% rename from nitrokeys/features/gpa/index.rst rename to nitrokeys/features/openpgp-card/gpa/index.rst diff --git a/nitrokeys/features/hard-disk-encryption/images/luks/luks_1.png b/nitrokeys/features/openpgp-card/hard-disk-encryption/images/luks/luks_1.png similarity index 100% rename from nitrokeys/features/hard-disk-encryption/images/luks/luks_1.png rename to nitrokeys/features/openpgp-card/hard-disk-encryption/images/luks/luks_1.png diff --git a/nitrokeys/features/hard-disk-encryption/images/luks/luks_2.png b/nitrokeys/features/openpgp-card/hard-disk-encryption/images/luks/luks_2.png similarity index 100% rename from nitrokeys/features/hard-disk-encryption/images/luks/luks_2.png rename to nitrokeys/features/openpgp-card/hard-disk-encryption/images/luks/luks_2.png diff --git a/nitrokeys/features/hard-disk-encryption/images/luks/luks_3.png b/nitrokeys/features/openpgp-card/hard-disk-encryption/images/luks/luks_3.png similarity index 100% rename from nitrokeys/features/hard-disk-encryption/images/luks/luks_3.png rename to nitrokeys/features/openpgp-card/hard-disk-encryption/images/luks/luks_3.png diff --git a/nitrokeys/features/hard-disk-encryption/images/luks/luks_5.png b/nitrokeys/features/openpgp-card/hard-disk-encryption/images/luks/luks_5.png similarity index 100% rename from nitrokeys/features/hard-disk-encryption/images/luks/luks_5.png rename to nitrokeys/features/openpgp-card/hard-disk-encryption/images/luks/luks_5.png diff --git a/nitrokeys/features/hard-disk-encryption/images/luks/luks_6.png b/nitrokeys/features/openpgp-card/hard-disk-encryption/images/luks/luks_6.png similarity index 100% rename from nitrokeys/features/hard-disk-encryption/images/luks/luks_6.png rename to nitrokeys/features/openpgp-card/hard-disk-encryption/images/luks/luks_6.png diff --git a/nitrokeys/features/hard-disk-encryption/images/luks/luks_7.png b/nitrokeys/features/openpgp-card/hard-disk-encryption/images/luks/luks_7.png similarity index 100% rename from nitrokeys/features/hard-disk-encryption/images/luks/luks_7.png rename to nitrokeys/features/openpgp-card/hard-disk-encryption/images/luks/luks_7.png diff --git a/nitrokeys/features/hard-disk-encryption/index.rst b/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst similarity index 100% rename from nitrokeys/features/hard-disk-encryption/index.rst rename to nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst diff --git a/nitrokeys/features/hard-disk-encryption/luks.rst b/nitrokeys/features/openpgp-card/hard-disk-encryption/luks.rst similarity index 100% rename from nitrokeys/features/hard-disk-encryption/luks.rst rename to nitrokeys/features/openpgp-card/hard-disk-encryption/luks.rst diff --git a/nitrokeys/features/openpgp/images/gpa/1.png b/nitrokeys/features/openpgp-card/images/gpa/1.png similarity index 100% rename from nitrokeys/features/openpgp/images/gpa/1.png rename to nitrokeys/features/openpgp-card/images/gpa/1.png diff --git a/nitrokeys/features/openpgp/images/gpa/2.png b/nitrokeys/features/openpgp-card/images/gpa/2.png similarity index 100% rename from nitrokeys/features/openpgp/images/gpa/2.png rename to nitrokeys/features/openpgp-card/images/gpa/2.png diff --git a/nitrokeys/features/openpgp/images/gpa/3.png b/nitrokeys/features/openpgp-card/images/gpa/3.png similarity index 100% rename from nitrokeys/features/openpgp/images/gpa/3.png rename to nitrokeys/features/openpgp-card/images/gpa/3.png diff --git a/nitrokeys/features/openpgp/images/gpa/4.png b/nitrokeys/features/openpgp-card/images/gpa/4.png similarity index 100% rename from nitrokeys/features/openpgp/images/gpa/4.png rename to nitrokeys/features/openpgp-card/images/gpa/4.png diff --git a/nitrokeys/features/openpgp/images/gpa/5.png b/nitrokeys/features/openpgp-card/images/gpa/5.png similarity index 100% rename from nitrokeys/features/openpgp/images/gpa/5.png rename to nitrokeys/features/openpgp-card/images/gpa/5.png diff --git a/nitrokeys/features/openpgp/images/gpa/6.png b/nitrokeys/features/openpgp-card/images/gpa/6.png similarity index 100% rename from nitrokeys/features/openpgp/images/gpa/6.png rename to nitrokeys/features/openpgp-card/images/gpa/6.png diff --git a/nitrokeys/features/openpgp/images/gpa/7.png b/nitrokeys/features/openpgp-card/images/gpa/7.png similarity index 100% rename from nitrokeys/features/openpgp/images/gpa/7.png rename to nitrokeys/features/openpgp-card/images/gpa/7.png diff --git a/nitrokeys/features/openpgp/images/openpgp-csp/1.png b/nitrokeys/features/openpgp-card/images/openpgp-csp/1.png similarity index 100% rename from nitrokeys/features/openpgp/images/openpgp-csp/1.png rename to nitrokeys/features/openpgp-card/images/openpgp-csp/1.png diff --git a/nitrokeys/features/openpgp/images/openpgp-csp/10.png b/nitrokeys/features/openpgp-card/images/openpgp-csp/10.png similarity index 100% rename from nitrokeys/features/openpgp/images/openpgp-csp/10.png rename to nitrokeys/features/openpgp-card/images/openpgp-csp/10.png diff --git a/nitrokeys/features/openpgp/images/openpgp-csp/11.png b/nitrokeys/features/openpgp-card/images/openpgp-csp/11.png similarity index 100% rename from nitrokeys/features/openpgp/images/openpgp-csp/11.png rename to nitrokeys/features/openpgp-card/images/openpgp-csp/11.png diff --git a/nitrokeys/features/openpgp/images/openpgp-csp/2.png b/nitrokeys/features/openpgp-card/images/openpgp-csp/2.png similarity index 100% rename from nitrokeys/features/openpgp/images/openpgp-csp/2.png rename to nitrokeys/features/openpgp-card/images/openpgp-csp/2.png diff --git a/nitrokeys/features/openpgp/images/openpgp-csp/3.png b/nitrokeys/features/openpgp-card/images/openpgp-csp/3.png similarity index 100% rename from nitrokeys/features/openpgp/images/openpgp-csp/3.png rename to nitrokeys/features/openpgp-card/images/openpgp-csp/3.png diff --git a/nitrokeys/features/openpgp/images/openpgp-csp/4.png b/nitrokeys/features/openpgp-card/images/openpgp-csp/4.png similarity index 100% rename from nitrokeys/features/openpgp/images/openpgp-csp/4.png rename to nitrokeys/features/openpgp-card/images/openpgp-csp/4.png diff --git a/nitrokeys/features/openpgp/images/openpgp-csp/5.png b/nitrokeys/features/openpgp-card/images/openpgp-csp/5.png similarity index 100% rename from nitrokeys/features/openpgp/images/openpgp-csp/5.png rename to nitrokeys/features/openpgp-card/images/openpgp-csp/5.png diff --git a/nitrokeys/features/openpgp/images/openpgp-csp/6.png b/nitrokeys/features/openpgp-card/images/openpgp-csp/6.png similarity index 100% rename from nitrokeys/features/openpgp/images/openpgp-csp/6.png rename to nitrokeys/features/openpgp-card/images/openpgp-csp/6.png diff --git a/nitrokeys/features/openpgp/images/openpgp-csp/7.png b/nitrokeys/features/openpgp-card/images/openpgp-csp/7.png similarity index 100% rename from nitrokeys/features/openpgp/images/openpgp-csp/7.png rename to nitrokeys/features/openpgp-card/images/openpgp-csp/7.png diff --git a/nitrokeys/features/openpgp/images/openpgp-csp/8.png b/nitrokeys/features/openpgp-card/images/openpgp-csp/8.png similarity index 100% rename from nitrokeys/features/openpgp/images/openpgp-csp/8.png rename to nitrokeys/features/openpgp-card/images/openpgp-csp/8.png diff --git a/nitrokeys/features/openpgp/images/openpgp-csp/9.png b/nitrokeys/features/openpgp-card/images/openpgp-csp/9.png similarity index 100% rename from nitrokeys/features/openpgp/images/openpgp-csp/9.png rename to nitrokeys/features/openpgp-card/images/openpgp-csp/9.png diff --git a/nitrokeys/features/openpgp/images/outlook/1.png b/nitrokeys/features/openpgp-card/images/outlook/1.png similarity index 100% rename from nitrokeys/features/openpgp/images/outlook/1.png rename to nitrokeys/features/openpgp-card/images/outlook/1.png diff --git a/nitrokeys/features/openpgp/images/outlook/2.png b/nitrokeys/features/openpgp-card/images/outlook/2.png similarity index 100% rename from nitrokeys/features/openpgp/images/outlook/2.png rename to nitrokeys/features/openpgp-card/images/outlook/2.png diff --git a/nitrokeys/features/openpgp/images/outlook/3.png b/nitrokeys/features/openpgp-card/images/outlook/3.png similarity index 100% rename from nitrokeys/features/openpgp/images/outlook/3.png rename to nitrokeys/features/openpgp-card/images/outlook/3.png diff --git a/nitrokeys/features/openpgp/images/outlook/4.png b/nitrokeys/features/openpgp-card/images/outlook/4.png similarity index 100% rename from nitrokeys/features/openpgp/images/outlook/4.png rename to nitrokeys/features/openpgp-card/images/outlook/4.png diff --git a/nitrokeys/features/openpgp/images/thunderbird/1.png b/nitrokeys/features/openpgp-card/images/thunderbird/1.png similarity index 100% rename from nitrokeys/features/openpgp/images/thunderbird/1.png rename to nitrokeys/features/openpgp-card/images/thunderbird/1.png diff --git a/nitrokeys/features/openpgp/images/thunderbird/10.png b/nitrokeys/features/openpgp-card/images/thunderbird/10.png similarity index 100% rename from nitrokeys/features/openpgp/images/thunderbird/10.png rename to nitrokeys/features/openpgp-card/images/thunderbird/10.png diff --git a/nitrokeys/features/openpgp/images/thunderbird/11.png b/nitrokeys/features/openpgp-card/images/thunderbird/11.png similarity index 100% rename from nitrokeys/features/openpgp/images/thunderbird/11.png rename to nitrokeys/features/openpgp-card/images/thunderbird/11.png diff --git a/nitrokeys/features/openpgp/images/thunderbird/12.png b/nitrokeys/features/openpgp-card/images/thunderbird/12.png similarity index 100% rename from nitrokeys/features/openpgp/images/thunderbird/12.png rename to nitrokeys/features/openpgp-card/images/thunderbird/12.png diff --git a/nitrokeys/features/openpgp/images/thunderbird/13.png b/nitrokeys/features/openpgp-card/images/thunderbird/13.png similarity index 100% rename from nitrokeys/features/openpgp/images/thunderbird/13.png rename to nitrokeys/features/openpgp-card/images/thunderbird/13.png diff --git a/nitrokeys/features/openpgp/images/thunderbird/14.png b/nitrokeys/features/openpgp-card/images/thunderbird/14.png similarity index 100% rename from nitrokeys/features/openpgp/images/thunderbird/14.png rename to nitrokeys/features/openpgp-card/images/thunderbird/14.png diff --git a/nitrokeys/features/openpgp/images/thunderbird/2.png b/nitrokeys/features/openpgp-card/images/thunderbird/2.png similarity index 100% rename from nitrokeys/features/openpgp/images/thunderbird/2.png rename to nitrokeys/features/openpgp-card/images/thunderbird/2.png diff --git a/nitrokeys/features/openpgp/images/thunderbird/3.png b/nitrokeys/features/openpgp-card/images/thunderbird/3.png similarity index 100% rename from nitrokeys/features/openpgp/images/thunderbird/3.png rename to nitrokeys/features/openpgp-card/images/thunderbird/3.png diff --git a/nitrokeys/features/openpgp/images/thunderbird/4.png b/nitrokeys/features/openpgp-card/images/thunderbird/4.png similarity index 100% rename from nitrokeys/features/openpgp/images/thunderbird/4.png rename to nitrokeys/features/openpgp-card/images/thunderbird/4.png diff --git a/nitrokeys/features/openpgp/images/thunderbird/5.png b/nitrokeys/features/openpgp-card/images/thunderbird/5.png similarity index 100% rename from nitrokeys/features/openpgp/images/thunderbird/5.png rename to nitrokeys/features/openpgp-card/images/thunderbird/5.png diff --git a/nitrokeys/features/openpgp/images/thunderbird/6.png b/nitrokeys/features/openpgp-card/images/thunderbird/6.png similarity index 100% rename from nitrokeys/features/openpgp/images/thunderbird/6.png rename to nitrokeys/features/openpgp-card/images/thunderbird/6.png diff --git a/nitrokeys/features/openpgp/images/thunderbird/7.png b/nitrokeys/features/openpgp-card/images/thunderbird/7.png similarity index 100% rename from nitrokeys/features/openpgp/images/thunderbird/7.png rename to nitrokeys/features/openpgp-card/images/thunderbird/7.png diff --git a/nitrokeys/features/openpgp/images/thunderbird/8.png b/nitrokeys/features/openpgp-card/images/thunderbird/8.png similarity index 100% rename from nitrokeys/features/openpgp/images/thunderbird/8.png rename to nitrokeys/features/openpgp-card/images/thunderbird/8.png diff --git a/nitrokeys/features/openpgp/images/thunderbird/9.png b/nitrokeys/features/openpgp-card/images/thunderbird/9.png similarity index 100% rename from nitrokeys/features/openpgp/images/thunderbird/9.png rename to nitrokeys/features/openpgp-card/images/thunderbird/9.png diff --git a/nitrokeys/features/openpgp/index.rst b/nitrokeys/features/openpgp-card/index.rst similarity index 89% rename from nitrokeys/features/openpgp/index.rst rename to nitrokeys/features/openpgp-card/index.rst index 27f585a4f3..5088194811 100644 --- a/nitrokeys/features/openpgp/index.rst +++ b/nitrokeys/features/openpgp-card/index.rst @@ -7,7 +7,7 @@ There are two widely used standards for email encryption. - S/MIME/X.509 is mostly used by enterprises. -If you are in doubt which one to choose, you should use OpenPGP. While this page describes the usage of OpenPGP, S/MIME is described `here <../smime/index.html>`_. +If you are in doubt which one to choose, you should use OpenPGP. While this page describes the usage of OpenPGP, S/MIME is described `here `_. Please familiarize yourself with the general concept behind the OpenPGP standard first, for example by reading `this info graphic `__ of the Free Software Foundation. @@ -46,6 +46,7 @@ Usage You can find further information about the usage on these pages: + - to use `OpenPGP encryption with Thunderbird `_ @@ -54,6 +55,8 @@ You can find further information about the usage on these pages: - to use `OpenPGP Touch Confirmation (Nitrokey 3 only) `_ +- to use `OpenVPN `_ + - to use `Claws Mail `__, an email client (and news reader) for Linux and Windows @@ -63,3 +66,13 @@ You can find further information about the usage on these pages: an email client for the Gnome Desktop on Linux systems - to use `GPGTools `__ on macOS. + +- to use `Desktop Login `_ + +- to use `IPSec `_ + +- to use `Hard Disk Encryption `_ + +- to use `Stunnel `_ + +- to use `Gnu Privacy Assistant (GPA) `_ diff --git a/nitrokeys/features/ipsec/index.rst b/nitrokeys/features/openpgp-card/ipsec/index.rst similarity index 100% rename from nitrokeys/features/ipsec/index.rst rename to nitrokeys/features/openpgp-card/ipsec/index.rst diff --git a/nitrokeys/features/openpgp/openpgp-csp.rst b/nitrokeys/features/openpgp-card/openpgp-csp.rst similarity index 100% rename from nitrokeys/features/openpgp/openpgp-csp.rst rename to nitrokeys/features/openpgp-card/openpgp-csp.rst diff --git a/nitrokeys/features/openpgp/openpgp-keygen-backup.rst b/nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst similarity index 100% rename from nitrokeys/features/openpgp/openpgp-keygen-backup.rst rename to nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst diff --git a/nitrokeys/features/openpgp/openpgp-keygen-gpa.rst b/nitrokeys/features/openpgp-card/openpgp-keygen-gpa.rst similarity index 100% rename from nitrokeys/features/openpgp/openpgp-keygen-gpa.rst rename to nitrokeys/features/openpgp-card/openpgp-keygen-gpa.rst diff --git a/nitrokeys/features/openpgp/openpgp-keygen-on-device.rst b/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst similarity index 100% rename from nitrokeys/features/openpgp/openpgp-keygen-on-device.rst rename to nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst diff --git a/nitrokeys/features/openpgp/openpgp-outlook.rst b/nitrokeys/features/openpgp-card/openpgp-outlook.rst similarity index 100% rename from nitrokeys/features/openpgp/openpgp-outlook.rst rename to nitrokeys/features/openpgp-card/openpgp-outlook.rst diff --git a/nitrokeys/features/openpgp/openpgp-thunderbird.rst b/nitrokeys/features/openpgp-card/openpgp-thunderbird.rst similarity index 100% rename from nitrokeys/features/openpgp/openpgp-thunderbird.rst rename to nitrokeys/features/openpgp-card/openpgp-thunderbird.rst diff --git a/nitrokeys/features/openvpn/openvpn-easyrsa.rst b/nitrokeys/features/openpgp-card/openvpn/easyrsa.rst similarity index 100% rename from nitrokeys/features/openvpn/openvpn-easyrsa.rst rename to nitrokeys/features/openpgp-card/openvpn/easyrsa.rst diff --git a/nitrokeys/features/openvpn/images/viscosity/viscosity-1.jpg b/nitrokeys/features/openpgp-card/openvpn/images/viscosity/viscosity-1.jpg similarity index 100% rename from nitrokeys/features/openvpn/images/viscosity/viscosity-1.jpg rename to nitrokeys/features/openpgp-card/openvpn/images/viscosity/viscosity-1.jpg diff --git a/nitrokeys/features/openvpn/images/viscosity/viscosity-2.jpg b/nitrokeys/features/openpgp-card/openvpn/images/viscosity/viscosity-2.jpg similarity index 100% rename from nitrokeys/features/openvpn/images/viscosity/viscosity-2.jpg rename to nitrokeys/features/openpgp-card/openvpn/images/viscosity/viscosity-2.jpg diff --git a/nitrokeys/features/openvpn/images/viscosity/viscosity-3.jpg b/nitrokeys/features/openpgp-card/openvpn/images/viscosity/viscosity-3.jpg similarity index 100% rename from nitrokeys/features/openvpn/images/viscosity/viscosity-3.jpg rename to nitrokeys/features/openpgp-card/openvpn/images/viscosity/viscosity-3.jpg diff --git a/nitrokeys/features/openvpn/images/viscosity/viscosity-4.jpg b/nitrokeys/features/openpgp-card/openvpn/images/viscosity/viscosity-4.jpg similarity index 100% rename from nitrokeys/features/openvpn/images/viscosity/viscosity-4.jpg rename to nitrokeys/features/openpgp-card/openvpn/images/viscosity/viscosity-4.jpg diff --git a/nitrokeys/features/openpgp-card/openvpn/index.rst b/nitrokeys/features/openpgp-card/openvpn/index.rst new file mode 100644 index 0000000000..e875e8ef83 --- /dev/null +++ b/nitrokeys/features/openpgp-card/openvpn/index.rst @@ -0,0 +1,8 @@ +OpenVPN +======= + +.. toctree:: + :maxdepth: 1 + + EasyRSA + Viscosity \ No newline at end of file diff --git a/nitrokeys/features/openvpn/openvpn-viscosity.rst b/nitrokeys/features/openpgp-card/openvpn/viscosity.rst similarity index 100% rename from nitrokeys/features/openvpn/openvpn-viscosity.rst rename to nitrokeys/features/openpgp-card/openvpn/viscosity.rst diff --git a/nitrokeys/features/smime/images/smime-outlook/1.png b/nitrokeys/features/openpgp-card/smime/images/smime-outlook/1.png similarity index 100% rename from nitrokeys/features/smime/images/smime-outlook/1.png rename to nitrokeys/features/openpgp-card/smime/images/smime-outlook/1.png diff --git a/nitrokeys/features/smime/images/smime-outlook/2.png b/nitrokeys/features/openpgp-card/smime/images/smime-outlook/2.png similarity index 100% rename from nitrokeys/features/smime/images/smime-outlook/2.png rename to nitrokeys/features/openpgp-card/smime/images/smime-outlook/2.png diff --git a/nitrokeys/features/smime/images/smime-outlook/3.png b/nitrokeys/features/openpgp-card/smime/images/smime-outlook/3.png similarity index 100% rename from nitrokeys/features/smime/images/smime-outlook/3.png rename to nitrokeys/features/openpgp-card/smime/images/smime-outlook/3.png diff --git a/nitrokeys/features/smime/images/smime-thunderbird/1.png b/nitrokeys/features/openpgp-card/smime/images/smime-thunderbird/1.png similarity index 100% rename from nitrokeys/features/smime/images/smime-thunderbird/1.png rename to nitrokeys/features/openpgp-card/smime/images/smime-thunderbird/1.png diff --git a/nitrokeys/features/smime/images/smime-thunderbird/2.png b/nitrokeys/features/openpgp-card/smime/images/smime-thunderbird/2.png similarity index 100% rename from nitrokeys/features/smime/images/smime-thunderbird/2.png rename to nitrokeys/features/openpgp-card/smime/images/smime-thunderbird/2.png diff --git a/nitrokeys/features/smime/images/smime-thunderbird/3.png b/nitrokeys/features/openpgp-card/smime/images/smime-thunderbird/3.png similarity index 100% rename from nitrokeys/features/smime/images/smime-thunderbird/3.png rename to nitrokeys/features/openpgp-card/smime/images/smime-thunderbird/3.png diff --git a/nitrokeys/features/smime/images/smime-thunderbird/4.png b/nitrokeys/features/openpgp-card/smime/images/smime-thunderbird/4.png similarity index 100% rename from nitrokeys/features/smime/images/smime-thunderbird/4.png rename to nitrokeys/features/openpgp-card/smime/images/smime-thunderbird/4.png diff --git a/nitrokeys/features/smime/images/smime/1.png b/nitrokeys/features/openpgp-card/smime/images/smime/1.png similarity index 100% rename from nitrokeys/features/smime/images/smime/1.png rename to nitrokeys/features/openpgp-card/smime/images/smime/1.png diff --git a/nitrokeys/features/smime/index.rst b/nitrokeys/features/openpgp-card/smime/index.rst similarity index 100% rename from nitrokeys/features/smime/index.rst rename to nitrokeys/features/openpgp-card/smime/index.rst diff --git a/nitrokeys/features/smime/smime-outlook.rst b/nitrokeys/features/openpgp-card/smime/smime-outlook.rst similarity index 100% rename from nitrokeys/features/smime/smime-outlook.rst rename to nitrokeys/features/openpgp-card/smime/smime-outlook.rst diff --git a/nitrokeys/features/smime/smime-thunderbird.rst b/nitrokeys/features/openpgp-card/smime/smime-thunderbird.rst similarity index 100% rename from nitrokeys/features/smime/smime-thunderbird.rst rename to nitrokeys/features/openpgp-card/smime/smime-thunderbird.rst diff --git a/nitrokeys/features/ssh/images/putty/1.png b/nitrokeys/features/openpgp-card/ssh/images/putty/1.png similarity index 100% rename from nitrokeys/features/ssh/images/putty/1.png rename to nitrokeys/features/openpgp-card/ssh/images/putty/1.png diff --git a/nitrokeys/features/ssh/images/putty/2.png b/nitrokeys/features/openpgp-card/ssh/images/putty/2.png similarity index 100% rename from nitrokeys/features/ssh/images/putty/2.png rename to nitrokeys/features/openpgp-card/ssh/images/putty/2.png diff --git a/nitrokeys/features/ssh/images/putty/3.png b/nitrokeys/features/openpgp-card/ssh/images/putty/3.png similarity index 100% rename from nitrokeys/features/ssh/images/putty/3.png rename to nitrokeys/features/openpgp-card/ssh/images/putty/3.png diff --git a/nitrokeys/features/ssh/images/putty/4.png b/nitrokeys/features/openpgp-card/ssh/images/putty/4.png similarity index 100% rename from nitrokeys/features/ssh/images/putty/4.png rename to nitrokeys/features/openpgp-card/ssh/images/putty/4.png diff --git a/nitrokeys/features/ssh/images/putty/5.png b/nitrokeys/features/openpgp-card/ssh/images/putty/5.png similarity index 100% rename from nitrokeys/features/ssh/images/putty/5.png rename to nitrokeys/features/openpgp-card/ssh/images/putty/5.png diff --git a/nitrokeys/features/ssh/images/putty/6.png b/nitrokeys/features/openpgp-card/ssh/images/putty/6.png similarity index 100% rename from nitrokeys/features/ssh/images/putty/6.png rename to nitrokeys/features/openpgp-card/ssh/images/putty/6.png diff --git a/nitrokeys/features/ssh/images/putty/7.png b/nitrokeys/features/openpgp-card/ssh/images/putty/7.png similarity index 100% rename from nitrokeys/features/ssh/images/putty/7.png rename to nitrokeys/features/openpgp-card/ssh/images/putty/7.png diff --git a/nitrokeys/features/ssh/index.rst b/nitrokeys/features/openpgp-card/ssh/index.rst similarity index 100% rename from nitrokeys/features/ssh/index.rst rename to nitrokeys/features/openpgp-card/ssh/index.rst diff --git a/nitrokeys/features/ssh/putty.rst b/nitrokeys/features/openpgp-card/ssh/putty.rst similarity index 100% rename from nitrokeys/features/ssh/putty.rst rename to nitrokeys/features/openpgp-card/ssh/putty.rst diff --git a/nitrokeys/features/stunnel/index.rst b/nitrokeys/features/openpgp-card/stunnel/index.rst similarity index 100% rename from nitrokeys/features/stunnel/index.rst rename to nitrokeys/features/openpgp-card/stunnel/index.rst diff --git a/nitrokeys/features/openpgp/uif.rst b/nitrokeys/features/openpgp-card/uif.rst similarity index 100% rename from nitrokeys/features/openpgp/uif.rst rename to nitrokeys/features/openpgp-card/uif.rst diff --git a/nitrokeys/features/piv/index.rst b/nitrokeys/features/piv/index.rst index cbcc6557cc..c071dcddd5 100644 --- a/nitrokeys/features/piv/index.rst +++ b/nitrokeys/features/piv/index.rst @@ -10,13 +10,12 @@ PIV (Personal Identity Verification) The *Personal Identity Verfication* (PIV) is based on the NIST special publication `SP 800-73 `__. .. toctree:: - :hidden: :maxdepth: 1 :glob: - access_control.rst - certificate_management.rst - factory_reset.rst - key_management.rst + Access Control + Certificate Management + Factory Reset + Key Management - guides/index.rst + Guides diff --git a/nitrokeys/features/totp/index.rst b/nitrokeys/features/totp/index.rst index bca12bb122..49f95f9cac 100644 --- a/nitrokeys/features/totp/index.rst +++ b/nitrokeys/features/totp/index.rst @@ -2,6 +2,8 @@ Two-factor Authentication with One-Time Passwords (OTP) ======================================================= .. toctree:: + :maxdepth: 1 + General Instructions Microsoft Google diff --git a/nitrokeys/features/u2f/2fa.rst b/nitrokeys/features/u2f/2fa.rst new file mode 100644 index 0000000000..c366b2098e --- /dev/null +++ b/nitrokeys/features/u2f/2fa.rst @@ -0,0 +1,33 @@ + +Two-Factor Authentication (2FA) +=============================== + +1. Open one of the `websites that support FIDO + U2F `__. +2. Log in to the website and enable two-factor authentication in your + account settings. (In most cases you will find a link to the + documentation of the supported web service at + `dongleauth.com `__) +3. Register your Nitrokey in the account settings by touching the + button to activate the Nitrokey. After you have successfully + configured the device, you must activate the Nitrokey this way + each time you log in. + +You are now ready to go. + +.. important:: + The Nitrokey App can not be used for the Nitrokey FIDO U2F. + +Troubleshooting (Linux) +----------------------- + +- If the Nitrokey is not accepted immediately, you may need to copy + this file + `41-nitrokey.rules `__ + to ``etc/udev/rules.d/``. In very rare cases, the system will need + the `older + version `__ + of this file. + +- After copying the file, restart udev via + ``sudo service udev restart``. diff --git a/nitrokeys/features/fido/2fa/desktop-login.rst b/nitrokeys/features/u2f/desktop-login.rst similarity index 97% rename from nitrokeys/features/fido/2fa/desktop-login.rst rename to nitrokeys/features/u2f/desktop-login.rst index cabc0a9c67..a431d1f0ec 100644 --- a/nitrokeys/features/fido/2fa/desktop-login.rst +++ b/nitrokeys/features/u2f/desktop-login.rst @@ -28,29 +28,29 @@ GUI Method 1. **In the lower left corner click on** ``Show Applications`` **and type settings in the search bar as following:** - .. figure:: images/fidou2f-1.png + .. figure:: images/desktop-login/fidou2f-1.png :alt: img1 2. **Scroll down in the right bar to** ``Users`` - .. figure:: images/fidou2f-2.png + .. figure:: images/desktop-login/fidou2f-2.png :alt: img2 3. **In the left corner click on** ``Unlock`` **and that would prompt for your password** - .. figure:: images/fidou2f-3.png + .. figure:: images/desktop-login/fidou2f-3.png :alt: img3 4. **Select** ``Administrator`` **and enter the user name and password of your choice** - .. figure:: images/fidou2f-4.png + .. figure:: images/desktop-login/fidou2f-4.png :alt: img4 5. **Once you finish Step 4 you should be done** - .. figure:: images/fidou2f-5.png + .. figure:: images/desktop-login/fidou2f-5.png :alt: img5 CLI Method @@ -230,7 +230,7 @@ CLI Method You can also test your configuration by logging out of the user session and logging back. A similar screen should be displayed once you you unplug/replug yout Nitrokey FIDO2 and type your password: - .. figure:: images/u2f-fido-pam-2.png + .. figure:: images/desktop-login/u2f-fido-pam-2.png :alt: img6 Usage diff --git a/nitrokeys/features/fido/2fa/images/fidou2f-1.png b/nitrokeys/features/u2f/images/desktop-login/fidou2f-1.png similarity index 100% rename from nitrokeys/features/fido/2fa/images/fidou2f-1.png rename to nitrokeys/features/u2f/images/desktop-login/fidou2f-1.png diff --git a/nitrokeys/features/fido/2fa/images/fidou2f-2.png b/nitrokeys/features/u2f/images/desktop-login/fidou2f-2.png similarity index 100% rename from nitrokeys/features/fido/2fa/images/fidou2f-2.png rename to nitrokeys/features/u2f/images/desktop-login/fidou2f-2.png diff --git a/nitrokeys/features/fido/2fa/images/fidou2f-3.png b/nitrokeys/features/u2f/images/desktop-login/fidou2f-3.png similarity index 100% rename from nitrokeys/features/fido/2fa/images/fidou2f-3.png rename to nitrokeys/features/u2f/images/desktop-login/fidou2f-3.png diff --git a/nitrokeys/features/fido/2fa/images/fidou2f-4.png b/nitrokeys/features/u2f/images/desktop-login/fidou2f-4.png similarity index 100% rename from nitrokeys/features/fido/2fa/images/fidou2f-4.png rename to nitrokeys/features/u2f/images/desktop-login/fidou2f-4.png diff --git a/nitrokeys/features/fido/2fa/images/fidou2f-5.png b/nitrokeys/features/u2f/images/desktop-login/fidou2f-5.png similarity index 100% rename from nitrokeys/features/fido/2fa/images/fidou2f-5.png rename to nitrokeys/features/u2f/images/desktop-login/fidou2f-5.png diff --git a/nitrokeys/features/fido/2fa/images/u2f-fido-pam-2.png b/nitrokeys/features/u2f/images/desktop-login/u2f-fido-pam-2.png similarity index 100% rename from nitrokeys/features/fido/2fa/images/u2f-fido-pam-2.png rename to nitrokeys/features/u2f/images/desktop-login/u2f-fido-pam-2.png diff --git a/nitrokeys/features/u2f/index.rst b/nitrokeys/features/u2f/index.rst new file mode 100644 index 0000000000..fb6eca4004 --- /dev/null +++ b/nitrokeys/features/u2f/index.rst @@ -0,0 +1,9 @@ +U2F +=== + +.. toctree:: + + Desktop Login (Linux only) + Nextcloud Login + Odoo Login + Two Factor Authentication <2fa> \ No newline at end of file diff --git a/nitrokeys/features/fido/2fa/2fa-nextcloud.rst b/nitrokeys/features/u2f/nextcloud.rst similarity index 100% rename from nitrokeys/features/fido/2fa/2fa-nextcloud.rst rename to nitrokeys/features/u2f/nextcloud.rst diff --git a/nitrokeys/features/fido/2fa/2fa-odoo.rst b/nitrokeys/features/u2f/odoo.rst similarity index 100% rename from nitrokeys/features/fido/2fa/2fa-odoo.rst rename to nitrokeys/features/u2f/odoo.rst diff --git a/nitrokeys/fido2/features.rst b/nitrokeys/fido2/features.rst index a5579a409e..ccebaca6f4 100644 --- a/nitrokeys/fido2/features.rst +++ b/nitrokeys/fido2/features.rst @@ -7,7 +7,5 @@ The Nitrokey FIDO2 currently supports the following features: :maxdepth: 1 :glob: - FIDO <../features/2fa/index> - passwordless microsoft <../features/fido/passwordless-microsoft> - desktop login <../feature/desktop-login/desktop-login> - firmware update \ No newline at end of file + FIDO2 <../features/fido2/index> + U2F <../features/u2f/index> \ No newline at end of file diff --git a/nitrokeys/fido2/index.rst b/nitrokeys/fido2/index.rst index b92d6812ec..2013b4d0b9 100644 --- a/nitrokeys/fido2/index.rst +++ b/nitrokeys/fido2/index.rst @@ -15,8 +15,11 @@ First check the: or check out the features: .. toctree:: - :maxdepth: 1 + :maxdepth: 3 :glob: Features + + + firmware update diff --git a/nitrokeys/hsm/certificate-authority.rst b/nitrokeys/hsm/certificate-authority.rst deleted file mode 100644 index 2742c19f0e..0000000000 --- a/nitrokeys/hsm/certificate-authority.rst +++ /dev/null @@ -1,683 +0,0 @@ -Creating a Certificate Authority -================================ - -.. contents:: :local: - -This article shows you how to setup your own private certificate authority backed by a Nitrokey HSM. This certificate authority has no automation and does not really scale. Other open source projects can be referenced for automation and scalability. - -Choose Cryptographic Algorithms -------------------------------- - -I’m going to assume that you’re as paranoid as I am, so I will be using the following command for generating private keys: - -.. code-block:: bash - - pkcs11-tool -l --keypairgen --key-type EC:secp384r1 --label root - -But, if you’re less paranoid that I am, you can safely choose the following options: - -.. code-block:: bash - - pkcs11-tool -l --keypairgen --key-type EC:secp256r1 --label root - pkcs11-tool -l --keypairgen --key-type rsa:4096 --label root - -Likewise, I will be using the sha512 algorithm throughout this article, but sha256 can safely be used. - -Preparing to Start ------------------- - -To start with, you need to pick a directory to store your CA. - -.. code-block:: bash - - pki_dir=/opt/certificate-authority - mkdir $pki_dir - cd $pki_dir - mkdir certs config crl newcerts intermediate intermediate/certs intermediate/crl intermediate/csr intermediate/newcerts - touch index.txt intermediate/index.txt - cd config - -Install the necessary tools: - -.. code-block:: bash - - # Arch Linux - pacman -S community/opensc community/libp11 - - # Ubuntu - sudo apt-get install opensc gnutls-bin - -For Windows download the official `OpenSC releases `__ -and make sure you install `p11tool as described `__. -Using the PowerShell most commands should be identical as long as both tools and their binaries -are within your ``PATH``. - -Creating The Root Certificate Authority ---------------------------------------- - -We start by generating the private key for the certificate authority directly on the Nitrokey HSM. This allows us to use the private key in the future, but not access it. - -.. code-block:: bash - - # Generate private key on HSM - $ pkcs11-tool -l --keypairgen --key-type EC:secp384r1 --label root - Using slot 0 with a present token (0x0) - Logging in to "SmartCard-HSM (UserPIN)". - Please enter User PIN: - Key pair generated: - Private Key Object; EC - label: root - ID: e0161cc8b6f5d66ac6835ecdecb623fc0506a675 - Usage: sign, derive - Access: none - Public Key Object; EC EC_POINT 384 bits - EC_POINT: 046104c1e7b40e1ef9e5d47399aeeda695026c9eb626462059eb696e8f2b647b42d64ac3b7fc7a5b31aa3edf9bce46b2cdcf8e5d190b13601d3d14ffb119c8cf60033c6b78ba579b85113ca536eef1cf85ba418ff0110a56ec881b329e0562e090a3e7 - EC_PARAMS: 06052b81040022 - label: root - ID: e0161cc8b6f5d66ac6835ecdecb623fc0506a675 - Usage: verify, derive - Access: none - -Note the ID number (e0161cc8b6f5d66ac6835ecdecb623fc0506a675), we’ll need it later. - -If you need the ID in the future, you can list the keys on the Nitrokey HSM: - -.. code-block:: bash - - pkcs11-tool -O - -We need to create a config file to generate a self-signed public certificate. - -.. code-block:: bash - - vim create_root_cert.ini - -Fill out the request information in with information for your CA. - -.. code-block:: ini - - [ ca ] - # `man ca` - default_ca = CA_default - - [ CA_default ] - # Directory and file locations. - dir = /opt/certificate-authority - certs = $dir/certs - crl_dir = $dir/crl - new_certs_dir = $dir/newcerts - database = $dir/index.txt - serial = $dir/serial - - # SHA-1 is deprecated, so use SHA-2 instead. - default_md = sha512 - - name_opt = ca_default - cert_opt = ca_default - default_days = 375 - preserve = no - policy = policy_strict - - [ policy_strict ] - # The root CA should only sign intermediate certificates that match. - # See the POLICY FORMAT section of `man ca`. - countryName = match - stateOrProvinceName = match - organizationName = match - organizationalUnitName = optional - commonName = supplied - emailAddress = optional - - [ req ] - # Options for the `req` tool (`man req`). - default_bits = 4096 - distinguished_name = req_distinguished_name - string_mask = utf8only - prompt = no - - # SHA-1 is deprecated, so use SHA-2 instead. - default_md = sha512 - - [ req_distinguished_name ] - C = - ST = - O = - OU = Certificate Authority - CN = Root CA - - [ v3_ca ] - # Extensions for a typical CA (`man x509v3_config`). - subjectKeyIdentifier = hash - authorityKeyIdentifier = keyid:always,issuer - basicConstraints = critical, CA:true - keyUsage = critical, digitalSignature, cRLSign, keyCertSign - -Generate the self-signed public certificate from the private key. Use the private key id value from earlier. - -.. code-block:: bash - - $ openssl req -config create_root_cert.ini -engine pkcs11 -keyform engine -key e0161cc8b6f5d66ac6835ecdecb623fc0506a675 -new -x509 -days 3650 -sha512 -extensions v3_ca -out ../certs/root.crt - engine "pkcs11" set. - Enter PKCS#11 token PIN for SmartCard-HSM (UserPIN): - -Verify that the root certificate was generated correctly. Verify that Signature-Algorithm matches above and below. Verify that Issuer and Subject match, all root certificates are self signed. Verify that Key Usage matches what was in the v3_ca information in our config file. - -.. code-block:: bash - - $ openssl x509 -noout -text -in ../certs/root.crt - Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 25:ac:e1:36:75:67:26:1d:bb:96:4b:84:c2:2d:83:25:7b:cc:e0:e5 - Signature Algorithm: ecdsa-with-SHA512 - Issuer: C = US, ST = My State, O = My Company, OU = My Company Certificate Authority, CN = My Company Root CA - Validity - Not Before: Aug 18 20:13:20 2020 GMT - Not After : Aug 16 20:13:20 2030 GMT - Subject: C = US, ST = My State, O = My Company, OU = My Company Certificate Authority, CN = My Company Root CA - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (384 bit) - pub: - 04:c1:e7:b4:0e:1e:f9:e5:d4:73:99:ae:ed:a6:95: - 02:6c:9e:b6:26:46:20:59:eb:69:6e:8f:2b:64:7b: - 42:d6:4a:c3:b7:fc:7a:5b:31:aa:3e:df:9b:ce:46: - b2:cd:cf:8e:5d:19:0b:13:60:1d:3d:14:ff:b1:19: - c8:cf:60:03:3c:6b:78:ba:57:9b:85:11:3c:a5:36: - ee:f1:cf:85:ba:41:8f:f0:11:0a:56:ec:88:1b:32: - 9e:05:62:e0:90:a3:e7 - ASN1 OID: secp384r1 - NIST CURVE: P-384 - X509v3 extensions: - X509v3 Subject Key Identifier: - F1:FA:61:75:0B:AC:3C:95:97:EF:73:3C:3F:38:22:B1:DB:D9:BF:41 - X509v3 Authority Key Identifier: - keyid:F1:FA:61:75:0B:AC:3C:95:97:EF:73:3C:3F:38:22:B1:DB:D9:BF:41 - - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 Key Usage: critical - Digital Signature, Certificate Sign, CRL Sign - Signature Algorithm: ecdsa-with-SHA512 - 30:64:02:30:53:b8:b6:5a:41:4b:4f:6a:d1:a6:76:88:df:13: - d6:da:c7:48:aa:8b:aa:ff:13:6c:d1:00:53:90:92:b5:71:57: - eb:d0:bf:3e:5d:2e:62:c0:3e:40:0f:64:25:a5:92:0f:02:30: - 15:0a:19:d5:a2:09:86:d8:9d:07:67:71:c3:84:f2:6b:90:20: - 2d:29:10:9e:4c:73:7a:55:56:4b:dc:fe:8d:3f:f0:9c:20:e1: - 5a:74:fb:41:86:ad:a4:66:61:74:d7:fd - -Creating The Intermediate Certificate Authority ------------------------------------------------ - -We continue by generating the private key for the intermediate certificate authority directly on the Nitrokey HSM. This allows us to use the private key in the future, but not access it. - -.. code-block:: bash - - # Generate private key on HSM - $ pkcs11-tool -l --keypairgen --key-type EC:secp384r1 --label intermediate - Using slot 0 with a present token (0x0) - Logging in to "SmartCard-HSM (UserPIN)". - Please enter User PIN: - Key pair generated: - Private Key Object; EC - label: intermediate - ID: bcb48fe9b566ae61891aabbfde6a23d4ff3ab639 - Usage: sign, derive - Access: none - Public Key Object; EC EC_POINT 384 bits - EC_POINT: 046104d0fb5c0cd10c0b6e4d0f6986755824b624ec9fcd8ff9ae5f0109fe6ff3ad887ca760717da894f3ff84dc8c24fe8c93b0cd840a6aa941bb2866c061cef60e47b893d71852b50d6762af10c951426e55ec8925a6cd83aeae1730311108afdbcdee - EC_PARAMS: 06052b81040022 - label: intermediate - ID: bcb48fe9b566ae61891aabbfde6a23d4ff3ab639 - Usage: verify, derive - Access: none - -Note the ID number (bcb48fe9b566ae61891aabbfde6a23d4ff3ab639), we’ll need it later. - -If you need the ID in the future, you can list the keys on the Nitrokey HSM: - -.. code-block:: bash - - pkcs11-tool -O - -We need to create a config file to generate a self-signed public certificate. - -.. code-block:: bash - - vim create_intermediate_csr.ini - -Fill out the request information in with information for your CA. - -.. code-block:: ini - - [ req ] - # Options for the `req` tool (`man req`). - default_bits = 4096 - distinguished_name = req_distinguished_name - string_mask = utf8only - prompt = no - - # SHA-1 is deprecated, so use SHA-2 instead. - [ v3_ca ] - # Extensions for a typical CA (`man x509v3_config`). - subjectKeyIdentifier = hash - authorityKeyIdentifier = keyid:always,issuer - basicConstraints = critical, CA:true - keyUsage = critical, digitalSignature, cRLSign, keyCertSign - default_md = sha512 - - [ req_distinguished_name ] - C = - ST = - O = - OU = Certificate Authority - CN = Intermediate CA - -Generate the certificate signing request for the intermediate CA from the intermediate CA’s private key. Use the private key ID value from earlier. - -.. code-block:: bash - - $ openssl req -config create_intermediate_csr.ini -engine pkcs11 -keyform engine -key bcb48fe9b566ae61891aabbfde6a23d4ff3ab639 -new -sha512 -out ../intermediate/csr/intermediate.csr - engine "pkcs11" set. - Enter PKCS#11 token PIN for SmartCard-HSM (UserPIN): - -Verify that the CSR was created correctly. Verify that your Subject is correct. Verify that your Public Key and Signature Algorithm are correct. - -.. code-block:: bash - - $ openssl req -text -noout -verify -in ../intermediate/csr/intermediate.csr - verify OK - Certificate Request: - Data: - Version: 1 (0x0) - Subject: C = US, ST = My State, O = My Company, OU = My Company Certificate Authority, CN = My Company Intermediate CA - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (384 bit) - pub: - 04:d0:fb:5c:0c:d1:0c:0b:6e:4d:0f:69:86:75:58: - 24:b6:24:ec:9f:cd:8f:f9:ae:5f:01:09:fe:6f:f3: - ad:88:7c:a7:60:71:7d:a8:94:f3:ff:84:dc:8c:24: - fe:8c:93:b0:cd:84:0a:6a:a9:41:bb:28:66:c0:61: - ce:f6:0e:47:b8:93:d7:18:52:b5:0d:67:62:af:10: - c9:51:42:6e:55:ec:89:25:a6:cd:83:ae:ae:17:30: - 31:11:08:af:db:cd:ee - ASN1 OID: secp384r1 - NIST CURVE: P-384 - Attributes: - a0:00 - Signature Algorithm: ecdsa-with-SHA512 - 30:64:02:30:6a:1d:75:8b:59:99:2c:a8:5d:a0:7f:02:7d:9a: - aa:40:74:7a:65:20:03:6b:bc:65:fb:7d:d1:7f:5b:24:ae:6f: - 40:16:ac:82:0b:80:9b:81:f9:d9:64:ea:0f:41:4c:d7:02:30: - 4d:28:7f:e3:76:52:c7:10:e1:bd:b7:2e:ea:65:78:41:0c:96: - 50:5f:e9:1f:be:18:ac:14:ba:65:3f:b0:2a:f4:0f:d0:56:ab: - d0:8c:bf:d0:92:9e:f6:e5:f6:8a:af:a5 - -We need to find out the fully qualified PKCS#11 URI for your private key: - -.. code-block:: bash - - $ p11tool --list-all - warning: no token URL was provided for this operation; the available tokens are: - - pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00 - - $ p11tool --login --list-all pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00 - Token 'SmartCard-HSM (UserPIN)' with URL 'pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00' requires user PIN - Enter PIN: - Object 0: - URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%E0%16%1C%C8%B6%F5%D6%6A%C6%83%5E%CD%EC%B6%23%FC%05%06%A6%75;object=root;type=private - Type: Private key (EC/ECDSA-SECP384R1) - Label: root - Flags: CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE; - ID: e0:16:1c:c8:b6:f5:d6:6a:c6:83:5e:cd:ec:b6:23:fc:05:06:a6:75 - - Object 1: - URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%E0%16%1C%C8%B6%F5%D6%6A%C6%83%5E%CD%EC%B6%23%FC%05%06%A6%75;object=root;type=public - Type: Public key (EC/ECDSA-SECP384R1) - Label: root - ID: e0:16:1c:c8:b6:f5:d6:6a:c6:83:5e:cd:ec:b6:23:fc:05:06:a6:75 - - Object 2: - URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%BC%B4%8F%E9%B5%66%AE%61%89%1A%AB%BF%DE%6A%23%D4%FF%3A%B6%39;object=intermediate;type=private - Type: Private key (EC/ECDSA-SECP384R1) - Label: intermediate - Flags: CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE; - ID: bc:b4:8f:e9:b5:66:ae:61:89:1a:ab:bf:de:6a:23:d4:ff:3a:b6:39 - - Object 3: - URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%BC%B4%8F%E9%B5%66%AE%61%89%1A%AB%BF%DE%6A%23%D4%FF%3A%B6%39;object=intermediate;type=public - Type: Public key (EC/ECDSA-SECP384R1) - Label: intermediate - ID: bc:b4:8f:e9:b5:66:ae:61:89:1a:ab:bf:de:6a:23:d4:ff:3a:b6:39 - -In this instance, the fully qualified PKCS#11 URI is: - -.. code-block:: bash - - pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%E0%16%1C%C8%B6%F5%D6%6A%C6%83%5E%CD%EC%B6%23%FC%05%06%A6%75;object=root;type=private - -Now, we need to create a config file to use the private key of the root certificate to sign the csr of the intermediate certificate. - -.. code-block:: bash - - vim sign_intermediate_csr.ini - -.. code-block:: ini - - [ ca ] - # `man ca` - default_ca = CA_default - - [ CA_default ] - # Directory and file locations. - dir = /opt/certificate-authority - certs = $dir/certs - crl_dir = $dir/crl - new_certs_dir = $dir/newcerts - database = $dir/index.txt - serial = $dir/serial - - # The root key and root certificate. - private_key = pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%E0%16%1C%C8%B6%F5%D6%6A%C6%83%5E%CD%EC%B6%23%FC%05%06%A6%75;object=root;type=private - certificate = ../certs/root.crt - - # SHA-1 is deprecated, so use SHA-2 instead. - default_md = sha512 - - name_opt = ca_default - cert_opt = ca_default - default_days = 375 - preserve = no - policy = policy_loose - - [ policy_loose ] - # Allow the intermediate CA to sign a more diverse range of certificates. - # See the POLICY FORMAT section of the `ca` man page. - countryName = optional - stateOrProvinceName = optional - localityName = optional - organizationName = optional - organizationalUnitName = optional - commonName = supplied - emailAddress = optional - - [ v3_intermediate_ca ] - # Extensions for a typical intermediate CA (`man x509v3_config`). - subjectKeyIdentifier = hash - authorityKeyIdentifier = keyid:always,issuer - basicConstraints = critical, CA:true, pathlen:0 - keyUsage = critical, digitalSignature, cRLSign, keyCertSign - -Then sign the intermediate certificate with the root certificate. - -.. code-block:: bash - - $ openssl ca -config sign_intermediate_csr.ini -engine pkcs11 -keyform engine -extensions v3_intermediate_ca -days 1825 -notext -md sha512 -create_serial -in ../intermediate/csr/intermediate.csr -out ../intermediate/certs/intermediate.crt - engine "pkcs11" set. - Using configuration from sign_intermediate_csr.ini - Enter PKCS#11 token PIN for SmartCard-HSM (UserPIN): - Check that the request matches the signature - Signature ok - Certificate Details: - Serial Number: - 35:47:4d:05:12:cc:e1:a8:b6:bf:dd:3e:c8:29:7b:18:c0:a1:5c:68 - Validity - Not Before: Aug 18 20:44:17 2020 GMT - Not After : Aug 17 20:44:17 2025 GMT - Subject: - countryName = US - stateOrProvinceName = My State - organizationName = My Company - organizationalUnitName = My Company Certificate Authority - commonName = My Company Intermediate CA - X509v3 extensions: - X509v3 Subject Key Identifier: - 1D:4F:E5:ED:11:42:9A:AC:25:E4:51:A3:42:67:97:39:A0:10:AE:82 - X509v3 Authority Key Identifier: - keyid:F1:FA:61:75:0B:AC:3C:95:97:EF:73:3C:3F:38:22:B1:DB:D9:BF:41 - - X509v3 Basic Constraints: critical - CA:TRUE, pathlen:0 - X509v3 Key Usage: critical - Digital Signature, Certificate Sign, CRL Sign - Certificate is to be certified until Aug 17 20:44:17 2025 GMT (1825 days) - Sign the certificate? [y/n]:y - - - 1 out of 1 certificate requests certified, commit? [y/n]y - Write out database with 1 new entries - Data Base Updated - -Verify that the root certificate was generated correctly. Verify that the Issuer and Subject are different, and correct. Verify that the Key Usage matches the config file. Verify that the signature algorithm are correct above and below. - -.. code-block:: bash - - $ openssl x509 -noout -text -in ../intermediate/certs/intermediate.crt - Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 35:47:4d:05:12:cc:e1:a8:b6:bf:dd:3e:c8:29:7b:18:c0:a1:5c:68 - Signature Algorithm: ecdsa-with-SHA512 - Issuer: C = US, ST = My State, O = My Company, OU = My Company Certificate Authority, CN = My Company Root CA - Validity - Not Before: Aug 18 20:44:17 2020 GMT - Not After : Aug 17 20:44:17 2025 GMT - Subject: C = US, ST = My State, O = My Company, OU = My Company Certificate Authority, CN = My Company Intermediate CA - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (384 bit) - pub: - 04:d0:fb:5c:0c:d1:0c:0b:6e:4d:0f:69:86:75:58: - 24:b6:24:ec:9f:cd:8f:f9:ae:5f:01:09:fe:6f:f3: - ad:88:7c:a7:60:71:7d:a8:94:f3:ff:84:dc:8c:24: - fe:8c:93:b0:cd:84:0a:6a:a9:41:bb:28:66:c0:61: - ce:f6:0e:47:b8:93:d7:18:52:b5:0d:67:62:af:10: - c9:51:42:6e:55:ec:89:25:a6:cd:83:ae:ae:17:30: - 31:11:08:af:db:cd:ee - ASN1 OID: secp384r1 - NIST CURVE: P-384 - X509v3 extensions: - X509v3 Subject Key Identifier: - 1D:4F:E5:ED:11:42:9A:AC:25:E4:51:A3:42:67:97:39:A0:10:AE:82 - X509v3 Authority Key Identifier: - keyid:F1:FA:61:75:0B:AC:3C:95:97:EF:73:3C:3F:38:22:B1:DB:D9:BF:41 - - X509v3 Basic Constraints: critical - CA:TRUE, pathlen:0 - X509v3 Key Usage: critical - Digital Signature, Certificate Sign, CRL Sign - Signature Algorithm: ecdsa-with-SHA512 - 30:66:02:31:00:9a:6e:08:d2:d6:3a:29:f6:ba:0c:4c:3a:f4: - af:40:5e:e0:71:f2:bc:e4:47:f5:b4:ee:10:d7:27:b1:25:0b: - 4b:09:78:a1:b8:f2:b8:71:c5:4e:41:33:8e:64:db:ec:eb:02: - 31:00:fc:39:26:c2:ad:7b:3c:ab:75:06:34:02:47:79:40:31: - 1d:eb:17:ad:32:10:67:97:37:6f:7f:3c:ce:3e:12:3c:e9:7c: - fa:43:3e:34:5d:5e:f4:f3:2f:fd:6a:2f:14:da - -Verify that the intermediate certificate verifies against the root certificate. - -.. code-block:: bash - - $ openssl verify -CAfile ../certs/root.crt ../intermediate/certs/intermediate.crt - ../intermediate/certs/intermediate.crt: OK - -Create a certificate chain file: - -.. code-block:: bash - - cat ../intermediate/certs/intermediate.crt ../certs/root.crt > ../intermediate/certs/chain.crt - -You now have a certificate authority backed by an HSM. - -Sign a Server Certificate -------------------------- - -Now that you have a certificate authority, you’d probably like to know how to use it. - -Create a CSR in the normal method for your application. Proper creation of your certificate, including SAN, for your particular application is outside the scope of this document. - -We need to find out the fully qualified PKCS#11 URI for your private key: - -.. code-block:: bash - - $ p11tool --list-all - warning: no token URL was provided for this operation; the available tokens are: - - *pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00* - - $ p11tool --login --list-all pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00 - Token 'SmartCard-HSM (UserPIN)' with URL 'pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00' requires user PIN - Enter PIN: - Object 0: - URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%E0%16%1C%C8%B6%F5%D6%6A%C6%83%5E%CD%EC%B6%23%FC%05%06%A6%75;object=root;type=private - Type: Private key (EC/ECDSA-SECP384R1) - Label: root - Flags: CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE; - ID: e0:16:1c:c8:b6:f5:d6:6a:c6:83:5e:cd:ec:b6:23:fc:05:06:a6:75 - - Object 1: - URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%E0%16%1C%C8%B6%F5%D6%6A%C6%83%5E%CD%EC%B6%23%FC%05%06%A6%75;object=root;type=public - Type: Public key (EC/ECDSA-SECP384R1) - Label: root - ID: e0:16:1c:c8:b6:f5:d6:6a:c6:83:5e:cd:ec:b6:23:fc:05:06:a6:75 - - Object 2: - URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%BC%B4%8F%E9%B5%66%AE%61%89%1A%AB%BF%DE%6A%23%D4%FF%3A%B6%39;object=intermediate;type=private - Type: Private key (EC/ECDSA-SECP384R1) - Label: intermediate - Flags: CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE; - ID: bc:b4:8f:e9:b5:66:ae:61:89:1a:ab:bf:de:6a:23:d4:ff:3a:b6:39 - - Object 3: - URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%BC%B4%8F%E9%B5%66%AE%61%89%1A%AB%BF%DE%6A%23%D4%FF%3A%B6%39;object=intermediate;type=public - Type: Public key (EC/ECDSA-SECP384R1) - Label: intermediate - ID: bc:b4:8f:e9:b5:66:ae:61:89:1a:ab:bf:de:6a:23:d4:ff:3a:b6:39 - -In this instance, the fully qualified PKCS#11 URI is: - -.. code-block:: bash - - pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%BC%B4%8F%E9%B5%66%AE%61%89%1A%AB%BF%DE%6A%23%D4%FF%3A%B6%39;object=intermediate;type=private - -Create a config file to use the private key of the intermediate certificate to sign the CSRs of your servers. - -.. code-block:: bash - - vim sign_server_csrs.ini - -.. code-block:: ini - - [ ca ] - # `man ca` - default_ca = CA_default - - [ CA_default ] - # Directory and file locations. - dir = /opt/certificate-authority/intermediate - certs = $dir/certs - crl_dir = $dir/crl - new_certs_dir = $dir/newcerts - database = $dir/index.txt - serial = $dir/serial - - # The root key and root certificate. - private_key = pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104068;token=SmartCard-HSM%20%28UserPIN%29%00%00%00%00%00%00%00%00%00;id=%BC%B4%8F%E9%B5%66%AE%61%89%1A%AB%BF%DE%6A%23%D4%FF%3A%B6%39;object=intermediate;type=private - certificate = $dir/certs/intermediate.crt - - # SHA-1 is deprecated, so use SHA-2 instead. - default_md = sha512 - - name_opt = ca_default - cert_opt = ca_default - default_days = 375 - preserve = no - policy = policy_loose - - [ policy_loose ] - # Allow the intermediate CA to sign a more diverse range of certificates. - # See the POLICY FORMAT section of the `ca` man page. - countryName = optional - stateOrProvinceName = optional - localityName = optional - organizationName = optional - organizationalUnitName = optional - commonName = supplied - emailAddress = optional - - [ server_cert ] - # Extensions for server certificates (`man x509v3_config`). - basicConstraints = CA:FALSE - nsCertType = server - nsComment = "OpenSSL Generated Server Certificate" - subjectKeyIdentifier = hash - authorityKeyIdentifier = keyid,issuer:always - keyUsage = critical, digitalSignature, keyEncipherment - extendedKeyUsage = serverAuth - -Then run openssl to sign the server’s CSR. - -.. code-block:: bash - - $ openssl ca -config sign_server_csrs.ini -engine pkcs11 -keyform engine -extensions server_cert -days 375 -notext -md sha512 -create_serial -in server_cert.csr -out server_cert.crt - engine "pkcs11" set. - Using configuration from sign_server_csrs.ini - Enter PKCS#11 token PIN for SmartCard-HSM (UserPIN): - Check that the request matches the signature - Signature ok - Certificate Details: - Serial Number: - 40:7f:dc:90:b0:3a:1b:fb:d3:e2:74:8d:40:28:a8:12:f7:7e:c3:74 - Validity - Not Before: Aug 18 21:32:42 2020 GMT - Not After : Aug 28 21:32:42 2021 GMT - Subject: - countryName = US - stateOrProvinceName = My State - organizationName = My Company - organizationalUnitName = media - commonName = media - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Cert Type: - SSL Server - Netscape Comment: - OpenSSL Generated Server Certificate - X509v3 Subject Key Identifier: - 26:89:19:95:6C:93:8C:DD:6E:AA:61:D5:C0:E6:78:CC:F1:47:64:FC - X509v3 Authority Key Identifier: - keyid:1D:4F:E5:ED:11:42:9A:AC:25:E4:51:A3:42:67:97:39:A0:10:AE:82 - DirName:/C=US/ST=My State/O=My Company/OU=My Company Certificate Authority/CN=My Company Root CA - serial:35:47:4D:05:12:CC:E1:A8:B6:BF:DD:3E:C8:29:7B:18:C0:A1:5C:68 - - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Extended Key Usage: - TLS Web Server Authentication - Certificate is to be certified until Aug 28 21:32:42 2021 GMT (375 days) - Sign the certificate? [y/n]:y - - - 1 out of 1 certificate requests certified, commit? [y/n]y - Write out database with 1 new entries - Data Base Updated - -References ----------- - -I used the following resources to help in compiling this document. - -- `How to initialize your Nitrokey HSM `__ -- `How to create a root and intermediate CA `__ -- `How to ensure the serial numbers of your intermediate CA and server certs are up to spec `__ -- `How to generate ECC private keys `__ -- `How to find the PCKS11 URI from your HSM `__ -- `Troubleshooting (forum) `__ - - -This document was originally `written by lyntux `__ \ No newline at end of file diff --git a/nitrokeys/hsm/index.rst b/nitrokeys/hsm/index.rst index a1ef9d3069..5aadedce80 100644 --- a/nitrokeys/hsm/index.rst +++ b/nitrokeys/hsm/index.rst @@ -26,7 +26,7 @@ or check out the features: Automatic Screen Lock (Linux only) <../features/automatic-screen-lock/index> Import Keys Certs Stunnel (Linux only) - Certificate Authority + Certificate Authority <../features/certificate-authority> Ipsec (Linux only) N of M Schemes (Linux only? ) Pkcs11-URL \ No newline at end of file diff --git a/nitrokeys/index.rst b/nitrokeys/index.rst index b2776738f3..38dd3eb396 100644 --- a/nitrokeys/index.rst +++ b/nitrokeys/index.rst @@ -5,9 +5,10 @@ Nitrokeys :maxdepth: 1 :glob: + Features U2F Pro Storage Start - Nitrokey3 - FIDO 2 + Nitrokey 3 + FIDO2 diff --git a/nitrokeys/pro/features.rst b/nitrokeys/pro/features.rst new file mode 100644 index 0000000000..ff6c7909b6 --- /dev/null +++ b/nitrokeys/pro/features.rst @@ -0,0 +1,8 @@ +Features +======== + +.. toctree:: + :maxdepth: 2 + + OpenPGP Card <../features/openpgp-card/index> + U2F <../features/u2f/index> \ No newline at end of file diff --git a/nitrokeys/pro/index.rst b/nitrokeys/pro/index.rst index 39966de3e1..9e41653ace 100644 --- a/nitrokeys/pro/index.rst +++ b/nitrokeys/pro/index.rst @@ -16,25 +16,21 @@ First check the: or check out the features: .. toctree:: - :maxdepth: 1 + :maxdepth: 3 :glob: + Features + + + + + Update Factory Reset Change PIN <../features/change-pins/index> - FIDO <../features/2fa/index> - OpenPGP <../features/openpgp/index> - TOTP <../features/totp/index> - SMIME <../features/smime/index> - SSH <../features/ssh/index> - Putty <../features/ssh/putty> - OpenVPN <../features/openvpn/index> ECC <../features/ecc/index> - GPA <../features/gpa/index> EID <../features/eid/index> Automatic Screen Lock (Linux) <../features/automatic-screen-lock/index> Certificate authority <../features/certificate-authority/index> - Desktop Login <../features/desktop-login/index> - Hard Disk Encryption <../features/hard-disk-encryption/index> - Stunnel (Linux) <../features/stunnel/index> - Ipsec (Linux) <../features/ipsec/index> + + diff --git a/nitrokeys/start/features.rst b/nitrokeys/start/features.rst new file mode 100644 index 0000000000..8d81739b99 --- /dev/null +++ b/nitrokeys/start/features.rst @@ -0,0 +1,7 @@ +Features +======== + +.. toctree:: + :maxdepth: 3 + + OpenPGP Card <../features/openpgp-card/index> \ No newline at end of file diff --git a/nitrokeys/start/index.rst b/nitrokeys/start/index.rst index 86ad19cef1..8d1885f745 100644 --- a/nitrokeys/start/index.rst +++ b/nitrokeys/start/index.rst @@ -15,17 +15,13 @@ First check the: or check out the features: .. toctree:: - :maxdepth: 1 + :maxdepth: 4 :glob: - GPA <../features/gpa/index> - Ipsec (Linux) <../features/ipsec/index> - Stunnel (Linux) <../features/stunnel/index> - Desktop Login <../features/desktop-login/index> - OpenPGP <../features/openpgp/index> - SMIME <../features/smime/index> - SSH <../features/ssh/index> - Putty <../features/ssh/putty> + Features + + + Multiple Identities Setting KDF-DO Factory Reset diff --git a/nitrokeys/storage/features.rst b/nitrokeys/storage/features.rst new file mode 100644 index 0000000000..2760152445 --- /dev/null +++ b/nitrokeys/storage/features.rst @@ -0,0 +1,11 @@ +Features +======== + +.. toctree:: + :maxdepth: 2 + + TOTP <../features/totp/index> + U2F <../features/u2f/index> + OpenPGP Card <../features/openpgp-card/index> + Hidden Storage <../features/hidden-storage/index> + Encrypted Mobile Storage <../features/encrpyted-mobile-storage/index> \ No newline at end of file diff --git a/nitrokeys/storage/index.rst b/nitrokeys/storage/index.rst index 0ad0ebe914..0aef703d82 100644 --- a/nitrokeys/storage/index.rst +++ b/nitrokeys/storage/index.rst @@ -15,28 +15,14 @@ First check the: or check out the features: .. toctree:: - :maxdepth: 1 + :maxdepth: 3 :glob: - FIDO <../features/fido/index> - OpenPGP <../features/openpgp/index> - OpenVPN <../features/openvpn/index> - Stunnel (Linux) <../features/stunnel/index> - Ipsec (Linux) <../features/ipsec/index> Automatic Screen Lock (Linux) <../features/automatic-screen-lock/index> Certificate authority <../features/certificate-authority/index> Change PIN <../features/change-pins/index> - Hard Disk Encryption <../features/hard-disk-encryption/index> - SMIME <../features/smime/index> - Desktop Login <../features/desktop-login/index> ECC <../features/ecc/index> - GPA <../features/gpa/index> EID <../features/eid/index> - TOTP <../features/totp/index> - SSH <../features/ssh/index> - Putty <../features/ssh/putty> - Hidden-Storage Firmware-Update Manual Firmware-Update - Factory Reset - Encrypted Mobile Storage \ No newline at end of file + Factory Reset \ No newline at end of file diff --git a/nitrokeys/u2f/features.rst b/nitrokeys/u2f/features.rst new file mode 100644 index 0000000000..dea1f4125e --- /dev/null +++ b/nitrokeys/u2f/features.rst @@ -0,0 +1,5 @@ +Features +======== + +.. toctree:: + U2F <../features/u2f/index> \ No newline at end of file diff --git a/nitrokeys/u2f/index.rst b/nitrokeys/u2f/index.rst index 3505de89f1..785445a84c 100644 --- a/nitrokeys/u2f/index.rst +++ b/nitrokeys/u2f/index.rst @@ -6,8 +6,8 @@ Nitrokey FIDO U2F Check out the features: .. toctree:: - :maxdepth: 1 + :maxdepth: 3 :glob: - FIDO <../features/fido/index> + Features From 8f8ec8fe616193e8dd75c1ac6ae78d9d20ae56a2 Mon Sep 17 00:00:00 2001 From: Marlin Date: Wed, 7 Aug 2024 16:12:59 +0200 Subject: [PATCH 17/33] finished most things, only minor fixes and redirects left to do --- nitrokeys/features/fido2/desktop-login.rst | 299 ------------------ nitrokeys/features/fido2/index.rst | 2 +- .../features/{u2f => fido2}/nextcloud.rst | 2 +- .../hsm/apache2-tls.rst} | 0 nitrokeys/{ => features}/hsm/dnssec.rst | 0 .../{ => features}/hsm/import-keys-certs.rst | 0 nitrokeys/features/hsm/index.rst | 19 ++ .../{ => features}/hsm/n-of-m-schemes.rst | 3 + .../hsm/pkcs11-url.rst} | 0 nitrokeys/features/index.rst | 5 + .../automatic-screen-lock/index.rst | 0 nitrokeys/features/{ => misc}/ecc/index.rst | 0 nitrokeys/features/misc/index.rst | 8 + .../certificate-authority/index.rst | 0 .../eid/images/eidauthenticate/1.png | Bin .../eid/images/eidauthenticate/2.png | Bin .../eid/images/eidauthenticate/3.png | Bin .../eid/images/eidauthenticate/4.png | Bin .../eid/images/eidauthenticate/5.png | Bin .../eid/images/eidauthenticate/6.png | Bin .../eid/images/eidauthenticate/7.png | Bin .../eid/images/eidauthenticate/8.png | Bin .../eid/images/eidauthenticate/9.png | Bin .../features/{ => openpgp-card}/eid/index.rst | 0 .../fedora-gnupg-configuration.rst | 0 nitrokeys/features/openpgp-card/index.rst | 6 + .../features/openpgp-card/ipsec/index.rst | 3 + .../features/openpgp-card/smime/index.rst | 2 +- .../features/openpgp-card/stunnel/index.rst | 3 + nitrokeys/features/password-safe/index.rst | 9 + nitrokeys/features/u2f/2fa.rst | 2 +- nitrokeys/features/u2f/index.rst | 1 + nitrokeys/fido2/guides.rst | 7 + nitrokeys/fido2/index.rst | 12 +- nitrokeys/hsm/features.rst | 7 + nitrokeys/hsm/index.rst | 13 +- nitrokeys/hsm/ipsec.rst | 46 --- nitrokeys/hsm/smime.rst | 67 ---- nitrokeys/hsm/stunnel.rst | 19 -- .../nitrokey3/{adsk.rst.inc => adsk.rst} | 0 nitrokeys/nitrokey3/features.rst | 10 +- .../{linux => }/firmware-update-qubes.rst | 0 nitrokeys/nitrokey3/guides.rst | 13 + nitrokeys/nitrokey3/index.rst | 15 +- nitrokeys/nitrokey3/keepassxc.rst | 2 - ...leshooting.rst.inc => troubleshooting.rst} | 0 nitrokeys/pro/features.rst | 4 +- nitrokeys/pro/getting-started.rst | 4 +- nitrokeys/pro/guides.rst | 9 + nitrokeys/pro/index.rst | 21 +- .../change-pins/images/change-pins/1.png | Bin .../change-pins/images/change-pins/2.png | Bin .../change-pins/images/change-pins/3.png | Bin .../change-pins/images/change-pins/4.png | Bin .../images/change-pins/App-change-pin.png | Bin .../change-pins/index.rst | 0 nitrokeys/start/guides.rst | 10 + nitrokeys/start/index.rst | 18 +- nitrokeys/storage/features.rst | 4 +- nitrokeys/storage/guides.rst | 10 + nitrokeys/storage/index.rst | 18 +- nitrokeys/u2f/index.rst | 4 +- 62 files changed, 177 insertions(+), 500 deletions(-) delete mode 100644 nitrokeys/features/fido2/desktop-login.rst rename nitrokeys/features/{u2f => fido2}/nextcloud.rst (75%) rename nitrokeys/{hsm/apache2-tls.rst.inc => features/hsm/apache2-tls.rst} (100%) rename nitrokeys/{ => features}/hsm/dnssec.rst (100%) rename nitrokeys/{ => features}/hsm/import-keys-certs.rst (100%) create mode 100644 nitrokeys/features/hsm/index.rst rename nitrokeys/{ => features}/hsm/n-of-m-schemes.rst (98%) rename nitrokeys/{hsm/pkcs11-url.rst.inc => features/hsm/pkcs11-url.rst} (100%) rename nitrokeys/features/{ => misc}/automatic-screen-lock/index.rst (100%) rename nitrokeys/features/{ => misc}/ecc/index.rst (100%) create mode 100644 nitrokeys/features/misc/index.rst rename nitrokeys/features/{ => openpgp-card}/certificate-authority/index.rst (100%) rename nitrokeys/features/{ => openpgp-card}/eid/images/eidauthenticate/1.png (100%) rename nitrokeys/features/{ => openpgp-card}/eid/images/eidauthenticate/2.png (100%) rename nitrokeys/features/{ => openpgp-card}/eid/images/eidauthenticate/3.png (100%) rename nitrokeys/features/{ => openpgp-card}/eid/images/eidauthenticate/4.png (100%) rename nitrokeys/features/{ => openpgp-card}/eid/images/eidauthenticate/5.png (100%) rename nitrokeys/features/{ => openpgp-card}/eid/images/eidauthenticate/6.png (100%) rename nitrokeys/features/{ => openpgp-card}/eid/images/eidauthenticate/7.png (100%) rename nitrokeys/features/{ => openpgp-card}/eid/images/eidauthenticate/8.png (100%) rename nitrokeys/features/{ => openpgp-card}/eid/images/eidauthenticate/9.png (100%) rename nitrokeys/features/{ => openpgp-card}/eid/index.rst (100%) rename nitrokeys/{nitrokey3/linux => features/openpgp-card}/fedora-gnupg-configuration.rst (100%) create mode 100644 nitrokeys/features/password-safe/index.rst create mode 100644 nitrokeys/fido2/guides.rst create mode 100644 nitrokeys/hsm/features.rst delete mode 100644 nitrokeys/hsm/ipsec.rst delete mode 100644 nitrokeys/hsm/smime.rst delete mode 100644 nitrokeys/hsm/stunnel.rst rename nitrokeys/nitrokey3/{adsk.rst.inc => adsk.rst} (100%) rename nitrokeys/nitrokey3/{linux => }/firmware-update-qubes.rst (100%) create mode 100644 nitrokeys/nitrokey3/guides.rst delete mode 100644 nitrokeys/nitrokey3/keepassxc.rst rename nitrokeys/nitrokey3/{troubleshooting.rst.inc => troubleshooting.rst} (100%) create mode 100644 nitrokeys/pro/guides.rst rename nitrokeys/{features => product-guides}/change-pins/images/change-pins/1.png (100%) rename nitrokeys/{features => product-guides}/change-pins/images/change-pins/2.png (100%) rename nitrokeys/{features => product-guides}/change-pins/images/change-pins/3.png (100%) rename nitrokeys/{features => product-guides}/change-pins/images/change-pins/4.png (100%) rename nitrokeys/{features => product-guides}/change-pins/images/change-pins/App-change-pin.png (100%) rename nitrokeys/{features => product-guides}/change-pins/index.rst (100%) create mode 100644 nitrokeys/start/guides.rst create mode 100644 nitrokeys/storage/guides.rst diff --git a/nitrokeys/features/fido2/desktop-login.rst b/nitrokeys/features/fido2/desktop-login.rst deleted file mode 100644 index bcd48b8fca..0000000000 --- a/nitrokeys/features/fido2/desktop-login.rst +++ /dev/null @@ -1,299 +0,0 @@ -Desktop Login And Linux User Authentication -=========================================== - -.. contents:: :local: - -Introduction ------------- - -This guide will walk you through the configuration of Linux to use FIDO Universal 2nd Factor, i.e. FIDO U2F with ``libpam-u2f`` and Nitrokey FIDO2. - -If you want to login to you computer using `Nitrokey Pro -2, `__ `Nitrokey Storage -2 `__ and `Nitrokey Start `__ you can visit the instructions available `here <../../pro/linux/login-with-pam.html>`_. - -Requirements ------------- - -- Ubuntu 20.04 with Gnome Display Manager. - -- Nitrokey FIDO2 configured following `these - instructions `__. - -Instructions ------------- - -GUI Method -'''''''''' - -1. **In the lower left corner click on** ``Show Applications`` **and type settings in the search bar as following:** - - .. figure:: /fido2/linux/images/fidou2f-1.png - :alt: img1 - -2. **Scroll down in the right bar to** ``Users`` - - .. figure:: /fido2/linux/images/fidou2f-2.png - :alt: img2 - -3. **In the left corner click on** ``Unlock`` **and that would prompt for your - password** - - .. figure:: /fido2/linux/images/fidou2f-3.png - :alt: img3 - -4. **Select** ``Administrator`` **and enter the user name and password of your - choice** - - .. figure:: /fido2/linux/images/fidou2f-4.png - :alt: img4 - -5. **Once you finish Step 4 you should be done** - - .. figure:: /fido2/linux/images/fidou2f-5.png - :alt: img5 - -CLI Method -'''''''''' - -1. **Create a backup user and give it root privileges** - - You can do so by using these commands: - - .. rstcheck: ignore-next-code-block - .. code-block:: bash - - $ sudo adduser - $ sudo usermod -aG sudo - - In case you prefer to setup U2F for a single user, and are locked out of your - user session, you would still be able to login with the ````, and - proceed with the maintenance. - - .. warning:: - - The following guide can potentially lock you out of your computer. - You should be aware of these risks, as it is recommended to first use - the instructions below on a secondary computer, or after a full - backup. - - You might lose access to your data after configuring `PAM - modules `__. - - -2. **Set up the** ``rules`` **to recognize the Nitrokey FIDO2** - - Under ``/etc/udev/rules.d`` download ``41-nitrokey.rules`` - - .. code-block:: bash - - $ cd /etc/udev/rules.d/ - $ sudo wget https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules - - And restart ``udev`` service - - .. code-block:: bash - - $ sudo systemctl restart udev - -3. **Install** ``libpam-u2f`` - - On Ubuntu 20.04 it is possible to download directly ``libpam-u2f`` from the official repos - - .. code-block:: bash - - $ sudo apt install libpam-u2f - - .. note:: - - Click for more options - - - Alternatively you can build ``libpam-u2f`` from - `Git `__. - - - To verify that the library is properly installed enter the - following command: - - .. code-block:: bash - - $ file /lib/x86_64-linux-gnu/security/pam_u2f.so - - The Output should be something like the following: - - .. rstcheck: ignore-next-code-block - .. code-block:: bash - - /lib/x86_64-linux-gnu/security/pam_u2f.so: \ ELF 64-bit LSB shared object, x86-64, version 1 (SYSV),\ dynamically linked, BuildID[sha1]=1d55e1b11a97be2038c6a139579f6c0d91caedb1, stripped - -4. **Prepare the Directory** - - Create ``.config/Nitrokey/`` under your home directory - - .. code-block:: bash - - $ mkdir ~/.config/Nitrokey - - And plug your Nitrokey FIDO2. - - Once done with the preparation, we can start to configure the computer to use the Nitrokey FIDO2 for 2nd factor authentication at login and ``sudo``. - -5. **Generate the U2F config file** - - To generate the configuration file we will use the ``pamu2fcfg`` utility that comes with the ``libpam-u2f``. For convenience, we will directly write the output of the utility to the ``u2f_keys`` file under ``.config/Nitrokey``. First plug your Nitrokey FIDO2 (if you did not already), and enter the following command: - - .. code-block:: bash - - $ pamu2fcfg > ~/.config/Nitrokey/u2f_keys - - Once you run the command above, you will need to touch the key while it flashes. Once done, ``pamu2fcfg`` will append its output the ``u2f_keys`` in the following format: - - .. code-block:: bash - - :Zx...mw,04...0a - - Note, the output will be much longer, but sensitive parts have been removed here. For better security, and once the config file generated, we will move the ``.config/Nitrokey`` directory under the ``etc/`` - directory with this command: - - .. code-block:: bash - - $ sudo mv ~/.config/Nitrokey /etc - - .. tip:: - - - The file under ``.config/Nitrokey`` must be named ``u2f_keys`` - - - It is recommended to first test the instructions with a single - user. For this purpose the previous command takes the ``-u`` - option, to specify a user, like in the example below: - - .. rstcheck: ignore-next-code-block - .. code-block:: bash - - $ pamu2fcfg -u > ~/.config/Nitrokey/u2f_keys - - - For individual user configuration you should point to the home - directory in the next step, or not include the ``authfile`` option - in the PAM configuration. - -6. **Backup** - - This step is optional, however it is advised to have a backup Nitrokey in the case of loss, theft or destruction of your Nitrokey FIDO. - - To set up a backup key, repeat the procedure above, and use ``pamu2fcfg -n``. This will omit the ```` field, and the output can be appended to the line with your ```` like this: - - .. code-block:: bash - - :Zx...mw,04...0a:xB...fw,04...3f - -7. **Modify the Pluggable Authentication Module** ``PAM`` - - The final step is configure the PAM module files under ``/etc/pam.d/``. In this guide we will modify the ``common-auth`` file as it handles the authentication settings which are common to all services, but other options are possible. You can modify the file with the following command: - - .. code-block:: bash - - $ cd /etc/pam.d - $ sudo $editor common-auth - - And add the following lines at the top of the file: - - .. code-block:: bash - - #Nitrokey FIDO2 config - auth sufficient pam_u2f.so authfile=/etc/Nitrokey/u2f_keys cue prompt nouserok - - .. tip:: - - - Since we are using Central Authentication Mapping, we need to tell - ``pam_u2f`` the location of the file to use with the ``authfile`` - option. - - - If you often forget to insert the key, ``prompt`` option make - ``pam_u2f`` print ``Insert your U2F device, then press ENTER.`` - and give you a chance to insert the Nitrokey. - - - If you would like to be prompted to touch the Nitrokey, ``cue`` - option will make ``pam_u2f`` print ``Please touch the device.`` - message. - - - `nouserok` will ensure that you can still login using the username and - password, you might want to remove this at some point once the setup - is working and you don't want regular username & password based logins. - - Once we modified the ``common-auth``, we can save and exit the file. - - You can test the configuration by typing ``sudo ls`` in the terminal. You should be prompted the message ``Please touch the device.`` and have a similar output on the terminal: - - .. code-block:: bash - - nitrouser@nitrouser:~$ sudo ls - [sudo] password for nitrouser: Please touch the device. - - You can also test your configuration by logging out of the user session and logging back. A similar screen should be displayed once you you unplug/replug yout Nitrokey FIDO2 and type your password: - - .. figure:: /fido2/linux/images/u2f-fido-pam-2.png - :alt: img6 - -Usage ------ - -After the PAM module modification, you will be able to test your configuration right away, but it is recommended to reboot your computer, and unplug/replug the Nitrokey FIDO2. - -Once you have properly tested the instructions in this guide (and set up a backup), it is recommended to use either the ``required`` or the ``requisite`` control flag instead of ``sufficient``. - -The flags ``required`` and ``requisite`` provide a tighter access control, and will make the Nitrokey FIDO2 necessary to login, and/or use the configured service. - -If you need more information about Control Flags in the ``PAM`` -configuration line, you may see the last section of this guide to understand the difference, and the implications of using each of them. - -PAM Modules -'''''''''''''''''''''''' - -There are several PAM modules files that can be modified according to your needs: - -- By modifying ``/etc/pam.d/common-auth`` file, you will be able to use - you Nitrokey FIDO for 2nd factor authentication for graphic login and - ``sudo``. Note: ``common-auth`` should be modified by adding the - additional configuration line at the end of the file. - -- If you wish to use FIDO U2F authentication solely for Gnome’s graphic - login, you might prefer to modify the\ ``/etc/pam.d/gdm-password`` - -- Alternatively you can just modify the ``/etc/pam.d/sudo`` file if you - wish to use FIDO U2F when using the ``sudo`` command. - -Control Flags -'''''''''''''''''''''''' - -In step 7 we have used the ``sufficient`` control flag to determine the behavior of the PAM module when the Nitrokey is plugged or not. However it is possible to change this behavior by using the following control flags: - -- ``required``: This is the most critical flag. The module result must - be successful for authentication to continue. This flag can lock you - out of your computer if you do not have access to the Nitrokey. - -- ``requisite``: Similar to ``required`` however, in the case where a - specific module returns a failure, control is directly returned to - the application, or to the superior PAM stack. This flag can also - lock you out of your computer if you do not have access to the - Nitrokey. - -- ``sufficient``: The module result is ignored if it fails. The - ``sufficient`` flag considered to be safe for testing purposes. - -- ``optional``: The success or failure of this module is only important - if it is the only module in the stack associated with this - service+type. The ``optional`` flag is considered to be safe to use - for testing purposes. - -.. warning:: - - - If ``required`` or ``requisite`` is set, the failure of U2F - authentication will cause a failure of the overall authentication. - Failure will occur when the configured Nitrokey FIDO is not - plugged, lost or destroyed. - - - You will lose access to your computer if you mis-configured the - PAM module *and* used the ``required`` or ``requisite`` flags. - - - You will also lose the ability to use ``sudo`` if you set up - Central Authentication Mapping *and* used the ``required`` or - ``requisite`` flags. diff --git a/nitrokeys/features/fido2/index.rst b/nitrokeys/features/fido2/index.rst index df54c81dcc..5fa8db54b0 100644 --- a/nitrokeys/features/fido2/index.rst +++ b/nitrokeys/features/fido2/index.rst @@ -7,5 +7,5 @@ FIDO2 :glob: Website Login - Desktop Login + Nextcloud Login Passwordless Microsoft Login (Windows only) \ No newline at end of file diff --git a/nitrokeys/features/u2f/nextcloud.rst b/nitrokeys/features/fido2/nextcloud.rst similarity index 75% rename from nitrokeys/features/u2f/nextcloud.rst rename to nitrokeys/features/fido2/nextcloud.rst index 3c460fcee2..c6e5224a59 100644 --- a/nitrokeys/features/u2f/nextcloud.rst +++ b/nitrokeys/features/fido2/nextcloud.rst @@ -1,7 +1,7 @@ Two-Factor Authentication And Passwordless Login For Nextcloud Accounts ======================================================================= -These are the basic steps for registering the Nitrokey FIDO2 as a second factor or setting up passwordless login of a Nextcloud account. +These are the basic steps for registering the Nitrokey as a second factor or setting up passwordless login of a Nextcloud account. .. raw:: html diff --git a/nitrokeys/hsm/apache2-tls.rst.inc b/nitrokeys/features/hsm/apache2-tls.rst similarity index 100% rename from nitrokeys/hsm/apache2-tls.rst.inc rename to nitrokeys/features/hsm/apache2-tls.rst diff --git a/nitrokeys/hsm/dnssec.rst b/nitrokeys/features/hsm/dnssec.rst similarity index 100% rename from nitrokeys/hsm/dnssec.rst rename to nitrokeys/features/hsm/dnssec.rst diff --git a/nitrokeys/hsm/import-keys-certs.rst b/nitrokeys/features/hsm/import-keys-certs.rst similarity index 100% rename from nitrokeys/hsm/import-keys-certs.rst rename to nitrokeys/features/hsm/import-keys-certs.rst diff --git a/nitrokeys/features/hsm/index.rst b/nitrokeys/features/hsm/index.rst new file mode 100644 index 0000000000..0855f90257 --- /dev/null +++ b/nitrokeys/features/hsm/index.rst @@ -0,0 +1,19 @@ +HSM Features +============ + +.. toctree:: + :maxdepth: 1 + + SMIME <../openpgp-card/smime/index> + Smart <../openpgp-card/desktop-login/smart-policy> + GPA <../openpgp-card/gpa/index> + DNSSEC (Linux only) + Hard Disk Encryption <../openpgp-card/hard-disk-encryption/index> + Automatic Screen Lock (Linux only) <../misc/automatic-screen-lock/index> + Import Keys Certs + Stunnel (Linux only) <../openpgp-card/stunnel/index> + Certificate Authority <../openpgp-card/certificate-authority/index> + Ipsec (Linux only) <../openpgp-card/ipsec/index> + N-of-m Schemes (Linux only) + Pkcs11-URL + Apache 2 TLS \ No newline at end of file diff --git a/nitrokeys/hsm/n-of-m-schemes.rst b/nitrokeys/features/hsm/n-of-m-schemes.rst similarity index 98% rename from nitrokeys/hsm/n-of-m-schemes.rst rename to nitrokeys/features/hsm/n-of-m-schemes.rst index 622ac1ba44..d9813edf93 100644 --- a/nitrokeys/hsm/n-of-m-schemes.rst +++ b/nitrokeys/features/hsm/n-of-m-schemes.rst @@ -1,3 +1,6 @@ +N-of-m Schemes +============== + The Nitrokey HSM 2 supports two different n-of-m schemes - one for secure sharing of key material/passwords and one for public key authentication to control the access to the device. Please see `this blog post `__ for more detailed information. N-of-m for DKEK Shares diff --git a/nitrokeys/hsm/pkcs11-url.rst.inc b/nitrokeys/features/hsm/pkcs11-url.rst similarity index 100% rename from nitrokeys/hsm/pkcs11-url.rst.inc rename to nitrokeys/features/hsm/pkcs11-url.rst diff --git a/nitrokeys/features/index.rst b/nitrokeys/features/index.rst index dbc625a855..5c2c6f7d77 100644 --- a/nitrokeys/features/index.rst +++ b/nitrokeys/features/index.rst @@ -8,5 +8,10 @@ Features FIDO2 U2F TOTP + OpenPGP card + Password Safe + Encrypted Mobile Storage + Hidden Storage HSM PIV (Windows only) + Miscellaneous diff --git a/nitrokeys/features/automatic-screen-lock/index.rst b/nitrokeys/features/misc/automatic-screen-lock/index.rst similarity index 100% rename from nitrokeys/features/automatic-screen-lock/index.rst rename to nitrokeys/features/misc/automatic-screen-lock/index.rst diff --git a/nitrokeys/features/ecc/index.rst b/nitrokeys/features/misc/ecc/index.rst similarity index 100% rename from nitrokeys/features/ecc/index.rst rename to nitrokeys/features/misc/ecc/index.rst diff --git a/nitrokeys/features/misc/index.rst b/nitrokeys/features/misc/index.rst new file mode 100644 index 0000000000..bf22ee9035 --- /dev/null +++ b/nitrokeys/features/misc/index.rst @@ -0,0 +1,8 @@ +Miscellaneous +============= + +.. toctree:: + :maxdepth: 1 + + Automatic Screen Lock + Elliptic Curves (ECC) Support \ No newline at end of file diff --git a/nitrokeys/features/certificate-authority/index.rst b/nitrokeys/features/openpgp-card/certificate-authority/index.rst similarity index 100% rename from nitrokeys/features/certificate-authority/index.rst rename to nitrokeys/features/openpgp-card/certificate-authority/index.rst diff --git a/nitrokeys/features/eid/images/eidauthenticate/1.png b/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/1.png similarity index 100% rename from nitrokeys/features/eid/images/eidauthenticate/1.png rename to nitrokeys/features/openpgp-card/eid/images/eidauthenticate/1.png diff --git a/nitrokeys/features/eid/images/eidauthenticate/2.png b/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/2.png similarity index 100% rename from nitrokeys/features/eid/images/eidauthenticate/2.png rename to nitrokeys/features/openpgp-card/eid/images/eidauthenticate/2.png diff --git a/nitrokeys/features/eid/images/eidauthenticate/3.png b/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/3.png similarity index 100% rename from nitrokeys/features/eid/images/eidauthenticate/3.png rename to nitrokeys/features/openpgp-card/eid/images/eidauthenticate/3.png diff --git a/nitrokeys/features/eid/images/eidauthenticate/4.png b/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/4.png similarity index 100% rename from nitrokeys/features/eid/images/eidauthenticate/4.png rename to nitrokeys/features/openpgp-card/eid/images/eidauthenticate/4.png diff --git a/nitrokeys/features/eid/images/eidauthenticate/5.png b/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/5.png similarity index 100% rename from nitrokeys/features/eid/images/eidauthenticate/5.png rename to nitrokeys/features/openpgp-card/eid/images/eidauthenticate/5.png diff --git a/nitrokeys/features/eid/images/eidauthenticate/6.png b/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/6.png similarity index 100% rename from nitrokeys/features/eid/images/eidauthenticate/6.png rename to nitrokeys/features/openpgp-card/eid/images/eidauthenticate/6.png diff --git a/nitrokeys/features/eid/images/eidauthenticate/7.png b/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/7.png similarity index 100% rename from nitrokeys/features/eid/images/eidauthenticate/7.png rename to nitrokeys/features/openpgp-card/eid/images/eidauthenticate/7.png diff --git a/nitrokeys/features/eid/images/eidauthenticate/8.png b/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/8.png similarity index 100% rename from nitrokeys/features/eid/images/eidauthenticate/8.png rename to nitrokeys/features/openpgp-card/eid/images/eidauthenticate/8.png diff --git a/nitrokeys/features/eid/images/eidauthenticate/9.png b/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/9.png similarity index 100% rename from nitrokeys/features/eid/images/eidauthenticate/9.png rename to nitrokeys/features/openpgp-card/eid/images/eidauthenticate/9.png diff --git a/nitrokeys/features/eid/index.rst b/nitrokeys/features/openpgp-card/eid/index.rst similarity index 100% rename from nitrokeys/features/eid/index.rst rename to nitrokeys/features/openpgp-card/eid/index.rst diff --git a/nitrokeys/nitrokey3/linux/fedora-gnupg-configuration.rst b/nitrokeys/features/openpgp-card/fedora-gnupg-configuration.rst similarity index 100% rename from nitrokeys/nitrokey3/linux/fedora-gnupg-configuration.rst rename to nitrokeys/features/openpgp-card/fedora-gnupg-configuration.rst diff --git a/nitrokeys/features/openpgp-card/index.rst b/nitrokeys/features/openpgp-card/index.rst index 5088194811..14298cb532 100644 --- a/nitrokeys/features/openpgp-card/index.rst +++ b/nitrokeys/features/openpgp-card/index.rst @@ -76,3 +76,9 @@ You can find further information about the usage on these pages: - to use `Stunnel `_ - to use `Gnu Privacy Assistant (GPA) `_ + +- to use `EID `_ + +- to use `Certificate-authority `_ + +- to use `GnuPG with Fedora `_ \ No newline at end of file diff --git a/nitrokeys/features/openpgp-card/ipsec/index.rst b/nitrokeys/features/openpgp-card/ipsec/index.rst index 4fe4c78568..b9d8b59fb4 100644 --- a/nitrokeys/features/openpgp-card/ipsec/index.rst +++ b/nitrokeys/features/openpgp-card/ipsec/index.rst @@ -1,3 +1,6 @@ +IPSec +===== + .. contents:: :local: `Strong Swan `__ works using the `PKCS#11 driver `__. Basically follow these steps: diff --git a/nitrokeys/features/openpgp-card/smime/index.rst b/nitrokeys/features/openpgp-card/smime/index.rst index a05b6bf5c8..281259e557 100644 --- a/nitrokeys/features/openpgp-card/smime/index.rst +++ b/nitrokeys/features/openpgp-card/smime/index.rst @@ -12,7 +12,7 @@ There are two widely used standards for email encryption. - S/MIME/X.509 is mostly used by enterprises. -If you are in doubt which one to choose, you should use OpenPGP, see `here <../openpgp/index.html>`_. This page describes the usage of S/MIME email encryption. +If you are in doubt which one to choose, you should use OpenPGP, see `here <../openpgp/index.html>`_ (not applicable for the Nitrokey HSM 2, the Nitrokey HSM 2 currently supports the S/MIME/X.509 standard though, therefore the rest of the guide is applicable for the HSM 2 and other Nitrokeys). This page describes the usage of S/MIME email encryption. You need to purchase a S/MIME certificate (e.g. at `CERTUM `__) or may already got one by your company. Furthermore, you need to install `OpenSC `__ on your System. While GNU/Linux users usually can install OpenSC over the package manager (e.g. ``sudo apt install opensc`` on Ubuntu), macOS and Windows users can download the installation files from the `OpenSC `__ page. diff --git a/nitrokeys/features/openpgp-card/stunnel/index.rst b/nitrokeys/features/openpgp-card/stunnel/index.rst index 4869e58c9f..ed470bdf10 100644 --- a/nitrokeys/features/openpgp-card/stunnel/index.rst +++ b/nitrokeys/features/openpgp-card/stunnel/index.rst @@ -1,3 +1,6 @@ +Stunnel +======= + .. contents:: :local: `Stunnel `__ works as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. diff --git a/nitrokeys/features/password-safe/index.rst b/nitrokeys/features/password-safe/index.rst new file mode 100644 index 0000000000..80a4d37425 --- /dev/null +++ b/nitrokeys/features/password-safe/index.rst @@ -0,0 +1,9 @@ +Password Safe +============= + + +.. toctree:: + :maxdepth: 1 + :glob: + + KeepassXC <../../../software/nk-app2/keepassxc> \ No newline at end of file diff --git a/nitrokeys/features/u2f/2fa.rst b/nitrokeys/features/u2f/2fa.rst index c366b2098e..b3942ad803 100644 --- a/nitrokeys/features/u2f/2fa.rst +++ b/nitrokeys/features/u2f/2fa.rst @@ -16,7 +16,7 @@ Two-Factor Authentication (2FA) You are now ready to go. .. important:: - The Nitrokey App can not be used for the Nitrokey FIDO U2F. + The Nitrokey App can not be used for the Nitrokey U2F. Troubleshooting (Linux) ----------------------- diff --git a/nitrokeys/features/u2f/index.rst b/nitrokeys/features/u2f/index.rst index fb6eca4004..3f4cfd390b 100644 --- a/nitrokeys/features/u2f/index.rst +++ b/nitrokeys/features/u2f/index.rst @@ -2,6 +2,7 @@ U2F === .. toctree:: + :maxdepth: 1 Desktop Login (Linux only) Nextcloud Login diff --git a/nitrokeys/fido2/guides.rst b/nitrokeys/fido2/guides.rst new file mode 100644 index 0000000000..f319018688 --- /dev/null +++ b/nitrokeys/fido2/guides.rst @@ -0,0 +1,7 @@ +Nitrokey FIDO2 Guides +===================== + +.. toctree:: + :maxdepth: 1 + + firmware update \ No newline at end of file diff --git a/nitrokeys/fido2/index.rst b/nitrokeys/fido2/index.rst index 2013b4d0b9..437ef39e60 100644 --- a/nitrokeys/fido2/index.rst +++ b/nitrokeys/fido2/index.rst @@ -9,8 +9,15 @@ First check the: :maxdepth: 1 :glob: - Frequently Asked Questions Getting Started + Frequently Asked Questions + +and the: + +.. toctree:: + :maxdepth: 2 + + Product-specific Guides or check out the features: @@ -19,7 +26,4 @@ or check out the features: :glob: Features - - - firmware update diff --git a/nitrokeys/hsm/features.rst b/nitrokeys/hsm/features.rst new file mode 100644 index 0000000000..3256f78b11 --- /dev/null +++ b/nitrokeys/hsm/features.rst @@ -0,0 +1,7 @@ +Nitrokey HSM 2 features +======================= + +.. toctree:: + :maxdepth: 2 + + HSM <../features/hsm/index> diff --git a/nitrokeys/hsm/index.rst b/nitrokeys/hsm/index.rst index 5aadedce80..4252d59053 100644 --- a/nitrokeys/hsm/index.rst +++ b/nitrokeys/hsm/index.rst @@ -18,15 +18,4 @@ or check out the features: :maxdepth: 1 :glob: - SMIME <../features/smime/index> - Smart <../features/desktop-login/third-party/smart-policy> - GPA <../features/gpa/index> - DNSSEC (Linux only) - Hard Disk Encryption <../features/hard-disk-encryption> - Automatic Screen Lock (Linux only) <../features/automatic-screen-lock/index> - Import Keys Certs - Stunnel (Linux only) - Certificate Authority <../features/certificate-authority> - Ipsec (Linux only) - N of M Schemes (Linux only? ) - Pkcs11-URL \ No newline at end of file + Features \ No newline at end of file diff --git a/nitrokeys/hsm/ipsec.rst b/nitrokeys/hsm/ipsec.rst deleted file mode 100644 index f206b18b45..0000000000 --- a/nitrokeys/hsm/ipsec.rst +++ /dev/null @@ -1,46 +0,0 @@ -.. contents:: :local: - -`Strong Swan `__ works using the `PKCS#11 driver `__. Basically follow these steps: - -1. Generate a key on Nitrokey via pkcs11-tool. In this example it's a 4096 bit RSA key. - -.. code-block:: bash - - $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so -l -k --key-type rsa:4096 --id 10 --label 'Staging Access' - -2. Generate a certificate signing request via openssl + pkcs11 module - -.. code-block:: bash - - $ openssl - OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so - OpenSSL> req -engine pkcs11 -sha256 -new -key id_10 -keyform engine -out user@email.com-staging-cert.csr -subj '/C=GB/L=Cambridge/O=Organization/OU=Staging Access/CN=user@email.com/emailAddress=user@email.com' - -3. Sign the certificate with your certificate authority - -4. Convert the certificate to DER - -.. code-block:: bash - - $ openssl x509 -in user@email.com-staging-cert.csr -out user@email.com-staging-cert.der -outform DER - -5. Import the certificate into the Nitrokey via pkcs11-tool - -.. code-block:: bash - - $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so -l -y cert -w user@email.com-staging-cert.der --id 10 --label 'Staging Access' - -6. Configure Strongswan to load opensc-pkcs11 module then to load the certificate on Nitrokey. Edit /etc/strongswan.d/charon/pkcs11.conf and add the following module: - -.. code-block:: bash - - modules { - Nitrokey { - path = /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so - } - } - - -7. Initiate the VPN connection via IPSec/Strongswan, then prompt for Nitrokey PIN - -8. VPN is now connected \ No newline at end of file diff --git a/nitrokeys/hsm/smime.rst b/nitrokeys/hsm/smime.rst deleted file mode 100644 index e248dbcf2a..0000000000 --- a/nitrokeys/hsm/smime.rst +++ /dev/null @@ -1,67 +0,0 @@ -S/MIME Email Encryption -======================= - -.. contents:: :local: - -Prerequisites -------------- - -There are two widely used standards for email encryption. - -- OpenPGP/GnuPG is popular among individuals, - -- S/MIME/X.509 is mostly used by enterprises. - -The Nitrokey HSM 2 currently supports the S/MIME/X.509 standard. This page describes the usage of S/MIME email encryption. - -You need to purchase a S/MIME certificate (e.g. at `CERTUM `__) or may already got one by your company. Furthermore, you need to install `OpenSC `__ on your System. While GNU/Linux users usually can install OpenSC over the package manager (e.g. ``sudo apt install opensc`` on Ubuntu), macOS and Windows users can download the installation files from the `OpenSC `__ page. - -.. note:: - Windows users with 64-bit system (standard) need to install both, the 32-bit and the 64-bit version of OpenSC! - -Import Existing Key and Certificate ------------------------------------ - -The following instructions are based on the `wiki of OpenSC `__. We will assume, that you already got a key-certificate pair as a .p12 file. Please have a look at the wiki page, if you got a separate key and certificate file. - -To open the Windows command line please push the Windows-key and R-key. Now type ‘cmd.exe’ in the text field and hit enter. To open a Terminal on macOS or GNU/Linux please use the application search (e.g. spotlight on macOS). - -To make these commands as simple as possible, the .p12 file needs to be in your home folder. On Windows this is usually ``C:\Users\yourusername`` and on macOS and GNU/Linux system it will be ``/home/yourusername``. If you do not store the .p12 file there, you have to adapt the path in the commands below. Please plug in the Nitrokey before submitting the commands. - -Assuming that your key-certificate file reads ‘myprivate.p12’ the commands for Windows looks like this: - -.. code-block:: bash - - "C:\Program Files\OpenSC Project\OpenSC\tools\pkcs15-init" --delete-objects privkey,pubkey --id 3 --store-private-key myprivate.p12 --format pkcs12 --auth-id 3 --verify-pin - "C:\Program Files\OpenSC Project\OpenSC\tools\pkcs15-init" --delete-objects privkey,pubkey --id 2 --store-private-key myprivate.p12 --format pkcs12 --auth-id 3 --verify-pin - -and on macOS and GNU/Linux it will be - -.. code-block:: bash - - $ pkcs15-init --delete-objects privkey,pubkey --id 3 --store-private-key myprivate.p12 --format pkcs12 --auth-id 3 --verify-pin - $ pkcs15-init --delete-objects privkey,pubkey --id 2 --store-private-key myprivate.p12 --format pkcs12 --auth-id 3 --verify-pin - -The two commands copy the key-certificate pair to the slot 2 (needed for decrypting emails) and slot 3 (needed for signing). The output looks on both systems something like this: - -.. figure:: /pro/images/smime/1.png - :alt: img1 - - - -Please note that there will be error messages that can be safely ignored (see output example above). You now have the key-certificate pair loaded on the Nitrokey. - -Usage ------ - -You can find further information about the usage on these pages: - -- for using `S/MIME encryption on - Thunderbird `_ - -- for using `S/MIME encryption on - Outlook `_ - -- for using - `Evolution `__, - an email client for the Gnome Desktop on Linux systems diff --git a/nitrokeys/hsm/stunnel.rst b/nitrokeys/hsm/stunnel.rst deleted file mode 100644 index 2f43e7ed18..0000000000 --- a/nitrokeys/hsm/stunnel.rst +++ /dev/null @@ -1,19 +0,0 @@ -.. contents:: :local: - -`Stunnel `__ works as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. - -Stunnel is able to load OpenSC PKCS#11 engine using this configuration: - -.. code-block:: bash - - engine=dynamic - engineCtrl=SO_PATH:/usr/lib/opensc/engine_pkcs11.so - engineCtrl=ID:pkcs11 - engineCtrl=LIST_ADD:1 - engineCtrl=LOAD - engineCtrl=MODULE_PATH:/usr/lib/pkcs11/opensc-pkcs11.so - engineCtrl=INIT - - [service] - engineNum=1 - key=id_45 \ No newline at end of file diff --git a/nitrokeys/nitrokey3/adsk.rst.inc b/nitrokeys/nitrokey3/adsk.rst similarity index 100% rename from nitrokeys/nitrokey3/adsk.rst.inc rename to nitrokeys/nitrokey3/adsk.rst diff --git a/nitrokeys/nitrokey3/features.rst b/nitrokeys/nitrokey3/features.rst index 5bfd9b6032..f1b7c8275b 100644 --- a/nitrokeys/nitrokey3/features.rst +++ b/nitrokeys/nitrokey3/features.rst @@ -22,6 +22,11 @@ features are realized. - USB, NFC - no + * - `U2F`_ + - Predecessor of FIDO2 mainly used for Two-Factor Authentication + - USB, NFC + - no + * - `OpenPGP Card`_ - Asymmetric cryptography; keep your private key(s) secure; email encryption - USB @@ -76,8 +81,9 @@ data migrations from test to stable firmwares will not be implemented.** .. _FIDO2: ../features/fido/index.html -.. _OpenPGP Card: ../features/openpgp/index.html -.. _Password Safe: https://github.com/Nitrokey/trussed-secrets-app +.. _U2F: ../features/u2f/index.html +.. _OpenPGP Card: ../features/openpgp-card/index.html +.. _Password Safe: ../features/password-safe/index.html .. _Admin App: https://github.com/Nitrokey/admin-app .. _PIV: ../features/piv/index .. _WebSmartCard: https://github.com/Nitrokey/nitrokey-websmartcard diff --git a/nitrokeys/nitrokey3/linux/firmware-update-qubes.rst b/nitrokeys/nitrokey3/firmware-update-qubes.rst similarity index 100% rename from nitrokeys/nitrokey3/linux/firmware-update-qubes.rst rename to nitrokeys/nitrokey3/firmware-update-qubes.rst diff --git a/nitrokeys/nitrokey3/guides.rst b/nitrokeys/nitrokey3/guides.rst new file mode 100644 index 0000000000..84422423ec --- /dev/null +++ b/nitrokeys/nitrokey3/guides.rst @@ -0,0 +1,13 @@ +Nitrokey 3 Guides +================= + +.. toctree:: + :maxdepth: 2 + + Firmware Update + Firmware Update Qubes + Set Pins + nitropy + Reset + Troubleshooting + Additional Decryption Subkeys (ADSK) with GnuPG \ No newline at end of file diff --git a/nitrokeys/nitrokey3/index.rst b/nitrokeys/nitrokey3/index.rst index b01485d7c8..fc33550adb 100644 --- a/nitrokeys/nitrokey3/index.rst +++ b/nitrokeys/nitrokey3/index.rst @@ -12,21 +12,20 @@ First check the: Frequently Asked Questions Getting Started +and the: + +.. toctree:: + :maxdepth: 2 + + Product-specific Guides or check out the features: .. toctree:: - :maxdepth: 1 + :maxdepth: 5 :glob: Features - set pin - firmware-update - main
- nitropy - desktop login <../features/desktop-login/index> - reset - passwordless microsoft <../features/fido/passwordless-microsoft> Additional features like PIV (Windows only) are available in test firmware releases. See the `release notes`_ on GitHub for more information. diff --git a/nitrokeys/nitrokey3/keepassxc.rst b/nitrokeys/nitrokey3/keepassxc.rst deleted file mode 100644 index 148bcb82bd..0000000000 --- a/nitrokeys/nitrokey3/keepassxc.rst +++ /dev/null @@ -1,2 +0,0 @@ - -.. include:: ../../software/nk-app2/keepassxc.rst diff --git a/nitrokeys/nitrokey3/troubleshooting.rst.inc b/nitrokeys/nitrokey3/troubleshooting.rst similarity index 100% rename from nitrokeys/nitrokey3/troubleshooting.rst.inc rename to nitrokeys/nitrokey3/troubleshooting.rst diff --git a/nitrokeys/pro/features.rst b/nitrokeys/pro/features.rst index ff6c7909b6..06092cf066 100644 --- a/nitrokeys/pro/features.rst +++ b/nitrokeys/pro/features.rst @@ -5,4 +5,6 @@ Features :maxdepth: 2 OpenPGP Card <../features/openpgp-card/index> - U2F <../features/u2f/index> \ No newline at end of file + U2F <../features/u2f/index> + ECC <../features/misc/ecc/index> + Automatic Screen Lock (Linux) <../features/misc/automatic-screen-lock/index> diff --git a/nitrokeys/pro/getting-started.rst b/nitrokeys/pro/getting-started.rst index a09313cb18..8dc0038b9f 100644 --- a/nitrokeys/pro/getting-started.rst +++ b/nitrokeys/pro/getting-started.rst @@ -30,11 +30,11 @@ Getting Started 2. Download and start the `Nitrokey App `__. Follow the - `instructions <../features/change-pins/index.html>`_ + `instructions <../product-guides/change-pins/index.html>`_ to change the default User PIN (default: 123456) and Admin PIN (default: 12345678) to your own choices. -.. figure:: ../features/change-pins/images/change-pins/App-change-pin.png +.. figure:: ../product-guides/change-pins/images/change-pins/App-change-pin.png :alt: img diff --git a/nitrokeys/pro/guides.rst b/nitrokeys/pro/guides.rst new file mode 100644 index 0000000000..4641994e21 --- /dev/null +++ b/nitrokeys/pro/guides.rst @@ -0,0 +1,9 @@ +Nitrokey Pro 2 Guides +===================== + +.. toctree:: + :maxdepth: 1 + + Update + Factory Reset + Change PIN <../product-guides/change-pins/index> \ No newline at end of file diff --git a/nitrokeys/pro/index.rst b/nitrokeys/pro/index.rst index 9e41653ace..65697491c1 100644 --- a/nitrokeys/pro/index.rst +++ b/nitrokeys/pro/index.rst @@ -10,8 +10,15 @@ First check the: :maxdepth: 1 :glob: - Frequently Asked Questions Getting Started + Frequently Asked Questions + +and the: + +.. toctree:: + :maxdepth: 2 + + Product-specific Guides or check out the features: @@ -22,15 +29,3 @@ or check out the features: Features - - - - Update - Factory Reset - Change PIN <../features/change-pins/index> - ECC <../features/ecc/index> - EID <../features/eid/index> - Automatic Screen Lock (Linux) <../features/automatic-screen-lock/index> - Certificate authority <../features/certificate-authority/index> - - diff --git a/nitrokeys/features/change-pins/images/change-pins/1.png b/nitrokeys/product-guides/change-pins/images/change-pins/1.png similarity index 100% rename from nitrokeys/features/change-pins/images/change-pins/1.png rename to nitrokeys/product-guides/change-pins/images/change-pins/1.png diff --git a/nitrokeys/features/change-pins/images/change-pins/2.png b/nitrokeys/product-guides/change-pins/images/change-pins/2.png similarity index 100% rename from nitrokeys/features/change-pins/images/change-pins/2.png rename to nitrokeys/product-guides/change-pins/images/change-pins/2.png diff --git a/nitrokeys/features/change-pins/images/change-pins/3.png b/nitrokeys/product-guides/change-pins/images/change-pins/3.png similarity index 100% rename from nitrokeys/features/change-pins/images/change-pins/3.png rename to nitrokeys/product-guides/change-pins/images/change-pins/3.png diff --git a/nitrokeys/features/change-pins/images/change-pins/4.png b/nitrokeys/product-guides/change-pins/images/change-pins/4.png similarity index 100% rename from nitrokeys/features/change-pins/images/change-pins/4.png rename to nitrokeys/product-guides/change-pins/images/change-pins/4.png diff --git a/nitrokeys/features/change-pins/images/change-pins/App-change-pin.png b/nitrokeys/product-guides/change-pins/images/change-pins/App-change-pin.png similarity index 100% rename from nitrokeys/features/change-pins/images/change-pins/App-change-pin.png rename to nitrokeys/product-guides/change-pins/images/change-pins/App-change-pin.png diff --git a/nitrokeys/features/change-pins/index.rst b/nitrokeys/product-guides/change-pins/index.rst similarity index 100% rename from nitrokeys/features/change-pins/index.rst rename to nitrokeys/product-guides/change-pins/index.rst diff --git a/nitrokeys/start/guides.rst b/nitrokeys/start/guides.rst new file mode 100644 index 0000000000..7f7ba3da2f --- /dev/null +++ b/nitrokeys/start/guides.rst @@ -0,0 +1,10 @@ +Nitrokey Start Guides +===================== + +.. toctree:: + :maxdepth: 1 + + Multiple Identities + Setting KDF-DO + Factory Reset + Firmware Update \ No newline at end of file diff --git a/nitrokeys/start/index.rst b/nitrokeys/start/index.rst index 8d1885f745..3b053c87e9 100644 --- a/nitrokeys/start/index.rst +++ b/nitrokeys/start/index.rst @@ -9,20 +9,20 @@ First check the: :maxdepth: 1 :glob: - Frequently Asked Questions Getting Started + Frequently Asked Questions -or check out the features: +and the: .. toctree:: - :maxdepth: 4 - :glob: + :maxdepth: 2 - Features + Product-specific Guides +or check out the features: +.. toctree:: + :maxdepth: 4 + :glob: - Multiple Identities - Setting KDF-DO - Factory Reset - Firmware Update \ No newline at end of file + Features \ No newline at end of file diff --git a/nitrokeys/storage/features.rst b/nitrokeys/storage/features.rst index 2760152445..e02a174438 100644 --- a/nitrokeys/storage/features.rst +++ b/nitrokeys/storage/features.rst @@ -8,4 +8,6 @@ Features U2F <../features/u2f/index> OpenPGP Card <../features/openpgp-card/index> Hidden Storage <../features/hidden-storage/index> - Encrypted Mobile Storage <../features/encrpyted-mobile-storage/index> \ No newline at end of file + Encrypted Mobile Storage <../features/encrpyted-mobile-storage/index> + ECC <../features/misc/ecc/index> + Automatic Screen Lock (Linux) <../features/misc/automatic-screen-lock/index> \ No newline at end of file diff --git a/nitrokeys/storage/guides.rst b/nitrokeys/storage/guides.rst new file mode 100644 index 0000000000..555d4c3886 --- /dev/null +++ b/nitrokeys/storage/guides.rst @@ -0,0 +1,10 @@ +Nitrokey Storage Guides +======================= + +.. toctree:: + :maxdepth: 1 + + Change PIN <../product-guides/change-pins/index> + Firmware-Update + Manual Firmware-Update + Factory Reset \ No newline at end of file diff --git a/nitrokeys/storage/index.rst b/nitrokeys/storage/index.rst index 0aef703d82..cbf2d4c6f5 100644 --- a/nitrokeys/storage/index.rst +++ b/nitrokeys/storage/index.rst @@ -9,8 +9,15 @@ First check the: :maxdepth: 1 :glob: - Frequently Asked Questions Getting Started + Frequently Asked Questions + +and the: + +.. toctree:: + :maxdepth: 2 + + Product-specific Guides or check out the features: @@ -18,11 +25,4 @@ or check out the features: :maxdepth: 3 :glob: - Automatic Screen Lock (Linux) <../features/automatic-screen-lock/index> - Certificate authority <../features/certificate-authority/index> - Change PIN <../features/change-pins/index> - ECC <../features/ecc/index> - EID <../features/eid/index> - Firmware-Update - Manual Firmware-Update - Factory Reset \ No newline at end of file + Features \ No newline at end of file diff --git a/nitrokeys/u2f/index.rst b/nitrokeys/u2f/index.rst index 785445a84c..4a7b707961 100644 --- a/nitrokeys/u2f/index.rst +++ b/nitrokeys/u2f/index.rst @@ -1,5 +1,5 @@ -Nitrokey FIDO U2F -================= +Nitrokey U2F +============ .. contents:: :local: From 3a9cbd891fe242115d553fa7098faf514fc1aa15 Mon Sep 17 00:00:00 2001 From: Marlin Date: Wed, 7 Aug 2024 17:10:31 +0200 Subject: [PATCH 18/33] fixed most CI errors --- nitrokeys/features/hsm/apache2-tls.rst | 2 +- nitrokeys/features/hsm/pkcs11-url.rst | 2 +- nitrokeys/features/misc/ecc/index.rst | 2 +- .../certificate-authority/index.rst | 20 +- .../openpgp-card/desktop-login/pam.rst | 30 +-- .../desktop-login/smart-policy.rst | 84 +++---- nitrokeys/features/openpgp-card/eid/index.rst | 37 +-- .../features/openpgp-card/ipsec/index.rst | 32 +-- .../openpgp-card/openpgp-keygen-backup.rst | 14 +- .../openpgp-card/openpgp-keygen-on-device.rst | 10 +- .../openpgp-card/openpgp-thunderbird.rst | 77 +++--- .../features/openpgp-card/openvpn/easyrsa.rst | 228 +++++++++--------- nitrokeys/features/u2f/odoo.rst | 4 +- nitrokeys/fido2/firmware-update.rst | 1 - nitrokeys/nitrokey3/firmware-update.rst | 3 +- nitrokeys/nitrokey3/index.rst | 1 - nitrokeys/start/multiple-identities.rst | 20 +- 17 files changed, 286 insertions(+), 281 deletions(-) diff --git a/nitrokeys/features/hsm/apache2-tls.rst b/nitrokeys/features/hsm/apache2-tls.rst index 78a27eafa6..f57f2de4d2 100644 --- a/nitrokeys/features/hsm/apache2-tls.rst +++ b/nitrokeys/features/hsm/apache2-tls.rst @@ -70,7 +70,7 @@ Complete Apache2 Config Example ------------------------------- A complete Apache2 (``VirtualHost``) config snippet might look like this: -.. code-block:: bash +.. code-block:: SSLPassPhraseDialog "|/bin/echo 123456" diff --git a/nitrokeys/features/hsm/pkcs11-url.rst b/nitrokeys/features/hsm/pkcs11-url.rst index 67302aaa1f..79745a0144 100644 --- a/nitrokeys/features/hsm/pkcs11-url.rst +++ b/nitrokeys/features/hsm/pkcs11-url.rst @@ -41,7 +41,7 @@ Use the following command to get a list of available tokens (Nitrokeys): Choose the token (Nitrokey) URL you want to generate URL tokens for and use it like this: -.. code-block:: bash +.. code-block:: p11tool --list-all diff --git a/nitrokeys/features/misc/ecc/index.rst b/nitrokeys/features/misc/ecc/index.rst index 7eb28ac0e4..2d1cb90749 100644 --- a/nitrokeys/features/misc/ecc/index.rst +++ b/nitrokeys/features/misc/ecc/index.rst @@ -86,7 +86,7 @@ Now we enter ``gpg2 --card-edit`` and see that brainpoolP256r1 is under Then we create the key. -.. code-block:: bash +.. code-block:: gpg/card> admin Admin commands are allowed diff --git a/nitrokeys/features/openpgp-card/certificate-authority/index.rst b/nitrokeys/features/openpgp-card/certificate-authority/index.rst index 6e64e24933..df5cf29243 100644 --- a/nitrokeys/features/openpgp-card/certificate-authority/index.rst +++ b/nitrokeys/features/openpgp-card/certificate-authority/index.rst @@ -57,7 +57,7 @@ Creating The Root Certificate Authority We start by generating the private key for the certificate authority directly on the Nitrokey HSM. This allows us to use the private key in the future, but not access it. -.. code-block:: bash +.. code-block:: # Generate private key on HSM $ pkcs11-tool -l --keypairgen --key-type EC:secp384r1 --label root @@ -154,7 +154,7 @@ Fill out the request information in with information for your C Generate the self-signed public certificate from the private key. Use the private key id value from earlier. -.. code-block:: bash +.. code-block:: $ openssl req -config create_root_cert.ini -engine pkcs11 -keyform engine -key e0161cc8b6f5d66ac6835ecdecb623fc0506a675 -new -x509 -days 3650 -sha512 -extensions v3_ca -out ../certs/root.crt engine "pkcs11" set. @@ -162,7 +162,7 @@ Generate the self-signed public certificate from the private key. Use the privat Verify that the root certificate was generated correctly. Verify that Signature-Algorithm matches above and below. Verify that Issuer and Subject match, all root certificates are self signed. Verify that Key Usage matches what was in the v3_ca information in our config file. -.. code-block:: bash +.. code-block:: $ openssl x509 -noout -text -in ../certs/root.crt Certificate: @@ -212,7 +212,7 @@ Creating The Intermediate Certificate Authority We continue by generating the private key for the intermediate certificate authority directly on the Nitrokey HSM. This allows us to use the private key in the future, but not access it. -.. code-block:: bash +.. code-block:: # Generate private key on HSM $ pkcs11-tool -l --keypairgen --key-type EC:secp384r1 --label intermediate @@ -284,7 +284,7 @@ Generate the certificate signing request for the intermediate CA from the interm Verify that the CSR was created correctly. Verify that your Subject is correct. Verify that your Public Key and Signature Algorithm are correct. -.. code-block:: bash +.. code-block:: $ openssl req -text -noout -verify -in ../intermediate/csr/intermediate.csr verify OK @@ -317,7 +317,7 @@ Verify that the CSR was created correctly. Verify that your Subject is correct. We need to find out the fully qualified PKCS#11 URI for your private key: -.. code-block:: bash +.. code-block:: $ p11tool --list-all warning: no token URL was provided for this operation; the available tokens are: @@ -413,7 +413,7 @@ Now, we need to create a config file to use the private key of the root certific Then sign the intermediate certificate with the root certificate. -.. code-block:: bash +.. code-block:: $ openssl ca -config sign_intermediate_csr.ini -engine pkcs11 -keyform engine -extensions v3_intermediate_ca -days 1825 -notext -md sha512 -create_serial -in ../intermediate/csr/intermediate.csr -out ../intermediate/certs/intermediate.crt engine "pkcs11" set. @@ -453,7 +453,7 @@ Then sign the intermediate certificate with the root certificate. Verify that the root certificate was generated correctly. Verify that the Issuer and Subject are different, and correct. Verify that the Key Usage matches the config file. Verify that the signature algorithm are correct above and below. -.. code-block:: bash +.. code-block:: $ openssl x509 -noout -text -in ../intermediate/certs/intermediate.crt Certificate: @@ -522,7 +522,7 @@ Create a CSR in the normal method for your application. Proper creation of your We need to find out the fully qualified PKCS#11 URI for your private key: -.. code-block:: bash +.. code-block:: $ p11tool --list-all warning: no token URL was provided for this operation; the available tokens are: @@ -621,7 +621,7 @@ Create a config file to use the private key of the intermediate certificate to s Then run openssl to sign the server’s CSR. -.. code-block:: bash +.. code-block:: $ openssl ca -config sign_server_csrs.ini -engine pkcs11 -keyform engine -extensions server_cert -days 375 -notext -md sha512 -create_serial -in server_cert.csr -out server_cert.crt engine "pkcs11" set. diff --git a/nitrokeys/features/openpgp-card/desktop-login/pam.rst b/nitrokeys/features/openpgp-card/desktop-login/pam.rst index 904ab60d4b..bc90f65bbb 100644 --- a/nitrokeys/features/openpgp-card/desktop-login/pam.rst +++ b/nitrokeys/features/openpgp-card/desktop-login/pam.rst @@ -17,30 +17,30 @@ It is necessary to already have keys generated on the Nitrokey, as the authentic 1. At first you need to find out the Application ID of your Nitrokey. It looks like or similar to ``D00600012401020000000000xxxxxxxx``. -.. code-block:: bash - - gpg --card-status | grep Application + .. code-block:: bash + + gpg --card-status | grep Application 2. Now you have to add a line to ``/etc/poldi/localdb/users`` which contains the following information `` ``. - This could look like ``D00600012401020000000000xxxxxxxx nitrokeyuser``. Now dump the public key from the Nitrokey into Poldis local db: + This could look like ``D00600012401020000000000xxxxxxxx nitrokeyuser``. Now dump the public key from the Nitrokey into Poldis local db: -.. code-block:: bash + .. code-block:: bash - sudo sh -c 'gpg-connect-agent "/datafile /etc/poldi/localdb/keys/" "SCD READKEY --advanced OPENPGP.3" /bye' + sudo sh -c 'gpg-connect-agent "/datafile /etc/poldi/localdb/keys/" "SCD READKEY --advanced OPENPGP.3" /bye' -Please be aware that you have to insert your Application ID in the line above with the one of your Nitrokey! + Please be aware that you have to insert your Application ID in the line above with the one of your Nitrokey! -Then you have to configure PAM. Just add ``auth sufficient pam_poldi.so`` to PAM configuration files according to your needs: + Then you have to configure PAM. Just add ``auth sufficient pam_poldi.so`` to PAM configuration files according to your needs: - * ``/etc/pam.d/common-auth`` for graphical user login - * ``/etc/pam.d/login`` for console login - * ``/etc/pam.d/sudo`` for sudo authentication - * ``/etc/pam.d/gnome-screensaver`` for login back from a locked screen - * and other files in ``/etc/pam.d`` + * ``/etc/pam.d/common-auth`` for graphical user login + * ``/etc/pam.d/login`` for console login + * ``/etc/pam.d/sudo`` for sudo authentication + * ``/etc/pam.d/gnome-screensaver`` for login back from a locked screen + * and other files in ``/etc/pam.d`` -.. note:: PAM is dangerous to play around with, so make sure you have a way of accessing the machine if you break authentication completely. Remember that booting into rescue mode from GRUB requires a root password, so keep that or a live CD which can read your filesystems to hand. + .. note:: PAM is dangerous to play around with, so make sure you have a way of accessing the machine if you break authentication completely. Remember that booting into rescue mode from GRUB requires a root password, so keep that or a live CD which can read your filesystems to hand. Here you find `further instructions `__ (in German, partially outdated). @@ -49,7 +49,7 @@ Troubleshooting If you get an error similar to ``ERR 100663414 Invalid ID `` you should try instead -.. code-block:: bash +.. code-block:: poldi-ctrl -k > ; sudo mv /etc/poldi/localdb/keys diff --git a/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst b/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst index 5dff696fc4..fd5258eb3e 100644 --- a/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst +++ b/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst @@ -8,40 +8,40 @@ Login to Windows Domain Computers With MS Active Directory 2. Use a text editor to add the following settings to ``C:\Program Files:\OpenSC Project\OpenSC\opensc.conf``. -.. code-block:: bash - - # Nitrokey Pro 2, OpenPGP Card, Nitrokey Storage 2 - card_atr 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:f5:73:c0:01:60:00:90:00:1c { - type = 9002; - driver = "openpgp"; - # name = "Nitrokey Pro 2"; - md_read_only = false; - md_supports_X509_enrollment = true; - } - # Nitrokey Pro, OpenPGP Card - card_atr 3B:DA:18:FF:81:B1:FE:75:1F:03:00:31:C5:73:C0:01:40:00:90:00:0C { - type = 9002; - driver = "openpgp"; - # name = "Nitrokey Pro"; - md_read_only = false; - md_supports_X509_enrollment = true; - } - # Nitrokey HSM 2, SmartCard-HSM - card_atr 3b:de:18:ff:81:91:fe:1f:c3:80:31:81:54:48:53:4d:31:73:80:21:40:81:07:1c { - type = 26000; - driver = "sc-hsm"; - # name = "Nitrokey HSM 2"; - md_read_only = false; - md_supports_X509_enrollment = true; - } - # Nitrokey HSM, SmartCard-HSM - card_atr 3B:FE:18:00:00:81:31:FE:45:80:31:81:54:48:53:4D:31:73:80:21:40:81:07:FA { - type = 26000; - driver = "sc-hsm"; - # name = "Nitrokey HSM"; - md_read_only = false; - md_supports_X509_enrollment = true; - } + .. code-block:: + + # Nitrokey Pro 2, OpenPGP Card, Nitrokey Storage 2 + card_atr 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:f5:73:c0:01:60:00:90:00:1c { + type = 9002; + driver = "openpgp"; + # name = "Nitrokey Pro 2"; + md_read_only = false; + md_supports_X509_enrollment = true; + } + # Nitrokey Pro, OpenPGP Card + card_atr 3B:DA:18:FF:81:B1:FE:75:1F:03:00:31:C5:73:C0:01:40:00:90:00:0C { + type = 9002; + driver = "openpgp"; + # name = "Nitrokey Pro"; + md_read_only = false; + md_supports_X509_enrollment = true; + } + # Nitrokey HSM 2, SmartCard-HSM + card_atr 3b:de:18:ff:81:91:fe:1f:c3:80:31:81:54:48:53:4d:31:73:80:21:40:81:07:1c { + type = 26000; + driver = "sc-hsm"; + # name = "Nitrokey HSM 2"; + md_read_only = false; + md_supports_X509_enrollment = true; + } + # Nitrokey HSM, SmartCard-HSM + card_atr 3B:FE:18:00:00:81:31:FE:45:80:31:81:54:48:53:4D:31:73:80:21:40:81:07:FA { + type = 26000; + driver = "sc-hsm"; + # name = "Nitrokey HSM"; + md_read_only = false; + md_supports_X509_enrollment = true; + } 3. Open a command terminal and enter “regedit”. Use regedit to import @@ -57,29 +57,29 @@ Login to Windows Domain Computers With MS Active Directory and install Smart Policy. 6. Select “Read a smart card” -.. figure:: images/smart-policy/1.png - :alt: img1 + .. figure:: images/smart-policy/1.png + :alt: img1 7. Select the certificate, mapping, and user. -.. figure:: images/smart-policy/2.png - :alt: img2 + .. figure:: images/smart-policy/2.png + :alt: img2 8. Verify the device status via CRL. -.. figure:: images/smart-policy/3.png - :alt: img3 + .. figure:: images/smart-policy/3.png + :alt: img3 9. Choose a Group Policy Object (GPO). -.. figure:: images/smart-policy/4.png - :alt: img4 + .. figure:: images/smart-policy/4.png + :alt: img4 diff --git a/nitrokeys/features/openpgp-card/eid/index.rst b/nitrokeys/features/openpgp-card/eid/index.rst index 88f578816a..1cade29509 100644 --- a/nitrokeys/features/openpgp-card/eid/index.rst +++ b/nitrokeys/features/openpgp-card/eid/index.rst @@ -6,22 +6,23 @@ Login With EIDAuthenticate on Stand Alone Windows Computers 1. Download and install the latest version of `OpenSC `__. Please install the `OpenPGP-CSP `__ driver **instead** if using Nitrokey Storage 2 or Nitrokey Pro 2. 2. Download and install `EIDAuthenticate `__. - .. note:: - The free community edition is disabled. You may test the enterprise edition instead. + .. note:: + + The free community edition is disabled. You may test the enterprise edition instead. 3. Start EIDConfigurationWizard.exe 4. Select “Associate a new certificate” -.. figure:: images/eidauthenticate/1.png - :alt: img1 + .. figure:: images/eidauthenticate/1.png + :alt: img1 5. Select or generate a Certificate Authority which should issue the user’s certificate on the Nitrokey. -.. figure:: images/eidauthenticate/2.png - :alt: img2 + .. figure:: images/eidauthenticate/2.png + :alt: img2 @@ -30,43 +31,43 @@ Login With EIDAuthenticate on Stand Alone Windows Computers your Nitrokey is not detected you may want to execute “certutil -scinfo” for troubleshooting. -.. figure:: images/eidauthenticate/3.png - :alt: img3 + .. figure:: images/eidauthenticate/3.png + :alt: img3 7. Select the newly generated certificate and press continue. -.. figure:: images/eidauthenticate/4.png - :alt: img4 + .. figure:: images/eidauthenticate/4.png + :alt: img4 8. All checks should succeed. Press continue. -.. figure:: images/eidauthenticate/5.png - :alt: img5 + .. figure:: images/eidauthenticate/5.png + :alt: img5 9. Enter the password of your user account. -.. figure:: images/eidauthenticate/6.png - :alt: img6 + .. figure:: images/eidauthenticate/6.png + :alt: img6 10. Enter the user PIN which you defined previously in step 4. -.. figure:: images/eidauthenticate/7.png - :alt: img7 + .. figure:: images/eidauthenticate/7.png + :alt: img7 11. The final screen may look like this. -.. figure:: images/eidauthenticate/8.png - :alt: img8 + .. figure:: images/eidauthenticate/8.png + :alt: img8 diff --git a/nitrokeys/features/openpgp-card/ipsec/index.rst b/nitrokeys/features/openpgp-card/ipsec/index.rst index b9d8b59fb4..846f223d64 100644 --- a/nitrokeys/features/openpgp-card/ipsec/index.rst +++ b/nitrokeys/features/openpgp-card/ipsec/index.rst @@ -7,41 +7,41 @@ IPSec 1. Generate a key on Nitrokey via pkcs11-tool. In this example it's a 4096 bit RSA key. -.. code-block:: bash + .. code-block:: bash - $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so -l -k --key-type rsa:4096 --id 10 --label 'Staging Access' + $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so -l -k --key-type rsa:4096 --id 10 --label 'Staging Access' 2. Generate a certificate signing request via openssl + pkcs11 module -.. code-block:: bash + .. code-block:: bash - $ openssl - OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so - OpenSSL> req -engine pkcs11 -sha256 -new -key id_10 -keyform engine -out user@email.com-staging-cert.csr -subj '/C=GB/L=Cambridge/O=Organization/OU=Staging Access/CN=user@email.com/emailAddress=user@email.com' + $ openssl + OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so + OpenSSL> req -engine pkcs11 -sha256 -new -key id_10 -keyform engine -out user@email.com-staging-cert.csr -subj '/C=GB/L=Cambridge/O=Organization/OU=Staging Access/CN=user@email.com/emailAddress=user@email.com' 3. Sign the certificate with your certificate authority 4. Convert the certificate to DER -.. code-block:: bash + .. code-block:: bash - $ openssl x509 -in user@email.com-staging-cert.csr -out user@email.com-staging-cert.der -outform DER + $ openssl x509 -in user@email.com-staging-cert.csr -out user@email.com-staging-cert.der -outform DER 5. Import the certificate into the Nitrokey via pkcs11-tool -.. code-block:: bash + .. code-block:: bash - $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so -l -y cert -w user@email.com-staging-cert.der --id 10 --label 'Staging Access' + $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so -l -y cert -w user@email.com-staging-cert.der --id 10 --label 'Staging Access' 6. Configure Strongswan to load opensc-pkcs11 module then to load the certificate on Nitrokey. Edit /etc/strongswan.d/charon/pkcs11.conf and add the following module: -.. code-block:: bash + .. code-block:: - modules { - Nitrokey { - path = /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so - } - } + modules { + Nitrokey { + path = /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so + } + } 7. Initiate the VPN connection via IPSec/Strongswan, then prompt for Nitrokey PIN diff --git a/nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst b/nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst index 9249a0f871..46f88f4fbb 100644 --- a/nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst +++ b/nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst @@ -15,7 +15,7 @@ Main Key and Encryption Subkey We can use the command ``gpg --full-generate-key --expert`` to start a guided key generation with all possible options. You can choose the key type (usually RSA (1) or ECC (9)), the length of the key and other attributes. The following output is just a simple example, you may choose other values. -.. code-block:: bash +.. code-block:: > gpg --full-generate-key --expert gpg (GnuPG) 2.2.10; Copyright (C) 2018 Free Software Foundation, Inc. @@ -86,7 +86,7 @@ Subkey for Authentication You now have a main key with the capability to sign and certify (marked as [SC]) and a subkey for encryption (marked as [E]). It is necessary to have another subkey for use cases in which authentication is needed. This subkey is generated in the next step. Type in ``gpg --edit-key --expert keyID`` to start the process, whereas “keyID” is either the id of the key or the email address used during key generation. -.. code-block:: bash +.. code-block:: > gpg --edit-key --expert jane@example.com gpg (GnuPG) 2.2.10; Copyright (C) 2018 Free Software Foundation, Inc. @@ -106,7 +106,7 @@ is either the id of the key or the email address used during key generation. Now you are in the interactive mode of GnuPG and you can add a key by simply typing ``addkey``. You need to choose the key you want to use. It is crucial to choose “set your own capabilities”, because we want to have the “authenticate” capability which is not available otherwise. We toggle sign and encrypt by typing ``s`` and ``e`` and we activate authenticate by typing ``a``. -.. code-block:: bash +.. code-block:: gpg> addkey Please select what kind of key you want: @@ -164,7 +164,7 @@ Now you are in the interactive mode of GnuPG and you can add a key by simply typ We quit with ``q``. Afterwards we need to answer the same questions as before. Finally, we have a ready-to-go key set which we can import to our device. -.. code-block:: bash +.. code-block:: RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) @@ -209,7 +209,7 @@ You have a main key and two subkeys which can be imported to your Nitrokey. Befo We start the process by accessing the interactive interface of GnuPG again with ``gpg --edit-key --expert keyID``, whereas ``keyID`` is either the id of the key or the email address used during key generation. -.. code-block:: bash +.. code-block:: > gpg --edit-key --expert jane@example.com gpg (GnuPG) 2.2.10; Copyright (C) 2018 Free Software Foundation, Inc. @@ -245,7 +245,7 @@ We start the process by accessing the interactive interface of GnuPG again with We just imported the main key to the card. Now we proceed with the two subkeys. We type ``key 1`` to select the encryption subkey and type in ``keytocard`` again and select the slot to use. -.. code-block:: bash +.. code-block:: gpg> key 1 @@ -274,7 +274,7 @@ We just imported the main key to the card. Now we proceed with the two subkeys. Now we deselect the first key with ``key 1`` and select the second subkey with ``key 2`` and move it as well with ``keytocard``. Afterwards we quit and save the changes. -.. code-block:: bash +.. code-block:: gpg> key 1 diff --git a/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst b/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst index 7016818146..ac0444d70d 100644 --- a/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst +++ b/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst @@ -22,7 +22,7 @@ Open a command line and type ``gpg2 --card-edit``. To open the Windows command line please push the Windows-key and R-key. Now type ‘cmd.exe’ in the text field and hit enter. To open a Terminal on macOS or GNU/Linux please use the application search (e.g. spotlight on macOS). -.. code-block:: bash +.. code-block:: > gpg2 --card-edit @@ -50,7 +50,7 @@ To open the Windows command line please push the Windows-key and R-key. Now type Now you are in the interactive interface of GnuPG. Activate the admin commands with ``admin`` and use ``generate`` afterwards to start the generation of keys. -.. code-block:: bash +.. code-block:: gpg/card> admin Admin commands are allowed @@ -102,7 +102,7 @@ This section is about changing the key attributes. If you want to use the defaul Open a command line and type ``gpg2 --card-edit --expert``. -.. code-block:: bash +.. code-block:: > gpg2 --card-edit --expert @@ -129,7 +129,7 @@ Open a command line and type ``gpg2 --card-edit --expert``. Now you are in the interactive interface of GnuPG. As you can see in the “Key attributes” field above, the default value rsa2048 is set. To change them, activate the admin commands with ``admin`` and use ``key-attr`` afterwards to change the attributes of the keys. -.. code-block:: bash +.. code-block:: gpg/card> admin Admin commands are allowed @@ -159,7 +159,7 @@ Now you are in the interactive interface of GnuPG. As you can see in the You can choose the attribute for each key (that is, signature, encryption and authentication key). Most people will use the same attributes for every key. Type ``list`` to see the results (have look at the “Key attributes” field, which now reads rsa4096). -.. code-block:: bash +.. code-block:: gpg/card> list diff --git a/nitrokeys/features/openpgp-card/openpgp-thunderbird.rst b/nitrokeys/features/openpgp-card/openpgp-thunderbird.rst index c1d4456184..3a612fe667 100644 --- a/nitrokeys/features/openpgp-card/openpgp-thunderbird.rst +++ b/nitrokeys/features/openpgp-card/openpgp-thunderbird.rst @@ -55,15 +55,15 @@ Procedure 3. In Thunderbird, select as shown in the following picture. “OpenPGP” → “Manage smart card” -.. figure:: images/thunderbird/1.png - :alt: img1 + .. figure:: images/thunderbird/1.png + :alt: img1 4. In the “SmartCard Details” window, select “SmartCard → Change PIN” -.. figure:: images/thunderbird/2.png - :alt: img2 + .. figure:: images/thunderbird/2.png + :alt: img2 @@ -73,15 +73,15 @@ Procedure () [] {}% +. The PIN should be at least 6 characters long. Click “OK”. -.. figure:: images/thunderbird/3.png - :alt: img3 + .. figure:: images/thunderbird/3.png + :alt: img3 6. Repeat the procedure for the Admin PIN. “SmartCard → Change PIN” -.. figure:: images/thunderbird/4.png - :alt: img4 + .. figure:: images/thunderbird/4.png + :alt: img4 @@ -91,8 +91,8 @@ Procedure .;;:- !? () [] {}% +. The PIN should be at least 8 characters long. Click “OK”. -.. figure:: images/thunderbird/5.png - :alt: img5 + .. figure:: images/thunderbird/5.png + :alt: img5 @@ -118,16 +118,16 @@ To encrypt data and e-mails, a key pair consisting of a public key and a private “User ID” is correct. You can also specify whether a private key backup copy should be stored on your computer. -.. figure:: images/thunderbird/6.png - :alt: img6 + .. figure:: images/thunderbird/6.png + :alt: img6 5. If you do not create a backup copy, you have no chance to get your encrypted data if the Nitrokey is lost or damaged! -.. figure:: images/thunderbird/7.png - :alt: img7 + .. figure:: images/thunderbird/7.png + :alt: img7 @@ -139,39 +139,39 @@ To encrypt data and e-mails, a key pair consisting of a public key and a private avoid known prose or lyric. Also, no name or known term should be used. -**Allowed characters**: a-z A-Z 0-9 /.,;:-!?( )%+ (no umlauts ä,ü,ö,Ä,Ü,Ö or ß) + **Allowed characters**: a-z A-Z 0-9 /.,;:-!?( )%+ (no umlauts ä,ü,ö,Ä,Ü,Ö or ß) -**Poor Passwords**: qwerty123, ILoveSusi3, Password, If you can dream it, you can do it. + **Poor Passwords**: qwerty123, ILoveSusi3, Password, If you can dream it, you can do it. -**Strong Passwords**: g(Ak?2Pn7Yn or Ki.stg2bLqzp%d or A dog with greeen Earz and fife legs (spelling errors increase security) + **Strong Passwords**: g(Ak?2Pn7Yn or Ki.stg2bLqzp%d or A dog with greeen Earz and fife legs (spelling errors increase security) -You do **not** need this password for daily work. It is only necessary for the restoration of the secret key, e.g. if you have lost the Nitrokey. Therefore, keep the password in a safe place. + You do **not** need this password for daily work. It is only necessary for the restoration of the secret key, e.g. if you have lost the Nitrokey. Therefore, keep the password in a safe place. -You can also specify whether and when the key should be automatically invalid. This means, from this point onwards, no more e-mails can be encrypted with this key and you have to create a new key pair. + You can also specify whether and when the key should be automatically invalid. This means, from this point onwards, no more e-mails can be encrypted with this key and you have to create a new key pair. 1. Finally, click on “Generate key pair”. -.. figure:: images/thunderbird/8.png - :alt: img8 + .. figure:: images/thunderbird/8.png + :alt: img8 2. You are now asked if the key should be generated. Confirm with “Yes”. -.. figure:: images/thunderbird/9.png - :alt: img9 + .. figure:: images/thunderbird/9.png + :alt: img9 3. In order for the program to write your keys to the stick, you must enter the admin PIN and the user PIN (changed above). -.. figure:: images/thunderbird/10.png - :alt: img10 + .. figure:: images/thunderbird/10.png + :alt: img10 -The key generation can take a few minutes. Do not terminate the program prematurely! + The key generation can take a few minutes. Do not terminate the program prematurely! 4. When the key generation is complete, you receive the following message. A certificate is now created that allows you to invalidate @@ -180,34 +180,41 @@ The key generation can take a few minutes. Do not terminate the program prematur least one other external medium so that you can revoke the validity of the keys if your keys and backups are lost. Click “Yes” -You can now select the directory in which the backup copy is stored. This copy is encrypted with your password entered above. This means that no one can read or use the keys without your password. Do not give your password to anyone. This file with the name of your e-mail address and the suffix “.asc” should be backed up on another medium. After selecting the directory, click “Save”. + You can now select the directory in which the backup copy is stored. This copy is encrypted with your password entered above. This means that no one can read or use the keys without your password. Do not give your password to anyone. This file with the name of your e-mail address and the suffix “.asc” should be backed up on another medium. After selecting the directory, click “Save”. -.. figure:: images/thunderbird/11.png - :alt: img11 + .. figure:: images/thunderbird/11.png + :alt: img11 5. Here you must again specify your user PIN or passphrase. Then click “OK” -.. figure:: images/thunderbird/12.png - :alt: img12 + .. figure:: images/thunderbird/12.png + :alt: img12 + + + +6. Repeat the procedure for the Admin PIN. “SmartCard → Change PIN” + + .. figure:: images/thunderbird/4.png + :alt: img4 7. You will now see the message that the certificate was created and saved. Click “OK” -.. figure:: images/thunderbird/13.png - :alt: img13 + .. figure:: images/thunderbird/13.png + :alt: img13 8. Key generation is now complete. You can now exit the program (File - Close). -.. figure:: images/thunderbird/14.png - :alt: img14 + .. figure:: images/thunderbird/14.png + :alt: img14 diff --git a/nitrokeys/features/openpgp-card/openvpn/easyrsa.rst b/nitrokeys/features/openpgp-card/openvpn/easyrsa.rst index c33f85cc83..757e689da7 100644 --- a/nitrokeys/features/openpgp-card/openvpn/easyrsa.rst +++ b/nitrokeys/features/openpgp-card/openvpn/easyrsa.rst @@ -75,18 +75,18 @@ Server side 3. Close after saving it, and enter this command - .. code-block:: bash + .. code-block:: bash - $ sysctl -p + $ sysctl -p - Once IP forwarding is done, we will need to download the latest release of OpenvPN for our Debian 10 server, according to `these instructions `__: + Once IP forwarding is done, we will need to download the latest release of OpenvPN for our Debian 10 server, according to `these instructions `__: 4. Change to root and download the GPG key that signed the package - .. code-block:: bash + .. code-block:: bash - $ sudo -s - # wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key add - + $ sudo -s + # wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key add - 5. Add the URL of the adequate OpenVPN packages to the ``sources.list`` file @@ -139,92 +139,92 @@ To build the PKI, we will download the latest version of Easy-RSA on the server 3. Create a PKI for OpenVPN server ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Before you can create your OpenVPN server’s private key and certificate, you need to create a local Public Key Infrastructure directory on your OpenVPN server. You will use this directory to manage the server and clients’ certificate requests, instead of making them directly on your CA server. + Before you can create your OpenVPN server’s private key and certificate, you need to create a local Public Key Infrastructure directory on your OpenVPN server. You will use this directory to manage the server and clients’ certificate requests, instead of making them directly on your CA server. -To build a PKI directory on your OpenVPN server, you’ll need to populate a file called ``vars`` with some default values. + To build a PKI directory on your OpenVPN server, you’ll need to populate a file called ``vars`` with some default values. - 1. Create a ``vars`` file + 1. Create a ``vars`` file - .. code-block:: bash + .. code-block:: bash - $ touch ~/easyrsa/vars - $ cd easyrsa/ - $ editor vars + $ touch ~/easyrsa/vars + $ cd easyrsa/ + $ editor vars - 2. Once the file is opened, paste in the following two lines + 2. Once the file is opened, paste in the following two lines - .. code-block:: bash + .. code-block:: bash - set_var EASYRSA_ALGO "ec" - set_var EASYRSA_DIGEST "sha512" + set_var EASYRSA_ALGO "ec" + set_var EASYRSA_DIGEST "sha512" - These are the only two lines that you need in this ``vars`` file on your OpenVPN server since it will not be used as a Certificate Authority. They will ensure that your private keys and certificate requests are configured to use Elliptic Curve Cryptography (ECC) to generate keys, and secure signatures for your clients and OpenVPN server. + These are the only two lines that you need in this ``vars`` file on your OpenVPN server since it will not be used as a Certificate Authority. They will ensure that your private keys and certificate requests are configured to use Elliptic Curve Cryptography (ECC) to generate keys, and secure signatures for your clients and OpenVPN server. - In regards to the choice of the cryptographic algorithms, I follow the model in `this tutorial `__, and you can customize these according to your specific needs. + In regards to the choice of the cryptographic algorithms, I follow the model in `this tutorial `__, and you can customize these according to your specific needs. - 3. Initialize the PKI + 3. Initialize the PKI - Once you have populated the ``vars`` file you can proceed with creating the PKI directory. To do so, run the easyrsa script with the init-pki option: + Once you have populated the ``vars`` file you can proceed with creating the PKI directory. To do so, run the easyrsa script with the init-pki option: - .. code-block:: bash + .. code-block:: bash - $ ./easyrsa init-pki + $ ./easyrsa init-pki - After you’ve initialized your PKI on the OpenVPN server, you are ready to move on to the next step, which is creating an OpenVPN server certificate request and private key. + After you’ve initialized your PKI on the OpenVPN server, you are ready to move on to the next step, which is creating an OpenVPN server certificate request and private key. 4. Create ``server.req`` and ``server.key`` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Now that your OpenVPN server has all the prerequisites installed, the next step is to generate a key pair composed of a private key (to keep secret), and a Certificate Signing Request (``.csr``) on your OpenVPN server. + Now that your OpenVPN server has all the prerequisites installed, the next step is to generate a key pair composed of a private key (to keep secret), and a Certificate Signing Request (``.csr``) on your OpenVPN server. - In general terms, on systems where we generate a key and request, these files are left unencrypted by using the ``nopass`` argument, since servers usually need to start up without any password input. This generates an *unencrypted key*, so mind *protect its access and file permissions* carefully. + In general terms, on systems where we generate a key and request, these files are left unencrypted by using the ``nopass`` argument, since servers usually need to start up without any password input. This generates an *unencrypted key*, so mind *protect its access and file permissions* carefully. - .. tip:: + .. tip:: - Configuration notes from OpenVPN: + Configuration notes from OpenVPN: - 1. The server, and each client, must have their own cert and key - file. The server and all clients will use the same CA file. - 2. Server certificate should have the following: + 1. The server, and each client, must have their own cert and key + file. The server and all clients will use the same CA file. + 2. Server certificate should have the following: - - ``keyUsage: digitalSignature, keyEncipherment`` + - ``keyUsage: digitalSignature, keyEncipherment`` - - ``extendedKeyUsage: serverAuth`` + - ``extendedKeyUsage: serverAuth`` - 1. Create the signing request for the server + 1. Create the signing request for the server - Navigate to the ``~/easyrsa`` directory on your OpenVPN Server as your non-root user, and enter the following commands: + Navigate to the ``~/easyrsa`` directory on your OpenVPN Server as your non-root user, and enter the following commands: - .. code-block:: bash + .. code-block:: bash - $ cd easyrsa/ - $ ./easyrsa gen-req server nopass + $ cd easyrsa/ + $ ./easyrsa gen-req server nopass - This will create a private key for the server and a certificate request file called ``server.req``. + This will create a private key for the server and a certificate request file called ``server.req``. - Once you have a signed certificate, you’ll transfer it back to the OpenVPN server. + Once you have a signed certificate, you’ll transfer it back to the OpenVPN server. - 2. Copy the key to the OpenVPN server directory + 2. Copy the key to the OpenVPN server directory - .. code-block:: bash + .. code-block:: bash - $ sudo cp /home/admin/EasyRSA/pki/private/server.key /etc/openvpn/server/ + $ sudo cp /home/admin/EasyRSA/pki/private/server.key /etc/openvpn/server/ - After completing these steps, you have successfully created a private key for your OpenVPN server. You have also generated a Certificate Signing Request for the OpenVPN server. + After completing these steps, you have successfully created a private key for your OpenVPN server. You have also generated a Certificate Signing Request for the OpenVPN server. - .. tip:: + .. tip:: - File extensions for certificate signing requests + File extensions for certificate signing requests - The file extension that is adopted by the CA and HSM tutorial - indicates the creation of a ``.csr`` file, however Easy-RSA creates - certificate signing requests with a ``.req`` extension. + The file extension that is adopted by the CA and HSM tutorial + indicates the creation of a ``.csr`` file, however Easy-RSA creates + certificate signing requests with a ``.req`` extension. - We will use interchangeably both extensions, while making sure that - we transfer the right files to the Certificate Authority, and - generate a final certificate with a ``.crt`` extension. + We will use interchangeably both extensions, while making sure that + we transfer the right files to the Certificate Authority, and + generate a final certificate with a ``.crt`` extension. - In the next section of this guide, we will sign a ``.req`` file with our CA on deployed on the HSM 2 device. For this purpose, I will use a dedicated machine to sign the requests. + In the next section of this guide, we will sign a ``.req`` file with our CA on deployed on the HSM 2 device. For this purpose, I will use a dedicated machine to sign the requests. 5. Sign and retrieve ``server.crt`` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -413,19 +413,19 @@ Client side configuration 3. Create a ``client.req`` and ``client.key`` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - In the same manner we issued the key pair on the sever, we generate a key pair for the client which will be composed of the ``client.req`` - file and the ``client.key`` file. The latter must be kept secret on the client machine. + In the same manner we issued the key pair on the sever, we generate a key pair for the client which will be composed of the ``client.req`` + file and the ``client.key`` file. The latter must be kept secret on the client machine. 4. Sign ``client.req`` and issue the ``client.crt`` file ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - To transfer the ``client.req`` file to the CA machine, we will use the same method as we did for the ``server.req`` file. + To transfer the ``client.req`` file to the CA machine, we will use the same method as we did for the ``server.req`` file. - Once transferred, on the CA machine we sign the certificate signing request file with this command + Once transferred, on the CA machine we sign the certificate signing request file with this command - .. code-block:: bash + .. code-block:: bash - $ openssl ca -config sign_server_csrs.ini -engine pkcs11 -keyform engine -days 375 -notext -md sha512 -create_serial -in client.req -out /home/user/pki/issued/client.crt + $ openssl ca -config sign_server_csrs.ini -engine pkcs11 -keyform engine -days 375 -notext -md sha512 -create_serial -in client.req -out /home/user/pki/issued/client.crt 5. Import ``client.crt`` on the Nitrokey from the CA machine ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -562,71 +562,71 @@ Client side configuration 3. Configure the OpenVPN client - The final configuration file ``client.conf`` should look like this one: - - .. code-block:: bash - - client - dev tun - proto udp - remote 1194 - resolv-retry infinite - nobind - user nobody - group nobody - persist-key - persist-tun - ca ca.crt - remote-cert-tls server - cipher AES-256-CBC - verb 3 - redirect-gateway def1 - tls-version-min 1.2 # Lower boundary for TLS version - tls-version-max 1.2 # Higher boundary for TLS version - - # nitrokey login - - pkcs11-providers /usr/lib64/pkcs11/opensc-pkcs11.so - pkcs11-id 'pkcs11:model=pkcs11:model=PKCS%NNNN%20emulated;token=User%20PIN%20%28OpenPGP%20card%29;manufacturer=ZeitControl;serial=000NNNNNN;id=%03' - # pkcs11-pin-cache 300 - # daemon - # auth-retry nointeract - # management-hold - # management-signal - # management 127.0.0.1 8888 - # management-query-passwords - pkcs11-cert-private 1 # Prompt for PIN - - # OR - - # non_nitrokey login - - # cert client.crt - # key client.key - # tls-auth ta.key 1 + The final configuration file ``client.conf`` should look like this one: + + .. code-block:: bash + + client + dev tun + proto udp + remote 1194 + resolv-retry infinite + nobind + user nobody + group nobody + persist-key + persist-tun + ca ca.crt + remote-cert-tls server + cipher AES-256-CBC + verb 3 + redirect-gateway def1 + tls-version-min 1.2 # Lower boundary for TLS version + tls-version-max 1.2 # Higher boundary for TLS version + + # nitrokey login + + pkcs11-providers /usr/lib64/pkcs11/opensc-pkcs11.so + pkcs11-id 'pkcs11:model=pkcs11:model=PKCS%NNNN%20emulated;token=User%20PIN%20%28OpenPGP%20card%29;manufacturer=ZeitControl;serial=000NNNNNN;id=%03' + # pkcs11-pin-cache 300 + # daemon + # auth-retry nointeract + # management-hold + # management-signal + # management 127.0.0.1 8888 + # management-query-passwords + pkcs11-cert-private 1 # Prompt for PIN + + # OR + + # non_nitrokey login + + # cert client.crt + # key client.key + # tls-auth ta.key 1 4. Configure OpenVPN (Windows only) - In order to establish a handshake, you must configure OpenSSL included in OpenVPN. + In order to establish a handshake, you must configure OpenSSL included in OpenVPN. - Create the directory ``ssl`` in ``C:\Program Files\OpenVPN`` and create file ``openssl.cnf`` with the following content : + Create the directory ``ssl`` in ``C:\Program Files\OpenVPN`` and create file ``openssl.cnf`` with the following content : - openssl_conf = default_conf - - [ default_conf ] - ssl_conf = ssl_sect + openssl_conf = default_conf + + [ default_conf ] + ssl_conf = ssl_sect - [ ssl_sect ] - system_default = ssl_default_sect + [ ssl_sect ] + system_default = ssl_default_sect - [ ssl_default_sect ] - SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512:RSA+SHA384:ECDSA+SHA384:RSA+SHA256:ECDSA+SHA256 - MaxProtocol = TLSv1.2 - MinProtocol = TLSv1.2 + [ ssl_default_sect ] + SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512:RSA+SHA384:ECDSA+SHA384:RSA+SHA256:ECDSA+SHA256 + MaxProtocol = TLSv1.2 + MinProtocol = TLSv1.2 - With this modification, you will not have error as reported `here `__, `here `__ and `here `__ + With this modification, you will not have error as reported `here `__, `here `__ and `here `__ 5. Known issues diff --git a/nitrokeys/features/u2f/odoo.rst b/nitrokeys/features/u2f/odoo.rst index bc568fa24c..4b30f59aab 100644 --- a/nitrokeys/features/u2f/odoo.rst +++ b/nitrokeys/features/u2f/odoo.rst @@ -17,8 +17,8 @@ The FIDO solution was developed together with our partner `initOS `__ -Video: Two-Factor Authentication With The Nitrokey FIDO U2F in Odoo -------------------------------------------------------------------- +Video: Two-Factor Authentication With The Nitrokey U2F in Odoo +-------------------------------------------------------------- .. raw:: html diff --git a/nitrokeys/fido2/firmware-update.rst b/nitrokeys/fido2/firmware-update.rst index 350bb2b4e2..8a4e2399e4 100644 --- a/nitrokeys/fido2/firmware-update.rst +++ b/nitrokeys/fido2/firmware-update.rst @@ -33,7 +33,6 @@ In case of any errors please take the logs from ``/tmp`` directory (``/tmp/nitro -.. _Nitrokey 3 Firmware - GitHub Releases: https://github.com/Nitrokey/nitrokey-3-firmware/releases .. _installation instructions: /software/nitropy/all-platforms/installation.html diff --git a/nitrokeys/nitrokey3/firmware-update.rst b/nitrokeys/nitrokey3/firmware-update.rst index 4d947502e8..8a4f0442da 100644 --- a/nitrokeys/nitrokey3/firmware-update.rst +++ b/nitrokeys/nitrokey3/firmware-update.rst @@ -32,7 +32,6 @@ How to Update In case of any errors please take the logs from ``/tmp`` directory (``/tmp/nitropy.log.*``). -.. _Nitrokey 3 Firmware - GitHub Releases: https://github.com/Nitrokey/nitrokey-3-firmware/releases .. _installation instructions: ../../software/nitropy/all-platforms/installation.html @@ -90,7 +89,7 @@ This is mostly relevant for users that rely on a feature from the test releases. Users of the stable firmware can always update to the latest available firmware version. Troubleshooting (Linux): ----------------- +------------------------ **Issue:** I get ``permission denied for /dev/hidrawX`` during update. This likely means your user has not the needed permissions to diff --git a/nitrokeys/nitrokey3/index.rst b/nitrokeys/nitrokey3/index.rst index fc33550adb..31662fb60f 100644 --- a/nitrokeys/nitrokey3/index.rst +++ b/nitrokeys/nitrokey3/index.rst @@ -29,5 +29,4 @@ or check out the features: Additional features like PIV (Windows only) are available in test firmware releases. See the `release notes`_ on GitHub for more information. -.. _Secure Element Backend or Software Backend: faq#how-can-I-use-the-se050-secure-element .. _release notes: https://github.com/Nitrokey/nitrokey-3-firmware/releases diff --git a/nitrokeys/start/multiple-identities.rst b/nitrokeys/start/multiple-identities.rst index de88bce6b0..0cc6bbb2b6 100644 --- a/nitrokeys/start/multiple-identities.rst +++ b/nitrokeys/start/multiple-identities.rst @@ -19,22 +19,22 @@ To change the identity it suffices to send a custom CCID command. This could be 2. Connect your Nitrokey Start and verify that it got recognized. -.. code-block:: bash + .. code-block:: - $ nitropy start list - *** Nitrokey tool for Nitrokey FIDO2 & Nitrokey Start - :: 'Nitrokey Start' keys: - FSIJ-1.2.15-87042524: Nitrokey Nitrokey Start (RTM.10) + $ nitropy start list + *** Nitrokey tool for Nitrokey FIDO2 & Nitrokey Start + :: 'Nitrokey Start' keys: + FSIJ-1.2.15-87042524: Nitrokey Nitrokey Start (RTM.10) 3. Change the identity, by replacing ```` with ``0``, ``1``, or ``2``. -.. code-block:: bash + .. code-block:: - $ nitropy start set-identity - *** Nitrokey tool for Nitrokey FIDO2 & Nitrokey Start - Trying to set identity to - device has reset, and should now have the new identity + $ nitropy start set-identity + *** Nitrokey tool for Nitrokey FIDO2 & Nitrokey Start + Trying to set identity to + device has reset, and should now have the new identity Limitations ----------- From 0032289b600f79a621b0df3d4ee8b47fb50fab79 Mon Sep 17 00:00:00 2001 From: Marlin Date: Thu, 8 Aug 2024 12:17:26 +0200 Subject: [PATCH 19/33] fixed CI errors --- nitrokeys/features/hsm/apache2-tls.rst | 2 +- nitrokeys/features/hsm/pkcs11-url.rst | 2 +- nitrokeys/features/misc/ecc/index.rst | 2 +- .../certificate-authority/index.rst | 22 +++++++++---------- .../openpgp-card/desktop-login/pam.rst | 2 +- .../desktop-login/smart-policy.rst | 2 +- .../features/openpgp-card/ipsec/index.rst | 2 +- .../openpgp-card/openpgp-keygen-backup.rst | 14 ++++++------ .../openpgp-card/openpgp-keygen-on-device.rst | 8 +++---- .../features/openpgp-card/openvpn/easyrsa.rst | 4 ++-- nitrokeys/features/openpgp-card/uif.rst | 2 +- .../features/piv/certificate_management.rst | 4 ++-- nitrokeys/features/piv/factory_reset.rst | 2 +- .../client_logon_with_active_directory.rst | 6 ++--- nitrokeys/features/piv/key_management.rst | 2 +- nitrokeys/start/multiple-identities.rst | 4 ++-- 16 files changed, 40 insertions(+), 40 deletions(-) diff --git a/nitrokeys/features/hsm/apache2-tls.rst b/nitrokeys/features/hsm/apache2-tls.rst index f57f2de4d2..87174fd672 100644 --- a/nitrokeys/features/hsm/apache2-tls.rst +++ b/nitrokeys/features/hsm/apache2-tls.rst @@ -70,7 +70,7 @@ Complete Apache2 Config Example ------------------------------- A complete Apache2 (``VirtualHost``) config snippet might look like this: -.. code-block:: +:: SSLPassPhraseDialog "|/bin/echo 123456" diff --git a/nitrokeys/features/hsm/pkcs11-url.rst b/nitrokeys/features/hsm/pkcs11-url.rst index 79745a0144..ef3f3926c2 100644 --- a/nitrokeys/features/hsm/pkcs11-url.rst +++ b/nitrokeys/features/hsm/pkcs11-url.rst @@ -41,7 +41,7 @@ Use the following command to get a list of available tokens (Nitrokeys): Choose the token (Nitrokey) URL you want to generate URL tokens for and use it like this: -.. code-block:: +:: p11tool --list-all diff --git a/nitrokeys/features/misc/ecc/index.rst b/nitrokeys/features/misc/ecc/index.rst index 2d1cb90749..d399f0b140 100644 --- a/nitrokeys/features/misc/ecc/index.rst +++ b/nitrokeys/features/misc/ecc/index.rst @@ -86,7 +86,7 @@ Now we enter ``gpg2 --card-edit`` and see that brainpoolP256r1 is under Then we create the key. -.. code-block:: +:: gpg/card> admin Admin commands are allowed diff --git a/nitrokeys/features/openpgp-card/certificate-authority/index.rst b/nitrokeys/features/openpgp-card/certificate-authority/index.rst index df5cf29243..f682a51efb 100644 --- a/nitrokeys/features/openpgp-card/certificate-authority/index.rst +++ b/nitrokeys/features/openpgp-card/certificate-authority/index.rst @@ -57,7 +57,7 @@ Creating The Root Certificate Authority We start by generating the private key for the certificate authority directly on the Nitrokey HSM. This allows us to use the private key in the future, but not access it. -.. code-block:: +:: # Generate private key on HSM $ pkcs11-tool -l --keypairgen --key-type EC:secp384r1 --label root @@ -154,7 +154,7 @@ Fill out the request information in with information for your C Generate the self-signed public certificate from the private key. Use the private key id value from earlier. -.. code-block:: +:: $ openssl req -config create_root_cert.ini -engine pkcs11 -keyform engine -key e0161cc8b6f5d66ac6835ecdecb623fc0506a675 -new -x509 -days 3650 -sha512 -extensions v3_ca -out ../certs/root.crt engine "pkcs11" set. @@ -162,7 +162,7 @@ Generate the self-signed public certificate from the private key. Use the privat Verify that the root certificate was generated correctly. Verify that Signature-Algorithm matches above and below. Verify that Issuer and Subject match, all root certificates are self signed. Verify that Key Usage matches what was in the v3_ca information in our config file. -.. code-block:: +:: $ openssl x509 -noout -text -in ../certs/root.crt Certificate: @@ -212,7 +212,7 @@ Creating The Intermediate Certificate Authority We continue by generating the private key for the intermediate certificate authority directly on the Nitrokey HSM. This allows us to use the private key in the future, but not access it. -.. code-block:: +:: # Generate private key on HSM $ pkcs11-tool -l --keypairgen --key-type EC:secp384r1 --label intermediate @@ -276,7 +276,7 @@ Fill out the request information in with information for your C Generate the certificate signing request for the intermediate CA from the intermediate CA’s private key. Use the private key ID value from earlier. -.. code-block:: bash +:: $ openssl req -config create_intermediate_csr.ini -engine pkcs11 -keyform engine -key bcb48fe9b566ae61891aabbfde6a23d4ff3ab639 -new -sha512 -out ../intermediate/csr/intermediate.csr engine "pkcs11" set. @@ -284,7 +284,7 @@ Generate the certificate signing request for the intermediate CA from the interm Verify that the CSR was created correctly. Verify that your Subject is correct. Verify that your Public Key and Signature Algorithm are correct. -.. code-block:: +:: $ openssl req -text -noout -verify -in ../intermediate/csr/intermediate.csr verify OK @@ -317,7 +317,7 @@ Verify that the CSR was created correctly. Verify that your Subject is correct. We need to find out the fully qualified PKCS#11 URI for your private key: -.. code-block:: +:: $ p11tool --list-all warning: no token URL was provided for this operation; the available tokens are: @@ -413,7 +413,7 @@ Now, we need to create a config file to use the private key of the root certific Then sign the intermediate certificate with the root certificate. -.. code-block:: +:: $ openssl ca -config sign_intermediate_csr.ini -engine pkcs11 -keyform engine -extensions v3_intermediate_ca -days 1825 -notext -md sha512 -create_serial -in ../intermediate/csr/intermediate.csr -out ../intermediate/certs/intermediate.crt engine "pkcs11" set. @@ -453,7 +453,7 @@ Then sign the intermediate certificate with the root certificate. Verify that the root certificate was generated correctly. Verify that the Issuer and Subject are different, and correct. Verify that the Key Usage matches the config file. Verify that the signature algorithm are correct above and below. -.. code-block:: +:: $ openssl x509 -noout -text -in ../intermediate/certs/intermediate.crt Certificate: @@ -522,7 +522,7 @@ Create a CSR in the normal method for your application. Proper creation of your We need to find out the fully qualified PKCS#11 URI for your private key: -.. code-block:: +:: $ p11tool --list-all warning: no token URL was provided for this operation; the available tokens are: @@ -621,7 +621,7 @@ Create a config file to use the private key of the intermediate certificate to s Then run openssl to sign the server’s CSR. -.. code-block:: +:: $ openssl ca -config sign_server_csrs.ini -engine pkcs11 -keyform engine -extensions server_cert -days 375 -notext -md sha512 -create_serial -in server_cert.csr -out server_cert.crt engine "pkcs11" set. diff --git a/nitrokeys/features/openpgp-card/desktop-login/pam.rst b/nitrokeys/features/openpgp-card/desktop-login/pam.rst index bc90f65bbb..31858077a4 100644 --- a/nitrokeys/features/openpgp-card/desktop-login/pam.rst +++ b/nitrokeys/features/openpgp-card/desktop-login/pam.rst @@ -49,7 +49,7 @@ Troubleshooting If you get an error similar to ``ERR 100663414 Invalid ID `` you should try instead -.. code-block:: +:: poldi-ctrl -k > ; sudo mv /etc/poldi/localdb/keys diff --git a/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst b/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst index fd5258eb3e..a9d1370518 100644 --- a/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst +++ b/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst @@ -8,7 +8,7 @@ Login to Windows Domain Computers With MS Active Directory 2. Use a text editor to add the following settings to ``C:\Program Files:\OpenSC Project\OpenSC\opensc.conf``. - .. code-block:: + :: # Nitrokey Pro 2, OpenPGP Card, Nitrokey Storage 2 card_atr 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:f5:73:c0:01:60:00:90:00:1c { diff --git a/nitrokeys/features/openpgp-card/ipsec/index.rst b/nitrokeys/features/openpgp-card/ipsec/index.rst index 846f223d64..ffa37b0a6c 100644 --- a/nitrokeys/features/openpgp-card/ipsec/index.rst +++ b/nitrokeys/features/openpgp-card/ipsec/index.rst @@ -35,7 +35,7 @@ IPSec 6. Configure Strongswan to load opensc-pkcs11 module then to load the certificate on Nitrokey. Edit /etc/strongswan.d/charon/pkcs11.conf and add the following module: - .. code-block:: + :: modules { Nitrokey { diff --git a/nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst b/nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst index 46f88f4fbb..0c319d71ec 100644 --- a/nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst +++ b/nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst @@ -15,7 +15,7 @@ Main Key and Encryption Subkey We can use the command ``gpg --full-generate-key --expert`` to start a guided key generation with all possible options. You can choose the key type (usually RSA (1) or ECC (9)), the length of the key and other attributes. The following output is just a simple example, you may choose other values. -.. code-block:: +:: > gpg --full-generate-key --expert gpg (GnuPG) 2.2.10; Copyright (C) 2018 Free Software Foundation, Inc. @@ -86,7 +86,7 @@ Subkey for Authentication You now have a main key with the capability to sign and certify (marked as [SC]) and a subkey for encryption (marked as [E]). It is necessary to have another subkey for use cases in which authentication is needed. This subkey is generated in the next step. Type in ``gpg --edit-key --expert keyID`` to start the process, whereas “keyID” is either the id of the key or the email address used during key generation. -.. code-block:: +:: > gpg --edit-key --expert jane@example.com gpg (GnuPG) 2.2.10; Copyright (C) 2018 Free Software Foundation, Inc. @@ -106,7 +106,7 @@ is either the id of the key or the email address used during key generation. Now you are in the interactive mode of GnuPG and you can add a key by simply typing ``addkey``. You need to choose the key you want to use. It is crucial to choose “set your own capabilities”, because we want to have the “authenticate” capability which is not available otherwise. We toggle sign and encrypt by typing ``s`` and ``e`` and we activate authenticate by typing ``a``. -.. code-block:: +:: gpg> addkey Please select what kind of key you want: @@ -164,7 +164,7 @@ Now you are in the interactive mode of GnuPG and you can add a key by simply typ We quit with ``q``. Afterwards we need to answer the same questions as before. Finally, we have a ready-to-go key set which we can import to our device. -.. code-block:: +:: RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) @@ -209,7 +209,7 @@ You have a main key and two subkeys which can be imported to your Nitrokey. Befo We start the process by accessing the interactive interface of GnuPG again with ``gpg --edit-key --expert keyID``, whereas ``keyID`` is either the id of the key or the email address used during key generation. -.. code-block:: +:: > gpg --edit-key --expert jane@example.com gpg (GnuPG) 2.2.10; Copyright (C) 2018 Free Software Foundation, Inc. @@ -245,7 +245,7 @@ We start the process by accessing the interactive interface of GnuPG again with We just imported the main key to the card. Now we proceed with the two subkeys. We type ``key 1`` to select the encryption subkey and type in ``keytocard`` again and select the slot to use. -.. code-block:: +:: gpg> key 1 @@ -274,7 +274,7 @@ We just imported the main key to the card. Now we proceed with the two subkeys. Now we deselect the first key with ``key 1`` and select the second subkey with ``key 2`` and move it as well with ``keytocard``. Afterwards we quit and save the changes. -.. code-block:: +:: gpg> key 1 diff --git a/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst b/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst index ac0444d70d..a94c90700c 100644 --- a/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst +++ b/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst @@ -22,7 +22,7 @@ Open a command line and type ``gpg2 --card-edit``. To open the Windows command line please push the Windows-key and R-key. Now type ‘cmd.exe’ in the text field and hit enter. To open a Terminal on macOS or GNU/Linux please use the application search (e.g. spotlight on macOS). -.. code-block:: +:: > gpg2 --card-edit @@ -50,7 +50,7 @@ To open the Windows command line please push the Windows-key and R-key. Now type Now you are in the interactive interface of GnuPG. Activate the admin commands with ``admin`` and use ``generate`` afterwards to start the generation of keys. -.. code-block:: +:: gpg/card> admin Admin commands are allowed @@ -102,7 +102,7 @@ This section is about changing the key attributes. If you want to use the defaul Open a command line and type ``gpg2 --card-edit --expert``. -.. code-block:: +:: > gpg2 --card-edit --expert @@ -129,7 +129,7 @@ Open a command line and type ``gpg2 --card-edit --expert``. Now you are in the interactive interface of GnuPG. As you can see in the “Key attributes” field above, the default value rsa2048 is set. To change them, activate the admin commands with ``admin`` and use ``key-attr`` afterwards to change the attributes of the keys. -.. code-block:: +:: gpg/card> admin Admin commands are allowed diff --git a/nitrokeys/features/openpgp-card/openvpn/easyrsa.rst b/nitrokeys/features/openpgp-card/openvpn/easyrsa.rst index 757e689da7..dcaaeb869c 100644 --- a/nitrokeys/features/openpgp-card/openvpn/easyrsa.rst +++ b/nitrokeys/features/openpgp-card/openvpn/easyrsa.rst @@ -119,7 +119,7 @@ Server side 2. Install Easy-RSA ^^^^^^^^^^^^^^^^^^^ -To build the PKI, we will download the latest version of Easy-RSA on the server and client machines. To get the latest release, go to the `Releases page on the official EasyRSA GitHub project `__, copy the download link for the file ending in ``.tgz``, and then paste it into the following command: + To build the PKI, we will download the latest version of Easy-RSA on the server and client machines. To get the latest release, go to the `Releases page on the official EasyRSA GitHub project `__, copy the download link for the file ending in ``.tgz``, and then paste it into the following command: 1. Download the latest release @@ -606,7 +606,7 @@ Client side configuration # tls-auth ta.key 1 - 4. Configure OpenVPN (Windows only) + 4. Configure OpenVPN (Windows only) In order to establish a handshake, you must configure OpenSSL included in OpenVPN. diff --git a/nitrokeys/features/openpgp-card/uif.rst b/nitrokeys/features/openpgp-card/uif.rst index bd56e48e0e..dc6309ec80 100644 --- a/nitrokeys/features/openpgp-card/uif.rst +++ b/nitrokeys/features/openpgp-card/uif.rst @@ -16,7 +16,7 @@ Configuration With GnuPG 2.3 or more recent: -.. code-block:: +:: $ gpg --card-edit … diff --git a/nitrokeys/features/piv/certificate_management.rst b/nitrokeys/features/piv/certificate_management.rst index a267521865..eacff91273 100644 --- a/nitrokeys/features/piv/certificate_management.rst +++ b/nitrokeys/features/piv/certificate_management.rst @@ -12,7 +12,7 @@ Certificates can be read from the Nitrokey per key slot. The certificate can be retrieved as follows. -.. code-block:: +:: nitropy nk3 piv read-certificate --key-slot `` @@ -22,6 +22,6 @@ Write Certificate Certificates can be written to the Nitrokey per key slot. -.. code-block:: +:: nitropy nk3 piv write-certificate --key-slot diff --git a/nitrokeys/features/piv/factory_reset.rst b/nitrokeys/features/piv/factory_reset.rst index 27739ada7a..72c0677025 100644 --- a/nitrokeys/features/piv/factory_reset.rst +++ b/nitrokeys/features/piv/factory_reset.rst @@ -9,6 +9,6 @@ It can only be reset if the PIN and PUK are blocked. The reset to factory defaults can be performed as follows. -.. code-block:: +:: nitropy nk3 piv factory-reset diff --git a/nitrokeys/features/piv/guides/client_logon_with_active_directory.rst b/nitrokeys/features/piv/guides/client_logon_with_active_directory.rst index d87a471b34..6181f9f321 100644 --- a/nitrokeys/features/piv/guides/client_logon_with_active_directory.rst +++ b/nitrokeys/features/piv/guides/client_logon_with_active_directory.rst @@ -94,7 +94,7 @@ The certificate is then written to the Nitrokey. 1. Generate a private key and write the CSR to file with the command below. - .. code-block:: + :: nitropy nk3 piv generate-key --key 9A --algo --subject-name --subject-alt-name-upn --out-file @@ -103,7 +103,7 @@ The certificate is then written to the Nitrokey. 2. Sign the CSR with the certificate authority (CA) of the domain with the command below. - .. code-block:: + :: certreq -attrib CertificateTemplate: -submit @@ -112,7 +112,7 @@ The certificate is then written to the Nitrokey. 3. Write the signed certificate to the Nitrokey with the command below. - .. code-block:: + :: nitropy nk3 piv write-certificate --format PEM --path diff --git a/nitrokeys/features/piv/key_management.rst b/nitrokeys/features/piv/key_management.rst index c86eedca9b..fd79795b25 100644 --- a/nitrokeys/features/piv/key_management.rst +++ b/nitrokeys/features/piv/key_management.rst @@ -55,6 +55,6 @@ The PIV application can generate a new private key on the Nitrokey. The command below will create private key in key slot ``9a`` for the user with the subject name ``John Doe`` and subject alternative name ``jd@nitrokey.local``. -.. code-block:: +:: nitropy nk3 piv generate-key --key-slot 9a --subject-name "John Doe" --subject-alt-name-upn "jd@nitrokey.local" diff --git a/nitrokeys/start/multiple-identities.rst b/nitrokeys/start/multiple-identities.rst index 0cc6bbb2b6..b8f916f19f 100644 --- a/nitrokeys/start/multiple-identities.rst +++ b/nitrokeys/start/multiple-identities.rst @@ -19,7 +19,7 @@ To change the identity it suffices to send a custom CCID command. This could be 2. Connect your Nitrokey Start and verify that it got recognized. - .. code-block:: + :: $ nitropy start list *** Nitrokey tool for Nitrokey FIDO2 & Nitrokey Start @@ -29,7 +29,7 @@ To change the identity it suffices to send a custom CCID command. This could be 3. Change the identity, by replacing ```` with ``0``, ``1``, or ``2``. - .. code-block:: + :: $ nitropy start set-identity *** Nitrokey tool for Nitrokey FIDO2 & Nitrokey Start From e198c865d602a5adb6238fe17d79384ebe81ae62 Mon Sep 17 00:00:00 2001 From: Marlin Date: Thu, 8 Aug 2024 15:12:46 +0200 Subject: [PATCH 20/33] fixed some build errors --- index.rst | 2 - .../index.rst | 0 .../hard-disk-encryption/index.rst | 5 ++ .../hard-disk-encryption/luks.rst | 10 ++-- nitrokeys/features/openpgp-card/index.rst | 47 ++++++++++--------- .../openpgp-card/openvpn/viscosity.rst | 8 ++-- .../features/openpgp-card/smime/index.rst | 13 +++-- nitrokeys/features/openpgp-card/ssh/index.rst | 10 ++++ nitrokeys/features/u2f/index.rst | 1 - nitrokeys/fido2/faq.rst | 2 +- nitrokeys/fido2/guides.rst | 3 +- nitrokeys/hsm/faq.rst | 6 +-- nitrokeys/index.rst | 2 + nitrokeys/nitrokey3/adsk.rst | 6 +-- nitrokeys/nitrokey3/faq.rst | 4 +- .../{main.rst => getting-started.rst} | 3 ++ nitrokeys/pro/faq.rst | 8 ++-- nitrokeys/pro/features.rst | 1 + nitrokeys/start/faq.rst | 8 ++-- nitrokeys/storage/faq.rst | 8 ++-- nitrokeys/storage/getting-started.rst | 3 +- nitrokeys/storage/index.rst | 6 +-- nitropad/qubes/change-pins.rst | 2 +- nitropad/ubuntu/change-pins.rst | 2 +- .../nitropy/all-platforms/installation.rst | 5 +- 25 files changed, 92 insertions(+), 73 deletions(-) rename nitrokeys/features/{encrypted-mobile-storage => encrpyted-mobile-storage}/index.rst (100%) rename nitrokeys/nitrokey3/{main.rst => getting-started.rst} (97%) diff --git a/index.rst b/index.rst index 492f1a1162..59e67c2e75 100644 --- a/index.rst +++ b/index.rst @@ -6,8 +6,6 @@ Nitrokey Documentation :titlesonly: nitrokeys/index - hsm/index - start/index nitropad/index nitropc/index nitrophone/index diff --git a/nitrokeys/features/encrypted-mobile-storage/index.rst b/nitrokeys/features/encrpyted-mobile-storage/index.rst similarity index 100% rename from nitrokeys/features/encrypted-mobile-storage/index.rst rename to nitrokeys/features/encrpyted-mobile-storage/index.rst diff --git a/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst b/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst index cab92c4900..635aeb878d 100644 --- a/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst +++ b/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst @@ -41,6 +41,11 @@ Note: `Aloaha Crypt `__ is based on T Hard Disk Encryption on GNU+Linux with LUKS/dm-crypt ---------------------------------------------------- +.. toctree:: + :maxdepth: 1 + + Full-Disk Encryption With cryptsetup/LUKS + Here are `excellent instructions `__ how to use Nitrokey to encrypt your hard disk under GNU+Linux with LUKS/dm-crypt. `Other instructions `__. Purism has created a `simple script `__ to add the Nitrokey/LibremKey as a way to unlock LUKS partitions (not tested by Nitrokey yet). diff --git a/nitrokeys/features/openpgp-card/hard-disk-encryption/luks.rst b/nitrokeys/features/openpgp-card/hard-disk-encryption/luks.rst index 30ef297953..e4edd206e1 100644 --- a/nitrokeys/features/openpgp-card/hard-disk-encryption/luks.rst +++ b/nitrokeys/features/openpgp-card/hard-disk-encryption/luks.rst @@ -107,13 +107,13 @@ and sets up crypttab, LUKS, initramfs, and GRUB. First you will be prompted for the ``User PIN`` -.. figure:: /pro/linux/images/luks_1.png +.. figure:: images/luks/luks_1.png :alt: img1 Once you unlock the Nitrokey, you will be prompted for your ``OLD passphrase``. It is the passphrase you entered to encrypt your volume at installation. -.. figure:: /pro/linux/images/luks_2.png +.. figure:: images/luks/luks_2.png :alt: img2 .. note:: This is a fall-back alternative in case you lose your Nitrokey, or if @@ -125,7 +125,7 @@ Once you enter the passphrase, the script finishes the setup in about one minute. Do not interrupt the script, or you might get locked out of your computer after reboot. -.. figure:: /pro/linux/images/luks_3.png +.. figure:: images/luks/luks_3.png :alt: img3 Done! @@ -138,12 +138,12 @@ Usage After reboot you should be prompted for your User PIN -.. figure:: /pro/linux/images/luks_5.png +.. figure:: images/luks/luks_5.png :alt: img5 Enter your User PIN to unlock the drive -.. figure:: /pro/linux/images/luks_6.png +.. figure:: images/luks/luks_6.png :alt: img6 diff --git a/nitrokeys/features/openpgp-card/index.rst b/nitrokeys/features/openpgp-card/index.rst index 14298cb532..f129bfff9c 100644 --- a/nitrokeys/features/openpgp-card/index.rst +++ b/nitrokeys/features/openpgp-card/index.rst @@ -7,7 +7,11 @@ There are two widely used standards for email encryption. - S/MIME/X.509 is mostly used by enterprises. -If you are in doubt which one to choose, you should use OpenPGP. While this page describes the usage of OpenPGP, S/MIME is described `here `_. +If you are in doubt which one to choose, you should use OpenPGP. While this page describes the usage of OpenPGP, S/MIME is described here: +.. toctree:: + :maxdepth: 1 + + SMIME Please familiarize yourself with the general concept behind the OpenPGP standard first, for example by reading `this info graphic `__ of the Free Software Foundation. @@ -47,38 +51,37 @@ Usage You can find further information about the usage on these pages: -- to use `OpenPGP encryption with - Thunderbird `_ +.. toctree:: + :maxdepth: 1 -- to use `OpenPGP encryption with - Outlook `_ + OpenPGP encryption with Thunderbird -- to use `OpenPGP Touch Confirmation (Nitrokey 3 only) `_ + OpenPGP encryption with Outlook -- to use `OpenVPN `_ + OpenPGP Touch Confirmation (Nitrokey 3 only) -- to use `Claws - Mail `__, an email - client (and news reader) for Linux and Windows + OpenVPN -- to use - `Evolution `__, - an email client for the Gnome Desktop on Linux systems + Claws Mail, an email client (and news reader) for Linux and Windows -- to use `GPGTools `__ on macOS. + Evolution, an email client for the Gnome Desktop on Linux systems -- to use `Desktop Login `_ + GPGTools on macOS -- to use `IPSec `_ + Desktop Login -- to use `Hard Disk Encryption `_ + SSH -- to use `Stunnel `_ + IPSec -- to use `Gnu Privacy Assistant (GPA) `_ + Hard Disk Encryption -- to use `EID `_ + Stunnel -- to use `Certificate-authority `_ + Gnu Privacy Assistant (GPA) -- to use `GnuPG with Fedora `_ \ No newline at end of file + EID + + Certificate-authority + + GnuPG with Fedora \ No newline at end of file diff --git a/nitrokeys/features/openpgp-card/openvpn/viscosity.rst b/nitrokeys/features/openpgp-card/openvpn/viscosity.rst index 62bddd0fb8..ff91a2c592 100644 --- a/nitrokeys/features/openpgp-card/openvpn/viscosity.rst +++ b/nitrokeys/features/openpgp-card/openvpn/viscosity.rst @@ -39,13 +39,13 @@ Usage 1. Start Viscosity and create a new connection “openVPN” (you can name it as you wish) - .. figure:: ./images/openvpn-viscosity/viscosity-1.jpg + .. figure:: images/viscosity/viscosity-1.jpg :alt: img1 :scale: 75 2. Right click on the connection and click edit - .. figure:: ./images/openvpn-viscosity/viscosity-2.jpg + .. figure:: images/viscosity/viscosity-2.jpg :alt: img2 :scale: 75 @@ -59,7 +59,7 @@ Usage Optional: Select the ``ta.key`` in the ``TLS-Auth`` section - .. figure:: ./images/openvpn-viscosity/viscosity-3.jpg + .. figure:: images/viscosity/viscosity-3.jpg :alt: img3 :scale: 75 @@ -74,7 +74,7 @@ Usage 7. Choose a retrieval method from the Retrieval drop down menu - .. figure:: ./images/openvpn-viscosity/viscosity-4.jpg + .. figure:: images/viscosity/viscosity-4.jpg :alt: img4 - If only one Nitrokey will ever be used on this computer, select diff --git a/nitrokeys/features/openpgp-card/smime/index.rst b/nitrokeys/features/openpgp-card/smime/index.rst index 281259e557..b04ed2719b 100644 --- a/nitrokeys/features/openpgp-card/smime/index.rst +++ b/nitrokeys/features/openpgp-card/smime/index.rst @@ -58,12 +58,11 @@ Usage You can find further information about the usage on these pages: -- for using `S/MIME encryption on - Thunderbird `_ +.. toctree:: + :maxdepth: 1 -- for using `S/MIME encryption on - Outlook `_ + S/MIME encryption on Thunderbird -- for using - `Evolution `__, - an email client for the Gnome Desktop on Linux systems + S/MIME encryption on Outlook + + Evolution, an email client for the Gnome Desktop on Linux systems diff --git a/nitrokeys/features/openpgp-card/ssh/index.rst b/nitrokeys/features/openpgp-card/ssh/index.rst index a8f799377a..1838196974 100644 --- a/nitrokeys/features/openpgp-card/ssh/index.rst +++ b/nitrokeys/features/openpgp-card/ssh/index.rst @@ -1,4 +1,14 @@ +SSH +=== + This guide explains how to prepare your SSH server and client for use with the Nitrokey. +For configuring PuTTY, see this guide: + +.. toctree:: + :maxdepth: 1 + + Putty + The Nitrokey should already have PGP keys installed and the local GnuPG keyring should know the keys. diff --git a/nitrokeys/features/u2f/index.rst b/nitrokeys/features/u2f/index.rst index 3f4cfd390b..b1acaadacc 100644 --- a/nitrokeys/features/u2f/index.rst +++ b/nitrokeys/features/u2f/index.rst @@ -5,6 +5,5 @@ U2F :maxdepth: 1 Desktop Login (Linux only) - Nextcloud Login Odoo Login Two Factor Authentication <2fa> \ No newline at end of file diff --git a/nitrokeys/fido2/faq.rst b/nitrokeys/fido2/faq.rst index ad7cf5f98e..8021edfbc8 100644 --- a/nitrokeys/fido2/faq.rst +++ b/nitrokeys/fido2/faq.rst @@ -24,4 +24,4 @@ Nitrokey FIDO2 FAQ After `disabling Enforce Attestation`_ Nitrokey FIDO2 is supported by Azure Entra ID out of the box. -.. include:: ../shared-faqs/hyperlinks.rst.inc \ No newline at end of file +.. include:: ../../shared-faqs/hyperlinks.rst.inc \ No newline at end of file diff --git a/nitrokeys/fido2/guides.rst b/nitrokeys/fido2/guides.rst index f319018688..1048787021 100644 --- a/nitrokeys/fido2/guides.rst +++ b/nitrokeys/fido2/guides.rst @@ -4,4 +4,5 @@ Nitrokey FIDO2 Guides .. toctree:: :maxdepth: 1 - firmware update \ No newline at end of file + Firmware update + Reset \ No newline at end of file diff --git a/nitrokeys/hsm/faq.rst b/nitrokeys/hsm/faq.rst index 4ec1e1426b..dbc17c02f5 100644 --- a/nitrokeys/hsm/faq.rst +++ b/nitrokeys/hsm/faq.rst @@ -2,7 +2,7 @@ Nitrokey HSM FAQ ================ -.. include:: ../shared-faqs/nitrokeys.rst.inc +.. include:: ../../shared-faqs/nitrokeys.rst.inc **Q:** What is the maximum length of the PIN? @@ -56,7 +56,7 @@ Nitrokey HSM FAQ Use ``opensc-tool --list-algorithms`` and compare with the table below. Please also see `this thread`_ for the factsheets and more details. -.. include:: ../shared-faqs/algos.rst.inc +.. include:: ../../shared-faqs/algos.rst.inc **Q:** How can I use the True Random Number Generator (TRNG) of the Nitrokey HSM for my applications? Nitrokey HSM can be used with `Botan`_ and `TokenTools`_ by using OpenSC as a PKCS#11 driver. @@ -110,4 +110,4 @@ Nitrokey HSM FAQ .. _TokenTools: https://github.com/infincia/TokenTools .. _AIS 31: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_pdf -.. include:: ../shared-faqs/hyperlinks.rst.inc +.. include:: ../../shared-faqs/hyperlinks.rst.inc diff --git a/nitrokeys/index.rst b/nitrokeys/index.rst index 38dd3eb396..054b190b2f 100644 --- a/nitrokeys/index.rst +++ b/nitrokeys/index.rst @@ -8,6 +8,8 @@ Nitrokeys Features U2F Pro + Passkey + HSM Storage Start Nitrokey 3 diff --git a/nitrokeys/nitrokey3/adsk.rst b/nitrokeys/nitrokey3/adsk.rst index 7ec053c335..73e9131ec0 100644 --- a/nitrokeys/nitrokey3/adsk.rst +++ b/nitrokeys/nitrokey3/adsk.rst @@ -27,9 +27,9 @@ Preparing the Keys Follow one of these guides to generate the two keys: -- :doc:`openpgp-keygen-backup` -- :doc:`openpgp-keygen-on-device` -- :doc:`openpgp-keygen-gpa` +- :doc:`../features/openpgp-card/openpgp-keygen-backup` +- :doc:`../features/openpgp-card/openpgp-keygen-on-device` +- :doc:`../features/openpgp-card/openpgp-keygen-gpa` Make sure that you can list both keys with ``gpg --list-keys``, for example:: diff --git a/nitrokeys/nitrokey3/faq.rst b/nitrokeys/nitrokey3/faq.rst index 50909a5f84..f81e28761d 100644 --- a/nitrokeys/nitrokey3/faq.rst +++ b/nitrokeys/nitrokey3/faq.rst @@ -37,7 +37,7 @@ Nitrokey 3 FAQ **Q:** Why does the Nitrokey 3 not show up in Nitrokey App? Nitrokey 3 does only show up and can be managed in "nitropy" and "Nitrokey App 2, not in Nitrokey App 1". -.. include:: ../shared-faqs/algos.rst.inc +.. include:: ../../shared-faqs/algos.rst.inc **Q:** How can I set the PIN for my Nitrokey 3? The Nitrokey 3 has distinct PINs for each feature. @@ -61,5 +61,5 @@ Nitrokey 3 FAQ using the Nitrokey 3 with the SE050 in production environments. -.. include:: ../shared-faqs/hyperlinks.rst.inc +.. include:: ../../shared-faqs/hyperlinks.rst.inc .. _test: ../software/nitropy/all-platforms/test.html diff --git a/nitrokeys/nitrokey3/main.rst b/nitrokeys/nitrokey3/getting-started.rst similarity index 97% rename from nitrokeys/nitrokey3/main.rst rename to nitrokeys/nitrokey3/getting-started.rst index 4d2e38cd43..fa8a485d9c 100644 --- a/nitrokeys/nitrokey3/main.rst +++ b/nitrokeys/nitrokey3/getting-started.rst @@ -1,3 +1,6 @@ +Getting Started +=============== + The Nitrokey 3 supports two-factor authentication (2FA) and passwordless authentication: diff --git a/nitrokeys/pro/faq.rst b/nitrokeys/pro/faq.rst index 930d6a9647..5c348c4443 100644 --- a/nitrokeys/pro/faq.rst +++ b/nitrokeys/pro/faq.rst @@ -2,7 +2,7 @@ Nitrokey Pro 2 FAQ ================== -.. include:: ../shared-faqs/nitrokeys.rst.inc +.. include:: ../../shared-faqs/nitrokeys.rst.inc **Q:** What are the default PINs? * **User PIN:** "123456" @@ -11,7 +11,7 @@ Nitrokey Pro 2 FAQ We strongly recommend to change these PINs/password to user-chosen values before using the Nitrokey. -.. include:: ../shared-faqs/pins.rst.inc +.. include:: ../../shared-faqs/pins.rst.inc **Q:** Why does my Nitrokey Pro hang when switching between nitrokey-app and GnuPG? GnuPG and nitrokey-app sometimes tend to hand each other. This is a known problem @@ -41,7 +41,7 @@ Nitrokey Pro 2 FAQ * 128 bit AES, 240 bytes per command -> 930 bytes per second -.. include:: ../shared-faqs/algos.rst.inc +.. include:: ../../shared-faqs/algos.rst.inc **Q:** Does the Nitrokey Pro contain a secure chip or just a normal microcontroller? @@ -68,4 +68,4 @@ Nitrokey Pro 2 FAQ The Nitrokey Pro doesn't contain storage capability for ordinary data (it can only store cryptographic keys and certificates). -.. include:: ../shared-faqs/hyperlinks.rst.inc +.. include:: ../../shared-faqs/hyperlinks.rst.inc diff --git a/nitrokeys/pro/features.rst b/nitrokeys/pro/features.rst index 06092cf066..b4039a2f66 100644 --- a/nitrokeys/pro/features.rst +++ b/nitrokeys/pro/features.rst @@ -6,5 +6,6 @@ Features OpenPGP Card <../features/openpgp-card/index> U2F <../features/u2f/index> + TOTP <../features/totp/index> ECC <../features/misc/ecc/index> Automatic Screen Lock (Linux) <../features/misc/automatic-screen-lock/index> diff --git a/nitrokeys/start/faq.rst b/nitrokeys/start/faq.rst index 728964c7e6..b701c170af 100644 --- a/nitrokeys/start/faq.rst +++ b/nitrokeys/start/faq.rst @@ -1,7 +1,7 @@ Nitrokey Start FAQ ================== -.. include:: ../shared-faqs/nitrokeys.rst.inc +.. include:: ../../shared-faqs/nitrokeys.rst.inc **Q:** What are the default PINs? * **User PIN:** "123456" @@ -10,7 +10,7 @@ Nitrokey Start FAQ We strongly recommend to change these PINs/password to user-chosen values before using the Nitrokey. -.. include:: ../shared-faqs/pins.rst.inc +.. include:: ../../shared-faqs/pins.rst.inc **Q:** Which drivers/tools can be used? GnuPG is required for many use cases. It is a command line tool but usually @@ -26,7 +26,7 @@ Nitrokey Start FAQ instructions work Nitrokey as well. In general the official documentation is recommended. -.. include:: ../shared-faqs/algos.rst.inc +.. include:: ../../shared-faqs/algos.rst.inc **Q:** Does the Nitrokey Start contain a secure chip or just a normal microcontroller? @@ -37,6 +37,6 @@ Nitrokey Start FAQ only store cryptographic keys and certificates). -.. include:: ../shared-faqs/hyperlinks.rst.inc +.. include:: ../../shared-faqs/hyperlinks.rst.inc diff --git a/nitrokeys/storage/faq.rst b/nitrokeys/storage/faq.rst index c06c86f269..6b1811ae3c 100644 --- a/nitrokeys/storage/faq.rst +++ b/nitrokeys/storage/faq.rst @@ -4,7 +4,7 @@ Nitrokey Storage FAQ As the Nitrokey Storage 2 is essentially a Nitrokey Pro 2 including a non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` also partly applies. -.. include:: ../shared-faqs/nitrokeys.rst.inc +.. include:: ../../shared-faqs/nitrokeys.rst.inc **Q:** What are the default PINs? * **User PIN:** "123456" @@ -25,7 +25,7 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als make sure you first "Destroy encrypted data" inside the Nitrokey App. -.. include:: ../shared-faqs/pins.rst.inc +.. include:: ../../shared-faqs/pins.rst.inc **Q:** Why does my Nitrokey Storage hang when switching between nitrokey-app and GnuPG? @@ -57,7 +57,7 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als * 256 bit AES, 240 bytes per command -> 910 bytes per second * 128 bit AES, 240 bytes per command -> 930 bytes per second -.. include:: ../shared-faqs/algos.rst.inc +.. include:: ../../shared-faqs/algos.rst.inc **Q:** Does the Nitrokey Storage contain a secure chip or just a normal microcontroller? Nitrokey Storage contains a tamper resistant smart card. @@ -115,4 +115,4 @@ non-volatile (encrypted) storage, the :doc:`Nitrokey Pro 2 FAQ <../pro/faq>` als Hidden volumes are like containers inside of a container, the encrypted volume. -.. include:: ../shared-faqs/hyperlinks.rst.inc +.. include:: ../../shared-faqs/hyperlinks.rst.inc diff --git a/nitrokeys/storage/getting-started.rst b/nitrokeys/storage/getting-started.rst index e318eb9d30..d89c16028d 100644 --- a/nitrokeys/storage/getting-started.rst +++ b/nitrokeys/storage/getting-started.rst @@ -10,7 +10,8 @@ Getting Started To access the OpenPGP smart card of the Nitrokey, install the package libccid. On Debian/Ubuntu based Distributions type in terminal: .. code-block:: bash - $ sudo apt-get update && sudo apt-get install libccid + + $ sudo apt-get update && sudo apt-get install libccid .. group-tab:: MacOS Important: Once you plug in the Nitrokey, your computer will start diff --git a/nitrokeys/storage/index.rst b/nitrokeys/storage/index.rst index cbf2d4c6f5..e4fb2549e1 100644 --- a/nitrokeys/storage/index.rst +++ b/nitrokeys/storage/index.rst @@ -22,7 +22,7 @@ and the: or check out the features: .. toctree:: - :maxdepth: 3 - :glob: + :maxdepth: 3 + :glob: - Features \ No newline at end of file + Features \ No newline at end of file diff --git a/nitropad/qubes/change-pins.rst b/nitropad/qubes/change-pins.rst index c14cd241e1..ccc22f8050 100644 --- a/nitropad/qubes/change-pins.rst +++ b/nitropad/qubes/change-pins.rst @@ -1 +1 @@ -.. include:: ../../pro/change-pins.rst.inc +.. include:: ../../nitrokeys/product-guides/change-pins.rst diff --git a/nitropad/ubuntu/change-pins.rst b/nitropad/ubuntu/change-pins.rst index 5e1a030d4a..ccc22f8050 100644 --- a/nitropad/ubuntu/change-pins.rst +++ b/nitropad/ubuntu/change-pins.rst @@ -1 +1 @@ -.. include:: ../../pro/change-pins.rst.inc +.. include:: ../../nitrokeys/product-guides/change-pins.rst diff --git a/software/nitropy/all-platforms/installation.rst b/software/nitropy/all-platforms/installation.rst index 7a60638186..607aecac76 100644 --- a/software/nitropy/all-platforms/installation.rst +++ b/software/nitropy/all-platforms/installation.rst @@ -133,8 +133,5 @@ See :doc:`../linux/udev` for more information. Next Steps ---------- -You can find more information on using nitropy in these guides: +You can find more information on using nitropy in this `guide <../../nitrokeys/nitrokey3/firmware-update>`_. -- For Linux: :doc:`../../../nitrokey3/linux/firmware-update` -- For Mac: :doc:`../../../nitrokey3/mac/firmware-update` -- For Windows: :doc:`../../../nitrokey3/windows/firmware-update` From 68a1e02c8eee96b6e06a95639e1a4c61650d3a48 Mon Sep 17 00:00:00 2001 From: Marlin Date: Thu, 8 Aug 2024 15:17:34 +0200 Subject: [PATCH 21/33] fixed last commit --- nitrokeys/features/openpgp-card/index.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nitrokeys/features/openpgp-card/index.rst b/nitrokeys/features/openpgp-card/index.rst index f129bfff9c..48e007b2fb 100644 --- a/nitrokeys/features/openpgp-card/index.rst +++ b/nitrokeys/features/openpgp-card/index.rst @@ -8,6 +8,7 @@ There are two widely used standards for email encryption. - S/MIME/X.509 is mostly used by enterprises. If you are in doubt which one to choose, you should use OpenPGP. While this page describes the usage of OpenPGP, S/MIME is described here: + .. toctree:: :maxdepth: 1 @@ -54,7 +55,7 @@ You can find further information about the usage on these pages: .. toctree:: :maxdepth: 1 - OpenPGP encryption with Thunderbird + OpenPGP encryption with Thunderbird OpenPGP encryption with Outlook @@ -66,7 +67,7 @@ You can find further information about the usage on these pages: Evolution, an email client for the Gnome Desktop on Linux systems - GPGTools on macOS + GPGTools on macOS Desktop Login From 49a7bbe9f88a1f5b5fabe7776d3d2c43a370f579 Mon Sep 17 00:00:00 2001 From: Marlin Date: Thu, 8 Aug 2024 15:27:16 +0200 Subject: [PATCH 22/33] probably fixed all build errors --- .../index.rst | 0 nitrokeys/features/index.rst | 2 +- nitrokeys/features/openpgp-card/index.rst | 2 +- nitrokeys/start/guides.rst | 10 +++++----- nitrokeys/storage/features.rst | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) rename nitrokeys/features/{encrpyted-mobile-storage => encrypted-storage}/index.rst (100%) diff --git a/nitrokeys/features/encrpyted-mobile-storage/index.rst b/nitrokeys/features/encrypted-storage/index.rst similarity index 100% rename from nitrokeys/features/encrpyted-mobile-storage/index.rst rename to nitrokeys/features/encrypted-storage/index.rst diff --git a/nitrokeys/features/index.rst b/nitrokeys/features/index.rst index 5c2c6f7d77..46cc3be5c0 100644 --- a/nitrokeys/features/index.rst +++ b/nitrokeys/features/index.rst @@ -10,7 +10,7 @@ Features TOTP OpenPGP card Password Safe - Encrypted Mobile Storage + Encrypted Mobile Storage Hidden Storage HSM PIV (Windows only) diff --git a/nitrokeys/features/openpgp-card/index.rst b/nitrokeys/features/openpgp-card/index.rst index 48e007b2fb..6808b8650f 100644 --- a/nitrokeys/features/openpgp-card/index.rst +++ b/nitrokeys/features/openpgp-card/index.rst @@ -12,7 +12,7 @@ If you are in doubt which one to choose, you should use OpenPGP. While this page .. toctree:: :maxdepth: 1 - SMIME + SMIME Please familiarize yourself with the general concept behind the OpenPGP standard first, for example by reading `this info graphic `__ of the Free Software Foundation. diff --git a/nitrokeys/start/guides.rst b/nitrokeys/start/guides.rst index 7f7ba3da2f..907f96e153 100644 --- a/nitrokeys/start/guides.rst +++ b/nitrokeys/start/guides.rst @@ -2,9 +2,9 @@ Nitrokey Start Guides ===================== .. toctree:: - :maxdepth: 1 + :maxdepth: 1 - Multiple Identities - Setting KDF-DO - Factory Reset - Firmware Update \ No newline at end of file + Multiple Identities + Setting KDF-DO + Factory Reset + Firmware Update \ No newline at end of file diff --git a/nitrokeys/storage/features.rst b/nitrokeys/storage/features.rst index e02a174438..397719718c 100644 --- a/nitrokeys/storage/features.rst +++ b/nitrokeys/storage/features.rst @@ -8,6 +8,6 @@ Features U2F <../features/u2f/index> OpenPGP Card <../features/openpgp-card/index> Hidden Storage <../features/hidden-storage/index> - Encrypted Mobile Storage <../features/encrpyted-mobile-storage/index> + Encrypted Mobile Storage <../features/encrypted-storage/index> ECC <../features/misc/ecc/index> Automatic Screen Lock (Linux) <../features/misc/automatic-screen-lock/index> \ No newline at end of file From 31d13f377a26c777f04775c8e7c4b51246dc68c0 Mon Sep 17 00:00:00 2001 From: Marlin Date: Thu, 8 Aug 2024 15:32:00 +0200 Subject: [PATCH 23/33] fixed change pin path --- nitropad/qubes/change-pins.rst | 2 +- nitropad/ubuntu/change-pins.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nitropad/qubes/change-pins.rst b/nitropad/qubes/change-pins.rst index ccc22f8050..1e44e361cd 100644 --- a/nitropad/qubes/change-pins.rst +++ b/nitropad/qubes/change-pins.rst @@ -1 +1 @@ -.. include:: ../../nitrokeys/product-guides/change-pins.rst +.. include:: ../../nitrokeys/product-guides/change-pins/index.rst diff --git a/nitropad/ubuntu/change-pins.rst b/nitropad/ubuntu/change-pins.rst index ccc22f8050..1e44e361cd 100644 --- a/nitropad/ubuntu/change-pins.rst +++ b/nitropad/ubuntu/change-pins.rst @@ -1 +1 @@ -.. include:: ../../nitrokeys/product-guides/change-pins.rst +.. include:: ../../nitrokeys/product-guides/change-pins/index.rst From c4b32718f90875764f1cc8a7c55ab3278be0e949 Mon Sep 17 00:00:00 2001 From: Marlin Date: Thu, 8 Aug 2024 15:35:37 +0200 Subject: [PATCH 24/33] fixed broken links --- nitrokeys/product-guides/change-pins/index.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nitrokeys/product-guides/change-pins/index.rst b/nitrokeys/product-guides/change-pins/index.rst index 3b77932e8f..e9222f10ee 100644 --- a/nitrokeys/product-guides/change-pins/index.rst +++ b/nitrokeys/product-guides/change-pins/index.rst @@ -11,7 +11,7 @@ The user PIN is at least 6-digits long and is used to get access to the content You can change the user PIN with the Nitrokey App if using a Nitrokey Pro or Nitrokey Storage. In the `Nitrokey `__ App open ‘Menu -> Configure -> Change User PIN’ to open the dialog to change the PIN. -.. figure:: images/change-pins/1.png +.. figure:: /nitrokeys/product-guides/change-pins/images/change-pins/change-pins/1.png :alt: img1 @@ -20,7 +20,7 @@ You can change the User PIN in the dialog window now. The user PIN can have up to 20 digits and other characters (e.g. alphabetic and special characters). But as the user PIN is blocked as soon three wrong PIN attempts were done, it is sufficiently secure to only have a 6 digits PIN. The default PIN is 123456. -.. figure:: images/change-pins/2.png +.. figure:: /nitrokeys/product-guides/change-pins/images/change-pins/change-pins/2.png :alt: img2 @@ -33,7 +33,7 @@ The admin PIN is at least 8-digits long and is used to change contents/settings You can change the admin PIN with the Nitrokey App if using a Nitrokey Pro or Nitrokey Storage. In the `Nitrokey App `__ open ‘Menu -> Configure -> Change Admin PIN’ to open the dialog to change the PIN. -.. figure:: images/change-pins/3.png +.. figure:: /nitrokeys/product-guides/change-pins/images/change-pins/change-pins/3.png :alt: img3 @@ -42,7 +42,7 @@ You can change the admin PIN in the dialog window now. The admin PIN can have up to 20 digits and other characters (e.g. alphabetic and special characters). But as the admin PIN is blocked as soon three wrong PIN attempts were done, it is sufficiently secure to only have 8 digits PIN. The default PIN is 12345678. -.. figure:: images/change-pins/4.png +.. figure:: /nitrokeys/product-guides/change-pins/images/change-pins/change-pins/4.png :alt: img4 From f3af1906ec1fba2cc0719d40935aec1cb646479b Mon Sep 17 00:00:00 2001 From: Marlin Date: Thu, 8 Aug 2024 15:38:17 +0200 Subject: [PATCH 25/33] corrected last commit --- nitrokeys/product-guides/change-pins/index.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nitrokeys/product-guides/change-pins/index.rst b/nitrokeys/product-guides/change-pins/index.rst index e9222f10ee..bf0b570629 100644 --- a/nitrokeys/product-guides/change-pins/index.rst +++ b/nitrokeys/product-guides/change-pins/index.rst @@ -11,7 +11,7 @@ The user PIN is at least 6-digits long and is used to get access to the content You can change the user PIN with the Nitrokey App if using a Nitrokey Pro or Nitrokey Storage. In the `Nitrokey `__ App open ‘Menu -> Configure -> Change User PIN’ to open the dialog to change the PIN. -.. figure:: /nitrokeys/product-guides/change-pins/images/change-pins/change-pins/1.png +.. figure:: /nitrokeys/product-guides/change-pins/images/change-pins/1.png :alt: img1 @@ -20,7 +20,7 @@ You can change the User PIN in the dialog window now. The user PIN can have up to 20 digits and other characters (e.g. alphabetic and special characters). But as the user PIN is blocked as soon three wrong PIN attempts were done, it is sufficiently secure to only have a 6 digits PIN. The default PIN is 123456. -.. figure:: /nitrokeys/product-guides/change-pins/images/change-pins/change-pins/2.png +.. figure:: /nitrokeys/product-guides/change-pins/images/change-pins/2.png :alt: img2 @@ -33,7 +33,7 @@ The admin PIN is at least 8-digits long and is used to change contents/settings You can change the admin PIN with the Nitrokey App if using a Nitrokey Pro or Nitrokey Storage. In the `Nitrokey App `__ open ‘Menu -> Configure -> Change Admin PIN’ to open the dialog to change the PIN. -.. figure:: /nitrokeys/product-guides/change-pins/images/change-pins/change-pins/3.png +.. figure:: /nitrokeys/product-guides/change-pins/images/change-pins/3.png :alt: img3 @@ -42,7 +42,7 @@ You can change the admin PIN in the dialog window now. The admin PIN can have up to 20 digits and other characters (e.g. alphabetic and special characters). But as the admin PIN is blocked as soon three wrong PIN attempts were done, it is sufficiently secure to only have 8 digits PIN. The default PIN is 12345678. -.. figure:: /nitrokeys/product-guides/change-pins/images/change-pins/change-pins/4.png +.. figure:: /nitrokeys/product-guides/change-pins/images/change-pins/4.png :alt: img4 From e089d9b2cfdd8a743f257afae33e596e832c5ec4 Mon Sep 17 00:00:00 2001 From: Marlin Date: Thu, 8 Aug 2024 15:49:02 +0200 Subject: [PATCH 26/33] cleaned up openpgp card --- nitrokeys/features/openpgp-card/index.rst | 75 ++---------------- nitrokeys/features/openpgp-card/overview.rst | 83 ++++++++++++++++++++ 2 files changed, 90 insertions(+), 68 deletions(-) create mode 100644 nitrokeys/features/openpgp-card/overview.rst diff --git a/nitrokeys/features/openpgp-card/index.rst b/nitrokeys/features/openpgp-card/index.rst index 6808b8650f..1ae0febf92 100644 --- a/nitrokeys/features/openpgp-card/index.rst +++ b/nitrokeys/features/openpgp-card/index.rst @@ -1,88 +1,27 @@ -OpenPGP Email Encryption -======================== - -There are two widely used standards for email encryption. - -- OpenPGP/GnuPG is popular among individuals, - -- S/MIME/X.509 is mostly used by enterprises. - -If you are in doubt which one to choose, you should use OpenPGP. While this page describes the usage of OpenPGP, S/MIME is described here: - -.. toctree:: - :maxdepth: 1 - - SMIME - -Please familiarize yourself with the general concept behind the OpenPGP standard first, for example by reading `this info graphic `__ of the Free Software Foundation. - -Key Generation --------------- - -If you do not have OpenPGP keys yet, you need to generate them first. - -- `Generate keys on - your Nitrokey device `_ - - this is the best option if you are unexperienced, but you won’t - have a backup of your keys and therefore won’t be able to mitigate - the loss of the Nitrokey - -- `Generate keys on your Nitrokey device with different algorithm or key - size `_ - - this is as secure as the previous option and thus you won’t have a - backup as well, but you can change the key attributes (that is the - algorithm and key size) - -- `Generate keys - locally `_ - and copy them to your Nitrokey device - this is the most flexible, expert option, - but only secure if your system is not compromised, because you can - create a backup key outside your Nitrokey A similar description in - french can be found - `here `__. - -Importing Existing Keys ------------------------ - -If you already have OpenPGP keys you may want to use them with your Nitrokey, instead of generating new ones. Importing existing keys works basically the same as generating keys locally first and copying them to the Nitrokey (see above). Therefore, please have a look at the `corresponding instructions `_. Note that you probably want to generate another subkey for authentication to your existing key. See at the same instructions for `subkey generation `_. - -Usage ------ - -You can find further information about the usage on these pages: - +OpenPGP Card +============ .. toctree:: :maxdepth: 1 + Overview + Keygen with GPA + Keygen with Backup + Keygen on device + Windows Login and S/MIME Email Encryption with Active Directory OpenPGP encryption with Thunderbird - OpenPGP encryption with Outlook - OpenPGP Touch Confirmation (Nitrokey 3 only) - OpenVPN - Claws Mail, an email client (and news reader) for Linux and Windows - Evolution, an email client for the Gnome Desktop on Linux systems - GPGTools on macOS - Desktop Login - SSH - IPSec - Hard Disk Encryption - Stunnel - Gnu Privacy Assistant (GPA) - EID - Certificate-authority - GnuPG with Fedora \ No newline at end of file diff --git a/nitrokeys/features/openpgp-card/overview.rst b/nitrokeys/features/openpgp-card/overview.rst new file mode 100644 index 0000000000..f6e1ace837 --- /dev/null +++ b/nitrokeys/features/openpgp-card/overview.rst @@ -0,0 +1,83 @@ +OpenPGP Email Encryption +======================== + +There are two widely used standards for email encryption. + +- OpenPGP/GnuPG is popular among individuals, + +- S/MIME/X.509 is mostly used by enterprises. + +If you are in doubt which one to choose, you should use OpenPGP. While this page describes the usage of OpenPGP, S/MIME is described `here `_. + +Please familiarize yourself with the general concept behind the OpenPGP standard first, for example by reading `this info graphic `__ of the Free Software Foundation. + +Key Generation +-------------- + +If you do not have OpenPGP keys yet, you need to generate them first. + +- `Generate keys on + your Nitrokey device `_ + - this is the best option if you are unexperienced, but you won’t + have a backup of your keys and therefore won’t be able to mitigate + the loss of the Nitrokey + +- `Generate keys on your Nitrokey device with different algorithm or key + size `_ + - this is as secure as the previous option and thus you won’t have a + backup as well, but you can change the key attributes (that is the + algorithm and key size) + +- `Generate keys + locally `_ + and copy them to your Nitrokey device - this is the most flexible, expert option, + but only secure if your system is not compromised, because you can + create a backup key outside your Nitrokey A similar description in + french can be found + `here `__. + +Importing Existing Keys +----------------------- + +If you already have OpenPGP keys you may want to use them with your Nitrokey, instead of generating new ones. Importing existing keys works basically the same as generating keys locally first and copying them to the Nitrokey (see above). Therefore, please have a look at the `corresponding instructions `_. Note that you probably want to generate another subkey for authentication to your existing key. See at the same instructions for `subkey generation `_. + +Usage +----- + +You can find further information about the usage on these pages: + + +.. toctree:: + :maxdepth: 1 + + OpenPGP encryption with Thunderbird + + OpenPGP encryption with Outlook + + OpenPGP Touch Confirmation (Nitrokey 3 only) + + OpenVPN + + Claws Mail, an email client (and news reader) for Linux and Windows + + Evolution, an email client for the Gnome Desktop on Linux systems + + GPGTools on macOS + + Desktop Login + + SSH + + IPSec + + Hard Disk Encryption + + Stunnel + + Gnu Privacy Assistant (GPA) + + EID + + Certificate-authority + + GnuPG with Fedora \ No newline at end of file From 3356b44563a68e4b128669d562ec0ee32e6b696b Mon Sep 17 00:00:00 2001 From: Marlin Date: Thu, 8 Aug 2024 16:11:04 +0200 Subject: [PATCH 27/33] fixed the features order and cleaned up Nitrokey 3 --- nitrokeys/features/hsm/index.rst | 2 +- .../hard-disk-encryption/index.rst | 3 +- nitrokeys/nitrokey3/features.rst | 107 ++---------------- nitrokeys/nitrokey3/index.rst | 1 + nitrokeys/nitrokey3/overview.rst | 101 +++++++++++++++++ nitrokeys/pro/features.rst | 4 +- nitrokeys/storage/features.rst | 8 +- 7 files changed, 119 insertions(+), 107 deletions(-) create mode 100644 nitrokeys/nitrokey3/overview.rst diff --git a/nitrokeys/features/hsm/index.rst b/nitrokeys/features/hsm/index.rst index 0855f90257..dfca159d58 100644 --- a/nitrokeys/features/hsm/index.rst +++ b/nitrokeys/features/hsm/index.rst @@ -14,6 +14,6 @@ HSM Features Stunnel (Linux only) <../openpgp-card/stunnel/index> Certificate Authority <../openpgp-card/certificate-authority/index> Ipsec (Linux only) <../openpgp-card/ipsec/index> - N-of-m Schemes (Linux only) + N-of-m Schemes Pkcs11-URL Apache 2 TLS \ No newline at end of file diff --git a/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst b/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst index 635aeb878d..6265a41704 100644 --- a/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst +++ b/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst @@ -41,12 +41,13 @@ Note: `Aloaha Crypt `__ is based on T Hard Disk Encryption on GNU+Linux with LUKS/dm-crypt ---------------------------------------------------- +For setting up LUKS Disk Encryption follow our guide: + .. toctree:: :maxdepth: 1 Full-Disk Encryption With cryptsetup/LUKS -Here are `excellent instructions `__ how to use Nitrokey to encrypt your hard disk under GNU+Linux with LUKS/dm-crypt. `Other instructions `__. Purism has created a `simple script `__ to add the Nitrokey/LibremKey as a way to unlock LUKS partitions (not tested by Nitrokey yet). diff --git a/nitrokeys/nitrokey3/features.rst b/nitrokeys/nitrokey3/features.rst index f1b7c8275b..e15cf61bbe 100644 --- a/nitrokeys/nitrokey3/features.rst +++ b/nitrokeys/nitrokey3/features.rst @@ -1,101 +1,10 @@ -Features -######## - - -The Nitrokey 3 is a very versatile platform which allows us to constantly -improve and add functionalities. This overview represents the current -state and furthermore adds various technical details on how the different -features are realized. - -.. list-table:: - :width: 100% - :header-rows: 1 - - * - **Feature** - - **Description** - - **Transport(s)** - - **Secure element support** - - - * - `FIDO2`_ - - Increase (Web-)security using 2FA and passwordless logins; ssh logins - - USB, NFC - - no - - * - `U2F`_ - - Predecessor of FIDO2 mainly used for Two-Factor Authentication - - USB, NFC - - no - - * - `OpenPGP Card`_ - - Asymmetric cryptography; keep your private key(s) secure; email encryption - - USB - - yes - - * - `SMIME`_ - - Asymmetric cryptography; keep your private key(s) secure; email encryption - - USB - - yes - - * - `Password Safe`_ - - (One-Time-)Passwords securely stored on your Nitrokey 3 - - USB - - no - - * - `Admin App`_ - - Administration functions used by `pynitrokey`_ and `NitrokeyApp2`_ - - USB - - no - -.. note:: - Secure element support for OpenPGP Card is available since stable firmware v1.7.0. Any new - devices will have this automatically activated. For devices already in use, the - user has to `manually switch`_ as described in the FAQ. - - -On top of the stable firmware for the Nitrokey 3, we also provide a `Test Firmware`_, which -comes with additional functionalities, which are not (yet) included into the stable firmware. - -**Using the Test Firmware is not recommended for production environments, there might be -incompatibilities between test and stable firmware upgrades - please use with caution. Especially -data migrations from test to stable firmwares will not be implemented.** - -.. list-table:: - :width: 100% - :header-rows: 1 - - * - **Feature** - - **Description** - - **Transport(s)** - - **Secure element support** - - * - `PIV`_ - - Asymmetric cryptography; more business focussed smartcard realization - - USB - - no - - * - `WebSmartCard`_ - - Provides smartcard-functionalities through the web & FIDO2 - - USB - - no - - -.. _FIDO2: ../features/fido/index.html -.. _U2F: ../features/u2f/index.html -.. _OpenPGP Card: ../features/openpgp-card/index.html -.. _Password Safe: ../features/password-safe/index.html -.. _Admin App: https://github.com/Nitrokey/admin-app -.. _PIV: ../features/piv/index -.. _WebSmartCard: https://github.com/Nitrokey/nitrokey-websmartcard -.. _SMIME: ../features/smime/index.html - -.. _pynitrokey: ../software/nitropy/index.html -.. _NitrokeyApp2: ../software/nk-app2/index.html - -.. _Test Firmware: linux/firmware-update#firmware-release-types - - -.. _manually switch: faq#how-can-I-use-the-se050-secure-element - +Nitrokey 3 Features +=================== +.. toctree:: + :maxdepth: 2 + FIDO2 <../features/fido2/index> + U2F <../features/u2f/index> + OpenPGP Card <../features/openpgp-card/index> + Password Safe <../features/password-safe/index> \ No newline at end of file diff --git a/nitrokeys/nitrokey3/index.rst b/nitrokeys/nitrokey3/index.rst index 31662fb60f..ad38f712e8 100644 --- a/nitrokeys/nitrokey3/index.rst +++ b/nitrokeys/nitrokey3/index.rst @@ -11,6 +11,7 @@ First check the: Frequently Asked Questions Getting Started + Overview and the: diff --git a/nitrokeys/nitrokey3/overview.rst b/nitrokeys/nitrokey3/overview.rst new file mode 100644 index 0000000000..7238fc4b8e --- /dev/null +++ b/nitrokeys/nitrokey3/overview.rst @@ -0,0 +1,101 @@ +Overview +######## + + +The Nitrokey 3 is a very versatile platform which allows us to constantly +improve and add functionalities. This overview represents the current +state and furthermore adds various technical details on how the different +features are realized. + +.. list-table:: + :width: 100% + :header-rows: 1 + + * - **Feature** + - **Description** + - **Transport(s)** + - **Secure element support** + + + * - `FIDO2`_ + - Increase (Web-)security using 2FA and passwordless logins; ssh logins + - USB, NFC + - no + + * - `U2F`_ + - Predecessor of FIDO2 mainly used for Two-Factor Authentication + - USB, NFC + - no + + * - `OpenPGP Card`_ + - Asymmetric cryptography; keep your private key(s) secure; email encryption + - USB + - yes + + * - `SMIME`_ + - Asymmetric cryptography; keep your private key(s) secure; email encryption + - USB + - yes + + * - `Password Safe`_ + - (One-Time-)Passwords securely stored on your Nitrokey 3 + - USB + - no + + * - `Admin App`_ + - Administration functions used by `pynitrokey`_ and `NitrokeyApp2`_ + - USB + - no + +.. note:: + Secure element support for OpenPGP Card is available since stable firmware v1.7.0. Any new + devices will have this automatically activated. For devices already in use, the + user has to `manually switch`_ as described in the FAQ. + + +On top of the stable firmware for the Nitrokey 3, we also provide a `Test Firmware`_, which +comes with additional functionalities, which are not (yet) included into the stable firmware. + +**Using the Test Firmware is not recommended for production environments, there might be +incompatibilities between test and stable firmware upgrades - please use with caution. Especially +data migrations from test to stable firmwares will not be implemented.** + +.. list-table:: + :width: 100% + :header-rows: 1 + + * - **Feature** + - **Description** + - **Transport(s)** + - **Secure element support** + + * - `PIV`_ + - Asymmetric cryptography; more business focussed smartcard realization + - USB + - no + + * - `WebSmartCard`_ + - Provides smartcard-functionalities through the web & FIDO2 + - USB + - no + + +.. _FIDO2: ../features/fido/index.html +.. _U2F: ../features/u2f/index.html +.. _OpenPGP Card: ../features/openpgp-card/index.html +.. _Password Safe: ../features/password-safe/index.html +.. _Admin App: https://github.com/Nitrokey/admin-app +.. _PIV: ../features/piv/index +.. _WebSmartCard: https://github.com/Nitrokey/nitrokey-websmartcard +.. _SMIME: ../features/smime/index.html + +.. _pynitrokey: ../software/nitropy/index.html +.. _NitrokeyApp2: ../software/nk-app2/index.html + +.. _Test Firmware: linux/firmware-update#firmware-release-types + + +.. _manually switch: faq#how-can-I-use-the-se050-secure-element + + + diff --git a/nitrokeys/pro/features.rst b/nitrokeys/pro/features.rst index b4039a2f66..7a1f35e952 100644 --- a/nitrokeys/pro/features.rst +++ b/nitrokeys/pro/features.rst @@ -4,8 +4,8 @@ Features .. toctree:: :maxdepth: 2 - OpenPGP Card <../features/openpgp-card/index> U2F <../features/u2f/index> TOTP <../features/totp/index> - ECC <../features/misc/ecc/index> + OpenPGP Card <../features/openpgp-card/index> Automatic Screen Lock (Linux) <../features/misc/automatic-screen-lock/index> + ECC <../features/misc/ecc/index> diff --git a/nitrokeys/storage/features.rst b/nitrokeys/storage/features.rst index 397719718c..e83e96b76f 100644 --- a/nitrokeys/storage/features.rst +++ b/nitrokeys/storage/features.rst @@ -4,10 +4,10 @@ Features .. toctree:: :maxdepth: 2 + U2F <../features/u2f/index> TOTP <../features/totp/index> - U2F <../features/u2f/index> OpenPGP Card <../features/openpgp-card/index> + Encrypted Mobile Storage <../features/encrypted-storage/index> Hidden Storage <../features/hidden-storage/index> - Encrypted Mobile Storage <../features/encrypted-storage/index> - ECC <../features/misc/ecc/index> - Automatic Screen Lock (Linux) <../features/misc/automatic-screen-lock/index> \ No newline at end of file + Automatic Screen Lock (Linux) <../features/misc/automatic-screen-lock/index> + ECC <../features/misc/ecc/index> \ No newline at end of file From 5a49802722998c5b242dd035eef2050c509bf027 Mon Sep 17 00:00:00 2001 From: Marlin Date: Mon, 12 Aug 2024 12:24:00 +0200 Subject: [PATCH 28/33] moved guides and features into index --- nitrokeys/fido2/features.rst | 11 ----------- nitrokeys/fido2/guides.rst | 8 -------- nitrokeys/fido2/index.rst | 10 ++++++---- nitrokeys/hsm/features.rst | 7 ------- nitrokeys/hsm/index.rst | 2 +- nitrokeys/nitrokey3/features.rst | 10 ---------- nitrokeys/nitrokey3/guides.rst | 13 ------------- nitrokeys/nitrokey3/index.rst | 17 +++++++++++++---- nitrokeys/pro/features.rst | 11 ----------- nitrokeys/pro/guides.rst | 9 --------- nitrokeys/pro/index.rst | 14 ++++++++++---- nitrokeys/start/features.rst | 7 ------- nitrokeys/start/guides.rst | 10 ---------- nitrokeys/start/index.rst | 23 +++++++++++++---------- nitrokeys/storage/features.rst | 13 ------------- nitrokeys/storage/guides.rst | 10 ---------- nitrokeys/storage/index.rst | 15 ++++++++++++--- nitrokeys/u2f/features.rst | 5 ----- nitrokeys/u2f/index.rst | 2 +- 19 files changed, 56 insertions(+), 141 deletions(-) delete mode 100644 nitrokeys/fido2/features.rst delete mode 100644 nitrokeys/fido2/guides.rst delete mode 100644 nitrokeys/hsm/features.rst delete mode 100644 nitrokeys/nitrokey3/features.rst delete mode 100644 nitrokeys/nitrokey3/guides.rst delete mode 100644 nitrokeys/pro/features.rst delete mode 100644 nitrokeys/pro/guides.rst delete mode 100644 nitrokeys/start/features.rst delete mode 100644 nitrokeys/start/guides.rst delete mode 100644 nitrokeys/storage/features.rst delete mode 100644 nitrokeys/storage/guides.rst delete mode 100644 nitrokeys/u2f/features.rst diff --git a/nitrokeys/fido2/features.rst b/nitrokeys/fido2/features.rst deleted file mode 100644 index ccebaca6f4..0000000000 --- a/nitrokeys/fido2/features.rst +++ /dev/null @@ -1,11 +0,0 @@ -FIDO2 Features -============== - -The Nitrokey FIDO2 currently supports the following features: - -.. toctree:: - :maxdepth: 1 - :glob: - - FIDO2 <../features/fido2/index> - U2F <../features/u2f/index> \ No newline at end of file diff --git a/nitrokeys/fido2/guides.rst b/nitrokeys/fido2/guides.rst deleted file mode 100644 index 1048787021..0000000000 --- a/nitrokeys/fido2/guides.rst +++ /dev/null @@ -1,8 +0,0 @@ -Nitrokey FIDO2 Guides -===================== - -.. toctree:: - :maxdepth: 1 - - Firmware update - Reset \ No newline at end of file diff --git a/nitrokeys/fido2/index.rst b/nitrokeys/fido2/index.rst index 437ef39e60..7fc3d361bd 100644 --- a/nitrokeys/fido2/index.rst +++ b/nitrokeys/fido2/index.rst @@ -12,12 +12,13 @@ First check the: Getting Started Frequently Asked Questions -and the: +and the product guides: .. toctree:: - :maxdepth: 2 + :maxdepth: 1 - Product-specific Guides + Firmware update + Reset or check out the features: @@ -25,5 +26,6 @@ or check out the features: :maxdepth: 3 :glob: - Features + FIDO2 <../features/fido2/index> + U2F <../features/u2f/index> diff --git a/nitrokeys/hsm/features.rst b/nitrokeys/hsm/features.rst deleted file mode 100644 index 3256f78b11..0000000000 --- a/nitrokeys/hsm/features.rst +++ /dev/null @@ -1,7 +0,0 @@ -Nitrokey HSM 2 features -======================= - -.. toctree:: - :maxdepth: 2 - - HSM <../features/hsm/index> diff --git a/nitrokeys/hsm/index.rst b/nitrokeys/hsm/index.rst index 4252d59053..362e806b74 100644 --- a/nitrokeys/hsm/index.rst +++ b/nitrokeys/hsm/index.rst @@ -18,4 +18,4 @@ or check out the features: :maxdepth: 1 :glob: - Features \ No newline at end of file + HSM <../features/hsm/index> \ No newline at end of file diff --git a/nitrokeys/nitrokey3/features.rst b/nitrokeys/nitrokey3/features.rst deleted file mode 100644 index e15cf61bbe..0000000000 --- a/nitrokeys/nitrokey3/features.rst +++ /dev/null @@ -1,10 +0,0 @@ -Nitrokey 3 Features -=================== - -.. toctree:: - :maxdepth: 2 - - FIDO2 <../features/fido2/index> - U2F <../features/u2f/index> - OpenPGP Card <../features/openpgp-card/index> - Password Safe <../features/password-safe/index> \ No newline at end of file diff --git a/nitrokeys/nitrokey3/guides.rst b/nitrokeys/nitrokey3/guides.rst deleted file mode 100644 index 84422423ec..0000000000 --- a/nitrokeys/nitrokey3/guides.rst +++ /dev/null @@ -1,13 +0,0 @@ -Nitrokey 3 Guides -================= - -.. toctree:: - :maxdepth: 2 - - Firmware Update - Firmware Update Qubes - Set Pins - nitropy - Reset - Troubleshooting - Additional Decryption Subkeys (ADSK) with GnuPG \ No newline at end of file diff --git a/nitrokeys/nitrokey3/index.rst b/nitrokeys/nitrokey3/index.rst index ad38f712e8..83a2ebe8c4 100644 --- a/nitrokeys/nitrokey3/index.rst +++ b/nitrokeys/nitrokey3/index.rst @@ -13,12 +13,18 @@ First check the: Getting Started Overview -and the: +and the product guides: .. toctree:: - :maxdepth: 2 + :maxdepth: 1 - Product-specific Guides + Firmware Update + Firmware Update Qubes + Set Pins + nitropy + Reset + Troubleshooting + Additional Decryption Subkeys (ADSK) with GnuPG or check out the features: @@ -26,7 +32,10 @@ or check out the features: :maxdepth: 5 :glob: - Features + FIDO2 <../features/fido2/index> + U2F <../features/u2f/index> + OpenPGP Card <../features/openpgp-card/index> + Password Safe <../features/password-safe/index> Additional features like PIV (Windows only) are available in test firmware releases. See the `release notes`_ on GitHub for more information. diff --git a/nitrokeys/pro/features.rst b/nitrokeys/pro/features.rst deleted file mode 100644 index 7a1f35e952..0000000000 --- a/nitrokeys/pro/features.rst +++ /dev/null @@ -1,11 +0,0 @@ -Features -======== - -.. toctree:: - :maxdepth: 2 - - U2F <../features/u2f/index> - TOTP <../features/totp/index> - OpenPGP Card <../features/openpgp-card/index> - Automatic Screen Lock (Linux) <../features/misc/automatic-screen-lock/index> - ECC <../features/misc/ecc/index> diff --git a/nitrokeys/pro/guides.rst b/nitrokeys/pro/guides.rst deleted file mode 100644 index 4641994e21..0000000000 --- a/nitrokeys/pro/guides.rst +++ /dev/null @@ -1,9 +0,0 @@ -Nitrokey Pro 2 Guides -===================== - -.. toctree:: - :maxdepth: 1 - - Update - Factory Reset - Change PIN <../product-guides/change-pins/index> \ No newline at end of file diff --git a/nitrokeys/pro/index.rst b/nitrokeys/pro/index.rst index 65697491c1..557c0aeb1f 100644 --- a/nitrokeys/pro/index.rst +++ b/nitrokeys/pro/index.rst @@ -13,12 +13,14 @@ First check the: Getting Started Frequently Asked Questions -and the: +and the product guides: .. toctree:: - :maxdepth: 2 + :maxdepth: 1 - Product-specific Guides + Update + Factory Reset + Change PIN <../product-guides/change-pins/index> or check out the features: @@ -26,6 +28,10 @@ or check out the features: :maxdepth: 3 :glob: - Features + U2F <../features/u2f/index> + TOTP <../features/totp/index> + OpenPGP Card <../features/openpgp-card/index> + Automatic Screen Lock (Linux) <../features/misc/automatic-screen-lock/index> + ECC <../features/misc/ecc/index> diff --git a/nitrokeys/start/features.rst b/nitrokeys/start/features.rst deleted file mode 100644 index 8d81739b99..0000000000 --- a/nitrokeys/start/features.rst +++ /dev/null @@ -1,7 +0,0 @@ -Features -======== - -.. toctree:: - :maxdepth: 3 - - OpenPGP Card <../features/openpgp-card/index> \ No newline at end of file diff --git a/nitrokeys/start/guides.rst b/nitrokeys/start/guides.rst deleted file mode 100644 index 907f96e153..0000000000 --- a/nitrokeys/start/guides.rst +++ /dev/null @@ -1,10 +0,0 @@ -Nitrokey Start Guides -===================== - -.. toctree:: - :maxdepth: 1 - - Multiple Identities - Setting KDF-DO - Factory Reset - Firmware Update \ No newline at end of file diff --git a/nitrokeys/start/index.rst b/nitrokeys/start/index.rst index 3b053c87e9..0f3f8297df 100644 --- a/nitrokeys/start/index.rst +++ b/nitrokeys/start/index.rst @@ -6,23 +6,26 @@ Nitrokey Start First check the: .. toctree:: - :maxdepth: 1 - :glob: + :maxdepth: 1 + :glob: - Getting Started - Frequently Asked Questions + Getting Started + Frequently Asked Questions -and the: +and the product guides: .. toctree:: - :maxdepth: 2 + :maxdepth: 1 - Product-specific Guides + Multiple Identities + Setting KDF-DO + Factory Reset + Firmware Update or check out the features: .. toctree:: - :maxdepth: 4 - :glob: + :maxdepth: 4 + :glob: - Features \ No newline at end of file + OpenPGP Card <../features/openpgp-card/index> \ No newline at end of file diff --git a/nitrokeys/storage/features.rst b/nitrokeys/storage/features.rst deleted file mode 100644 index e83e96b76f..0000000000 --- a/nitrokeys/storage/features.rst +++ /dev/null @@ -1,13 +0,0 @@ -Features -======== - -.. toctree:: - :maxdepth: 2 - - U2F <../features/u2f/index> - TOTP <../features/totp/index> - OpenPGP Card <../features/openpgp-card/index> - Encrypted Mobile Storage <../features/encrypted-storage/index> - Hidden Storage <../features/hidden-storage/index> - Automatic Screen Lock (Linux) <../features/misc/automatic-screen-lock/index> - ECC <../features/misc/ecc/index> \ No newline at end of file diff --git a/nitrokeys/storage/guides.rst b/nitrokeys/storage/guides.rst deleted file mode 100644 index 555d4c3886..0000000000 --- a/nitrokeys/storage/guides.rst +++ /dev/null @@ -1,10 +0,0 @@ -Nitrokey Storage Guides -======================= - -.. toctree:: - :maxdepth: 1 - - Change PIN <../product-guides/change-pins/index> - Firmware-Update - Manual Firmware-Update - Factory Reset \ No newline at end of file diff --git a/nitrokeys/storage/index.rst b/nitrokeys/storage/index.rst index e4fb2549e1..cf1893e2d5 100644 --- a/nitrokeys/storage/index.rst +++ b/nitrokeys/storage/index.rst @@ -12,12 +12,15 @@ First check the: Getting Started Frequently Asked Questions -and the: +and the product guides: .. toctree:: :maxdepth: 2 - Product-specific Guides + Change PIN <../product-guides/change-pins/index> + Firmware-Update + Manual Firmware-Update + Factory Reset or check out the features: @@ -25,4 +28,10 @@ or check out the features: :maxdepth: 3 :glob: - Features \ No newline at end of file + U2F <../features/u2f/index> + TOTP <../features/totp/index> + OpenPGP Card <../features/openpgp-card/index> + Encrypted Mobile Storage <../features/encrypted-storage/index> + Hidden Storage <../features/hidden-storage/index> + Automatic Screen Lock (Linux) <../features/misc/automatic-screen-lock/index> + ECC <../features/misc/ecc/index> \ No newline at end of file diff --git a/nitrokeys/u2f/features.rst b/nitrokeys/u2f/features.rst deleted file mode 100644 index dea1f4125e..0000000000 --- a/nitrokeys/u2f/features.rst +++ /dev/null @@ -1,5 +0,0 @@ -Features -======== - -.. toctree:: - U2F <../features/u2f/index> \ No newline at end of file diff --git a/nitrokeys/u2f/index.rst b/nitrokeys/u2f/index.rst index 4a7b707961..63dde7e9ae 100644 --- a/nitrokeys/u2f/index.rst +++ b/nitrokeys/u2f/index.rst @@ -9,5 +9,5 @@ Check out the features: :maxdepth: 3 :glob: - Features + U2F <../features/u2f/index> From 8e6652538cb8e905b18f5967137f5b80d5ac3a74 Mon Sep 17 00:00:00 2001 From: Marlin Date: Mon, 12 Aug 2024 13:33:53 +0200 Subject: [PATCH 29/33] fixed getting started order in nitrokey 3 --- nitrokeys/nitrokey3/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nitrokeys/nitrokey3/index.rst b/nitrokeys/nitrokey3/index.rst index 83a2ebe8c4..9f4ea5553b 100644 --- a/nitrokeys/nitrokey3/index.rst +++ b/nitrokeys/nitrokey3/index.rst @@ -9,8 +9,8 @@ First check the: :maxdepth: 1 :glob: - Frequently Asked Questions Getting Started + Frequently Asked Questions Overview and the product guides: From d8c5957257b3aede6db3b6adc655fdd20733825a Mon Sep 17 00:00:00 2001 From: Marlin Date: Mon, 12 Aug 2024 13:45:39 +0200 Subject: [PATCH 30/33] removed small feature folders --- nitrokeys/features/hsm/index.rst | 10 +++++----- .../index.rst => automatic-screen-lock.rst} | 0 .../features/misc/{ecc/index.rst => ecc.rst} | 0 nitrokeys/features/misc/index.rst | 4 ++-- .../index.rst => certificate-authority.rst} | 0 .../openpgp-card/{eid/index.rst => eid.rst} | 0 .../openpgp-card/{gpa/index.rst => gpa.rst} | 0 .../openpgp-card/gpa/images/gpa/1.png | Bin 40125 -> 0 bytes .../openpgp-card/gpa/images/gpa/2.png | Bin 89745 -> 0 bytes .../openpgp-card/gpa/images/gpa/3.png | Bin 45231 -> 0 bytes .../openpgp-card/gpa/images/gpa/4.png | Bin 44610 -> 0 bytes .../openpgp-card/gpa/images/gpa/5.png | Bin 13557 -> 0 bytes .../openpgp-card/gpa/images/gpa/6.png | Bin 36790 -> 0 bytes .../openpgp-card/gpa/images/gpa/7.png | Bin 25216 -> 0 bytes .../{eid => }/images/eidauthenticate/1.png | Bin .../{eid => }/images/eidauthenticate/2.png | Bin .../{eid => }/images/eidauthenticate/3.png | Bin .../{eid => }/images/eidauthenticate/4.png | Bin .../{eid => }/images/eidauthenticate/5.png | Bin .../{eid => }/images/eidauthenticate/6.png | Bin .../{eid => }/images/eidauthenticate/7.png | Bin .../{eid => }/images/eidauthenticate/8.png | Bin .../{eid => }/images/eidauthenticate/9.png | Bin .../openpgp-card/images/gpa-keygen/1.png | Bin 0 -> 40252 bytes .../openpgp-card/images/gpa-keygen/2.png | Bin 0 -> 24111 bytes .../openpgp-card/images/gpa-keygen/3.png | Bin 0 -> 32956 bytes .../openpgp-card/images/gpa-keygen/4.png | Bin 0 -> 34643 bytes .../openpgp-card/images/gpa-keygen/5.png | Bin 0 -> 30164 bytes .../openpgp-card/images/gpa-keygen/6.png | Bin 0 -> 50377 bytes .../openpgp-card/images/gpa-keygen/7.png | Bin 0 -> 73676 bytes .../features/openpgp-card/images/gpa/1.png | Bin 40252 -> 40125 bytes .../features/openpgp-card/images/gpa/2.png | Bin 24111 -> 89745 bytes .../features/openpgp-card/images/gpa/3.png | Bin 32956 -> 45231 bytes .../features/openpgp-card/images/gpa/4.png | Bin 34643 -> 44610 bytes .../features/openpgp-card/images/gpa/5.png | Bin 30164 -> 13557 bytes .../features/openpgp-card/images/gpa/6.png | Bin 50377 -> 36790 bytes .../features/openpgp-card/images/gpa/7.png | Bin 73676 -> 25216 bytes .../openpgp-card/{gpa => }/images/gpa/8.png | Bin .../openpgp-card/{gpa => }/images/gpa/9.png | Bin nitrokeys/features/openpgp-card/index.rst | 10 +++++----- .../{ipsec/index.rst => ipsec.rst} | 0 .../openpgp-card/openpgp-keygen-gpa.rst | 14 +++++++------- .../{stunnel/index.rst => stunnel.rst} | 0 43 files changed, 19 insertions(+), 19 deletions(-) rename nitrokeys/features/misc/{automatic-screen-lock/index.rst => automatic-screen-lock.rst} (100%) rename nitrokeys/features/misc/{ecc/index.rst => ecc.rst} (100%) rename nitrokeys/features/openpgp-card/{certificate-authority/index.rst => certificate-authority.rst} (100%) rename nitrokeys/features/openpgp-card/{eid/index.rst => eid.rst} (100%) rename nitrokeys/features/openpgp-card/{gpa/index.rst => gpa.rst} (100%) delete mode 100644 nitrokeys/features/openpgp-card/gpa/images/gpa/1.png delete mode 100644 nitrokeys/features/openpgp-card/gpa/images/gpa/2.png delete mode 100644 nitrokeys/features/openpgp-card/gpa/images/gpa/3.png delete mode 100644 nitrokeys/features/openpgp-card/gpa/images/gpa/4.png delete mode 100644 nitrokeys/features/openpgp-card/gpa/images/gpa/5.png delete mode 100644 nitrokeys/features/openpgp-card/gpa/images/gpa/6.png delete mode 100644 nitrokeys/features/openpgp-card/gpa/images/gpa/7.png rename nitrokeys/features/openpgp-card/{eid => }/images/eidauthenticate/1.png (100%) rename nitrokeys/features/openpgp-card/{eid => }/images/eidauthenticate/2.png (100%) rename nitrokeys/features/openpgp-card/{eid => }/images/eidauthenticate/3.png (100%) rename nitrokeys/features/openpgp-card/{eid => }/images/eidauthenticate/4.png (100%) rename nitrokeys/features/openpgp-card/{eid => }/images/eidauthenticate/5.png (100%) rename nitrokeys/features/openpgp-card/{eid => }/images/eidauthenticate/6.png (100%) rename nitrokeys/features/openpgp-card/{eid => }/images/eidauthenticate/7.png (100%) rename nitrokeys/features/openpgp-card/{eid => }/images/eidauthenticate/8.png (100%) rename nitrokeys/features/openpgp-card/{eid => }/images/eidauthenticate/9.png (100%) create mode 100644 nitrokeys/features/openpgp-card/images/gpa-keygen/1.png create mode 100644 nitrokeys/features/openpgp-card/images/gpa-keygen/2.png create mode 100644 nitrokeys/features/openpgp-card/images/gpa-keygen/3.png create mode 100644 nitrokeys/features/openpgp-card/images/gpa-keygen/4.png create mode 100644 nitrokeys/features/openpgp-card/images/gpa-keygen/5.png create mode 100644 nitrokeys/features/openpgp-card/images/gpa-keygen/6.png create mode 100644 nitrokeys/features/openpgp-card/images/gpa-keygen/7.png rename nitrokeys/features/openpgp-card/{gpa => }/images/gpa/8.png (100%) rename nitrokeys/features/openpgp-card/{gpa => }/images/gpa/9.png (100%) rename nitrokeys/features/openpgp-card/{ipsec/index.rst => ipsec.rst} (100%) rename nitrokeys/features/openpgp-card/{stunnel/index.rst => stunnel.rst} (100%) diff --git a/nitrokeys/features/hsm/index.rst b/nitrokeys/features/hsm/index.rst index dfca159d58..7e9f651bee 100644 --- a/nitrokeys/features/hsm/index.rst +++ b/nitrokeys/features/hsm/index.rst @@ -6,14 +6,14 @@ HSM Features SMIME <../openpgp-card/smime/index> Smart <../openpgp-card/desktop-login/smart-policy> - GPA <../openpgp-card/gpa/index> + GPA <../openpgp-card/gpa> DNSSEC (Linux only) Hard Disk Encryption <../openpgp-card/hard-disk-encryption/index> - Automatic Screen Lock (Linux only) <../misc/automatic-screen-lock/index> + Automatic Screen Lock (Linux only) <../misc/automatic-screen-lock> Import Keys Certs - Stunnel (Linux only) <../openpgp-card/stunnel/index> - Certificate Authority <../openpgp-card/certificate-authority/index> - Ipsec (Linux only) <../openpgp-card/ipsec/index> + Stunnel (Linux only) <../openpgp-card/stunnel> + Certificate Authority <../openpgp-card/certificate-authority> + Ipsec (Linux only) <../openpgp-card/ipsec> N-of-m Schemes Pkcs11-URL Apache 2 TLS \ No newline at end of file diff --git a/nitrokeys/features/misc/automatic-screen-lock/index.rst b/nitrokeys/features/misc/automatic-screen-lock.rst similarity index 100% rename from nitrokeys/features/misc/automatic-screen-lock/index.rst rename to nitrokeys/features/misc/automatic-screen-lock.rst diff --git a/nitrokeys/features/misc/ecc/index.rst b/nitrokeys/features/misc/ecc.rst similarity index 100% rename from nitrokeys/features/misc/ecc/index.rst rename to nitrokeys/features/misc/ecc.rst diff --git a/nitrokeys/features/misc/index.rst b/nitrokeys/features/misc/index.rst index bf22ee9035..245e11bfcd 100644 --- a/nitrokeys/features/misc/index.rst +++ b/nitrokeys/features/misc/index.rst @@ -4,5 +4,5 @@ Miscellaneous .. toctree:: :maxdepth: 1 - Automatic Screen Lock - Elliptic Curves (ECC) Support \ No newline at end of file + Automatic Screen Lock + Elliptic Curves (ECC) Support \ No newline at end of file diff --git a/nitrokeys/features/openpgp-card/certificate-authority/index.rst b/nitrokeys/features/openpgp-card/certificate-authority.rst similarity index 100% rename from nitrokeys/features/openpgp-card/certificate-authority/index.rst rename to nitrokeys/features/openpgp-card/certificate-authority.rst diff --git a/nitrokeys/features/openpgp-card/eid/index.rst b/nitrokeys/features/openpgp-card/eid.rst similarity index 100% rename from nitrokeys/features/openpgp-card/eid/index.rst rename to nitrokeys/features/openpgp-card/eid.rst diff --git a/nitrokeys/features/openpgp-card/gpa/index.rst b/nitrokeys/features/openpgp-card/gpa.rst similarity index 100% rename from nitrokeys/features/openpgp-card/gpa/index.rst rename to nitrokeys/features/openpgp-card/gpa.rst diff --git a/nitrokeys/features/openpgp-card/gpa/images/gpa/1.png b/nitrokeys/features/openpgp-card/gpa/images/gpa/1.png deleted file mode 100644 index 278a944ff9448173b18c2b64c94b1cfab5de8b9e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 40125 zcmYg%1ym%-J@+T&S2_)pbM+gXZo}ZAETfO~okduQU;`Qf1?Dcx;8kXeyoSbK&oohDq0NG2q} zwkXhQl+->t5tLM`4Q?V!IGoYSrb6T5lS!*Id7at|*kI^(KwI_AVzmq>qspqGJn`r>)VbDMrm4w`nA>IRtX&s4}y z?{8(kGfD)o)zH``Z^Ywld8X(f^eAuZbM}$~_g9+YMEXj8z)y5to>o=`lH)xhu*E5nc zCFm-PC9G7jn>Jy|F03>%hUj6u%V@fy%jtZR>=$QjUKtV~G`E{nL}}Zv(1?bqaZ2^C zw}q3q6zjC0snXpL+jR2)Dbw?T(6f8Vgj?(_SM=lgC{|UG?_q>{+WrGw>0@%?A8OJJ zA7tx_Dv0(l?BPx%&(Q zcV$}++lpqQRP`r8*X5c(Sh1go7WkJg#@#3izKP2+?kDe?7lLzgqoy82@7JFbIM~&} zMq<2VsA1VURaM>u9FOI9)|-3DGS|-UKcM6^GffOwo#CSj^{c8$|Lh6J8V@x3GIv2D z=zneTzTfVHxn69B=`6>SLMM#{FIo;QFSjlx{RR(o6^uBn?x;#xglX}P!j&MzVZk*;V3gvuRG-rJo%2$cdSw<~tlN+#QLpI4ieI-nehz*vPE zW`6Z{!p!^m0|J4YH<2m_)BbW%+hbT^&q%1g^1#?et2b(fu6RP{>gFmz_0Law`wJ33 z1w;QoR2gObok^dKF=%l*Gj}*~w*2=odHu&o{>by=LdW>1<13PzFV0uC=OF44vfY_k zrqM-yDugi9ErBwRwV4xD1hpj+R>ayTLov-0hwHR|hUc@BMmWEGVxovQZY94F7+>=E z`*iwlGAHZVtL-0{TpZMtRom(A9L?UP^R=@VOgpPi`b4n%GXK8z6PNTmZ z?RdEGAbR3)q3S}lzsMNqA^6JlNm+Ek9^SdDJBXwTiim>}`6*?zp4irTcffV4EtvhN zPjlAnyRDd*?&}He=baW(v7V8QqQ>7ID@P$`Rf)$2sO2XpmV&Y2!V`cw9T9Ea9RFo7 z7vB{T;*^T)wB8kc6Bcx(J(B~AP{axldoboIl<#gL5I?h0B1B>lN=mAQ8|bx8tZ;5; zfTL^z?3p$1q5R2c&Gk;b@An?Zbyd+3Rz#&mhvnnrOP?~8AvZ8U!_`YJU*Kf!`*3@? zqQB0YQKEcek@T{l^HTd7+&Ud?rY#c_M1P!S%=UcnaMt_sz&oo7P@EapT<_Q9eiExT z7w`BC=U}BUqHl}CnXLz?D3&VM*}2;3?Z@T!+fCSQ-_3T zNzavFwv#^){qYFr)snW?EIMA`4wy^hmr*-myL^5pl;cd_ZS5W|LJ8U&TZb824vfI! z3AbM`v(9WyyiGuX#&t&+;I7$O7J@qEPuOBo=nl%O133{!!F4cE?iSPdEH zb~R8C70nbMg>|f`LQ740Y`7h@4T26qy2UFV2&dUX!(nZG`-)pqz}|FsH~45|gp-LW z;e0~+ZV^TqaV!SquP7wf0>7CnSaB$=t$YBW=}CvZI`piG$Hf^HbcpVFk(+npbGyIS zvH8WeWXr8+cDJ*z8KESw$(-iL|H|rRgKwgaVEEUj?$+KBNkMe_)A`-Y)of4{ai0AZ z>+`A&U~OyDwUpS`@Fsuj8CUw&W`@+dBOO>OPY6fRk#;ao(WWKqJ=S{Sx}wr%`+}i& z#72Ur%wfiJjjDEkCj%CXJ52V4?<<1Cn5ig6CVMY=GmMg5-T8Le0iWBm8;YZuqx#VN z;KweKgsuv3Dd1$aPH`0wdTdCvp&{|wW{ZrHp6#FPJM5wEeqppUJVcgt+ItVH+l zimqC;b}GdSTQ$c6Yc=C{JNNFl1kLvN)5N6~MW?nTdS&T)ui8vKv#dy+l%>Ki-F=(PTjQ|zoIprI0g3nX1{^UD zO|12=a`-b-%6WQITVGMNsoxifn@@cR)24`mHsT~(PUI$keX&0A0{7EFwQ~RSMH%(0 z+;JFKa;@fIZe-D0v=pchr{D|l{yMwj&X}$BO20+hz_dP88sdbkm#B^hxKn(72xrc);5Km z^ADOY2i_w-Zr-DEckZ8eV>$Opdze48CV9oBdx(s`HxcjaU@E9NRCo@ID_pev-Oi!( zAK<^9CDE&|DlA2x+?+mW|4W#kJcOt{W2Hr{xJS1i!%j!xdB2#A)|A>-Q?sneWd1_) zTx!kX7MnfzQse}Ug$8mU{mfPZi%9Aw+%LfH?5wtMQ9tH*u{)uLC0mxX@IXs%GTMJnU%?< zUpnfyt}9-wzZhsRCY8Aseie7CFIURo>O+jHbK0SZx^hdv+$`80qA?6uAXqRv5kFKQA8K+R^!j zEJ!kK{F^@C<{%8fsghj%cLc9>zO09zWac==iFP1}{C4mN#R09X$?A;D z_wCRL9k9xn3AG$eGEv%CVa2ff2dBJ)d}1P2r)KQxnjmU5Q!iqHB8V2}9u}lW&Q$v` zGIYTXWZNL_Zpg{#T25o?HT|siE%;X`ejR*s$+bf^?>!A0{dC^}m79~ho_r1j^TA17 zhSE_W)T=Y-TdwMo)lV!qHPEUaEupc|CeDx8EYQ)98)>$b&pe98*a_Pa+b6p+M^-31 zV!R?Jd9H8ud3nBDa)KdpeS03(Js#jBQ~Kqu=dO^xQ&dIwVz0#l_K8j}2WiVMyl$5p zT%JbK^BLT3wnY}pBPY%?4hkTyS6i}@k`e6Jh00YNN6AvRj!GxR52W+dcRJ5l)#p6n zv+|dNDv7bH){mMh-vd$L?^;}ponRc&B{0`AZtI>DOpR}@zxSXx4YksGlp|ug!Z
~6!myX!AnzR>QSm`V5xzxkz3y{f0)Gn zfK8l8&O|9`691i2dsKYlDG31G{f%HZ0cUvrI|g@;N6O67;V%25Eq*#SXrq{e9D185 zLR{fhF)2k>^#)1EM9v+kmMPzKKE4@~uLyOJkAL=ycRN!`brI+7m;oH85hgmw0^#S! zgWY?FYW++&)!=IPLE5DJ?-K$}ZHJfDXsk?;D_sXTT#S)k#v4@m?#Q}UmLIvB0;|TX zE-?h6i;mndV`Jlmfrlw-sk%ve9;Vn>8XD!@yUD*TClprnU*UHN)Bwv$WhqV^+)>q` zhsBGw(i!}>MvI);X_%8IPhCPDpFNksE2umI#9Fp4!lCG+vXQzOQ zbvLE7&LOj~>BCf8kadr%0e(s8&ZR6h;LD2Y5ZIn!Ojc|;IQCH@P&;N1omfRwb!gt$n6oe*dX7wJSJzrCd(YI zK8zZ`JotSFYNbH1zVJUbh4_|^0nll8HBMHIaG z`!|EA%-ecy=cFK!Mp&O@dkIF<+4Fp2Cb<}0ICHQ_Qi{auV-1Io8It{LMbf_dxZ}2` zQx?eWPt!Xz%0Np+#0E7PS$}NlZ^`N!?UXxP2|4PUy~|GhtUH`nc!f98VvQp5d7UkL zO~2)O%Unp8TDrSsUB21n`*u9ZN$)+aY$jT$ui#-%l5x2~_3+@=n>kB+Qc6rfl z)(1+1*x)qP>cn?s4zdti^g&|zx6BMwKM->tsns(4O^c2Af5qT}yfWAb!I`ec4K~pm zndg+QyffYE&Q0=BA>q=e{?uC9ap<&=2t6Ek8N?Z6fQzKguNEq;?ho_fgz(y@8{V#- zZR5xb?6T_W_U`Ye<}grPNcUPUg3G((KMAY;Ue?_&v1VJ zdfijqWz1HlZrHY$bD*ur&2fjKtE=nn{l1!A@&2sC#XcQ5aQZENtkc7bmn4-7ts-mG z07g)$EJjjeY8^uh-*U__=#la!1#{y}xZ4^x5t(bcClr>)elX zN++r^&=&Mx-L^j&D=wZ*ic+c%L#k|h-&eh~=STu8=>1|Vb^8aT`40H`r*`~~g6%J} zq$SomLwGm?pZRW_Tda3K8TlI)On(*X;v@&2*VXMNi>gLfGL5@Hm7{ERx~{NHNslx< z!EUX(|BOQfU_KrjE^XKB@B0NCV&mOYSjMQgh7sXflxTVBjz z#a`9zk-=T(9{rG#`@BWB`(lIIbbjz8S+l9db8^bL?Qr(p?QZLK^KWuH$x8xe;k8G6ZRz={bqvd zE^1x8kP{WhZ^KF*rkwcesk)%d6u{^DT<4do$<_fmh$_~Z19AAm%x~QXN5ZFbSHckn z<0U~G4y`k0E(N+Mr5N?50qdxAh+WAJ^4~DrSRms5f;bY-6 zUf#e*h2W4aF!Fq}kHaIE{44hH%^cDn6${HkL{!wnM}0~OEn*Jg(KLgq3F{bQlpIAz zJV#d27NX>>l~`K8S(7mX8*3dIC=t<@Vw!s2;Kac(tZ;e3r1_*qsB?Xg?i5!6=lV)* z`rSO0Ynz`N_7^SeHb)$i>Z zt}jX;xZQ9IH_C8?AqMq9sZ%>gN4$a?sgd3R96|=0@i1tv{LVU}il|qXAnm7v#!3tt z-imnQI-&}MNZEfVMPj(Z6h8zf^k%%CzT#@w7(ox}X2vw@u!q*a2upToArScCnE|Ny zYm=vT+dGT$s*cZfbqTQGemJrA&QK@m&WnDs|LSo9vjw<| zWCDq#GUO=aNhje3eocl#3oLMLeT((~s}{P7gT|`oo|>mBOD4vftafyy{O{e05{W9y z{cD*&TmH9p>_6%w4;Iha_y3U}!6~Tvu>k*77wv`iU7%OGZO(3zh5r>C%Ln|61N`gj zVgB2MoPBUV^?$`kj)I$ZaLmwjFS36NZjjJb|J5I%V-(c?_bDtF`^fpGw|!Ve&-$-d z?|d|%P9NJBL>69(4bfGQo6%ooRGo~C&x0v#L zR!=0otne=;``D8rj{OjEDlMl|=z9X5!zG5h zee+9Y?zOu)C^9dXX-leou|DDL4?d@9*kuhAyis?5Bsib3XFAz=W~7KxXvVYzhOYet zVN=~omKe;?i+4lbDE+6ypPDS&{g#-R5|m|=hgqv6*LT^ev^ggy3(!4Ydd4y?JOjNT zPrEN2!W@w@g!=?|Q56N9F`4{u6(~lhW3n|p>!fZqXYd2P3U})7v;4mgqZlqfeG$H} z(S!dam@L2$%i{?T?oX&^oEWRiGw%?(oT%O_5Fq?qmAUzP$d7_czA~PZJAQNKe?Lnz zuwts!p`dvE%fHO`={9u0qvi6WY1=bWxkxq{e{F1>tb;?l!oWFEGd(|ag3N%ewXD4k zv~)>FvuAS&-2ICkE{MG9M4k8BKO^9}HGjxXQdt7*8w7%J{1N5~1vWo#5+eB!V`&Ro zEuSU+gl_iOvmkGHc(mCyR_jgQVWVpU(^8tnY%l2jxwRnJ{cTOB+dlZKYfQ;&6zsJg6lC>?LPhRd?*)J_5e|SOY=)sLQ!= z5wefXu|Wi%=%0_7#?gs-8LL$o%d~WTy?uRl1p2S_;Kam5;o;K6FT-)GSJqwWd^aeV zr)k4>S&4Xcr(8GR9Thn%oggDjhc0rI&U5(GVFh18kvyJ5KUqkjc9zyI3ItC-;%dPoXm&i_IZ%X8s;>bfR9 z8gcLb!nQhFJhjH(=X^} z0h!Ml$^P#nzWt1e5$0d=JP~EulS$IIr+>QsGhN^vqQx9&R-gZ}m`)?^uYG+Cp7QsY zJf2wau1B4tzUMhk^nz@#{T?0{A%EP+fTPMDF?Fm5mz5r>m&;K24$)`t+hw#)O88oL?fzqT_JV&y2tx^+`ZV^H4j@V zwAj*3G|y>!XhJDPEy&n>z_Vp7-CJOE=y`=zp7rQo)atyu`eAfudyrk>AyHTTV*%_k zQ94jeh*&+-S?0z==l-q<4Yr9^x$HIJGfW80zB(S>k)1UUc}Gz{8W7$~k6d2>^qjUI5?3)3VEL9SWygGYlZ2|0_mcMf%ONI zw-3I{BKD{EN518Un}^aWc13ctT;_-~IiGY$zRf}50kI$XM@@eR7N2wOI0wMswZjk+ z%f#)s(uqh#Xprzk<3Md!wRkJ(Tnvu~FIV_9#sexBPTG#xA6>Br1{%7;k9GQ`&u;A> zo{T2y-Wm|P<3y?g3Ro3FA%e3%2%CmQ4MCA-dLkO+KcdJW&t)QPI^}+Kigxno?RO&T z?Yu4s#~+Uj)Ri?jZ)kOPJXq#lvS&B!HodqwF|v!B+`T>O({;KaNu$@1EH6SXpDv<4 zrH_I5*_*fuV119>k2s?Hd&^B{(93ObkL`eMM4mnLJuP>no=$4v!LyY6%6|;eaVDAL zoiu-$Q+w$Rh;TOXFY)4o7by)cve7V&K1Zko^AB2irc^srahv5mF!$s-Br~Qhf9pKU zb>{iSz>0&m=RDb6dU~PO`7|bF;mca)bp8_=pSAK?@JiT_$46JanZ16G=&20TQzL{7 z#ONN3Z;4nA5vj_Y_MJWSBR^t*)TpTABtyqf1`oaMt#!o6Ag8a^tyMyQ`Xru|&{_-o z{!EH_zJVLp8TX=}JR-2ulR}K*F0NowJjjjiu*E&K$!qMkMlDODKP-aJN&mbidtCk=BOnq?$s z;yx;UF4JlNcOrL-1e^EO9(G&Mp#hkS^P0{QISu1)thv|5m1ctC_u8YC( zLZ!xNIuCh&3s*88e7bZ^O4y<$0^$`FVD0G%@s!r)$GYl!V?(GDl1_BPdNGVDwf!mh z*KP*nf3QYi(SlG2noQ2#3BNsIK(jm>W1-nGbvsqWSGCsY;#^HO+`Li-2)DoSuwkV~ zlr%Z4X`9a0=~REFJ8-Sa1BP9$E6Ji&OXGR_E&`CLMov_wJAu03;@!!WcNxZKYV}8y zXM3gy;`M$v)sEe1I1l#4;>M2Fdrv6W$Af&E&NFeYucn88dvFY{(RXN17V<{RH9gqM zYd;M7?wT>U^Oa`ZRlL5on&u00t8LDLx3L0-rGH3V>eYpx90F@oYk>FNBI&+W!r;`CDX3`+;pdm%JL?p>#TPYv$D$7mVE{K z_sl9>l!z?HOYXhSUAkAD5F1vVUX<}iI!HF8ypn86`dHS76MV+SJSdpmQJ2U~l$dcO z76n|)UC13R5NaNlZ2tjd?>5)3_1Iem9byP>gGIr@Q*e9jJyUbS5ou42`l9%jPPZ0g zbKx>le?bg6MaGFbp0atJNGzs{Mq{9(40o#S^INm5kv}C{8IH2J!(UHSOSe8yIBQK) zC3}%-`DWr$uBLZ`;-2PxhQHslEW@OI3n%bmY%=W`2+YefP#Avl?k;MyVS0Nyir&K3 z>d6~<4^oUKzzj6TRNs>`%WqHhxI<6E;z?ZS$cWQ?%0&mzXPYiYa8gIq&V#1f(BCZu zFgwBHNC}@196^SPjP~9P9@6bK&A86J+zST3I-5))1p%B6>({oj#=3mCTcS@1QYDc4 zdlgNEEycRBmxp2mXRMYR^r5N8IwWFqK$i>XCCJhfO8&q zf4npFo2{a!yH9-a1!$H4RY!k3t=7gxFKZ(=S2Cq%RNEYtz6}a~gRrUI@{IvAc^@GN z@rK%rz=){k_?tIJSK}jPbwjHrYg^;M(9JQ7yltUTc6R$uVQES@8@Y^Urkz_@sE<33 zE!m5q6y**t4E(#do2Ka2Dt57lTtR!y~7veDaUA?1>bib!A?|Mg!H@4}cF%5dB`mZT% z_Ffwuwvp()KfNE`tx6`xKt^^`vOEaxi2fmEd+rY5mdITl{p-9go%2F0_tPD8g5BC| zq!i8jVUjj?<#giM;v1B;jTXBo(@i5OOt*XZNLogQ`zk{qk09QrpQf;tiBc=ijL#LV z*>b?e`};dyr(-_-vd-!irW75JOa%52|8#{m$NPly(dXNC^+;Z&*PVFFI7kmPl$7cY z_Tp+@6zvtzd15%q(|EEzj`pbba{yP?{fzFo>Wq?x=n3ZJNw`_wmcDJrh)q-lDcf@5 zSGIMJZ3^XwAi_v!x=UdjSBsGuEq{Blj7>U8(;N7{G?V_MzhGi`;qoJm>^<%)SbK_7 z$Es5L@uAH5Wn$yr5}S-JBmc7K_un2nC)uYK)ryec3*t!cmRx{uI1@34g8zXz8~t3+)FesD@NMNC9!;kBeZ0!6BAPqwLeMo5b2DFN_hxEWbye1dhn&) zOkv^GRkM*f3FFQ%@!@BW+SKxz+u}S|ZI}I*9cdZx{?JpPD3n?JrNOqIx8b{X@Q&^c zv&{D;5Ank4BdNuiFmWfcYfN91^zr#0>ajd{h8*8$@B!@hzwGpy$@&>;C*5Z1UrLJf zEB4Ut|ITnBgG2s5cH3NEiYLRH>-cZ-4LJNBKwUgemM_-u|BChj>NGU#RyhAA(gfsx zAmL0yfx|0UG#S)Y3N8FH%B&kR?myiR%Io1z{Im99_Z>`7+J5EYceb3f4u9#(cw_Xc zVV`Al;PDlhU{N>#Ob!{r7_Gr|od`zS=J>UtLRupg3ik0Rx!87aBp5%5C+>U6(2%jI zX}!-n+wC19L6f(M203jtv*b6(xiUR|V~xoOR4A@YsjQguYMBYDXG5A@ySf*>VhG~ekpGJT0BjiBzxaXDK;!bFvL!oL~W=%+z?&#~viH8wGA zG#KzCmr0k50s!V05E`vdkeziX8r1A)RnLHhgwHg@s7p!yF5FC*yuT%P=53u7w~Fy@O~64sN=bEueaKfP*Fki`|-;}I?DXa2{;4^MI@L$1^6Y- zGAmM6g9$?JIdZKw_~4+B%MtSx95GI5DWW2Kk`s?1SE*JLl9P-5Q;FmcWpzK<4!yKs zM9k={0EbvD$U_7id~yDutI{tb*#$~kN`3u#fyu}~4Mq|Ik|=3b)u@!fckfojGf9O~ zu)c`M+Oy>3WTfS;5r?D#tyT_SIvxLs1LO}KLi1p3f~9?`kbK$W_5f1pogro?l;*fcl_=?oZf3hMS+0%msqPz6-x_F5xMiWz1V!egjUHagJE(tU7^?$(7eyDx;X5%ZBn z^+O-#G?R%`(ChKDs}_OqM>}Dy7VC;Tui1P-8+oTYF*!We)JpOtd^QeH)TJJQ9&1~V zCE%Lao;{bAc6X=&Oa0%pfZ*swOW>0FFUqc^@om!3$iLLW^BX7F!T6z1|T ztcxM1)k11`67ApMFd9jTq^To~2{~aIElkSkFfu_g^%-dd$TIQ2i@iNJaOcRWEFL6C z8qMtu6_=C{C|-pcFqrQM3`b)f@Rm^?qPGU1g!TydVL-)VP~=Ga*Pe0Y$US|Vv62lr zpE}oyJ}-Zt7^c>! z58P9g35Y_2sO9lTo)bg1Zh7J?&~>*Dn3PWq$Kb?CxCoC!fJjM6o&2dl5e`GJae2jC zJzTa~8yzL8Nvp|h8F$}wSzdnm_8E8KnMV!MW@LxvcRsaEVQ7`ELBvhTxfGjQ;o^~rREiX?m^ksBm4+M zxe}$T0pmZ$j>+}ZAC47;&WS%jQJCZCyrB95Kafvogp>1)g*Gxkaz0^-Z*&QX6m>SI zeA+Q`V!Q!dYwW-zGKvhmQ!PE08CKaeqLQ2s79SQE19$wS!9|?EaQ<& z5>AlQqBE;jp-Cp%bL6BOLu(WcTy7RpQZ`0|gFnCRT^&WORy#}hLe#J~_`Z$d&}uzX zEhKu~P3N#9Bdb4|Mkw@*GPmy zM6}b&jnTIH;|OV9@%?&eS=Zn+M0t#E%49AsD#ODAocgJZMeQsk{8i)=|@AueDM*zgl&HB%@N(F7BE6jqX? zpdu=%Bm|tXhFGeJw@-~N2Ek$otu!iXvJwCwsjp9nc5v|g%QXCV&4rpf#O$_B~%2>5|wH3M_5(1HRB>d*pD@j6XuQ4h{D-!Js2zl0XY?#`QpJ>}8I z=_^GOH7Ath5u?|A=9$B>09cLN0d2$f;UBo()@pJV%zigd^#ZdAzbvgS_lILf8)YOU zpf)?)?9380!v=QqtE=Hip@9lCf+J(QKFo# zu5Hn>sQ3sn9$rjkCGPcI86kgKp|BDg;OZ47)2Z2H%E~yGprQ&O zl4dfE!qPH93xkb}xLCSeZC2OQxf`*gecg4s%$Q3XD`V>_mIm6WkPDJEQ{HO@LP=R! zQeK{dnkn&evt#${EUJ)l%afXxdN`i6pM-dg4}48so#tn?p3m3MBOQ0$9H+Sk#pJY< z2AeCn#wN$~M4kd2ZTMwJ#gB&62{h^AgvsKIQ7GE_hS=!$iUx#!uMVHMddAX&$* zsMZs>Gx%B zT&88lsdfNuR%g@urWLvLWrU&F`na*vICkn!y}3}-(?lLy+MuwUHFI18Jv69TIiS%3 z!2&5q=}Eb`u*){bT58rMq_Agy+_J*TE{sl3i@CJ*+G~ARSqwH*+Jt4KfkAJ=N*cRB zRQm{2k>NrJ!;=N9`)DMUhua%Vl9P}uC)EWT^v)6qV0J3IlgCR-0^H@MH-Eca-{%JF8M&_aMGf18Lf-woFwiiClrX}Oh_}8X z<&{ytehEt?il`Wazr2V70l_>cZS}=~*#*ygi`5KY`{S{cy4llUQez_%pXZU$Qnlv9 zKobF}#W6@bg{#?T;ddGCyA9VAhqe2=e{6gEcdYa2l6&inuKivJXxYGt17i9o2D_d| zw(l<~!8Svsgdv4*#iMXxbKdgNhV+ep3NMZGeEvq3^2b^{6k5ARa4hRS)|oK} zeA=Y+U~41_Br-Uo=`h8Uq8xLD78h|(03i^ItZ={mc7E+rHQ`Rf?-ubq7UyrmkV%GM z-?C-ZCtc(>wP?|woU|)dt+ZAV$`w_=T#k5a+PjH#Jx)CQhf`E{kqMD-Q&fHCDahb= zcKTSDn3%(%5Fz#7fNm^NrpMQ39ngCS%nA$u1x-#%+dn&#PNUO_H^B;9h?qF&ucqA6 zC;|WgE7oj4AJyI6{rvnKXvX%Oz#OMF67cN}8XD%Wf~j0n^-LDK9Xa**MO;Rf+H7Tn z$WM>yi|yuIKb=1vtK*iw4rFI;#;w$Kr7JBqIOtK|tA>QEt!416+#arbtd;EBvaPq< zvaYY~!D8of*To)sOt-Et|7>dWIYI2GsM1Ce-$BOGF!lb@K3!(Txhx0yDjsP%VkT5h=Aw$ zzEVXN)?2SKg~H(tm&Q_Wc>w2wZ{S{J-9Oy-{OBan4`uh4XLj`SZ@wfy$Fny7;=S5PUtws_Xl-<#)kKP2R1Vac|fL`QC& zejx@(kwAG4`p#F=s9VeEi*+|7R7?qb`+PGdZCO0vRPOBbrnY7qpP>2AsxUM(G!ajy zbjROq%*D@yDL^&f#~yQN4i}vNULo?K4{sd(k#ES5H4zti0KQbSBHd>k%MNiJtz`0>Vk zWA4U6BV4I~0URQ>mlf!3kWkVBE9y}~NtndiKvQuiKwC|DXsDNmSF5!DI$m#0{kZ2_ zbxoOwL4nT7SN+p{ybPa1KveX*Tw2o34w6b*R1hR$ zV){ywTn<-*(UIJh_4_kE@96Yc!LRD*%5f=N1js(3J`pi-MHThIVc9Iqc?7=tM6-VX znnq+VRq{kq;D`u|i=!t`I&Yo_W{m?Q@vi-jBWK00)$6-EtF&ger}I@&cXzXSL=z_O zXDGYOb+>chcLQ9e*DJNpdE#ecn*93zV#IP11`7`jrB4caKY#X{9xNcYwc2cp`S%d){$L$9 zd*Gw5JSBb*z?Lh6l}rqejUew9M^vrRm3=L6CMMRb`qQegrI`iEB096hi^a6D8H@2* zAK$9$m-UQ)<9sq7^6TT|ukjI+<+%mO--E*j>l3EK$G5}@x~|`{Ok4K*vOwSFdcLAa zQ9Cr#Kgdjey$1U=WTN(R#BbK1-vIyZ$fXU^|@cC&A+fFKp%at6uc}dF4+qE?s)HfWHMM*_P z!om{F=i})y!`?c*M%n{OWrh|y5Nkc(#}5~}{a5u=+tog~XkEHb7v}q00!&Lm@MEAH zZvrZFXcyc!=Ekvr+BG6CG_lFw=o7Q(FK0zKOqsQ9{Gi5oEEMfc{WZy!)MCv_mgc}< zVTli0RbXY4+Q%TUyzyYhG-fW#v%H~d@KlK$ITkGTGo-m|NnuM%8dMiyW7a`W#4rgt zVCVSPN_D#D4hYcci;Rdcn_ufAdk&-I?f5bh@T7-M926^?Q^3H$P}0(pn(T`)F*7HS zLRT$HeSv`iY&|YuK=NbQM-e>A#Cd*QidL>(or#y1)Fp)aviw zzXg@7si6-zZ1L&o;k9SQWo1n!6X>p&E0-C(*7aU9zAAt+z7;CBt*hNP0`!y-&{xYjnW?Pn~NKtx7d%k)Fjj`+!O5QC7ttf4i1d;Ja_6H3S zWzJ;ZaJrlhBn*s^c9%2t4%eR(skFk&8yCb4YV!Dghl~gqxVBDP+-{eoq@=-r{~BMl zv2XcCIhExFRaOGIZra3&K`BoYWhSQ4F1dw!*6&LX(8&WK^de3^WnkuBh%kTU`1NuQ8N5<n#a`n;qH#)cNmY=a8m)aK>=bgrVmR*wO-h__MJeFpw_S>gq0WOqEp# z&T1uQE8AVv{%=JBchv|xv07bw!e08v?dxHS#=r=#Ub9q$zvx@F=!8<~qrRT97PqtH zCl6Gk+2)DU{D0j$Q(L0}Uv%e8jhV-+B|RcKRw$8_si_eP7It7}CN44(2B>69oTr4Z z8VaV8qB_Z@a&or)`dS#;zgy~kiS;deIMZ_5TfOD~%y+xm0%{hKQBhR%^b`!eX>vJ2 zE6rX6oR;|ixQdYxBepDH5GSIci2@p2SxITW5JSM}@}gUd?r&R`T%D8cYN+#J9oM8y zQxDlgtX4S#Fqhv5@-rY{kd(CEXn`DN*Guy{aBPCd^Ztd^CShztW86&@bm zJ2C>Pr>A#|NC0HV1i;OG9v&XtlJgvwK3%+00F zC(i8@%!|~udwYhrcd+rrYpK7C*l}r3=-|9EwCG5SBdy`YIn#Zv>8467FtvJyo!xmI z-_2Xy+Yeh5GQTk-3&5E*ymhSVLbSumj5wr`l@6EYFhnanOPY#_fXD48pwP_nt?qFpISXHP}-iRHpdFDlR8_HDcoN(s#@j0cvI;%eiB}QnYIwIXlQU0d-1GZ z6YPc{xZwPFDJv>es4PKINK67G800`%m?gP>R-v-8QoY@oYA07=Df`x;4Lj~`U0(0U zo?WSzGXn_OfopDFQwDAp{}cbq54tod5f#)kWhG39*AtQ9;oA#Hf>~C++&&cY>!aJD zXxznTN13SvW|uEMg@S_{1di~HP9CstVD;*> z=NoNFx?O9JhvqW6I?J;v49-P!ivD_OKa0fcI7~O~ary-Ng2BV;O{cI;C)4|;bGW;b zK>Xfs#A~}eN}t;Q_*8&Hg0r`onmdiNu(PL0({)1u03O$KVQtoja96GaB;xR9f6I5v zE61g0I%SNFQT6;D$o3OQoW>5)W}D=B>^eWmBMb8@Ewf$?rE4E-F9SMaC`j)~DJa7B z_VzThL@ zRi2Z@Zl@)&po3E*3oUIA`{<(K{{6GM{m>P1mIqyRY_Z+3F0ZGw;J}U1 z-FIy3Ofr`xPjU;)tz^~1pDK!HA9b`$UUIFkXIna2FG2w3#ipQZsOtb#(b`?-c8+Yf z^u#?wpkoQY!n%st-#01&?#b4{nRh`~W!T|d<;C0hKAGo&R-$EoHLfyhq&*hY!zo3i8B^)L}rA>F(K;d|tq}ipJHIZVzUXOa=9< zpn+YUQ`#?}?^BVb7(ESIv?OEs)5Vhvj4oEowa>4w$e5_XrIolm?)6iREMhs(YT{HI zZv5}zL?nA(qtF zGw6P8`n8{QpGX}dhI!eKLoQys||e!B6`Hkru-Rr1)E ziN>|%S>wdbT7rWEjvT;od+b=TLRYS-tu0+>0Rdx1si&ifqGEzsS{2AuqT&eHfH7zu zU2e_&q-~UyD4miqKb%_1TQ)6;=)EYrhJv!6=#65Z_4mpA(H#r~GIY{0=x&`gyXC6X zttf-vt<9=A$K*iPN>tG9W95R;UfY(Ib$fZZB6P6oIH(y(3yg@91nuj(MuS=cW$ ziO!6Sj8GPopHKMucoMX5@^`iXuEln9yf@(6`USZhYGvAVrK&R!g<2{?A>1DI2CxJQ z1NX6_OPQNf0=E?d01j>1K!nTx($aVQ!)nRrdXMT5__Aqf^t( zJzW2R(wya{Q!|^*T5x=P=iX9NA^+ho&7VN%b-vkwfrtnzXEsORis2CayKo3=1>s`O zPLb79frWB4qMVbe-Ub@HMZ|`2G-n2aWvHax-dZnkIsuFe8X-PtELWsuE<-n=^ z?|SZRb1PN@K-AHMYqBS@a^{|MU?J+)jb4)mSS6o8)$x(noWPc48W7JSu`1PQfK8gh zN=ll+_;H#8NfcG~*6BH)WQ1ffY1uqb!~kKl-3XpD-@88{6%q=Jh_#h;bYxm@u>pcN zeHQG9XlrfPfJOV38KM;1%a0iw(W)2%VhxQ|cMlJPR_@u8dv{MyAfKK|D59XGtT$-l z9-C-t*V5FXyS=>~9Um7eTQFeCPynPvN5ipT!;>drWlgER4|FIUM3>quPloN{;ru`1 z-ZCnVs976@5Fo*WJ4px<+#xVPNRSXbFt`SHcXx*n++BhV?yf-xLU4DN!3O7R@}9fy z{c+a)cfRvuSWHj%?!9+c)qbk#+0`~1abeMkp(Lyjn$LK>iuRPk$4R4t?m1>$cPE>P z2aA>d8UCo88%_Hsu=6|#_|ay9LS7Z0^I;gPrv2UBG&z=l+HB)< za(;)Tygbe;)aN!^(j34et7UuJn6o~aqa9+nwd;;`Cu7nr59p$JY)q)4)%HE_^7gSO z>h;C6&hDQwP5=s#3wb2fQOx1fmAJ3LtArmARH7Pi6LZ%j(&PJI#L~$b9n4hTolnRy zsaE)?WOzpUtmH3%^vK7VHC7fo1R;g8g}KKoOXn0GR#ZmV*w_)`)X2!l(ixy@zr7m% z{^Gq^LgjQ>2@?}GZS4%=$bzo6kRxankd&U7*l%%F1yA1h%cb(Li;8k}S?~~L#D?=r z`EWL%v-neyPKFf|%R>)D2KfBm=o6I>-}7;)|24Xo$H)AtYyWqpjy|~UlfIlp?PkuL z-T00sAD36r8!Z;~`}sqsKNAxJ!^1shwN2ZlqagA1osam{s8OZ zfD7C_;w4KhF0k+0VsM2vv~h+3g+`deP!`mcs6 z=lVx=C5vUV60(LrWAwL02d$2p9PzEaT#oopg?xRlf&*;0-uQ+T$f#Yz`b`}9ff!WT zT9dZTZE<2E(T7>X<>RaUEZq zGOOhy$EvETuG~_q6gZ%-^QhUvQEEjAUKE@`Q{qB1!N=65q>VtKxJJJ05-y-Hjs*w1 zM@^|K@`2;qYy!JZFDnV~emBlDEbn�_NGKjA>z9j* z3l4>+)0q6XpYCDQu>+$1UCQi~wc{-%x+BVlZ}WdW?v?3*S7?{nucY)}asf1Vhml!`AKbtvt?NUP9X1OTCK>4>#s? zA|fL1(m(i*oAgW!p_fdC4OsLUaM80RfEftgHr))^=E|y@Y@>s9cXL{#8{_t`* z94GJra22Ai^PFnahIftGA{r|z+}&e>Diy}&hD%APS<+s^V?Fm}n?>t-BUWyv#gw`o zvfL3xA;4$9g#i(Q^QSjC8}$5MHKc6TpT~MjO+DLUs-Fy*CUBNjtNG|-HyRtgM?cq2 zuh6;^+h^{;_ucAqYz>LO8)@%BwAuOdbduf`-z5vt54Du;ee4d6{bR{8D+o$se4OKa zvA?G!R?Y0mOw3xMq%OLrOinH?Xx{Gvl&yyDs3j|VR*My-%K1|fM`-`vA9{K;7gu6- zvI_%)%~iWb8~$`YbU-$`LnpxQFH61==T7XtD@+rf;|}|jF&P#dj9RAA|05;s_ueBj zV7mOWMJ~`v#mz0o8~m)>u2Iru`(x#VLV4h zojUXNNGsdh!Q&=*G8Pt%+h)XsU)|hDQSq>Famhcas~5YE`^;S-5YZ8VXZdbxzXpa% zIwnbr11R&$7rrn3Q53LCC%O!EOFjU^7#JJtbC86Fh4nzE;b|QHQgy_HUhR@f??@xR z<m4Zp(JV~?+}NBEs-IcWmdZ{c`T z4eS{i84G+)Oga#4nSCsZEAxJ=Ip;k!Nt}3qiNQYrt=_F_X0oB*Lzt2*IP-c>c2V^T{TDc;i3IxsY_1-BNaS$BA*ZmGAX z8kxDD-~9aia3VZW+oQZ|Q_cJSLZ!+17}(lvG*znR;_j}JRMU38W)GZFvK9dTsrF{j zu@2iD6U$1a4-FijPDe`{6!7__fq~JVa;;|d)a42Al?cSBNxkN`?uCjxJ;2D19NWDB zGTs#>74AO38gY$`{G{s9(b)88Kxzrxb_DQFR7{t{E@xYA@t3XmI)BD{!$wk=w-4K$ z4%JEPtYp4_dWPcf8!Hi2VSVdF*xHyxHC4X35ksBEKwrcaRopXMC`Sc^+N4}uKA*ce zo11A{v8bnGiRFqQPg&3S0Cz&>A)~D(X&wn0F=EUhWfq`AEtz!dJWfY*uPCP3(qj(p z%`23VmI9Cm34jtq3thj@1zK>y)uXIIUf0{6&JrBZz^6ZHe%uqeQeRE zzSW&z>ZmnEEZ7*?xr-H+~XAAtd;vaF6pi8{$x z+ER`BC`v)M3iEBOoAaZo6cJkzqw2|>vE zwc@gpD0nftR#TQv>Ev@|F`%vCDw-cWZ@8Y)GhAG8Jw2j+{{HNwk}t&nHzK_I zhZGpZAV0`-i^`T)x`6YRi3dm}lDP9vz7&b)yyabs1qlOy!4ZEC4*aU6DliI1?T^lU z$HasmJFuZG%iEsSFv-op5C*jT>>1LB*th`ij|jjT=dd^Cn+}5kFbD|Akt8QyaTRUl zw(rS@KPqMu%21n*bN!6fYOb=MmKB=2U|)21+zt~GMBuZ%d)IzfkIsjn}`J{tQ1b zE$unJn7z}fvzX$-r_yngFyU#eV5Gu{&`w=?>5K(Nrbf-ImA8U|u|>a|4j8@(aj&6~ zV=ldRhJSOAP|23lj-0ai#NJ?BBadFnS9(43qGQ|zWR^;nC6X(J%jh#}K??$<>Gwy+ z#-{rBcK0nyDs%CftlDMgtT2pEesc5`&;2}3Di4;ieFPUu^|FGn9z!mP$YVQAM9taO z?PeA;Am9p6~ zzX!rw!IZA}g%gq`%4JU>bfB_ZzI$}W0{?>%NKkM{MxEvjLC%)hUz#i-hLnIM)B0S} zi0wAjE0Zq@lWTgEQ!OCbbdY2lH&v_hXI)+0vU6{Av=<*C6RQq^Mx>3cFgY@MI z9MbH@V%?@3Z9~|0=@fX&^ssZb2JyZ=`Fq24J!r-NL zcDHmyOD`e*^rN)AmcC+=_Gh92!Lff@kiGA&QIW5CT54QP(i&$dWZ_ge{DN++B(1$v zt?jIOMr6v-N;R}(z;;^ML_ZZ14G&WI$MF=FE5XSu5v1<|a2l^O{v~%umMjs4L7~El z)pyhv7}p=((}xlE?s{?LjHj9|XY;lRwSl7w`KzDDX=clmOyUBG6Civ_!exRZo*ScK zb&U-y;@EcefyUc38SI@GgL=a=5D7Ch^{P5uxrqb|@ zjQfiZw~JQC9POe(<*wz@?FORvR8&-J>+7)7)2{ArByaCW{<8H`uSKZ#iBlsaesh*c zTVnrr=dUv+p`&!T@UM!9x09`HLY_DH-s#E7yBTlG{t7)jJe(iQo~50^cgAzYH{+G{ z5)r;aN|YQe^)+54;r|BK4%frkX&4-Cyb!6+x~IQ4t?ijFJF20v{ddnnl*>xmL{+t{ zOhm`-*>$+uG)p3SaJNXt2l3-qQOH>NWfnDVmr!eiN!p zgn$fHsxoaezy5~D9ja3}J;77XY!n`t8+`e_s&G~RclXZZvs@K6H|XmcTB;g1bb57+ z&TA7;l*pEL8Vea^wk12N^Ru#F%1er2Ib*rUy6QDi>nE$9-_g*n73=Z~Lb8hNaX*XY zzTw~qOPb;7)ru%Ca67B;yZx0hu`60QF`h3)q+F)n8}f=8&}B{UdsPq!RGeP(FyW1j zu8_!*N~j!}v!Yk2%RyQ>Yq7Dt-AuO$9io(vTD8PF>{Dv(wKxR%x_#Cl~Dj(J!(ek{VFmiYkK#jMwN{$@`}r3<;YCw z%Ak7F*b`#u^ zm@sHk(`NuTbhMBlY)Zc5STS8(>dP16H*fT~-53Sr-&*r7s7_po*1k2q^Hkmcsa(=)!808m|HEgkztU0GYjl#M zwpdG*5g&IaxFlgqli(sThrV|}N}>JO8&^!>-4OA)#UczKD?CLW32F*RCkejdLCcj5Uew}j6G$5j?t-X6sQ1l2qcs0 z`uaMtG=6E-21wmTPwciZJ>96(x1P69E&BHr(na?NIx{W5x zWk8C?%!slX4|n&~{7Fun+B6U+tgN)0se#F<*O~>+8uX}jW<}32Yxpl78NiPg&#Bmc z_<8JpeJ!f>4L=aTa>J>(wd-06Vj%2>)~OF zTFsONbmnanjrP*gU85e7sp+p;p0HL9(nu6xVecDk;x9@Q1qOx&nsIgjszHwq>Bw)I z0eJgr`&A70EkyVYsPcrh%=lOme z=hKTfdx9mCXdOUcP_86l9D|IXSVIKyEYmaNmtvva<30QgP`1YciSesmkJp} z@9P<5RW)j(fEpn$-UQ%WXj`quCN8zQa~>6>hJ>0%YFq10I+wT})=npJn-d<+)vj;+ zn&2`&`UIZz-U5}@;eqB2(R7xsdD@pL?w~H@snwBWDMI1>+u^PdmHVXd`)|!@b^^Qd z)B!l3lw!nl^|ppdq?^_OJEni~R2Yx_Y#EhuC6Gv4_hhB>V5v2AY)pP|NYS#ej^j~y z!i4ApE;f|C=0GSFHG!OV`y2Ofeq7hGA$tCHJJMSkG?9?OJL(4$+^3Nv`FD0`IWGn( z=XL@?NbJ15Klz;2t=A~~Q}=^lm8dL@`lGypdk^jX;=>i*hyxfQ5cM5cP_fR{uZV2- zen{v)Y73^SAK9!YnqOsc) zxet-z)BwOTyg4`3^t_l973UF$u*S=OP`tWpKRz>`i7dT-u%gu>km_flXjsjbxN?+K z`MK;GxLvo|Ox0gcCb?bcwE`QD4YlG*8JkfX)=m$~-O;?{ni_TwE0=+EcI$JExVQe! zDQj%Vy1HUH^WN-DJVGk{jnoGlJ>X*4dv$i?dd>+2r7I zKR%Z_a{IC4!w6&aj0*csA1)Y~Ni>`Fwy4OwS*@R>_|Npx}Vo)R8nQj?pPO)4=VW zn=aa=G`4sn#9WiPZLy_Am5&dd+zSF5PJXTB*^`r*RYI*M1tAQ5U@JitJJ8DD0+ex` zmPn`jfYp1eX@#uep4WWx*gn*)F-@|I;h&J?(3@~=L)7!>(Zq9K0mK0SudoqgY#-(p z92&u(PHrGBzZv@`RkIhAUPzBGW!BE1QR}i`@&nfg##1_BnLAj%h0Abow6%vHFBZR# z2M;uPG%}NSWfZQn0iif^ty_M-6#-P!7!Vuy;lGHU82jOYeNE1@?D@^$z z?c%ix^YHhv3Aw6G2=Db#yss!3SV`%WqBA1-k&n!&t(!^;Li7D%D8lnnUQY{O8+xYm z!)Yk@0CbPszP#U?(oCh-w?$8>bAe*Md?0q(BIc2)I9_9bwMNv|PjzTzv?~{Vwwxsc z;xj_5mz@>e@Z`K&ofp_8eSC$NDc8|zAw{sxP@lp0VJUuq*I8&Vw^@VZ_?A}=8qRQ%EmvBtg0xV?@ajU+$x>lyF(Ur{18kUW38G zN17f)csHWsrLO4ZuIEBW@a4hOc0od}re%@kS zY7$>5O<8Ktt9j$+tf1+r4G51-QI;rEci-7gh&;%FUwT%yY^fm?rV=obbE})- zUMb+U9k03P<|enY=`JwwOH07Y+kq`RxGqL`*NT$(m5e6DcQ|Dsq=(yG(hdO}QF7;2 ze&w>g8`*N+>Z_sM?r*zDI^H5BoZ;3+)EPJ}KgrLc#+q1drn5N3tl{bnyWLPPi)gha zPZx0PQsZM^41=`m?bjW)!1_`n$ei&oNx6zHd;)Pkg$!jT1f`R%sr~&@azR@ViE8YW z_U5by5o_yRW!)`zi|Ss{7Ai+&E&_ko+;d$9q4YrA@c3Myj6hEob&ENlb|5>wI2Eb; zhCS0nXxSg)7WTL+?aojnatEHZn9(J}nz&zi)^{n%*v!Vg2^-b^P>{?!0R&GyPlp%1 zxom{ENk!!`Pj zZrzlfUH>M+{wLVS96~XYwBPq5CT2iCT5z;a__1_S_ur@(dU=C1Zue%{ya`}aKOqfY zZmixvI`ac32k5ihEmdBiN-~?_)Y4SznPZ6@`klPAmb5=)Pk>0}@*n1Jq89WPsZ?&x zF}h}XB~+%c6O+|uC0{;YwjAZRmQOeo1!;&jq;Y{^93qy{A_rNSnc#3V4A# zYjgKq?2(A+Yv;(WW8*3#pfXX{J_h6q8Qk2QF3 zUHUzxk8Lht75ej!>=%=k2SQ05({ijEv;GPTp6>4wvRFW_^;G7Cqnp{$PPpDD@0xk; zI>|V7wnthg_jA#Fru>Uu2ugU*^p)e0TZ){#yPcF$gw#_*xJO@AxAzo=+dp6pNLBUbI{L#g#_d`Zq0p6ha<+-4Ym( z6Qjd90;op#(pyf>vrqbX0Fq!~>?6#*GU{KKw!Gqn$an>4-*0iay9#wLxkL(&Ci{aW z4$cL3Dt85goKpsSppgr;2et)V6NpCq!q?B1g-N^m8s#RKt#Ab)o~e)Nm-)$=btnpI z4c{-zBECEZERC<5ENsc}Y=NDmx%K6T9a3+f=`5PBHYZo_%v`brEkEL+T9DR=2)Z2B zYQJkMTfX^!xB#P#(I+9WbB~o5-CLKmSvgYUE}VB|g-M&YNGd#y8H9q`di`UMY-81z zxXLmzYsI6m6co+c9n%b}*2HB051tRkil07xQu0}ZH5WT{ z7!N)4?MoZ-}! zulGS@bF#WJh(1vdnMd2zB1=T{7!c<4<=PLz58c zSRHjhJ!mpnHcR4{R|tr|##RL7(PWAsl1kLCg{`XSj|_?Bj_bnCzh4we@j0F#phnS5 zDeP>@mmO$;d|z>Tz4iZC?&U~ey+|AgTN78H5lAdu*|CKGQPQ~~AQ~`V($^AElXwaA zV$Ci~J-Yh5{n+Mlz~khE&T5C5NoOW_%zGK{@hkYf-pKFYx-j?S3cXvFQ?vusmR8v1 znMCdc9{DSgexZ9wAy+>nfx4K~^uWYu)~N+eb?4*2#fe0fCDop?b*rLVSG7sawdJPx zSJl%opNaLCwFicByP?VGQTdA-#cohxvjJ`k08u_@6FpxueIOfxx_L? zexy8aS?S2yvtH-SJHF%K4^ouCsawU6nlcilVr8&%;JAU)IYQ;p&v?P1hJ2DceTa0jf|JRzD7PD=)DHuDR1nl?(XqWd z|M{FAcz`bytd&wKC>Pojp+fh>seK=PN1{4S-c}i6NcKms?ygIjtkdI1`pH^%m~dqC zlEO}`J}xWho6J_Ck5lmDO*d0fwcXOf1nQh6bCvE}X z;ckKcmwV4kSLQ9Bb(40$ph8B|AGYi5U9NGR^s?Xqh|d!*R6mZ;tQPiyJfXxl4knT= z@~3+&{0YM&SO6{cpF&>dZ&a5U) zpuzxChIT}Q;j?>4t8a!%R1UOg|Ahr{RHyF8LSEgI6WaIvA{k{Z8(Yu#CRBxw)yp+2 z0-wn+(t5Z3boKWi+}Y3iS$`|or(=s8tF1lSq)+;`2{X&NCI*iz;q0J+1taak9`+Lb+5NRGiM8c#kT-{+3d8=AstBoi)1o7Vf}vqQfqaXA?LPS7M@<@yz}Gy>x^}h8 zaYQz_@pr1nDr@=9N|j$G=rR$n#T|DyTU{c{}lX20_=>Yhebc&Uwond@a$Q z1NylrHjjI8cC;epOM?9Mzt=rHG^ni9E7Dp=gK8{^Wa6SD$_SoT4b=Dt@o6(h;z(LF za;!92I`vk{*kHP;7EOTB43J01&0wdnd@V?u=(d4A?6mJ-*EeVUM|?)#s;4`UFzH<_ zJq+LukF=M7Jsbzy?ykA43_)G;f~}J!Gg4}OKk$Njcnc#P(qS*dsdi*4C_mCXp4d^6 zyV6M!$$S@I9%&KyO(Zt`BLo~sA+k+Dh1JnTgr}i#a>*~HTgrG4-=+ZJ@yQhLHYWqXJ6ons7V&GRi%0A4?UyaN-NXvrK zN-<=q1pUS>Xp0n{cdowLCQo&u4Gp+z=W8-1y1%`o$+0zH4z@O&J`P3 zi&bRISnZzBJvaj$3(Yk5>kv6-RORaN>EIrG_Qz6icAN5p`YCeZ$$B3w z9j070C?robOhD}qy{-Fh(K9v+Ww)CpRxZ7YXpMHxuWmfo#%$P%59}Ra@X20fqkOPt z8lsFco|vP?$GFUQ$*C|)G~E9E=eqRwGyO+n7b{J@Dzq%jEa-4zqp_H$alSo7Op4zN5SG0~rZE5R3RC){?jR7Ff1?nTa3N zskYwSO(FnIl|`Y`Qc6BOW0A3=lnqD zC#OBvnIng7H#D4ZB%*oUtXAbB3|M<-hmPukRkGa1hd$bt(*x3_NAAeZd-zEw?*Ia>Qw4_1yLzh;W9ij&8cUS`HIOFt)8^mt&5~{3bVj zm*x;1HfN(^{_MDTC2m&IfCwJL_2*RB84v!a`>xi2-FvawXO!^w(m7UU#`8JpHDP8J zgCG?_8Ax-WGE``^3GTJwvy0j$6D%IvKi-G2>2Uu1^!oOZ64*&%c<|o&xpIi1SB$dZbpq=(+*-kX@ebi6|n@m+BP`v`=!nXRouAy42U*l^nEW zUNEMop+7;ADtXhc;%Tyz%S(Vx3Ohy5lDsVl5aZT6RLRsI8R_4(u{r4QYV-1b^(KWI*JPPu^U0>_g5M~BX$7p#{GSzi`(P{x6hlOsf1;Dx_9yg z_YKL7D$5b8w{pq2`nGgs{K7eYwKij+#>WF7ewMsF$yC}OzVN87w0A|25A;Gl;=wj3B-V70d0`tf{3bGkHVR{w1F@fs}(DP89(#FaOpDZx+F zX?kw$J2$=5wnVkK_)L0VXOBmg1D(2n@q>`PmjaPp^b;tuRV(45t57d{N1Ofz`s)u< zInt{Ujh_iFq$(mpl-k-{p{7#sH`FFGdGDtqNhNQMWM)nld7lSx_w+AQrIz_@a7yx} zZwf7!Qxt41Tt0l=x~%hYM2e1Vh=gBiEUx#&qd1V0pmtnhx4q6j|0@%JvS&xfE8%lE zt>OZ^o}S71bduEE*j30wDPsPT1QhxP5#{^_^GW*<(VWX3C-md!frRmG! z3443|?M_>h*|&tyB1#!Vy3~ZbPv3S!-=JZgY!YopHZ-lczk7lwLn`?%_aW_&?HIbu zf{C#blc_qvfkN5Sez?whVf{E8Q&Levndx{rQk~zk10FIpQ&aNUcGO7mPURoaIjT1O z(cxct`2~Nkd+E277p}dR*$Pu%*?H-0g-Cih6d{bg@;c02zwEJF0=yG4oS{t`_m~w3AN4r(l66n>pdn?c@(yn|D-)0+MUH{vMn{IX{i8 z(O+49_O+O5Iiu(g_jin`wP%MfH>X9Yhm{x^?uNF&^vW-T{4#+6U;k|-p(Bw^!Rfx= zuNGzTHn&drm#4UUVi~Z$r7lKI9%Y$IYan19hthdXh<~dtHHk37pykABj$DY~BCmS} zu!pZ3U5gmFLL<9bbKZMXeF$CjvP~fW2AZ>5rqf}s_NU}%+kRMeK5N%^ibD}hzMVab zh*J7;)$YEt2ns6qFJJ9T?c>PNasHl@GG;i8)N*dF7CW~eN-P-ICMLHhAiWlZMm0Z8 zLtREUlGjecp|U8`+<+KC$r}}O&;O_R@w3J8hjds>VjWZDGD3zXTMFAZwd;>^-YwLf(K(9l;vP(+&eVBLY zGbdA~3#`dw(7WNW6#8%A_1mb~cWi!qPrkQNBk;nUT%BZAsS*uW<8CLRRC_#sew6PrGacB%cU@6G@7E4(>o|aSJzqvSY~1-N3v68558ps4;U#A?}b~Pm|qcb*ou_J z<*aIN3;tk}At3qLmaN1P~t+B~@BYMkVDsmLib&8{^!{f=Uud|?*3uV21| zpj8NXsla&CW$8?Ry$1=wNw8@0**6L_O#bGPFbaDlzOY7jmTidK?_ZRT#nLiesN$X- zkR)HcLWeJK#-AUMXK0>)@U}rRN+qgJ4=^%eX4k~T46Tn2Lxf4v+am^#(YnG_A)V=z zhK0w(Z3{R2o-KxG`J}e_CnMhccJpQpduNLtWA%O2Gk_C^v&KP$H;+PJ7|6}c9XQKb zQ02Iu2`K!#99J$_>chsBuP6S7QSP(iAxYhCn_z)^1VyOMbM0pZ$cYPEdIh32Z+ zvjORXvQhsKnDimTK=IS$FsN+#Tc(bTW*`Nd{>f&fxIL%iWsGGuSDvVMCknzO4-wDp z9O}mwQ}{jlg^rpg)Ca*EsCz&m;P`zjV%MYgMgjoTzIvFZq|+IgI$mGhjJA5)+R%Tt zyT6KVX$e)7;5l8d!#``F5dwzine@G^ynP?3M;zVKedeEwPjrZt$hm7DONU zcPiV*;XWr|iau!?Y}Zy$esGJkZo5w)Pep&MumLzx8eR`Ef7c~Ui10pt`GT|W zrRLvh@rG3(Ja1iMKw74E(=K`^>IJs(m=7YKC9*+bp&nOisM%uBGjRB#ExUV_HsAa& zZjZao>AMEz^sI(`*Q4-lV%*o&{>rl9*3&R)(s9x#OXHC+R@Jr}XQzDB39l;y?Q0kj zAr@0BsPt*VL}y3M^&+E}M+A;rqrbDoq{RK+)t8uQwneh7WCymbz^3b%TbfRgKYbU7 zNsk##j-~rOG{_{Yib(DxK!=O<=Va#9lP3;9Vz=CvT#uy^yG#BFF-q`iTdg4cmbs zU2LGdsQ=Jzmj%aoj+nhPEgl0JKnV0cUg-SQ9c=Q7U?53>8mQ(Yunkfdd$W1|9@pux zCm~Z#{o7j}jn3XCmVZs!Cez!G#RIg+lMX~fN*n@`-XFe5vt;eDzs0jLsJKF2bqA+c zM+4+s>Y!*{XeD0h;}ID-GIAar-D<^vTk4Y)!pU(f7Cg$g-)Pu-`!Wqn0IZbj65FgxaP95WzU(O2J_}YYfzK#<5L5lLZr&N0+Ie54JcxL zr}yOh0eRDuccuTifp%;F_}__t%?)ME!3LXQn?#IQ{{{eKb=v%GKImE26+p0(@Y4CO z8QZ^WJ`LaAeS}S8R!@N&tn*(ozGhT^9M*u3;z%4@9TF zpnGcarr@i8`QPvgEfX~YN=O0h`Zeoa--D>~I6UqB-MPGR%e@QT5;#}bZ4FX#-h9wXA8Wk*Qer`j7RQC$Fb?$?U($J$3bnzo4LX4d~A+9Fk423whIbZ z_CE9RiL=-0{^nFAP?Ny5u2ono^E$w|&nZ_;{`F$Ua`0gbU#$yvOKh9zG287K9v?LH z(SrPzaIyDC!wV0=))TC7!xQhsD&gr(uhxoED^`zw4LrAT5Sx#YCoODg33Q6>HSGC$ z4rh%*bU)^7_J{IXn-YHee?6T6<<_z~yr~@Jt}q@Y7o#Q6meAR-D@5>Y7?j~^M9BcW z*)X!o%mMVV^Hsvq2cOh-t5Ltq1X~>eYY|(S@$F50clLmQyCd9F;(E*bjsB(P$54#YJJPo&}4a!y~voYNyrL z&D)7DqQ55hCxS+8*Sr^Op>}>$cRwxNFDupy;VxOuY;FuC`o^n`76)FdhJPN;*ac+M z)~4N4a~N~Axe-6R9<=q9dfy=P7$t(+SxTc`^bKqD9ShV|Kdk@a()PsG&s>z$wq4*^ z({YQ#w2eO5#mkPR;=}i@#TR8qRY*0V@re08*Jfo9N;6Lzg>KUthDO_789fK9zg>XWVsV+_}RW5imh~X_n>BFuKzr1pc_&F-}h>{cIT%qr|e1>G~)1tDQ6rk z;K@ysczM8`LFL-AM6B^=VN4+F#+T-yS{EW^p(1Mi zy)T=YxqU@dUQD0weyI*}Ga(j_$2Rr^RoZim2}S{cWgt>dQOguQzyJ<^d==B*)jx3yuo%Z-k}#_^r`qx zMc)OhxHG?ftaK^BLKpq4LD{zN*yIgEm9(GxL*Ke~1tH&584-9&F@+Qtf9o=hU?j_g(wu(w zRf&QREUzUC5R5PXJPOh2qOu?q-uppXNB5Q$h;xU0yRC%hnU1U0l@^!lftS6!g&2AS zi-G?BV$Q@S>-&+dVt@FXl8c8iej28WoLEfF#6s?$8^IsA=GME}u{#+~0)>`# zHK8&=1T*cax3%;7k3)Hh3rNxld&x$@)`~p%Tx{8S zbUj+tw4ep>J7HPVN1**xcJ)`X&g*(jNUImTBsy?3c; z4VFvXwm&RtZv11i(M%+Pvrs`TQ!90KQ!i@OCRBPbev?5#;$4fXPsqHw*mEx$r6FqX zNwSDI`X1sS9Qo~K31hk=I+5*IA*);sJ>7MguR6qA3!&^SM%rv$BS|aqO&n2v-G7a#yWXSYK48bgd>j1|-aabm{3{vt9PAqX1R8Q= z|IXGZPZS8M=IZa4W1Fu&f{`In*i{GK*AY!t&s4~SzfZP^47UjeWKZ;S&U2^QYJHNA z#jeoXRF6x|H27ZgitUyAS?v|3YRB8}u4V@7)spIgo9QxPX=?p^72Z?@ElRTFOWhEv z*5Uc~=7!UBx}D>azh;bDhg0oDi-k+lGm~<*{rZGPQBl2g$FECtT$89URH_VA*+{{? zP5Uxi4>%oJz7!^;2>r^C^(0!q@i%U9K4145B!BS()d+C$2#bnLUQ%(UrfQQ8Mgyo749y#_BC3@rS!Z&pqGKlgh_B*vB-x>kd=U;Pfxq3 z$$JD;x=qWEhS?+xyux6f*mZ(Ag2QWYI@+uIwBrK^w&1cP7!x?v{L1oXsRM&b2KE7y zxsRiK)_mC7hD?R$PXd+s?kO6o=Leo)T@zL~+!6C_$RSS{vd&_6gO$jU#2%5uW^HbZ z`RNWQ6(VHOae$1TbYk_kvF~GwGiCQaqY>M0Xu1WX5ju&vj=@@2x4{gzi-dM3CWQIB zM;;-#cFaq8(@|5oJ`}ezUD#zL7fI3ha%CNrXNBpm4VNvAC_@KIQH?r&3j6pr_mfBMne_)(7p$Iinry|y?^uO4MWG#mDYA^gI%wkRk97L@lV`+(2sWP zgIoaGQEJy-?U_U9Jjiw@RvwVwBLf zUlMvsvU*FQ?+1RPFeoH9o=1(YUf_yi4SGIxG^lzJQiJ~ldUD!g0%{rTytbFhd0~qF z<6#F}THxs`EFoi?mTq!RU zc#GrywVY%3$KG&xND{kBOBU-Es_8~U_&ENY5dlFAuM`0R zU#8+2f;?B}|LDOI;!+BJ2i5=WKGfFM4(U@MAe08AOr$tHP0oKiWB+pp3H)mT!u0=o zAL{CyTuYGb;q(T@Ro;E~s^lVOgGu(EC({A4`93wo^wN2Y+B zhN~^rqaxf1T+X+svHtCnF#7lVKjWfo%i2DF?w;7skKiMhgxXiWLr_s=!lCL+RX2UA zj*5W5H5h}SoA2=0s$X@pS0-GUh^R~p)@pJv{qnPrE<$JA98uMZFlhN;wpu6#_zmTr z=O|P3$ru#{cJ6&asQAXPYUnBP3?Zc-i}C;cQfCufJ0SPc1PCh?wB4A|%6ZUQw`(

@vXAm-Lu$=Wi zL#Q}SK09i5g;_%l?_%ZNfhGH+(i8aW26WRwrr+y`8^BXq*7w87XI5LouFlD-uZ6w@220RjhoF@f#>SXQ+JPB zCN>&q{cGFWgqYRq@JkR7nCvGfCw~>?S$_NfHAz=cc5AyJY*j{o z*36%B=L5IbtlMFhQ==W3pu~J{hE+SBvkdYvOMmhUA690B1mR9JCT~pZ%`L5|FU^-) zRnTMYAwMyd;o&6z=KOWaTnkDTm$wx}_g2g#cj-4!Y`{f#= zww3mk$OZesDYfS5&TDTd^nUwzuV5^VCN5{jBY}3Q}{uI#1^~D6}@}x3?PX zUZ)(j6#nqqQ@w6PmRBg{?6!7L{QtCfu2D%~Yahqe%y`PunQ56bU9>rNIpr;{h&P(I zQ)b?#%o~POUdVfaih@8hOV_ z*8Ac8K40GReXqUOdiLJ`_57Z-p8q4(98c1jW7aUX9_@v6_hxJ)MX&R+M6U<7#o1wI zZ)d?mSFW|Q?Nhi@#sj#?^{JS(hEP3^pumO&t|tzRfub+^F;?GYyEMJB5S1h!}U9H>c)|jQiy~3Ll{o+QE{-~ z+~!m>^vdR#K^a7N9Fx#?9-WeupDZh`Bw9x8PO`$rze!oqXgW^k2vbI8L8|gLyY+eu zV%wCY?bts`^KZRaptP}WYP}@iHyayiP47OTQYWSv9vZg}Tr4!m)ShaSIaSrc_rH%Y z5Bb@+9?d?2czXxiJfQ@$cELQfSRPw7P*_&rFUs?shJQE_J!E>17L{dSr+HHr^X}$^ zWk(0dW`CxvsILLVd}$P3(alSj;gRz2bTZn{6H%ai__`@6iOY-jtgYC;Ee~ zc?RLN?)7JIljym%onHjHmE~;o)bp_n8pf@tglhql@KQ(T_?d1?JuL4_N8&;iqo+(KLh2rEKWXHo zRX~y9Jx2KxN0g{uKb+%@r@Q#4&VuzfRXjgwJyzcMP2t)WyB5x)P{plWl)tvoe-N7l zT)UDU5Me=?+vTycb*bDQwsAV0h|#n4VkGC+#n94U<>9z91p2J48hDF4D2*)`k7Orsh94|%4!)L2inSWa zP+8mU9_g;Nx^gdNUpLii!#6y}^^B)v%4IVg4W+cBuQ)kJGS(AcZmmnk;#9lVX3fIM zT?65z?3x{Gpiju#fy0(j@wCaN(o1t;seCv0xJvf30Rd#qH!QH>H__>RWv+38s(}|{ z8CH{1$K2Phm=f0nUCf0Ybrbyz@B5(ZZ@zwhRxgN&R*^~ff{&2AWq8!(*uk+ieL2m)dQ~T53)y|VK?%&&QarPB`$W%~ zQv^bfM{u^rb18NjelH~~@+}Dk@3o+cbEZS2q?@5BA8}MPB62^GpX8?gWpV z?ptFiBL4+o2K;@`<0tI98Jpt?V}A{8*)3jgV0W8WXy2+@RrdLM z)`|;qw)CvVbX|VY^911A2YrgcmmozL6@n&n9p?xz^(DY{vI zwCGV7Wg4zMJZ4dMFfB5(Q6>2PUHt?^tec8m+LwATFK0WUNNrt~ucowHdnUHe-z+!f z(^KfRy<7E8Q%e=DNI8!mJ z2bWSiBQnDg0e+!#+k2N^;V+v9uCBCy{3xsxG! z2V!aGaE==i)QKMBPCG~)a3L4N{P|2N40KZ4xIyxvHm4C_d#mLLTZ| z$-p|>@H$E&+UO-Sj{h==e9A^+groLoQ_dq%GC03)k&^a}(@Bx{@X3$3BCO z4_T87)m4;=AO0J#)IhaQXYyisXJ=>i=atJ#OJhv|wej6-ak28RdVr%|g-zvKj{yL{ z9-Y|z-#W|WyiPZVV2=)11+9M@vimC9)B3De@vPzUP6={DG26Vssr0wi9;yI2=~IQS z18(CiYKb~;?obW5n7jf$>h6-_Hz3W5X0Zq_Cg+8iy~~ws0+?^bhbj>Z_}4^zz~4qy zsUgcXxlE2f7#J*Ey&6uM$P08;uxj{HVu1BlYHKJGRB2kOy<*M3@l)bE?eE#3X!YX` zVarkKj%K_9oOsq6pO)OZOh-?*g!Thhz0wXJjOA8|AQoujS6Sl~q>Qc?XHN+XCOerO zky`3J9kt0$57rzdOM(hf;b@mlp^`^;>hcJ!{C)f3PbIvQ8uJOVCc1Tb$~Nx#M-c$9 zlLfi@#GpnEYV*5Ax}o#;zU*q`qs0;7M5xg)(?oq#m8=csP5QD+KV(JnaqeSH+|H@A zfu#8*2EDKvcO$NPH6_4a(c33i`T{S0rc!Jn6xsWL`F+aBBxr*wUt=xq;#LQUlUGvW zHUCB;ma%6dQ2_0V?Bhs@NGZdMFIAkzxR#N0>saeBc-gt z8K2JWcNuqv1dC&JNSCDc^QquftzCL*A6SgpT&;LR4Xg2!8;kR(M3!ewtjs?trUTEPlN

jB1B9%i?n@q%VPRExTdY-(uEc|Wv*CfYapBw?=z=qJ0H8NTEloDM8 zf}w&JoNAL-jSY?FU@!^9THk)WP94XUBk$n(`1;P3QI~|@0-R6A6dkOw4ZMiX$8*FS zjQXQe+#!v~a*h35Et~7aa2q2!@maQpU{8xo=&)JOnEK_bqusW!9(UXB+%pHr1U9=* zjLz;X=w3OfCo%pvW5w1>-dw4hMKR_p+a3e!xUsnrEUh=n_KLxXJ6G?)W4=3I4s7}R zwrvG3M{Z!bLcs}=j}}7oo`U}m;+#p>jWG{g^_19DzB<#3nXiOX48He-z(MCV^9#S4 z&J)LS$GJa6!e(1yH{!&uiEE~s5}0qblBo_cVTpX0!5MXJTfvbXN`rK#i>E2`rr_z| zwN%q|hcjXb{|i0Tcx@zc70%xs-bY=sSB^5NOdVM2*0o&hgd!CjH|#6cXK5_0<1gR8 z*gU?!%olz4fhH5rYBkP#?nY^Q*Z?KAp20m9vCows~o5SHdW7I!Dy~_ZVx(#-`Zh@ zI9c(tX21NnB_L!WDh~l`Fd_!LN;Qsqg=fR%Yp^x@A&)Y~t~MC90XRFWTUDQPxXPegERAu0M86FRe`>g#UKzm0|pE zFZKD-D|3J;s{&insMME#g3rq9 zr(tgU4?e0NqdEX9roa=R z?P>T9dY!b>6{`0YSJTNC&iz&8S*1c}A;wbVv0`+{O>rK**Dv`4-a@9U#WDtU@i>TZ zF_dEt`FI|SzT`8mnRKcs=0A;Om@mOfH}<1?(p=NNx&vNm{rYy4M8pZRn{Tnc!RPj+ zDDwxQD97g)wMM;!<=O(FQv5TIr`v5F#@d~uC%JJ+RsKB;l*PL+Id+eBx^cPp$lWWr z$J!(>PNT8^(NbkbsaSFJ^xFoZ<)_xNv)lDDm{fh(XUfKtv-Za0HB-QQ>q5B5zz(lP z#v|V%r(dG(gZ_yZ3kJ}b?pfbtq&HL{o{8_*CT=5SlKC0b?e}rny>Wo^omI- z|Lz6&PG`O|1cm+52ZO`UlcEkK_lx*C{r~y1cN~n+rEmbkJ!y7JHv5*LQ=E+#3&zo&J+wv8mkl-V-2=#@xiO~ ziI)y%-80V*at_@G6v5Y;KzVy=gM*>Ar_-?Dk>}t0yW-$&G*rEJ&5B8#hna9$Py6%H zTxk8GmBC{73sLzQsy*1ra{&j_IAJj)9Mew?jdjvb2H_FNo3f@Z>i%R}mj`o#nml9i zoXdW0n*BUdhay$g>KeezM}kyYvxD{<@@|#!{0x18rnd2Vef-$ci_~o*6@jJhG3C&f zT9e)WkphKONV%}~52Hn&LtFxXEAk3G?eRVY@gFy^9Sa@&?&ueu%3YXPZSsaI#$c9I z!h_I>KOfGzG(4C34Em#E;b7_f8GN?|4kn}l&(vVy3NNT!K-3x!M6J__0RaixZ7D-@ z#xNHGYuQ53C=@Y!iMWEjY@U?6P!OcE$X9Z2{5BQLFSxbb}MyB zYx%ct2;Ob6a@rnlv64;Kc8J||-URRHed0VDNIO~<*z6yGq6JV&`eOxWVrHA3xhJB*>oJSOyQx)|)b>*Kgs z=(F}gPih;kps?Lsooi_99@q$yQ=Z&rHG|M^EG<$dl+ommi(|HXWp@{#Oms09S>ywu zK_T@s@Sr3-UNTz+tUVA(Js5e!VV)-ZFXrAVEUvBF+9e@C@Zb&!9yECH;BLVk3JdOT z!QEX8cXxM}!kyqyxVxTOYyIDrfA8;{+jBdgx~ON&Imhh1wYT*#S8W__W3d@xR3SiF z|7%Y(0WPLdoJJHGvqHO=>*pbp_3zc{EFf}m&Ee(T9?6a*=bkcJP37e87;eVNhdyGb zGeo1iYvQp?k};5Ww#m<(h;*i5zNh>xM> zN&NKo99OrGa3A5=L)YopzGd*K27U2m39183=B0fO+g#bhkg$kD05f1r3G=9srDQlL zG7Tc-`2rYc*uo&W$}BxW6bn}&CeL1JRr3vRqy5HCuNNm6BB(DN;CrWti6CFgljkn>Wc?-6lXMR}txJ01boqy9B{$R%TgbM1Xav~te3FV_P|2cypW@Sss{#IeI zoKgFnk!hK2C@ueUypT8Y!hNyo3&K&?fD%Wg%QB^ zK?T`pQAd?emm|hF;c9|f_W0&ZcbRIK@1{;M!zDH$n}&;Fd9*rL?CRA^mml+qU$yp5 zw!m<0^nHE+bcK~wQ*-mCN+*g+!NU|w$)T_isx$ugrCr8ZW_cyc;U-%?EuDLkNS3w`Xi`R}|D88c^>ygRJPzL8 zMdXR8h5Fd#EG8q~?M^P`?y=UROhmz-9*S#6rMSdIQ4J0J19h|b{@`{89wl;J2!dK4 z6f#rCQQS>c9HIDftaNd{PlHkljXPZqPfUF3>b++9beX74Uh4cum?Gv*702MPjU}VQ z7)}lQR{Ch>vSsg`1^&;$?}2}^RmDL+FRr(|Q`+vC`%xl@IVZkz2UU+o+8nr%yYEE; zPU{1ai1s6!-|fK{b4_zv$Ggyt)C!pKJyLzfHg9gb6uh0L9;bKlFnrgYk+yxZEw_FK zoP2sx{=jYO5~!t~k!8)nl)Vh=*4(;KTc!W}ae(pLV<+=h1Odb?MyvJM$a$TAr6)VR1f ze8DKN-f0bxa^m9TTDsl@=2hQuX72aR7PMkIP6KYp8fpTso9+P6|xE`l3w8{ z`%&;*PUDVa(2{8tbXtoU_Y*5yhkH`37YYvPYZym>b&FZnQ??9~(81&sR%DYJ0t zeHfn5!b_jnjr3$GY+X((@}DbFiNPEm0&;LJB+Kk5^_d!nXY>4%E?-HN?|HtD(hGQu z2@=@*uv20c0yp--_wvUwGKy}+XcfszzaV5zM<`_Ne6o1-_WH}Jpcz*XAmMgdw7Y+X zolt{=`~L~2*hQ-SmrL@u`?Lta+@82X7v=eQk+;Wz9pw!paQXK(Nmm!FZA8X_rr=AG zB4GM%8lTs9wH3YHZ_$3L^D`Cm=3}i|(jv#IUkkZDh1F+yT-5X*>N>sIQAe>SilymL zD8WC^R->G7^qF)<@2;cE<-=5DxXtvp+kpV_BCEF&W1K7T`GvV5AsV8;BQQ?f9edhG zI-g9?w@lByvDEWSsK2qHE&THJ<_6HkBgW6ce^eL#vBqy0ZF7JU3QK0HJrQaKb~Y1&9RTkY6ac=ukGVy_danpJoe8SKn{DY97~JO@73DF*5q^%j9#I2St> z2Wwfvof``WJ9eH6GKsT06`@5lWnre9s@eRl_#A8I+>QyR4`0}{XfF$@0Jo@Fs?zy@ z9NIk%3+aTRI9S8E$jG*i@TM5Fi5M6^)9n-ggnDEY9c|psCx#Teqq<2o@i^@?*uzfp zi`n~IX8FQ&lZPiu+e&3WF0b}v$8TS}HMM~Ei35cG!sR#+7?!Fgx0H-Xr7sSfJ=o24 z#BAx%%ynf0oo^UutwY}jpihhaI7(}Kj2(XFXIT~{J#KzBRjo|ObSQ2UrX{oFz`&5w z{nkcRWi>Go-T+ULcLw(%itoqC=IDdtphc=qdT*6ALo{p_0}Pt8-(z_tbsKiITUh#{ z2X_EjMXq}L83(qrjPYD>Iv@E^OKm`u*je9g+<5xy5hLj>y@^sOKIWV&wbfg3`V>_` zEYlR0Jw3Zhd|cuCp>iTiS5G`!#llZ~xrptFJb5SKGX4QTy#-&sSq{bAM9o5&!JcnY zD5DiJ&^MKAnWAd5HeH||ad#fJ!{t1C+f7zkw#Mar{ z+yTogR^s)dXV{CM1rws$L-`4b9VyP1L8^PKznt4RMt>$Bwur>J9%Xb27l zpPFbX(I&Z}+va)KIq9iL|Gw0oGnH6xNRMV+I>;AIKuPuYy8p1n<3sK7qTAuCmhl!c z`mB=!>Un>E_Xomb+r;~Dz87bepvwSarg6#W&=BDcC6|pfeP}N5MYI% z(WWrpa619pduLV=XC$$gdM*pHWYk_&>?o)M*HAHMuom4QV1l zbl6A}B%W_|10vD6+UhW-tmAR!oOg=|Z{85`EL9IHmnbP!WjBZ*R1Z&2bf-378&{nn zP;%TExPw6-9Npq{{%HOj)B?h()ZJBDOXnMqqS>>sex{Op$QvyoBD$d?=3VV~ZUBGUx&XeytXz){#4N!BXMNx!aRZYjoC``{czO(jm$J6SiA@GWA zy`WMo00+du&Nke+tW2#y9bPPN)2WgTRWI34P_2S?XMe#nwq!i=f=Hs-IkZ9FypAi5 zspC_v?z5Qnqj=~*DEo&(6Q?7#dNYP`0BrcGtItdt)l~DI=dJXak9BECx=Y!_eDdw< zO@!&~VEv%5&KP2|X86R=g}RB3QG@u_t^=n^tT&%sV5Z*;x`-t{&?$OnpY02VEgW6=JGb(!p#{!;xT((yswLSs-5wUj_# z`!|XkO=|@gWWY^qnm;Amg|+2){v1JwM~>jl4myD`0|giO{Aws)I1(-PGEWh{yBG|MyV&<6Ypu;=pPMqSPlb(d zS>BfTE#4XXXcOVJ_PDLbACoG?YD`Y4_jJsMCVftmAu`?8XJs+BDDUD|a*x&P}h+tp|fTlbIa;$ayGDd}!a+B+NS$Kf7QI@Ry5yF}fh%L)rvy zyS#>aE~zXoEfv3G&X^(jja5|NBb}=FA4_Sij`LtPO@-mKt_qZ4)Zf zR%YBp=u#M0u$y^!1>ah3@SK?Ql~Pry-nw)6WNhjhx<~Xs2LbV$pwX_T&1d9aIzu_9 zgD$spCCsyUK*jmL)yj5bv4INtlk^=F*KrPw#X zOUa61VAO}JBY56f z+*>lW8x!;;MJarahQP`3LfKm^pr?>VduO2e!Oua~JA1=!y=50}eIrXhKUJK8vyQYz zm;x`a1ms+cHN_>e%FpMnJ8m6 zdJ4H;N9nNe%uqk`=vjlKsX4XS+@9jDelcVze0vNF_8i5VD}kj%a3H4j)NIGouG>VXAEHjv%a+verzvVw`50+5BoAhu`))X*$^( zka8^~`;Hl;@iD8&}mzxz&licbfyAtTecIqebjkZ)@L>eK! zPTW=hn6}ke-QcrGU88ae%8?w?%Afc^pxCFk4L;OLh60iP*ga{QJ?0fg+)DjK!g;DF zF7pPY$E2|sD}rl0V9UfD8y{WWPN&|HhFPEB2!DueF@?@TLm9Y0^&4*+v}>m}SL?!a zOuHiz^Pn9UPSV(h_Zo&;BiKZA#UFk84%%0YB(dPoB%HCqmb#(oGum*yHgR`98C%RVI?Kt-OZ_ul+*0}G0Q5$;F z_}2FwE}4e{)VgKLEDm>sueceJg=`N^ajn%Sa4jZccN&RZguX=zzjgeOL91GXsXqx2OWD6FzR~`pRU9T{C6- zX7hWS9f7?a0F;!?n%R+O>Q1-?_0pS z@-;jhsUIlxlT2n2D^4CY@6>Cn$t0eph1>*e$@Vv`P;Q39113JlT~#v=2UnrOhuB|N zm9-i<>!*pB&8IG2A;@W`SIgI*&G1#bnVV<_JXP(PtFZ(U5o*wPB8(8<4#r64-$}u^ z_+Rg~vhzo??-J&6sps~E!IRMC&PCdwGq)F&_cNB;+hkYg!z(ZIg32C3f!n3i)ykIA z_4Eq}EUSUig-@3PV~afLe}qb;8nm_gIF5dH`==7$Dh<8pZja1<^On@In^I@nh7_}z zYg=hQf}Vp2%sN2n$x5d>?NQVD9Dbe#$*ZeTSppdMZU(p< zGkK$V+R?9@5OKzZH>X23DX9sb!-}QpGky-yej=R59qEPUpN=Xua07Kus_9;e6Xixv zGf;sIppK@Jecs=VG$aPQQ$a=1X?_-IG`s0~5Y0vk!~J=+WM|fgDY3pZTRfCZ;%Ke* zcG>G$Q_kXwnA|<0GRKaic`on7J*{P)eR0u!()5tiW1wtflzlE#Cm!?1f7Nq$PHzvQ zAm7d$*1>5lnUUT?#jZIh>$!*^#E^7HK(R_wf@p_s#Ix@yRU>JDQ z?}_m_AgVmd^xqWau-b#yqCV9r5>n8v{bm{G*@-W($^U6}c|L>Y5UFMs z29$JAyT$}1pR89xrnUiT6`-*fw#oTX4T5N2$ z{teKUw>%qEbJY1^TM(Fj@LhHOo|>KOd8T!pO1NxE#AD044Q!Uyj>}aCZe64z)OL;b zUky=YhC>LKL0rs}&ymMf%-(o`4tPIHQ@%3OV%93T0qE(GwP8N~KqY6j2aOZ=?4|h} z)Giii^*b3($o3%{pr z4F~nMP7YNd7>nYOr-xCh?_pq3Iz`wh4cZ(_zWPxXFUZ=kk+~O1^mpYIP(`k8Nn5-U zmDF*YJaB8TNoxLls#n-rJqT-Pz!Xi!7h0aFYa1@@aZ`a3`u#)c1kCbh&T1_?&&dm@vS+v-I*CV({C%Q&ZcW_ z9GQcIWA$*MdxZ6kw5zBD1DSW#bi+{0C<68Em#9KL#rD91jq9fO_sb#&FGq;zwxrbk z7WZzJiz6<3#(V3ICFa@HgTS8eIsT>K&wW{#cC{CKRvkQG`N@fpfIIjrKX7B~2A3gy ztrt~spqi8`0vsci!efmgHqmeMbjv0iL`F3pz~xPlL0bss ztW8M4XtYO#$%+p5`QMdf9_arRfH$NiP8LKZ>TMR zer_}IbY-=Y)Obv)-hM<$0}al4)|1X~E|^(3h8pe3Ja`EZM*&nPM)*pO7hD}ZZZ2jf z_h!jjny#B5v?{f$H#`yemW2{XB0d+K7^#YDlkTD9Io9sg9kB$^Uo?DIfR

DVSsLTDAXZ749B%)$Gz&c4_S%zd`DvF-ZP`*| zqYptzt;0&w7*7Vorfl8h%68XSR5YfHF0czY!u2FMyq8f|g!`ik&)q~2OH`F42cV1` zeLMd2`I`~!@1BO5Y!s#+eG*(*O^Y#vDCUBc((6Nx$nNqK4Z5`b6B!-*R;A4JLIslt z7d*@Et%{xMA5G{aQ(68nF{(&YT&aB|V$-C2kqQv+f%Uwse9{WJ$o}$%CgO!(wn;eL z_+8>g^LNwYJ zDne_ueNsmlNBoc~(RvO;&qZu7M&gbqUusy%{F{o9cxzM)OXX7sYjnxmZ(Bylpd%>a zh#GI~&t5GQ)X=l!8R~`fdZAW>t?PE^zw^(YPW=L`0yx;Uoy?KSgOvvg@hq~O%{px|bGfwXMYz+lUNfZ>s^ z%_|#Q?^yn4A9s`_Bqwbaw`l7#MX=7X3yK^Y;eT~mAjC_ytrk?`pr0K$h&p_9JPeigAZbwGl<-iauaZc$aD09@c-8#$52a_0De^kW#-jti`pJ%kN4aEM{e?6lnAw9KkjaY)PZws+NukS}K4&Mou7u$+x@B4=YON)>a z(Lp&Jrr{;u)}SONqt{QqC%q4rzlg$TfChUv#6Z+v!bE8ZG|)8*=($7PmPwzs)Q{`6WBbC6Jji3#qR zm0XnP@Wb2f^~aYC{BM^IC7HLodRu*O5d?!`)~?;TNXO6k^7TI`QlDfulOnEgX9`&= zJF$P9O?2orrG*w@aEL==CbZ#xYva#&A=uXG{4(AOH!~_CFp?Yp?2KCqyae}jd&E4z z>(;Z8mJXQT?{viQ?;_|smtZXBQ|P!>idY1fW^f{WrnN%s9n8!>nrKz$s=+zYG4C}TLSWEC-=WwW-X8i zdKd0eNUZK$aaDzR=J=~pge}B*64k+Y|E&sY3S}QMcj5?r%*Jjn4b1p{=0#Ox-nngTz$6W<9Cpo zZyg`yhI|r2L@%7Kgi$;nDM`-iH~r>1F&eHAHTpr@<&EAOZZYjGHJ^TSbYDc={rc4D zr(3ZD$}@}YS+FNRa)hlb3Ve@cno{q26bAfGhz5#zi|o4Czd8UfD!ZZb&tY+5OTW11VgDQB@|)WiE>e zl3A|{tw2FDR+*$+6h6p*j`WPS{hgC07C+svg468qlf0f25s|qJ8Vm%>e`~9Ukp>$RE>F)aXE%s*QxdS`1!dwbr ziI+uZ8l+aMJCo;bT>dtY`-n+#1j6PcZpT=WW4C{->@?{M!X8- zPmz~t9MWOxV|RgF?E!C)FoKuKnd^nh{>=wBjL1_m<{J2A7^d)y3AZJ?C}zPpiSQchS!lUhjkYJ+B!~UM|K|6;+@{bEB&=C z6O0lM4^M;uKNpkt)u%)IOp;vYq9-pup7Ay5bX;a{upjhPr8)kIHV?crZ{MC3Z}MsA}@a3gtc6J z`(L`>FH(?)c^qR0K|<$cWznDmf);b>%PZ{~%L+`^h-g_(w;77$5F|Dygt!zJzYq09 zf1o{VZNI&Pb5F1JzLZRjH25jkibu*fZ6D>Z8h*^hT(?UuIR83)UGS>(^AC9PFiz>X zC7?k02NvU$n9u)H<4=a93uEE4gQqo_lsBbX*EDjsMuf_|WQ%x?&ZE_5~+Mr#uq1 zPONR3o(6bOAQBt?230oUPp)+E%`N@*wI!E&QXP~r<;m+QKsk)5Be8yF}Y*DD(jD{;>d%&IE zfD5=`_Cw`J4B{Wywp=?tAJlbv*D9Hp;pS;TNUjfdX`ab$l%*ze;wx(QI(*#-b!)}-<28>nRna=Y2(aCU&Ai#w7K+9x^sDQer z);qK^ukMD;4d;ktc&~EAW?t7usM`6yjNS1QJ~yCN1W*dZl|ZH*JNgHneqUV~Ni2S9 zy5tESYrf({%NT*L)Wy}?I zQ?l!$J>twWp;3P|?~W8HFO}`(xR$FD)_DF@?3>R>*_tZ1{ICIT!>B?`( z^_*6xvS3>+06h}VZ$JzOfll)SMjm0`VceZhwbI+^X6ZltU1beWi0z0QFO&YPmR|rg~2WsBDpR24Njv!poqJg zRKy-RS|&g;h4-E(@Zl@Bg{E`I26)c0w(R|Js6o!zG1^#T;mqRSab#*51|mv+meP=~ zyT>kg5BUAE+FR|SkMx9sRN6g2)Z)E^fD^=0$g4Snc;D${(7bF9-O1=)IVAYUH8twMdru0#67AYv2k&SjBGS>>qj9k);tH?0^-D<8H;8kAIg zX&42}h{Y@@cuJXgU+g;di(KxX=n9^#27@1oQzn5KgDQ0;(Nu zPc44+Rlw5H=p0S1RH=R2(DDE@R)0B6IW@>hoGf30j}Y zpNPfRVUsc*?EVCnl@vA$z6Ao$F}Mg;t&GGLC=V-swu8y_FgOCiWT(aW+n48|gk-h` zQ*okgT&EzNFPu{SGhuH=ms_L1i2nR%92FrsRB{l&Han+Z51USS7;bcZj;>|UP-uG!+7$5Gk4^bi4rSV?!^1=4YxD;e#{W#a==vMH(aC(<>CErt1m>paZRx!-#9i;0DdAUZ4k^CVk*z=EtgD_OY-L$8!e&ZDSwy`v=PU+dNcY<${X?)9}vZZ|Xh$^5rC;ZGALc_!VK z?-U84Q-3}jI!kLiMPI4rhTPwn^WnC@&k>Nh<|Z;li|#C(O+Wa_^x>Zm+vJC9usWU> zitLtJa3=cb9xW#WWc^SWR{zujT?TJi8&&@N1rKCO9s{yy2sYg zK)VF0-`(|iOHulKI_$CZlyWh0x%rGv!bzH=b3`-n#~;=C?MmbCs7KyI%yv;fmnRmf zWzY7oe4_0KE4|P3Ei!vWFKP{z#2OnbiNXYdn7=1_Kejr(Tu8JF2XR4XEfB6|Ru${=%uqW!)G}oKkOJ4CoCeL$?xZ3MBUsRf+ zNXC7+Go{2zR!QN#;U()PDR(Ds4}qn|)Lur2 zg|x+BPrD}WZcOcd>a4+jDhV#28YuC$5T|ftHT7#%v?1Jy${j&^d-@Jo&D_jlPuW06 zK3v>YbE3uWITh(|>Z%`j0> zbf25-?b|$`51w8y+`KzO^{61i84|BCD=F1FGn2i0kQYPNFJ^zMNEpiZ!+d$q@!Mh) zspG4?d-@6R8LMH5GA{>wrzRD7v|&uD??w(kc(#VX&#_OA{=u5)lH*+X;@?2w{e3H+ zObK#8f&k|Rd{EH+r9uFfKO-_`%Z^d-<1oA^+sWw3658|hsEUUlt;zr4^WJxlQvDaj zgn@PzkH_`XXv*BoqVXCqBcoqXI}pCR9zVs!r;z7=l|G2~MBX^nxoq!72c zY{yz$svcP=#~NuTU3Z%O=B2G;pVmot&5jbz({na3U8^np9`jnxFXC{AUv0J!K60L2 zjT33-dM^84djOlxC$X;Q^X`ps!{Ramsu^UE=#7D{aYpZME9Zr?tdS6a zmBZlJfw@W7sUTIRp!|?@k4}rwSt)Gi203HU5+xlck&N^#v&L7_dzu{+OtL$>ixIY4 zn1%UlQWeR4tX8_y*HvUqbAr@oDvcnXVxMn)$%=oWZ88ny#Sja0zTU?45j(Cyi&8nm zeU)7oh4susY;8&9+|pK#ldFlr$@(PetzpgXw@X(U>(@rWtx<3XQ?$L8#5T=k4%|Nw z;n)1pRMjsyA{JvCIu3**u(`kfLI;1-Y+^HgMX9qs^3lH8YI|#s-_}YV`+i%-C8Zpt z(P#M_B9&{hSw0aqaow-ys-m}QN9+!64^)>V+%zxzW~D}gDNB`nQuyHE0_tY$*!BRY zu+C=*otJ#>P#=Xr^b8wm@+uyS#HeuYtK5-#EuM#zp zHTg^OSm=n-$--ZkSH_l`Q|=Hfql*3mI{aCxfJ6D>6oiy%lckGDDVA?@S|Mq4(CjN>oGu8(ylll{k8FIZ>VS6 zXf`V)8y4HKy?^G}6_||KgZTev|4yUQ{E*Tb(){w?#@T^fZxd_U@TrK>c7l8MB7JBH z3<2ud+kNWmF@z#{hWU0c_}0pgKvbI(JG+{)9y&iJ+@eSH1qkLsj`t76gRn000+4fb zWXl&_!gr(}*Xcf14UV)>gjE>rgHjT|7mhxJ4^-!_KS$fz!OQRUt5?Y#alr4`_Sza6I`{_^Op zJpAG=dTVSPPg3hdOyyu|oym}?A&$$N5w)}x;{4yX``)r@^a!(OBH7PMBE+||CO0s< zt+N$|GuRr$a3<x~JSaY*J4YsH6!ypbVo;FA#BD$;L-0PF;acM|x`Blq4cp6C z8}U(oT{=QTrEEGxqb^>|a{=9Un=&X+-A=6`3W3JmsqaAnm+H(I>Z|ZcXLybvm-ma8 zAM3_{=n&_s&07P7{x?~2DE}74Jd_q!BSa-hHw>2w3{S@jy*f`#PrAa3Fc9l}*j!G$ zS-nOm2y*^>)+l9im&)&wqsk-s9p~^`|HFHPL8^LHA$iBpOI#jTTHjrVFr*MX_w3I`u!;h+30e zO`XJ%OJYcmk9}id5kh-nA>-#1_nTNi-!k{n=vg20_gn(ph3$RIa`n{Gb&p~MI~24W zi|^#pn>-F^-RP0jF7V{cG?u2U*5V;UpwW{_;2rmDkFaqW4U7y~o}xBgxJ=Rcb+is2 z{tA1pV?-zCxhnc$-O;mG2Ti+JJ^8LML~6k6%itO|07ts0%%3S6T@D6#-9#I85$=(4 zn80jXydHn6HS#FvGXOtOuv@fDn3H@^m}x?&gmLb_-!PMXh0(9R~>|2M!BhWQPr;TeYPG)hTy0ezRM(9FO$q-tYw_BKj4~mCk(Sn=mS)5P) zt$<=z2gHEi@vLO7kVd{LT%8^r^cBB1q^!iciTl`b%%3otp<+X~2%}iDd*kqscKD0B z+WmxcbdqK7z!`*|YiHC3gtf&eR!e!0t2kQ7(7X(X=X`TLH5S6&VQjHTB2%+YA~Bl*i%fwSnDGo@OMKJ0jc6w=EbM^{{^eM9Q--$P!OC@+{afpt@PrXy8ZQ zIGUfQ_6c2sb}6-!Qz7;g4?W*}?N#PIUv9Ikd#(WPDt`Ep72J>z||( z=tbU9hosh*aYac;AV&q5Fb55fw;lMl`jCFirb#MjcPQ3+lCK~KaW8ol^ei-f?CWF; zXMZd3mGH6thyYWhOwknhQ_n&r3l)Hx+GUIR6iL7RNlAp6Lj5q^i?9R zWr;?*{(R-*5A*3eb=(>I%rqgYQx>1B!s@P|B+p1fJN<1aVwO|vJBe*3H;DJ5VkWuk z@M`f549pWz?XoV5TQx6QB{qr*1I+me*r|2F7N;9&<=dq1dKTmvfZ@^1ozQ^y$#+_o zy59kHm!IMPto5TC_Vs?U&vw!+`M^L)M@R9b)1LEw-cjZf#AL-3qzh&(lG|4s;ytf#Ij3}dNtWOO#jEn8yMD9b^;v{vRFpo(-z6WIU)$X5L>z@Ag@~jve$!AESxKG-!#>%68+I}-?i13D$3|&tY2Mu13)Fn!QcKy3 zlE^KQWxcj3^oi4c6{Lq2nM({O0Qc?&yloDVo!s?HaRK91o*{*1;J>q&xv=K0@QePt zX*~5rfi__G;ZKCwbap2WD!c!;ld7*LPY((d;OJ?}VAHb|TZ`k*1;>kX-NKG>anzO(UZxp$a*Yc zUO<{yDWW~sH>I5{eUziZ=C;dCg(%n$&?jk4@=g)XTSKX1B+&rxzP=*j>mKX=M$aGK zrx0fgIRhzrMLG337xDP(m$i-MziMXA`ZKx@$FIhBp;y zMUr2LccK4V^ojASBs(x(me)tEY!o{mOB>r-->vs!fx}hdOO=e$vkO9{YF(C_2xoDT z^l0=~2RELm+qKhKYivRPM4<66Hi5*fRy3!R$L%;bKYvN0eXweC7t_Bpx*39q z84|@kiPd>{?4wK7LyljEqLyz_W=9^5svg->e!d>kJ5_d*3@70q;Mt4(n`Q@xw%zjs zP1EGmAf|NNM>{q+Or?v1AG}>H&HN}D>$pGD?=hKGbxFduf#m&oR1`#-=mr$DKG3vs zS-&n&WJ)j}i;5AgI~4r(->h~uj7|G;)8+p$q6MBRT!;5CB#SeD=$n`n!Zx{lsS!qo z4;5PuVEi?8fot%(IQm;7zk2bnOkb^WxhUVRZIeek`zO%<%AxI39P8j)B2>Hh zh4vHlbo$1NdVZ8d71}AKv$NXg@>CZehj}ldbMX9DN==8&DE3rMz7yOpXK7vfK=fRr z0O=X{;CdqM=^S|DUbY|f)kutiQ@89%?*SJRlC#xTNPEB^@}co7T;rs?La1M*e!MmR zkpBb`5QKB9+(9U{j}OZ1;fLW#ewJU*>>$8{Al;fC;3DuGRh}Y4|6n5>x8s(**2!wG zU9b_I6|CXKFjt(k#M(gH0b;AFx%;fQK`P5LsXBlQBNhS<)<4C)pcu6ENcmCn0vP)KGg z)46DyGp2Upof5f)8??DORUqN8f{s^Pl=D%`mBc*@uR$TNF4q-VA@VS%zyvN%@eHe# z1#)(pT*k3=(Jiv+%`1LIz7(OmQ{ctv?e(Inp7r4Y+9Nlc-p+xNX{+5f_kT4d-OkPr z*l_m4<0_h!X=L5@veF?pDdiWYQzMi(c&kzI`xaN~+>@7q?Si37#1NMJ0tG+^0u7sU zig;JMK;IX-4Q0l(r{L`lmSqgWYcHo2h81E*WDjU*4vpq>#RvgAh6mj(@AYoZ{7;^J zRjRLCj!sCLGGo?*+HeWB7wK`=;a1d0QrwlZw*Hl+LX@JnCY1$m^_Zrc@kEplqMmzB zn9!X)5%X(JK>g&ra#e*rt|E0=@*;h0^kdZ2HJRrIR^6GA?LYpD1@IA$WI3z$2B|N`6qg7jT=4#A!31>egv)Ua?Qknf% zmKC+!IwHXj)cj+FSlhl-iB2-nFDXE+4EeXn=m8z>R0w56>gBxuaGlCa3|SU~T%Q*D z7i`9`*!v``&ZvGkn#sE~MwiAES_T<6mhDpFMeNAzd9BfNetmvKC&OvasRa+*eE~m8 z-jogtI#A4dEf4eCQS~Y=!IGoluTiRFjVCI(cS?7hb&up&ttdIBo6h_=U40z>Fum_> zE5Ra3@axQLyQHIDZGE+H*&fv@4nU6J6f4F_>G zETO7=zvC63ZcnyAvrpLx?ML+#pnJuojp7rAaRq=a!-6w#>J=N*+OT!m;421qgZo$Z zczG`Ibwze{A|O9s(K9#`C@cn_4`YNa$X2L5>)M0unI%ByUsJsCE^vaCXUVd>UKch) z8Om)uH_byTw4~zx@!>K|=6Kd+h%_c=FTdbe7wkx*FB@om$Y=8rT8XYc6YGilLTkle zN?LL?4@E*(r=jm}fGBqD^25Exwc@} zN|q6Z_!@P0=T>WYC+N0_qk~uXM23gTLbZIKidN5`y5n#2SKWKZ(W-bSOC2K-^6dI| z-K%d-_a}*PXBV>WN94I`OrXKP4Xpo;wH8xENqm`LFfeg$|;6;u1s$h)P5(sd>}*N@x+s2n+@DFl-0b^F1O@% z8!ZxV1jU#@0joR^XU{|M)vE1jh;zok2NmGpEB_lgeam|fN9VxBJg6ecdcfi{I7v{7VXx*?&Ij$zWeP#wg8uhp*UAT`6Ho5Q2%^4tpqvfl6cQZSv(2Ed z+iGa#M;(<+Y+U2J3un)qY&me-x0FL}pdYe4(nQau3J)}zkwzN}E$ju!Gg*F!&UeRD zYt_6F^kJL(7`5vhvv614}$nS|dBIY2V!#0#_Oo~3!WLiK(8NZFi<^~IAr#@?`!!^w-lF!_ zuHN)tHG&R09^e92z*HouUo&~_oA1{@&!+qq7+Cz7Jx5sdMLG(gZ!tp@zk6bxbk6{$ zgDxEexZ+_}ahzuSiI!*+}R9zMV^7NJkxttxBJHJUfnU= zmQyOe5|j688yuF5t%8T>OwOOn)7T2NfnO~`8vC1DW}UL(QLO2W@7e;7;l08R#7HD` zwT45)U~sq|lYK*Q1SVt6GQs|PNk5A;Vvydz zVm#v7rZh+_NJ0xfRs3l+i08V2HjIkNDWg#VeWq5JPp9ChK2m0y_l|AIrB3+espb`@&0 z{Ppw-FL<%L3isbxNVSG63A~>m1L{xDai79&_#?*B=n$*GH)n4Q?eI$f!V0x6-_szv zv)$;6lOW0d-=e&-+Y-BJme!#B=X;YcnXvy)Z(kV{=d<(+L4t<__u%gCK@;3v7I$|i zKyZiP?h@RcKyY6m*y03thXA|p@_)}cb?>eBe!5k6Yrj0ZH9b8&Jx~9-XQmtPAihBW zmOL7Xt`VaVdVR~t#^fh;!G!-zINF)iaDg3L)WU65`CY>#EZ1KC>QEi_k<>@8(FmJ` z@EET+CVY7!N7||?d#8(|{)aWs>y}hGDn3@A2dU0Gej#p{r?8M^r|yd%m;X~J8yjv( zE1@5h*WQ0~-FiKlz~ePv&p6-1L+-_VC$jL-4YDge)CQU}1-SH(Ku>>eRKQXyl^sQF z;oMmtQMMo8)(G5kWDR)?F190T-jTwi=?_G{_dO{4Hv2*Tecb1!%LwB!4IUJG1I7 z{jg@xCJxk*a8dd99rkC)-I<_BC4>Fu!}+?k3=J|eGNum_EY!JC#>K?MDUOcP#>Gyh zp{UDmE6iV7GI#FNkW|)MbC(j+dJjlpm_?xI){^={C-WsJLB8|;g%VjciJso#L+<%L zrwIq=zR-Pk^3z23{eWCD+0LzX!4n0DEnN`x$Ijn#s^ddH$e*Hv)bIC=edG0&sP?9_*WGqpuASu|@Y} zFEr(g(gN*B<^7#`d$#hk?5;hCcV}++l0p)JvaGMWxP--WC>-zLc1pJNZdy+(Go6O& z6Zpy*0d?xWxblsCZpPTQQl81JGg0^L^Wao(#^_927d#Q?F7)!5E8e-oSg}?aH|h9L z#sEZ^JIXhk~*T9d6y?Y}3pqbc9mZ$d>ltqK>& z^r?ZXIfi@Zi)!fuv^R3S&Mwo5*R2e{TpqsH4lTF(GqNIgS4={@NC<3H@OmGs`HZmN zD4c3<2|0NpXlKf8?eXr`j_jbi^!EH{QD||!qOX%Rf-fHXQ;y1#e~kqmz_o$fala}` zx}MjS1+X5;VXoAFR5q%aOZ3>XJ`v5x2@ET8YXNq42q{w@@*H^(k3%L~n4G9g`=j5pB3D6gxs}i&V`ou5vM1AAdxz!#V{t8pMd8ft_oOvuPGP~8% z(Jh`wxZ~9{80`HODCv%+j;8L~LGr1zeK2xG=?!=y_q7rExw&V^(tN1lYqlyI7TzD?Sp->tDIhNvsADa5n# zV3acow(-4Pnw=pl{bMK7kl}#%h2gMmxp*~0f;)IS1)roMoG&Bio~70PK#F8f_i|oM z@#0rc6=Q9E9yoCz25GyndYw9`u%({q=nazfcm%8_57R?Lpug9*1M+t>BPZr0q$`a} ztIc96)80oQXz5s#t$ivTUzymG(RpKIrYyE#0)YL_#q{T;`XkeIK+4G_S3Q*1Zbs0T zSi{DL-d4xmVdwjcn+DfVz!9f9c}Gp8+6Lq&xEOnOwo!N;siX?e)Uy?{YwbA`Bn{!Eflx~#o@%h%wK%qj|gr#KL6?v}k@ zq|pk}9&>-8Nx+TApfK5y$0fF%nDHgj=SSVH$9Q+DLkwMu_D^0%dU?ZTvE8nuh4%-8 z*$lUx*vKj((80(dm%hktTrTgBS7i$%D4sf)|D4Nn8L07brut)C?^-*~qq5)A?su)L z)Hn(U%_veeyH$}BlAma{q$1rb^^AkOlMH*Yr2bW&VuGULL;NL?8`I`0!-%PGz z@A!Sb*=wDSw|M&BJQu@4=baxrwo{zWvah+X&jiLn5}m+$i2B0s+=;ZjSc;)&`Zs5- z^=`)=D99!?V~QiaY6B|yH_QOV|BsJpcW286>*Pq}-`Zqk8gRvt$e**Rj%T;| z#pmaZme;yo_IU1sZcu>O0S;*0Z){y(_S@utj zLHlPNz5-t6WA!pkeX`sqo{EUMcAfz62KL|9$~;du!%lhw>3|V-U-FdwynxfIcLC4PrZKWgUL^cm}(&rE0c!;H+gpQ?r-pPxQi*(-YxMz_z4zL{CE$v5)!q* zagm*LPHk?444ht~M?_Rf=cM{SjPqJvDLx8JUH!6+pKbOwprAN@zvxeVem)`DNv@r9 zb52?u5N)}fh??*0;0&OkBx3VB9qdXoW7;n`u#jI#RkJC(yEzf=;=IDh{9P&b!UN~+ zecQgFsNqW@=rzYGbyp7xxTrViI=CiU$sg&stQVr~?Q(sqa>-ivREZ_+^H-KMHgYQw z=kUN>C9oo!vxN2~Ma5lxl{do5FmQw$z?9e#7Ep~Cu zcTGrZWJC7ww*A60sY)&-=fzRc)V@gcy6?&{1H>AAKP)^x)bCrLUH8)hCF-*CHoT}1&IIkw_4vZvBY3ovptFjwNL2e*X-Vzu z?!4{l{m;&9r*AVmJ7gKa3Hdp#5Byn~;w!**H?)o#FX1eE);r@(J?sA++kD>V009n% zivUt=CVeO$TKxtAj)HyT?-WgRj&4Dvn6uj~CMcq-sK-7cN3 z-EVR5W19Z52B!S-j@W{1= zjDPH%+KC3>;P79IYzC0wu)d%~ug9cNtjE9}MgTu;->?jL`o(tgBi@8dXRthVw8PWn%9#F=k_-#U{$;wB=_&{E&FC@WVE5g>o-%y5ID2hfF`jX` zh2Ycu2&;B(Kh4ap@a5nViPCqzKcOQ@OLUgtc1k|X!&+M2?v1CCcaHPc#`Rh01W{Z= z%x{pZUMxVnnGtKvBbeK_lFdq-wt?4Sr)o~@Dn4s8qCFayTq=O$GK1b2rIGAhx-pFT z@OmQanc71X73`ltOlEpt3Wz!~ReDj*_Moqvc03Se9sb(7OHg=bqFxs5_X1R8fwiLd zgY;Ph|3xn{IEXz3%>I>gea1mL0TU~&8^R@YRbKIDdCsCbRy8kl=#<7ju}%4EGv8M*nP2ME<7%vCxr;|DPAZms9;r*xB^Ar}$|0bH+_RdPsj_Q^-zQz;3LAdq9@DRwE~8JYa7E_?<|pLWj`FH#iiI5hKyvfryB8 zkbUzER+6^b%+W$XQ0qnZ7PO+)J#Qh8Uk<8A*g^=(vH^+|pj7wpPqfzV`0z7C1Q&~R$C>fZ^7>qSY5C zF}5(I%)!uv?b~!V)gKyM3lt(s9YnOb+Ztx7^I1m1{) zm)i&9wJn zW|;S)*+8~)+MiyD{C`4q)a`C6U8k4+&#(t=Co9~dg3vTOi>Bg(#AfZ6Zh^48I|HVV zXG7`JPY6n5j=kivX;jBoW=Pa`E#c`8t?#t!eQ>K4{YU%Z_(kwcYjBi=ci}}(#yecF z?L}WGBMIIQNa?9y!&y)+u`EXkjqxlh<`?+Hq=4oe)0<3d=2EqP8TYI^VWerjulUw{ zq`20&QSY<`OVQa}YGWkaL33dD_n_Bq%vyZ9bP>SCii}qluqx*xwi##EaymlQU~bUw z7ncJ)eK8zB_sio_-;@1YllcG)BN49OK(C09_)WrFD|IgmCg+zDK`@Md_DWZDQ!p=| zVxzew&F?5d8WgnwzDou}Pt%FuJ^OeAi7& z-yZG z^WG{``f|8yT>rhvoa| zumEpCVmnq|Fo|@-ewTFfFL9JQY#_{T1H~lmvPXkWV+nj5Lnz`*BO^YA%|q=Q0f}v^M!E zG0lwxz)rZ!Y6tU+=V&x&$$3h`hukWa{&v@?#fi>iCdYTD(!*di9W7rDKmbn^KGr9s zoKpEBtsz^tct`1-JGC!ee*Oe~O@W7kBECZ3QqwW*lq*~lI0HVTmHaO`>p)t)2B~Np3NK~71Y8+2yajds(ofKBTk$c-J|L=q&VmN zw&j{YcW>@jeQ4wTjg996MUCYpupaPzBmWMXiYj}YZY!(}8d+a`lrRyq7R&~_ugP=J zK`n_em~GB)mhpM346m*AIwwZw!^lB=G%pRxPC#}W>&BX|KVcyCnJXS%yrU&3*UV+N zs%=B9u&~hW>&w$!swa~;l4#NY3S>2F@$=3|K4;985XpVE+j>%Q-_?v%gf7Fx`PIU z>aVCbLUw%1>0*e;k>h0$Z**j&ybf9KzkmPnk-t{IJt`v*BAAhpfx}@uuAuS_Q(WEW zc(Jz3bT|$k5&r5=axxM!vX}55LE)uz9iI$U@ffGa5r;Q$e@AK|^d|@B1)UPmST{{?W-n@Bc zF@Azz^Fd`$_zfkl3YAoghzok>qvw$Zi&oL(R~Y(|9Zzp(S{w0y4-*hoi;ylaB$$W8Nn1u$8PVY z0fwx&W=rJosun&fW6MiZS~RwIN%Vy2H$uG-mBSnn|4djo#2M)H5DpG;c%JDq;iB#g z$L~k8_I&zG%g2{KlYsdK4({cw#sZ8J3spfCL{gsv@|7kTqxteg`An|JcGvx+jEvEN zNUY`7Kv7?h^FE8l6wh?2f6dwPYzZo5Sp3Hxb2;d2$m{D9J9gjVl9Q7|J%~p0V_X+k z*B1v|FW7dAf2LSfBgHcJ5q0hSL@@*rs9vFpV6f=zGD{VPK{V9ie!SEhDBA4{Em3u@ z2~dcPikgMJI|u2l*T2fFWNg3iYmm!#)j{R>;7J=_p}0*N`z|B1rbJg$e&`WyVErZA0Hp@aJ8+9N?9u_ zI)yCmBEuIed75OW*YabCq`jpp=HLRe7 z00AO>f15?~j|I?82yvH7XTc@YX?ORM(8bx$YQ=*0ba%cJ2W^A}D)0JLfh|vi6-&q~ zrh?sKw=P+&+l<_xi|StueXU-Xya*@OIv|rj2iF{%S(qvJiphJ2s~*nB$I)l6IC;#`1iWlOl-)>bdfKG|wt?KSb(+;yd}c_9qI$(! z78Y}jqfRu=qwcU@jU+VsW18#f20L5ybY5LybuUX^`|X=Tsc$+=bQo_tN_T||j(dgG zQ%(jX<2v-Y2zk&Xkb9&lWmzV@lLl^Bm%JTtXw@*1bCS^ov_q=q;>*8i^Z!Mpf$_tX#{ir!@5r8DxcET9a$zjq%Y^>LC#e6*fgB=^xSpXs!GN`P06!c*2V>K?^B&* z`QxokdF30r{E)d)=Zj6)y)vcE`06Rw&$mE2-plNREYI;!OdMTV6N)lCW{RaDvQTWt&E{7sW zo8lsW+Ht+tWX(0)*>5CY4op+K(dy*rH3gpaCOM0QBvdj4Y2qZq#$-lTPD$f)qatby zTPY(UsUlZbCS_#ym32bKree;!Du3lR1#6KViC^oA;VWoFTF+%&lAZ0EfK%SzaEbIz zN?vp`jxu;9Glps;?;zK;>_6V(jhW2J$wM`~uz!@#EdqeYGGNoXBdZ|g%BLJ7UAYk` z>OK_v3!A{3+L*CYwmAr{LeTodUO63fI9e7odlT{vymp&^lBlH?cKE<7p1kd`y>=CS zaIE0)-&u-Hpfl#akM9e_oS-DKM%<5Gh&d+jRG z0B@1*oJIe={tSwD@-^DV^CQpSZmh8;?jK$iw!a&!zkYaq4_*i&l$k{Pn30Oee_hM< zj9odDT;!tgxuCysP%dnNR%-M6lS+92pmvKS~ zy*Hi1yRaiPS%{phL%^Sbt|wwLM(KYzTZ1J`<`1w}S5#2@fJ}a~mFd29N6nWTIBcM_33pDJ>UAQY10+4mirMdE1(=L2u z%XCxM7*2pFtH;iKt-R?q7YdBYkx(c>k3vMmnV<s6ho^EKl z<5~!WAex??$!FcIJ?_j8+JTG7_VJ)wn|Um|-8{X!Zcp?*_;aDYqBWy2%^O$xPs-mp zmhNWTsy;#uv&t4-l*=x5>zPY|An_k!!7xf@^sfn;)#aQXOx)q`%2xdE3o<9IJOtC; zkq)HfptImbjU#vnqJ#$4YWLPblZ5Zh96pN9(L8jx$ECnj{>JG0DqYhk^6tfyJ~ABR za&A94((n%d9&FFcuVrXwxpBffLVSr6t~R%Hr_Tl<;7@c^*m(5e5cQg=#M+P1hL!R1pl7sxyDy}5*}LIM-`O30c4(;DUA`jbxN13 zhF9t){~&F}tl;XiLlW0OZ>m`f5gqK7vOP9JoBF7(LCf|<3drq|2MCd4eQpTNZGm#W z?{e%K52Uy_vP6@-^^GfN4%ljx3J*BO1F`xE6mq`v|DDcHlzL?*js)(^Y?f!k5?5Ex z3_Ei(%#ciNH%IN5lgYW5z8;Iz_T;)pM!?VU;*Q0rANK|$W@f@6bAFaO=ZqJ?o6qf!3eEisuu(XI@Of6u1> z`jpb)3)|gXByslxs_jbH#ftkhw?KAq$R`GrtW<@X>kl+V!M}-RzcufnkLuE%yVXPI zpaV6UKEZ)Kq=H~IoqD*`S!eBY-1P?@EgtNoD*vKSc1kPRI#YVJenY=d!+|rZ{S@Qr zua+C&EI`61JUQbbaFtXum*F|g0iz(nj*kSrce~pm_&wu?*0B55oA%+jpvt}O&x^pq zLN>PtIFC;B5D)t+<;vFlIF~r#aMclejiQ+%TVYr3owI;c%J_hh%Fs0{bz$tqu+NeH zYfcPbg#x1UDe4Vm{b9_+X zU`5DTgJ~;>u9{WPdk);=vXqlgUmn&ahaXi~_@`ul!?1Y&rR<|IW4YO`;pYB?{lT7F z3=4uALfKlRLANtak7_l)`}f8Zma1MBGEaQdn@)itEk2j`5!)kP7yY+z^r)FdANNI6SDTjkIPfpNDN`8tkCP9d9`}|2 z{APMzK7C<{s{CLR^>GGMRWi{156}UZXWB2mJFPZgYINB=aKDK2mcT0z>rIW@S8=Bw zGJcPz*fy*rit)~JGA`dI|1`{|8_|4*qD|4A$ti`mX{cJ#h;kVIySLV$KcK#Ivz_5F5Xo2Au#EoE|O}Jd|7fibPP}=$6rE7== zg)gW7gIh@3_!P0q);N2|NA2!ecYN z?4|E}CvAF;B*aEj6kXbNzY>Z!aR(Kj2xo5-sdDlfX@;;>1mSC-dJxf}75O*`yAUs* z2zQ3TWdI8FrazP-CZ9SPFV03{D1Q7XsZrk-4L||-r^w}jLk_JUvwt`Gs;<3rOoi?`A#G`)#GS16 zNONzFOboc+(ACJLDZ@V1oAS-gvPnxiSu8M3O=L&rW{t~a#U4Cfv;VFPwTA@EXLmjR zM9B{e+vXq?Q$eYon>V5Yob-e~PEVU{jsNn#ypeiSlz9~n4&3W51DRAKI!+l(&scUS z2imw3uFmGv*P{I?qi-SlaFYUAy!{c-G7C=m?MJ{9xnG86bhk_#eB`#7*n1Bn9Kpj{ zvkkIQ^9mRu({W-zm9R3{?tEu#)3%j)CCjPfI|m*FHrRObFM4j ziN@Tfv1na>u)Cy?78SwmTsymKZn<$&?7E~mdMEl5{BnTt76ntp2nIHm&^cgT=q5Xx z5inRWTlP+jSucshlf}n_2gN8NZcjA}-X?}j>GwkQ+Po(J^V3Tp5OUU8@d4NH;JT+N z(0R$A-Op)L1_K05*rn@QsaweQLz8L9sG-r|AmjF@8?xFLnp7B^PDY||k4P?%jz=!& zv#Beq^uQ$42GiXx1-#2$>7|?8(S>n&MQ)ty`a7KAq3>S?v;%yk*8pf#W283F zhOVLJ#%=mOf+f0GbA9ZHi|>8d?dEhS*2Sy?aARSt05`Olv@>X)x@! z`Ds0v)QQ>}kX%<(BxAdr6u}<<9@tX7c)P0Ksg(v>aI_qIZ% zghyk-`~J^VLzycNXXL8fjL?C@-+@?i20m!A2gcVyLbi7j4L+Gs-44a?6pu?K03+xF z-(*ZRN9yttj#lcWUA%VE;~y&A&){nAWrm(_O_&Jl?v=mAwNiX%dEV~+oZS)4>BDhg zq(Nat_zdIR-0^{kAbt@0>)fHF#&z$4d-6ZHoY9B9M*v&7n((!w)hir67uSNioQ@hS zU=6bds3}qMRN8rELysj5HEUAZ!-FS{#h~8`wXD5@l^wR#)YTC2ryUyA2=+JjaY>gm zf+|hMzP>(qcz7d@$4djbv41RdApIVE*;hjDa?u+V)~GbeQ%wQ|wvevQw2Vm$Xe{XC z$MXoCIX5?hPSvtPx_r9ws9>PgfEkA|7a==78n64ttCReY(vZDLCB%4qr=@|@xE%A? zq1W%TV?m1d&$LKrXs{S`MD%TjwrvXTj#bKzE*>|A`&YMTtXW67>61 zDn%BPR~TigGBPscOiaX5^a93Tp3+DhS2nQzQLg+-2598M^mu`}>3k;W=(kONIq&(& z#%#W=z`oj4Vw*c7vu?|P8H-PF>c8U*ud4(Vu_)2!wg~F@8wh$NrKCibTIX)iMHN>v z7#kZmSuH0Ks;Iz2oql>998o)p&98&$^L6WUFtRP%a-b5D_HEMUo zpaNw|1hDe2kckN!K2n43xL{0HYEy3@!}1LmG~6Tpo&S|%@^5*`P!2G~AO4>nsTmk# n&*oWP>9F%dB@W%8UxmPZ@7v3VFSVhEfqrD96eVlKje`FR9Ej0j diff --git a/nitrokeys/features/openpgp-card/gpa/images/gpa/4.png b/nitrokeys/features/openpgp-card/gpa/images/gpa/4.png deleted file mode 100644 index 997bb2aaa6d0f9297a5a5d8a3ef17777491d069e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 44610 zcmb@tWmsInwk--FNbul6gA?4{HMj+Lch|;)JHZ_S1h?Q0!QI_m8@C1;xt+bwKKI;r z&wl6qc>R6d{dKRkYE{iSSJfP2j*3uHkU~MkM}&fcLXrL|t^x%GeGPfrBEUiZ;d*6si#g-A-V zypE2MzX<~F%hv9vU#OaQ@=Z=m6qpi$^%UiS!RVq0q#48}k3s{nM5}2|2&BR2J!s|X zmByg+bv!pcc;Q7i_tT~6A)^m}kKpbuVQB15ALC0`YWwysm&fvKjSjcU5 zCd>IPG~_CQt@^ujUPeZw>QU+WfufAjGWqL2Hz*ox;)YFocCUV0^?G$`KTv{E&35Ma zf6{2iz;zX$gh1@HO^{o>;5Ht#Z29YVN%(;|U0AZ{7?5+OQ!p`IBN0q}f#cgI zedl=|Psk|pOSPKp*T49CTx`4~>7JB-B$s6Ne|?@ME{~Z#eorf3d9hRzl$DhgiK{zX zm)51L)HmJhjc`{_Ig)=Zy=SN%;!*Ut24>zn9W-TC%liJ;`TkVvZ64HYY_mWUxBbej zYcynRRiGMnThECNE;hSF zc1y}yo7Jmyk5zRCPKf8+vN2(QX#7mjFf;=hW$RT|_uI2#&}5a@(^Pm4tMSGZnsQJz*O? z+eAW6r*(@{dZ_d`NRkE07!U^`O#hLQk(qLP**mdFPDepyjr*ioGcB&47g~g?+G{H&90e9A_l$c@8e6$<}RloaMq0xhl0fg z7X)1}9bT4_(_CIQ5)oZ_6scWorua8}mAlG1tUI1_j^To~>yKR$rvnCeMKsE@lW`$! zh{Ke9-Batj;lx9p?-WtS`leRdoSFHzb^M%snnI0A4Zq)vP05&lPu(s3x_9R$%LDPA zC_CX}z78b7EqfHwwKtzeQwAc%{>HoCS7~{ey=dLPhh`|^|9VVTZs~e7nr(hZrpsY*^_FD}bHZ9U}L>SNDpe7?j zEU^A_=CteF;@FnWt;^_car&8?Cg})=1urIa09EgA*Ii>c8>+1E;n9fp{^Y?>3^b9~ z$m>MIAw53A67u+jNBes7_&hN4@bF+^r~U-E8tXI;n6lUUF5<)z^92@J#bEoLMK0bb zIlnjB{&?#JK&u*vg`cQQn<&(T7$U+ZNnBr7rSD!(r)CvKTJ~I2U!S<^{4qIe&DK?~ z7YAMV>sJJ5cRq+q_27$VrQO|8j}RHiOlZD*F+Z$cC7?_PO0+%NuE;+ZUH~Y>CD0dG zBN%aG4yId#oYrQywzGPjA9t>2f{C2wF|P5A6RVK*&sAH;N8b9~kA^S78^-bgcs0NE zeixp-(x(jyd%ctx{U_u5jvW0bPoR^J&J;TKM^S`L_J_IFA}iC=m*iiKM9OL~d>-e2 z4B0UVF#?xOdkmS4nM-IQ1FL|Z{P@Ii@bWiXSDudCS==&&X_e}>yr%*`M2s^VQE<9U zCUpl;+H#rV)cn}Pf-<}I?gnA-yzU-vd2pFX>)rO#W4f-AP$Q?KOKWzm4EwdbH90^Z z88^QTl`&lub?lrG@%Y?6w5=^(=&!sj$i^Gu5QUb?%f8K4(VbTO| zSf^E^O}}KT4tYRvqF~GCLj^uVwXMgFoA;VGe8j^GU$)Ns^$Ra*ICAie^k&Eb1+$$l zsA(XT`sx7L=ahWmLO^a|8@bWv1yxnjqd;rE`ds$DZfkq=c!f7%=$ET~dR_86qD#W< zs4&LEz}U(NQ^ft_2WifL|x=)CI}(}ik6j_3F2t5xBJ8MuoqFq;mJK!pH(YbNQwj#T{XCIw zq{LGOYK~z#`L}jWUt?1NUeY*+N4VUg2+-`8pB^K!Fg@90aN-%3JG`l(p*iUx>qO$G zg6@F4(|4R|%EHP@Sg;bxEJw7GLC~q)Av?|mWwgXiVLJ)Nr;WnS&UH0fFqRt?k6JOC zEr%u>>$*=DzkwTu3wke>MNscQu3O=Gc+h$qT@8ayy|x|J)N_szn{KYen&Q_yctG{T z7KdeSgpG{_Hk&w0k*u0+er&mKF7Ns795k<#Sd*(K-|h-^(rs;}eGoijHE5|{5nQAU zhG&J6>`XVE&7-vrJl0P-eEMZv2k*sCH-}lEC<7n*(2*P6gFh+epe`;6MgZt@rgA@$ zVfv(8zlZfkbYXETB|XlNIC9=VS@R_U?u6Xdm}BS3}VA zyV;jMwLoH>m{%CM8#Y&rm$wpsCO zRw_!$po6-Fm4p%C*+8kCuk_B(jo)Wn{K>6S-M`50=)XtXecW&3et5x3fL@xI8E-in zScrbvtUg`8#yzd{nprwP72LdMv*`kaznEzvsDBzU@q`D&b8jeeS8Yzcy8X|V2ml5bL6OxGa0lc zetCG0J~0HFsnztX)93?2{~&yRsCa$PSPbH|Yt604`54@A+86HsrjIXmX!B`h1gzWA zvAQmIVi(v^=jps1e_}xdNt_6$3?uldnc&MQq2dm@j~$I!)0JXq%kuLJ3cTxUFSAU(qJgks|`z46C!l#=dBOSRIh z_70)M55lzMZ!78MRD48L%@H}~Z#(>}`-{Jx?uSW1izLfv!Z1df)%K@!=*M){uaNktbZ0&UCQY<)J3WFU!|_ zzg+XQu((Tm;{xj&Xtv#YRjPZV5xx@oa?1A7mtVjRe^M@UpuW_@`4KSe>Oi3BjZuvj zO2g=V%DMBsmycj?&;^p5H^F6UGs(AqZ(f^-Ja*E9j;qSE;q_X6&;%&9SetT@e4COb|m)zvA<(n;9tsq2!8*x)|B=1 zRC<%1>_A%NB6lprwIS6-?0Y1%gW}H9-Zi^s#ILCL3DNZCD!fXU`PMoV?L^)=ll}D? z)U>4T>Rug2VH% z1axGX5qmzJ_YA(CaTuL;LxF{jI}rI^OSduk#DkyGXySQMd;tLGj5hxiL+*wXM)_rS z^7-}kVcfO;Nj;Y1Ok~6Ngmnd$&a_H@WO4!M`52G&2E#hQ0s(1q#7W|8LC~_MyrA|w zR@_WztiT=^?t;wa9OXyzmGx(O&}~dVT-H)o6hkJO(%$Gr%ba6qXJcR-aa)4DU4>~C zI7Lk-HlONte+BGN=(4i&mN?F;xJf$xZChg<=DG#FdxQhX(yp53K! z6p}?M+A z@(9abR&bV+XLTQv0dr%ba5mW2X*=-}1w^8HuHmUj6Wml02*SqYPM-ZRp2rY^@9Kq&xxgSh*#gMz&T2} z+jdRD5GuIoD5`r6LrNNllCqyW3r>y-C2BfoeB+%&gHqBBiZ?6jNA#JP9b?@4Kf;lb zh!If{CN~Q)!C?~UpNIhqCx5f{EINE2YXJ(1q?fL<-fc(2x)mB)+MWV}OPVjI8%PQ}BVP@Yf^#pjYm#YThoms%KMDXnj0;R?7{AbV@akzGAVwTc#rx#zz$q&wq3jiu z;C$Kj}Ea zDt*INgO&&heD(=^7o?;HNg~1rcL$6coo|*B(kIi4nmGiHut9tB%4 z9XxH?W6NQ}nLf>q64X5uaY`>LCR(#>yTL^dG1oIRhbLLs3^*VD{d*N9rGRDIcM>9M zSnpt9oOrWKA|X(KR`$qTCQ{at7(a5^bl~jDP)W_T(ltJLXsBeMBoKlmofMRC{ThEN za}s{S5%Cl8J8s=G%caJW$dfQdiZwG!_QS2hXU0R`+dII(Um=7TXZHBd?)1?3Xuo-l z(TnQFdr3$*&=jH)_?Z>hF4?2?nX)UX=mwVIE2+VLgZ2JNB<1uWL%p>&RK1ZlLqzS1 zLB!gbdw~^k1{a!5($Zh3=^{}eSDA{0f>N-g96f9)T&)?WO-WCdRe?!8g`M3K`0n&O zbfLqPtcIvdi(W~YsH4(Xa!Dr0=-E3Z<@ZGHKkM34)5!EIPU|vK!_5o3yK_pwO6=|J z8M0iLMBE_8-{r(*Q)kahxVt>ohQve;)&(Hc26JuJkc(Jw{hoIZ5)e{2kYp%Vq&?Jq1Dq zY6yJ?F>KU)ZiTpg`UwA}UR@b0nhFzge^cU#zO#G72F+;>qVoCZSh%C-SFrN+&5aXJ zcD>yyPT?)9$KS|RtenQ=5f(A}C{zXhzO=-xlBoK{DJh`pBL<-i1jiF?ld+6fYj9DSpuZBc4+>CVk3!l#DZc`$RW zU3bhJlQP!0R*`UU-&q~ZTemFd>G|FpWWnwj%;9tejuk5*Vk|H)#v2c`I~6}BK$=k4`o zp4#L#4TR?6&~@aPu6uOVB!sab>8^Q_#ONib%`Q!Ksk?}Y3P0fwk*7@FY)zW}@F7|| zAqMqGf)DWa-N;qmQbbb@@z}(?mbTosr_xgZjdIYjf2TbW7OTSan-Bc?bIs9h^GMMt zW0qiUakXNxstVmso8EZhXl#nYcCx@GXc+`>H{~66a{ATPjAUWQ0@WP*+j&3}&NY^r zou;E$09pJ)yrY#vib)%i5 z{mPePP0*3Is!HuWy=j?!k3b*;#U9)FhTGG-+hS#=rFckx(8@Wy*4Eg(QFM3PGv4lW zBS9h6^wVv>^Cpi$ao_N8)x%jU&Rsl23O#-*#t6-SsEVv(=dpuCey^6X@&gitRwyF( zb?^%_C#0U(bg%;=i8*-#8RK9y=GF(xtpBE_UP-m1>Yh! zmG8(0i$R|FArQ%$qOLBoNOw0RF)*y!zb_{p&xp^?o(-6u7yhsx83M2AY(kN83pgF; z9moT~An@)>NbWEaNG(<L@`b5a%{vDoKDuZ%c?gX<4X+?!O_(5Qz6g%=`E+!D7|g4J%-k zC&n0D^h0A^=uemn#C(^&yHkrxtYlI!8V9I89JN(@zKj@e;3;o-Y^=1>qJ*_!YY4nJ zs8{HWj=W_Guhn|vUG*>}LFJ60wY;29hPQ)Y{MMS|-J&+PsyZ2%)n3es!5%66tkLng zZl(tbT%Y0%uZW`zUhw<=0Bq7yY>RePf!qmh(YtL1d8y-@owtR)S+?G8IDmqKI#Ti= zY!LkQ1s{pgv6J^5%lijS^Zl3OSaF3M>p3MZZ!LqaXBxW1bMuKECQma>Vh2Uf;KD)Q zC5N&yHwL&SVqjkDye7BgZ{e!40*XVK?W+36sJ@QAv<>=#H5j zcyiOd%1o}+cld8SuwW8mV)lLyf@jH)+cQ1HSm4KMTUSt4{`mL^*gHH-)X)@GUtozP zuV8WYw#v{*I+`Qdm{kdEBMQs*-|Qnc~_OIchmd34md3T zN6(xVSaajhZDYw9^X*i#>1>5Dz0Vg$25rPHRA@x3+ThQaM-$sQ3jx&kpkijHuLP%v zmawCMycE3Gk4fw1hVNqTAs(nUBUORu=N#+0I#ZvhmhG%iP}%l^hP^Tr@GwX zTpEY0zb3gF1cjOhjm`b6wldxnELxxeWrP)a|VWpZ*8vL8`zEQ#~#Ub zZV>ixcw`S=_uKI7oQHdlgZ3!a#I==P)))WGxskEi0~L|56G;5h!#dl4XkFM_oa%jQ zXxuOC731MRB*?b+{h_e$KQPGll3thvS`uX?mLX^HW|F$22`%<0w5#}FZ1R<6vtb0Y zkT3CVUFiFV&AXijCWEcWv>B{IGlt4VzsgwmIavdDfxF(srZmQm`dhcW-Xh0~084sd zaMy<9lPacW<6yTzt2$;-oSFJY?lVu>inpTKKyWv^#?RH>M8KO6sLnPnD6cj3O#Rq~ zq5Qx%X{T4P-&uy}T?~yH@vO5tb7jtI6Rqm0lBBC=!lK~HFu7Is?<1b)hYhZy5l|9i?88>s=RIx01Kgun+9Ws zElEiQb8-Z{5|Yy9hCYHtP>SCkpqtMy33~pOYg}(M%^-bL%KU&N7|6!lqrs;`n)fj6$5~i*zwl*P)yevjsK? zZ)?s0x=eOwWJ#(TpQncOK{#=O_e?nUL%)7LzbBtkNI^ zn*=&qr2aRyr_x)XJOn zw6tuwIolg*rhMM6;ivzj(A*--y%5Aj{Clls2xt#}oX z7d0#h=OY6`Ej%W{dgQPof5>o&VMB%^_xj!e&h=6sd_+t{zdhQ|=4QOi%F?wWHPZS; zZn$zT)&_#J>?Z=3CrW)vA#Z>m%+ECDa_R!*Z){WzMMwCp0x(D1%>oj$8nu9Rb5_i% zUoOC#qs?cYl;>x*SR(aS0rZQDt6u+BP@~`(L(Asn6pG>{5XIrLzwMYp;{C3^FI#DW zuBYptmG68);E=p>oEpa~6&!_*KP-8!?kEm6LJ?U{At@q;(tOw=gy`^#4 zG4}%5@kiZUKlt~}1eaLim&9%!6wW5I&I==Efob=3=XWa;F(uP%d4s#%`_9|0ybxZX zd7W{9B?F`SUs`~ePZFzrjaXQ`5%!-(mz2p7>Q^CWac3*6ozD>TvwspfWV3J1zAzu( zuk>)AHs5QYNcJ6LlkzA^PUwy_xTftKb$)FOb>lJm)mT%2CmN3Wy?yhBjuFe*?99;L z$c`^GENIhV&$FMvZ#OL0CE^H6$}JbSqu(&%SSJ68PIl2E*Bv^X=iX-p-~Ia0L#n*v z$MEV+QHoWcQ@|a(qW=2M(ApnC3x+$JsrzqM3;P&5vGm5T&vwBep}2!a^p#j*1x=79qpqkqDIZ}IgpU+>c6<^J01ba!M_^GSyRHjFtr zHzFbS%RvKEIo37!F_jKF}!MfEnY zrJPxxJ@TB?%n8g|M0ca&(Y3lf$+E13FAz_F3gCv(|QHrd0?&)}&V-GiQ@DDNv+(=$2eLvO&<{$kys=G#N|2!k*=@hOjF_Ykva0 zFAggmnrdub-sQBP0a#TW4pY9-rD@L;8*r~4KBqD~;%mRU9|&FH^R?SfcU-*9+Mdzd1F$1DzLF#wEK37sQ)~e-!;>A8T$%Tms}5b)yE6{l zB?Hr?X8Q&qcvdWXTCbpL!HRT8STsK^FIe9WP&sKZrxO(_qe1t=mwMdgGF8gx!D6Y^JZ82}7q$iZXb}T7)CoHZXab1=bGxVBSFG`Y`9b#}tM- z6yT16*M3cSpSi>>WRFadXD7dbu!}{S%?Pw~sUkXQybR1LwvPREimtXd58vnEIXK-L?Q2 zU8lM$ls(aT64TXyFNE$%cdU{`2k%WEunDjMs+NB2^}OoeCIp<2C9HVt?}Rn7Se_&Y zr*foP*Cp0D!|jIN|8hwcjP?}BwbA#_bh=WbGbOt()6jg-mBNW>i!9yD5-tb%q2z=5 zq&_9w5T?2+6zRo9RM6c+y!N;#DA=#$T4c7MRJEA7`q;9r4VrEx6gwfMGFZvWFqjJb zUJ@lWU1-T91q07oyE+W)?1(v@1(dgSot<8!+2V~{RhW3mSRWUb>G&_tc*ZOF!E<%& zZ0?UFHs;gFGk#BM}3}1fU{AA z5QtLAhvzOQ+?z?5ZZWR7k6Q3rLKcX*OOjX1O47U*;w!2MqzX<7l-EMPdgj+Q?(kDM zfx{2D7u)Rvk8V9AVfDojUS%gML;J7tAlPBVrD;qC5kgV?7deAp(TMuXZB&^>iDh*K-1SHPxl!%$G>>i#Dki4E3?Kfyw&;xfWx*- zghPB)8d-D>&0yeo8E@1-^ktWRP8s8oN4k3n4CvH;A=+fj9^4a@^1NvTrZ;x3v{5U0 z=@ek32)rjAD7*kgY%^mU$I}~#m~d4CGU-|IjL7kfC}F{-y2DL)E3zm z$uTXDKevU>eBn$unv+exl{gqy)bV4~MKeUOmrwzt{&MXIubDM>^j#83q32U_ss_?l zQ$6HoN>AqW?&g|4d6JmI^KEt}j(XLT)A9#~2iqfiKZv@rC(2NATafnzYk^EPKq{U*JO<7lC(T7Z*lXPE)fP|} z*V|OO*tu1hWvQ0{1$~QF?M`+FQ+b~hF={<4!%)sbD8f=JT89es}+b%L|W`($!76Ql(t+=9;NOa3ZB|; zZ{b}8T7S*h^;qb*L3?$f2qyN`QPXm0#po9WXBM%xn-a(QJN^knlDBnjy%QNg<;{(~ zy83lXG!}Izm%1WDk5`vo9(*cuTgZIwzZE^Lhg}~@N_a&j;*ccOvE}IK)fp;VM zaUg-G`IAxxxV>{$+G53>qyGr$>9g!g0TorM}l|1krVm?_#*!_uGzfy*?}C!Y?UV4L$3`R%d>LZ>$F z`U7ug47hk4*QacJ`5LiL)7uD0f-4b_$!2>H)G4A!A~9($lMPhCd;@h4EOXIR%8Gnj1)uKYSp7~C*On{w)Bb@t zSY&G?r$+RLy7`+nkrq>Doaj4KIJfuxxej~0&2Pp6%xO#)@j_PGg)lFy6mu25dUs%3nseTHwG@{!Q&LLRbW+0@9clsiN z{h@#3ifrW*E@0VS&0@w~rjq5U2VjW_|JBq~`>TY&SWU+f@e`pA2shuOAt!-(Qc|un z*@~i7mcUwHb|Ce&qAcb04rlh#6VA1P*?$=Iy4B7?O@tPciDW3JNytL>d_T#@Envt` zAiUxn!6f?Mp(LM@sNAS7a2FcqK&O-S+Y>L9aVwQd&1)EG^xoX(SUVo!szp$kl4hKp zPgw@&*z0%|5|a}pcIDI&?fNu$49Sx}u)ax1&ED}c>Q)<`a%8{BUr0L&yBHhmpqtXt zbu6IWQDI05P8b-p#FpL+vXrK1ocvoXL))156Q6Fd;-`{!^^A~w+PqAI`gqzm|BGaQ zIJ?7@Gl2mwcTVH$N;zzofWm=!d|%*XnRV2XI$3y^o#f?MtmLWz;-m|;Qf0&W zYQrCInm%s4@n@`R$8V@v+^vB$_11E_iELhXCh-Kql}iU7PG2~D1U#?@q9msUe#N@6 z1fvtZ19Tl~^qq{XbiazO54L8Nb%SE8A8_jaiKrwB{r`oi*qAOr+ENDhi@c|^ceQ#M z4-chcZ2;^edyT|3P&9>*_a2%}(QmlO6o(Xf8?D zUky%ZNU7&!lLgAZ@7~g$M-;62_se^xj1fH0XbsPIFRo?tV)g5T0E(TX-!l-oaaXD` z@al1bTKt>8!-6&@bvEry7N21G0joErzcwZqO4XR=%EHphqVkAO07Wlasa_c-;3+yw zE)qXrzD}2VTFtbPp$;mOc29h>EH_hqN^eviC5)6Cna!(sQ3bQh@R0rc#RkTrl-pz6 ziF=+mGuh72l&RNJ*+lv|a0COS(j}4I)wxi)pX7t+uS2ef)o@NusH{zv+Flz*ps9!O8{* zOg0MvRsLO0Z3j+fLwCEPX~jC*x7-qzbVuS1YJKmx5me{-bKk!u-;T^`5U)CyLixbao1mW1YDkfQpHF4Mh3Op|M1E?m+Xl#U z@E0Ti!Hfgh;z*ofpz5E#VjUfu-rv8U&9AWxD z#j?_Shpn}0u}|ZIo&#MRSdgm+$s?Y1opEro-o)bXKSK2SU&-EPA*G$iW}g!+28e)H z-1mq0IW7~@LaKZa$kz{=X`MYFX+c@MSbyXf6D!@s=ezvu_P0OGtyJ}&>8V0)S=h9a z_lpK#4@b|Fex;t8zv_t{V-Wzf(;FDQ42WmzE^bbTToZP8zWO`i7FQH$+-LmX`BLHR zBS*5biJn3y^-E#lSmzyv3WW0{X8-Qtj{Av4XKfS3 zLxfwUs?)KY?#S}tkPh=L-=EN5OO9KJNy5>cqwQ^a2=>hE;vX&3cU?H!zp)1D9Qcf% zOy(3_bRRaKtZ)rG&i~$O@2DTEWD*(~`PG(Q_kg7TDP?dKb7bV!YTEn%C@frj-MekG z;9VAU!J*t0GJUC9uSg^8_LtoJlliIYWVBfz+QGVFbeOfN^NCx?)h`W%^AgrZp2F(X z#}M5Hrqf=(f_nqI;;%O;95$xow9 z>g>&n;JCtKnHYX$nsV%6Zu~Nx$5Sd@FOYLza?=taWqiHI3i-)+xs)RbAKC-mpPTiQFwhSeE+)qiKUs8U}cpvLfWo6BT?9K>C1rO>lFX)OQ?dJ;Y zVTXI1f7Hg}*ndBD@xMH|LrkvG(61~H#sUm&*5x#0qA8OVA45b1r29(~9=G*=aZtbS zQW;_hV=b|&*4w9=gmPoR-}iTS@h^HJTqq$yWcf}-Wfn@Qc#{@s`|l1T`Q)b-clm$q z22hE$AetRjoHVokhZ-NBwrGKX=WpnVWlC zsY|zMkpp+GhW}c3j$PdmfhJo2!s0{uxE1&-yIq?>|1UHTm0zhsB+|D-*n7FxPu#Ef z!^-^Fu-KR5OPu0*4Z-bo*fy#jMK8 zRei^w4Vs;ehE)5d9e$i;+Yx6m!q!O(CS>jHfQZ7B_|_!4`j|83OQQ#DHDFCH4j-;t zkbYwk8=tL70WKSX$~zh?l{$CTVgKYE(0l`LY*7fSG*~5pioOknx6)=ah;D|KDPOe@ zCtRx@m|}i8vdJvhf7?97y_}JU`D#TZ;d)Xi_e6$?`{=__i<{WQv;3;*k>5j(AlsVA zArSyXpvxhU_mUwr+OGWCVfxPDEh`ERTUF0D*EiQfswj~VSL*4;;KpmebX~hiM`l!S z(#B-gYLPWE7^!N1cv5gH6u+31=+pAu8G^{n|W|z?7Vdr#r2XMlj_`lafHO>}|>N}VJBo$(18ixLN z8C~P$`_3JI5@9cP6kRqS&c9>~CAM`9w^v`r)5nW@cksBu2(j~A33$ZHPWNTt8A-L( zhWsu30Ryd@Bg(dP|3xL^0LMHy-FjyYc35FM+4U z8G$pcu96i0p<7V2d4R)5^J_9gaoYdJP)u3LH}G)*fS4(xV6QN#KXMfOUXo$BD751a zO&SBx;Zl1xueBGGF&P?-tiDDv)OFzlDMz0nXElXd4V&`{HpG%^4RUvavAtliYFpgo$6A4pNA;|iVWZsU(fVA$7U2#cy2fpqSHoOJHT3g-egp{P37O+vm`w9dofpA zul6i9Yi=8CXgv2>QgG(j=Qs$@)phS~yR>TT8R*^|-Z_n)8}%V|DLJp$VE<1XMnXgA zQ}ETeZ>kG8_2U}rp^du#J-aWO;Go)Kr?h1MbV28d1=%?h*VOhpB*3;b9l|N79aM`6;Jnai~wf8>8CG70eBn~4POe9_=aR#sF zegs^=KQ}v(197^#^?Y>%q@O-J;|tUZ8f~QHUyF1{IBc31 z8lmrcg*a;`zx{!v|MG)1585kP*F=C-)rn`(F!}8b=xI%4==wLH-LJYFGjGEAlp-^R z{o@wi-OaR#w9a9Q`m>RJOaoKVBj*j>Y#pa9Btrg>2(cAIu8iNSG4rT18I3@m+BA*M zTGpMy;+85Y47G!`X<)%!kMCa06l*@H+Q6#P z9{t!9C1%q}O>Km3B|=?LrAwmI?X3TAa79!V_Vv%(`vS z*c0RFU2PvGv1qpkS_#$%{eMjVe03jO_?;{+_DhH*K(|%(F)^g14B0jVx-!67p~uCt z&OtG~l^GqL?g;u#`J>~GNG>Vy(X|;Eh6bTp?iOW<)=~aa9Z^2!G4_{~J)6{&=GbP^;urXT= zwp6a&=d<_5YZgOGs_OMTG#U8r^9(}ajZ5*u;QwZnc3A$Ar@Gj#8-(YmPu{T&Fq?|A zsv5kcWhe5+tKX7e_!dw3-@^ve2+nP)h}F&i@g@md$l4ltSdi?DPCWT1J9bF_pY?dR z=#J-J`^U}kmdl)Fezu>V5SKY5^EfXi`@C0X50?)gUr($WBu{zULxLz+87WKh1x|^W z^0S?kk8kvM7;QVg3ut4Yxgk|<+aAm{-r5N<*bV-v1>t4(V^~M#>43Lt?ePAU@)BEa zo20)ID$?6k8`&-{%bhRBz>0;jdJgUD3bb=o+Pxx2J`tn6Hk!%vX(nG)hR*swL+N_7 zkFK-}-j3?@tO7G!=6CgI^}22kKS#8qj&zZul|2O`35#&x(+ZUQ{8?~3?>{le!9^@a zowNBnsfHzV)?jM|r6di8UVozMdDY(TcFn=_D3to)E|lwGXWcb{EYPXCGks2(k$)Zs zS9q}d>`O*x!Z?sKG2M|eTPIiQ?O?KI?=aWt^!Lo!_XnA_Vx~JD?>iXs=^%&CfRRz3 z-zH==VFy>)E4e)DvWdSo?=-NI%95uAJVykfJkNH$R8!qym6)|@b35otWUN*f7~Ek^ zs*j%?yc7drGB7b$1Aksa3Q=vN;ypuyk3hOb7PnV!D!_X5hdS*q*7MP&rw$HIskXQ3 z52bd;tA1sM>>Acm5)#VMnsk#kbchi30g2fY$9W}D^G%%rUaR#-BwQx5?K!%%`)6)J zoqIG!+XLWG$;H){g-$C7{0)^R_#S`I@J{l;$3Obv<>GhCena~YtgLhl;()QElj|(%wKcNR|3GKKSbMSk7j)9b?XT0@n#HWLy3|2Mr{P^0k-vVE&fpRX>6NRT zbdi|P9E3NP4JYjYTy`^_`dsB!@GIYVT>fvGj^!UT-LXz)rb%l;$?M3>-ExC|y~fp3 z-S6BSr*w|H;{UGVfB*7g!DenSa!FnF^X3!R+Jr~l!Sw=Pn?< zy>{FrZKYjp3+i22i516FlR;smB657zU%{RFdmZYt+Ws&$?K(P_peH+V%F!Q`Z}LN9 z`{IYk8pwivY6Sa7y6mrW9Z`&^%MD_=Dw&WLwH?Soa0MFh2MCt z>n$6{R))@WsY?@ethW^}|5y{^5e=;g97ePNl83}}G(C>0dNvumQ2E-OGZCNDF&eVA zLRNYFNK^Pcs$3XPxt&z__$#p6DVPd9l~zO5oz?m}{F%lS$1V2nypWIVtM57HGsC~` zX_Hd}LDH^vi#d&tx$f`j=S(H)J}?9oODPVknT@{6a1SsDJVEa?gsRNs zDAv39aw=C68>Gb|-zzhI+-^%fOAyRfSk848W>-9O`K4WN7_Ux7LQL3tIfPR7-Pg2r z9BK>275V1C&D(R$60eV{d5nHB$lZTn{EH(4f@x!Tw-7YhK?CaZ#sm>x&N^R1_WeHi z2>nUL(F@|SzkzLYNA4F%l;G7qNev=aKYN;{Iimv6di<}p(x+;O(@ z@a?P^v1+_fPYYg{ed*uY)oA$mllgVdK2ZJLl~&q_esuO;3^c9zPNDgOe_M9Myy(&K zPH@|Wh3*l$xQ+>m9b>6nT{?J~Wi0sjR!+U`iTt03O5O1vv@HhSMDCvRoKa6~qV{8n zCQ%a<)|H$fnQCJEnt@zYzV3fxSF<H>>Vb;dx;+w3IB_- zw+x6YYk)Q*Nbuke!QI^3J4LtMt$*dj>teRWPGv4QmPr~wPEB!a~wQ^8+Nd1 z@&4fZ^K)?_=Gk&smH9Ykiy?JHLS>=XHlpJ32Ved#pW_9u?C*V?NWXsh{0YpD?L*8E z`0wrHgTX?yQ_yZR_|&KCU|cYgV^)y1N^u|1n^B`RDnk^XxReEeqJ2YDvG(EK5>&_~ zqD!49Zo+`WP_doefHKXpo9eAo)K~Jgs$cbAWDRALj(|qY1ZfZJ-D6RfJudq>A?-D> zDhZ?C(^KVCcHL1&@??yNMRr0?4i&1Z^YTh-gw^YPoKDtO5Sw<`5p)*O65UL*br*6S%5dgCW{E_qX($yYYErq&s7

-5e(a6E)xJw9Goh;T7+3@nlcPbe+$ zE?HAe|9CnD>gk09Cc3b{>N$+om2<9ZZ2&dvy(Gsiy-UuKIvBE+<$-fmmzUQF!{hRz z$y{?CsJL7u%=vnJleKA~A*Vpog!C0lmUI~BXw`3%3KPUrPoaXAn9LRN%TgnfTNM3n zaBv>pAxxvG9)GxnFKZ7rzKs>#(nLTPU+d)LLfsxUsS%;HNxj(PL zpxstw;w5Pvx$r6tNDhyuKHP-xe0k>{cE=M)?{JLi4dXm0mQc=en*q-{3m!96FOWF` z#LPGZt`n_HEKM9<7d{x-*&JaG$BZI#TrIc4@_ic~JoeeX+2E)P)f9`mS9K8F2A0BB zcs9o7c@qe2G<8o;QeAHsiT~hXEa*+F9dlyH>prnX!sFeXt~aVHiWliSp}heZ$ZU?t z_4ojK+ZNc8Z@byyx#QbS9S-gB?w5rg#x-#;w}KP%LmZ-$XRH8LUm;ZnhfHAD@Od}S z5?KQ%yHdy#XW2y~M*%Wh$+H*>_@D$M?N~K7dnCOm!|$Z-)n)iET+Lq7U`*!H^rz&1Yqm$wvnxqVQ~c0L(?pK0slwH_{nW-JL&5XLWD3(+!n) z&R_!s;J~QTt;X9Oc?me4QO$O`kXg8?`+8*?HFCGYv9Xi67WxjHp_p|*IsBHJ@l0nY zat(=ZkWwPccz)SEv)&v~oS-N@X72ws!-z)27cUzNfzl}uPS3Kt|IlccSLreDxsS2Z z@U!^vD=k1mxMEs(^__((_LYVDVVYd7K6GOoN+r>FcoZ?~E-RU*6|i8+C2|ojT3lwY zVws#xJb@BoiN&dhSQTCzT+$q~5Gg4>-xsd{ni8wMEa{OoJhbj-5pEvZ1H6^sUT{RZ z>{Wr20{L;z_yI#M;sEr7H?n?Dku@EJTLnQ=GkPnRQ%~o1>kX`__-UxHzeu@EW@Syg zirt{tmXQ9ys=*?Cr8EmMF=fJ6^F7HaHIp`U>R(cm&E|%QF&G_*6pEcDx`x~oZU`C) z5pKy)9A7E!_4YdD`?kb>mWp@qL}1tDXLkG&(&;$KQccQ7@o*?W zJ4&cI=`S3k2U{awg>JUT!XK(flB?f(J&OzVC;|b#6a6J&=b%6ZA)u`+X@#}M+H4M9 zjNS?{xYO~=@g#TG%K`+gM(5;W1y&;Td|(X{GU^eN`8f$^#>!-ezurmOMnrSihh>ik z$&Ct?*cin%hS(&rRK@&QOx6Y#ojDOz^@EjnK^;u4Hp@X$2vCMKp+vi~QA}I8DO#_l zsGZg~-NQA|>V-j@3v_WOAl|tLIsNb1b>9~h1Yz^?8T7+eU)-DyvGsqgM3XwrHf?fc z6+d}YH8ecl#rGQ`XAC~Vz*@L}qf(#P#TFlGqda(tR1Y|JtWTj0cG=PRX1X1cd&8-R z7$S^Dg|T2MMl%c-sUtDcDPp+BA^Cvpuy%w&G+in&UJ~ud$Kk^uwAX8DonO+H)5f0@ zl+Bx0n77|(W4ijI#hn3Uf0Y>ss2#tqTaXiXEUdF~Cbwb5;prMe-T3N}ryrkiFm}z1&@;u*qF6T8;!ZTr-^P2~; zmti@}lq=&`Ka6J2v6C~1ALD?r(<7|9LSoV|gEGmIc40mMG^oQCPClSlD{~_E2g=Rd z(u!Qfxy02YHBvL07!3#tPc7nO?#GnYeQpM}N+dT^m}B^LlGZ@JEXadukG1_W9=m{2 z#MTrROGLJ{!0T#FaQdo&)_QQCN`Qz`4XpYV;K!JjOkF|7v2uQ7#(O)_NPCW#_fbfS zG3t*@R>7!b9T-FL<%Lb2M2V97ceU;#t_wniRHnokMU{McvxBQ49@?$E1;k6D$#B44~qQtJ0m;xpIQ9X(pzpj=f%jq7Jz zxHX^g>W0+-XomVcZBeh=1v4S;bJTdyF!7p;w>HZgmQ>es0ul_zLWL^eVn>+MnzL|w zr9Q!&iH{a+fQ17_=3yz2{!X8Czx#<4F<7|+b8O}4;M`Z=Ygq9po8x69orNT2ipd-h zDT_AKkqvX33XYg*9KKlh5rm`^bOHX+biIt@)LmB3e|+VH^&2H!#e_t>Un} zY2j@=Pf0~rjhMh;bw2i;G2;;TNT6Rr9wPw z(a-te6cyAVP%gtcqD{!~c8_Vt;2OsM7(dx3Nz+P6ZHE{wFU zhQ#>At1}mJX~5KMKa>k#vT2GSxM2jXKHlL8n+2omLL_P#c*Pk88C0EA9C3CvyC&3+ZoLx3 z< zz;-cWhDNcP=VSj+B&!ohR!qAX&qs3xOPKYYiijwXl|=9_$Aa5&{}( zhQ=cC^#Y#cHl{#kw~hOG-T3w~zKuu(XVkS6%7AVEqi^#>@x&zB2~a4@O6K8;gF24R z3_u&5hmF4K+|b3-b4J6-S3~Y3oMl5pG?!gl&l@3QV4UiH!ALPCDlki!BP7`o%bMd(YaQ!9o?Nhka$( z!i&bYRW((8Gu>gd$S(FQG%kR`HM0a2n1MVIQv@8~K ztEFVM@PN^*5_z2y-V{ME&Ci}B{+)%a{Ubd{4u$gR;~DSc_&P;~4rE-HR0{u87nL_M z3W=V+^Mam5CRPE0*Y_!2J1>$?;8aNhGQVCBicWb$hW6hvo>}=o!oYYy;7d+$0EY#5 z%eH%(t|xVtET^qIFxMa!S5zns6?1e`DcwS2-R;TiX`p#C_B^i&dzFBaDN*$Yx{$Y<5HUq=Qb zIaB7fVVE1`(O%2U!<2i?v|M#Im-^@*x!9-Zn5z%q-6si?H}wS@{lWKq6e6c5J9u*^ z@{1cpw~C$Meo5Xj`|bMMJ9!;@8K16qi$d!X#h)}O2fa;;2#9z}(RlViL(>=6I8S=S z&Ow7S`^S=P!K1Jh)Y=oEsEG2GAizG60jxarZChH%#)*?E4*B^X> zwdPToc*s`VQnE#{5Y3;JhX#AcIVyx-u@3VVOj3u6A=;rau=)3DVRtp7H6ECZgsdhe zUK1}+;8x-b?Y%`z+`aFE8<-j#9zhh|>T7B4BKA9}k@yk%?`yVQ7(K^yN}^V~n>$|! zL7S8!jU~RmLLt&&MzZfv4HU_;OkLXLDwxb4*;MqASr|)O(M*kqIGnXVUV1i#(a5{i z^8Z`fnCfO}*7L+KX{vh;<5l}8(HZMp>Mv}>{h&D)9;qpoaHQ$CD}8s#WnW$tJV>^E zIrKEUkqNx+G39o`XCrOej>YCqcrHYoV<_CHJsFnYJCf7d=wb@)@AWJu08a`5Fm83N zmaRRo`3LICtDn43A%I8h>aW>zhKW8JkiM@B>9zzsas(O7x(&Adk{mPwa1G6TbiY|) z&3YLx{gRD$z4toN{XLztwZk04aL`T?#zHtaWOdhF&g!BJ1?f(0o;O@ z6Tqh{W|0?L1P3KxY3&F6LYyrNtH;F;M!d(w2#Pd?u}ve5>W^N8te(RQKT00zO9HZM zlxP`x+%6nHsK6NxL?WJGTNWtj{I|rq&fDA!H#xgc4ab)@AfUP=z28v*dvH})TzF?` zWotY6q>!In`D3P<<1tW%cY4o#dP2T=q9({(|5rwiS1H$EXUdU;mcDwTx1LILf8_9I z6U>0kysNupCM0G~C9dq`Ncbf()ruReeGelq3)lr_uPWKBhaWvgGXV_0*O$Tp4`l#9 zuuv77%K2G^i;@ccdSHsUInv#p3y@~*;K)9_UC=U^U*}(9<(39p?ke$id1q-VcJlB& zvpCV*e9|uOmRQCt6ycykB=VzEfk?~?nCIYO?6VFP5+O{#h(Z!L7`jK5x*fAfw?(hj z=u1|^1Trl?S)cWv$z)udKhW}g)KF;sbzHVv?rF(8KTNiwO_%pF;-rF)EF$c#>LQbx z@y8L6h-=yAs)I`*VzuWTPFoPqE`wpq9Sj%2C^ePGTp9d+^)MpUB$VD4BYWJQ+)}L6 zh$;ioS{E;IZwEsd)9JkP_qqTQiy|-~{K~&WEo`(?p`Y;&<$@FnRxI=;a!$m@-U*ud z=H>@th_STutK|50GMQaR*)f0!FX7kC)LI!jjA5XjuVrU)sWxu|ynILB{?J=sRV@1F z*M?tTp75S{&nKaIcYVSD*&^2W=FbUk5k0)#UgY;F)^;QUo&BCKY@Hm+lqq@!n%lw= z)(HiyUD@Zb8=7|nvw|N|%5qs#Bk*bTv%h+YoVE)UDn2c{(1&}?wlcWLfAK)@8D33r zLQzoNX^C_?twbMjw9YwOE7KJ2S81RfF zHUdmzmC8U<2fq*(;}m*%F)z^8{Q zB^*^eDsrlG_i&sRKlGC~%9Ff{BL#!NaIoJcU9fJF$mlrVR&p#MR9!5YD}xrlkGtL- z^~4x2pZoAk751Knp~}8j25&T^l+L?9#`zg#kuibiB!2Df+3KisjNQMqmKO0>szFJ+ z*olTV3zH*@P6coK99#ZGmp&DI5u4ueI}GYPN~>rkrPB#)FqeJ&=p}+{d~(U{@z-`N zT+HpHo&rql=6FicOtkStb?oMh(juh{*zeipY&238)z?C#I^`C6V!}r*MWdZhg5p&c zvIdH{i|Uk9vIV}}bkT8G&EGo|bIlrexE_~=#bss5cz80xEt_Rt6l@SM#gm+?ooD6G zC^bL@{*#UoRO{1)caXD(29CiAg;^BZdQ|lnWUk*>;KSh!&oZz3*4iX?vT4e=9MK&y z_)7jpQNe{8;gAa+E>S~d6~EY52Oa#d^M&eVE9Smu7Zm>zr{gdP*B4I;;csGV{n+UJ|hy) zi%!h8qw-=i4VfT&U5wUn)*Fs}hh*H?KfE00j9jtF*3N}SsVjG&ptbRNv6{)u-5YDY zZS`_^QUrD#M3lve^}R*^K6#4K6dE^+I?qcG{fGsIP-}I3Deo^bn$Zr1zpWf1HJ^}op_y6{;lSYV z;Rm#QF=I@wa4z}qmqKxOEeJZ{ZVIWGBO~e5(B0p*!11==x$0C2i#MQ=3e!MEeA-`h z8M6_I-`dCsylYodo|BFE^QZWjvFYwiPYpe|{iG*_+uKep^iLzq|Eaf3ZW*7r4sIkJ zOt)P8s(o;N`i$2!mWP*WP9S+biz49fyb^r=r1SBRjRQ+DNDsSR7zrKJ81vs*QbIm4 z?cW7ZMsy+QLS-80pLEzn@Wwd3it6$|f0D?Wn}xkU5mu|;gVknC9O$nRm%SwTt01bx za^H@4(C1m;MPO5iU#cADO~mob=?tYwCp8@NfYhDunpIpjX40!XTv5L1YJ8ta?k^d21H1{8-bxxiT-Rp8s z@1Zr`14+YKvg!us7a-6(V=RN+L>?ooJQwPr>PuIrix%}K_N-L2T+MkJBmN!!P-?X4 zK)EZMZ|!K|t4=n+rnV+;?AiUm>nJx=5%`ZRCCtg@+wYM@K_HB=kcL=vvEE7){j!er z$e5=M@x%&>VZw#`;vuz^oGBG)OXPYF^|kYGz+bpKAavHm7TAgj+OQ=|ySFh4H^LC` z;w7~mBQTFp>wmo)%Rk%&!anUGjko~DH%DBk#E;Ow?nGeYJhw6OMUGJER1&zO(zAXa zGr^Q-T#Nrt9Wb7T_IBh2hQA;+H*mkEMV}(L9vk?S-IiXcd_%uMsN9#*m!TZ%aEZ=` zyg8_M^&@xN@nXsHV#n8ufBIggFF6S7=-ZA|MA=Hq)i^AcmF}8j%(e?cwbaT zlgkPBz0ygK&59A$_R3tJSS8Z$sdCUK_(AiA%MR*i-Yx77LyNDfzO9}_I~w)_yivr|Cl4Lw50AVjxzk7 zB+{K`Cn>t}x&VA`N|*J`zxgLQBxnU47-*DY#TL4_l{oVL!vpvD(*t*jt8u-ua4FfR zGxrFitK5-J9~I|&;B}&=uCBAo-=2eE#%c|8vnnYrGa_cWCNV8z@}W`dODU|Z7HRr@ zG1Q4zPM4q#|FC%o_|Zq^xuf))Z*#MNx2Lm+zyKbN@r|5DPDRH&*thOmN&HV6wVxMl zLZL!AvH^a#*(6BOqe^ql318+HJq~T4IQoxEA85C44(HMp;$orI<`{dXxxJ2-GSS*+Gc1eO?^)Z#f#ceg-yiL`p|(4Dj_m=J@=I_pxlfdix8a-62@= zt`a~xDrzSSmP3VvxNvR>jcmWCXCIWSI-dzqL7Qy4T##ojIS^$d6b96_8xtO&qRm48 zeTFa)6fD$lPG36VBs|eKSs-g^YhUrft=?q^DWe?wGzXN4hz>mDSD6in(B_ZC6bjcG zEr?i`rnk`|94J2dAKox<_KnO=x>o1W{>#clrki^E>_7Y7Oeh%ma-M*^en{qGg#(!0 zmbNDuxE!B{kYn|~csglrUu6#Y{(~|AH~Cd79vQI->Tl&nublj2e=$l`Cxn#+_mE#o zvY`HPqpS38V0Lt(2qS#Ey}XT=>Kn$1S;Qyt`)>9@AVsK+==YcWFJJ4>g07q5k9Tj@ z6X5!6>X?oG@ory!(Y&XR9`OyZZ~J-M;wa>PdUiOIDDda2k-`1ef4mTHAVm0o?DRjQ z{XhOShX}F#AG;Z0_-(iSK9rHaO}V!h{p`cVcK$DRB^E=L`0o!x*@~{Q!uZFR{4#}T zHn0wpPt%JX#eIm7cxUaG5kRun@R2=LVGP$$XZv`MwN3|FRE2@F>NG-A&po@iSiKg1jPN^y591eCTS28e0 z`r%BAxms0arooMQSH#6ca`b|@#9NpFzE|j2u2K9O<@?x9-3QL>YUYz|1g(< zSlqssZbqtCR4i!b(%G}>7;hN}_b<%gro|D_fHdf2FkS10V%-Z{arIAkOxokJo_iO1 z)fg_{LD9rqLrq@~@FSDSn}l}K6jN3GTAVC(u6F#gIRg7sv|?XBw9Ql(v)a-XfcF-_ z-|)qzKV=oC7r}hJgr%fADs$9+DZ0UjxO&mvYHf0&l(&>&DCo4 z%tqy2{`YyL3~6G|_eeYQsBLy?DpOC1I!$LU#fq6yvq*ZDCTg}?TKDu?`Q`r|WAIdo zwTFHe&9j@ihWM&C`%uzL)rH52%OhGX;XmfoJ_3QUd&Rz6z8G!VoUCdXdD9D z!JK5cdI(;|ei2MF;jC zSmE$^zb%#+Ew@t6^HIM7S3$VU&a6j;9|xG+#XNy$rZQW0Mz_x>Hxv)qLE&g} z2eZPRGBj58E#xvG-#tsJh~HMuh?*Ntb-f-vKlQ+eZcC-S!ZeicBr7>R79Xi{{PmL^ zP3k|M?DLObi)qci$cE`Xp=)0_7WpOhq2e4uI0g8%wEzxzT$^dtLi0NpMHsM+wd zL(RaYktR=#MVm0u=o)ppd&2Cc@q@E+a1>|rje8OMw z5y?9Z4o3e$Qs|BMFKZuk4yJb{WdC^W2y!d8p+EMw!*L}i;_@cz9X!c@Y{E@{I;QJE zsL*#T#ljHN8FB)yQs6jX^*;J{)|5#i9gD~ip2$z@6}HhJb6RqYYM~2ajlq*`ZGFVk z))WboV4SHnpEj6?!hz$Pti~77cX6fm>gebT8xHELA1n3 z?%YQj1QRXtV}_kc<=3lUIaLUv!5^nj?=sv!J=l14b@Q#sc*J@Ru2;>T`3hnA9Lav6 zNY6XkUIewP%SQlvy9<2zFSMEM=lL~qdlN0BJNmA(jHsfls-UdOJtKP#*-4u%wY$|D z8+o`85r#6j%FW8UnA4vElu=W=}XvU<$?X1XA;Qq&UT~v6rzc=BjCAqVe!nZva$sl8a2ccOn6pvI32i{>pep%md$_d0EXgd~ zLJ^s$3)rsrFork0wdBaTf@^sAp2yuPP4;z9Ia)5t?b>JmTbFnF%G+^0i6=5&@x=UZ zN41u{uN!l6?OfO8)vf3%h7uD;8CdqY1VrV5F@S?=w*bUV_*E*L;+?T${s>1eJbw_A z4! zs#Bq?$6B=)McBAC9{O0mt+l=FAupAgwp6fs1F_M0IrD9yfXYXH zVaDrKb~p|ggO$%m-=d#hWxqacPLqWzy-TyEhFKRsZwdS!E-G5cV4KSm<_ueahraAe z62~ccw9hAPqBprIjD6u){q=l9eL*Ir|6oIeJu5>L`4IJM!@$)J02QQktJtCT0(I{) zW;oFFqUM^ZUs7748Cetc7OTWM>mj!)dOox`$uJhpRq^piwbb4{5OF%zPU+wN-_DW08)`8C1<>-gcpvxiVRO|}sbztawXX%V9 ze+`B1SdD?=J`&XNF%hTvdSwjEkS&W8##@g&;eohV7eSrn1Q|phA%S^W42fs=;1Tbe#8v*OA)Jv(>+d6mr1pe-kMh7BTh z1$LzeVM3?z9$6hvwtH^Qy-AI0AkWP9mpm2x&QlwUDBssJl;vwWU88?b-$}k+D_{Cf z${HFKP4Y64eFa0=w5P1&|UaFBhL zZ2lm|P-YnKBM?1WGqiC1Z8`u9kH_<3W*>xpOJ63JCGSCJXFX`hsm}N9^~Tz@A+@iV z%uSXQ=_UdeTI(CJ7>T{1J-95b`Kmi6aCTej!IV^WBek~@-Jsdy{C%SfxSVjNxbq9e z8+QY)8ZH(s_tPijec;T88F4s!|YL5*R62cL;MlvablClTi<;Mj-`{*Ed!;H=cf4Z6_NJ- zzJ}-#Go;gID{n5zTiU^zl{sw7FGoBY1zy>Wb-9`CUCZFG!wZK)#tA2lU76a=>Wz=L zzTuP354Fj?i;6F8<2ud-0?J(JSWUBIKA&a>Scp&W{k6O@d(L6d>?j{i0^QXNto6ii z1GBD^PN29p%B7DJUdhwN=9n12B6z{xe4(Q7B_1pjp2eKI(p}%2{ z{F$zS^?Hn;M7$ww#FT5G)u^21i`JyC>$*?xw|}EFSHhg`%0;V>f&<>onNz(mrYMbJ z(NvtYlgbN;LI{FhVzT0sS#4wCe3FJGTv_1<;c3dK;Wv!UE(EE>a5h@7zjYuhq8**e zQQn~Fm29Ba{@r}NI))&&EKdF+RG1ibjanh`qiT@I+i3fc{2p!am&L>6ucjz~(77UW z*^jEf5gff7Q-SY{h^7DGPAj*~D*p`A8xNd|UE4g!&jY=VHaR3-knJ_i%hPLXeZ8Bi zJQU??ggjaIP6V)KeC@R2OH~;M${b@X{F5Wsp#UK{b!D=Y0B@*d0Q!gb6py2}fD zwnFS8Y&cPJOv5l_Z?6A+d-xG;UR^QvZ!tb>mAh(>TqkOc4`PpTMJZT&Mf}8=B8e2}2FVRa+ zReU5d#vTaim(>5$?B@6{8wqO=H%_Ly+GznX8V|_aRalTBkc=*qZu-_bBv(^t3%D(% zao#I;mGDliQv>Mp&;FzJEb@S=nLsbbQB&3>a*EdkO+c)$2_PQcY`dw?>_dIFViWBzm^kes+R`r7u_P>|$x8 zO~B_7)+lAMVJnd>A4%!6Odke~>w)l4rRUC{9;{u_Ax`QIu2SWh>A{MH9a>t+F0bR4 zEjgS+v-WNay#U&C50(u0^D~e$A&-xOoL+4iP4*9I_HS3%=G2O!n1&~R9A!WUec5R1 z`P`SspsaWhju`UaH7`=|{>F-4A+w*iO8Fl*y{8FAG7&7AzLiF1BC{^d7QFLty?V+q zAYcym)uxfDTH_OscDn8Tb2tpHpK01tkGgrW;FI|ZwO=0Nxbd0EAU$%ApT|s1G28p? zMtc@P4aVnErWh>Dy35WZ1LeUK!q*^lpi{n|!JKtLVFh53{~unu5;q0a)Nab(6*{(T zsooB*-h2gq#Ei9lr9I@Md&-Vat{1Fo&gDabr(S!6^+aTobMlz-t9adHmdk=nN8Ls7 zL!+7OstfP79AzKvsq~XG?!zxfXztFQqeD%gXy))P3;yhMBMWc21MhR=V4N`8BodL@ zlRDkXQ(ew;5HeKrqTg~SC@Q5KrOa&DyXQ8UxP)_6Q5ZT}c%*&wB!em0Wu-1>95QYx zaVe4n(wT9E#l;)Y6_bsv!nDL5KYZ?Fa^oAQ)@%DvwWX zr4`Eg4dGvf-z-}3!?Pi$7(7rd#Os|XdiF{*HpM3EM=b2eJ+2IGV4d1|P_?>tiqf^( zE-C|-CC5&Mu#fBNQE z5NlS($p34kn2p{9%B|TcAXRIxnOgYw3{uSil}|NNw;Q=1FHon?FJH{5B{iW1FbUJb zrJw>K^3!?WYByjs{e_PCa^Gq1{?W4#o&DXjsFY^4a$WbP&1R>pwNvmjwfHC<>7(2V z-5F1=5LATv+bIg+rU^XNb?lzahS+1Rcz{)tm^cYa?|a6VTlGSUnS5`!w)z5(hIR+b zoA{Ley7L8p!A@@txaL*Igv{Pj#m8IWoUA$5Q~oTr@C-!3Oj%Pq6O0(B4W_KJ$oZG< z?MufkkI$5SiB~KIUsa!4ghc1!@=VlHmNzB*OA=};_J2vJ*IyNC2{-{1j4VkL<5_+O zD@D#S)mVSj8wgy;cu)a6Vc-11;MUVJJApG-G4AU0Wetq`e*~ z(vIf9Dqlb>!~ZAD^yK*um?@w@4|T9Oc8Rv8Hlu{~T|xt8AcJOd59`o%f6lrmQxjZ8 zeYsBJdH#07LAsJ7sQ9K6D@8#TKEENrXySqTVmRwaCAU&)o1HTISP@fjW$s4aZ1iG} zKz3)yW<3;^=PO&UIp3 zSLf4D=(}f*wk7ZK5E)uwp6`>9n;7FS0QdBjw{XT@^pPJCZmT@@iH^ulw)RWiRKfpC zuZ~<_e`WTkl1#d8nk4P9+4wc|Ni^ODWd4_A)$GKsO`+|W8SF8_%Sa8aco{ZFNR=of zi+d41yuZ=-9DidcI2fHGFzp`vZ(8#s zzi8znlmF;j6muVlyxitPWkB8g>FAol*8pDLqL1>W(S%l-Zqj6lElIA4sQCo(N%U5K z50%dNlt+B&N+*vxO`}NG$j-csy@84%M$xRSv?f7-Awu2B&~~>qf%q1N;A#La(px75 zUvzg^^)tzKbMQp!gD%Iw2Ec*l1>R-*+?MSHpHS7QUurVMS;zRGcvkf;nLc8>$gx5; zKcYyqf+fI$7`=;WAAh-B4()uH@Z0sG=P!#;Fx7%eP!Q1ul^QBba-~+pRE!V1ewyh#el0CfVehKxW8WD@1Uc$ zeL3vPeFfjpX!6oVk0rZ47y)(GBo^9`m0|zmkIc*JE%QK0q|w&j>>E_eJ&R%TMU`rj^0{lX=oj&f)P(4tHj@6-;U>?ao!X($4=CO@)asZaHEl^RRLyO(2d_$@4`K z;2Y_smHe_k*(Y_^#dC_2CM$8FeT}9}5}keKXh<^brd=|X)xN#)dwU5(81BdHHp z43QjBsDvz_w9vzzKkffA$pXf9ukTVQ^Wfr{l=+^fSX(~lip!}eNwVE*?n!ftXnjOdSqW_>#AoZN- z6?2)l!;`1Px~E6F!+ySd_ivEQi1iPUtc13UgCSnERj@OarT~J~l|ywnK^%WpV?LU@ zeRS6Hr`&Vo*bm7*aU5XX227f2$tpCNzqatB97f-&+=1SA{TL5V&_Y)UNAp|Eyt3n6fNvUYE zs6FYx(VXuIKCs%xoo$a6+VFgf&aE{y^qf*G8bw7aQ`-3~pvdqv7y2(*D}iOHfWp!R zCdl>MXg;2aA5q5k&$-H=mT5?`QA)!MJU`7&shVpOcGNmLhAugcFNAq-u$i*>7Xd&O zKdgA3wGx`pKUn}V;zuR&hfE>D_svqgI9fh~&Gc&m{P|h8ezQwu=x5X$i9p!fNX1)bte_zYr z<<`Soai8tk!QzrN{59W#7O0fx9n=D9<%UT4`|L) zMW=G```I0E*3JCSVOINVZ4HwMS5%Ha+EGudpyKhDNota=}gsda-b(0CZk2j~0_W zb9St&c9zt2|IyQInk9LgRkzAwP!8uR5lXcvOqWQI{-O&|O!y^RA{UDSZim9?Oen=v$V=2#t0DgW zW7*2i{w{C*2i1f0dF06cyJE~2fVGK!{b%AQJ!gQA1k^odbt#&!XA z#TNHj?**?OO;Yp_auo9a0SGk9g^e@!)d&7uBmDxq_Rc75cRlLy!_ zmBJ0QxD&-u4N#Xg`5S?nsMxb@(BEyIvfT1(>L1efP`rhxqCH$j1ED)JmP+6JnIV=6Qha5{-N%AcPPg9H72FpC(uZ13)NN3z#cGw$B?>jGiE0fQ+wVUAw-FL{EkoYE%`GhcfLwUgC z=pPO}S{oa;inSGU@k9iCgqEFFOB+~(-Al2#bC97^!vjvD6zq5EMsamefmn;F7dG&v z=QfQtIxicUfuDC>C?@h@CL-*cP=GWP5uwzA0aRNW$a2eWlw6qgI%erhC(y>T!km5c zaxGHcakS_r$Ee$W+$$XI=U_+5$OkLr;aK0Dk1&F2k7sHI$9nmVXG!mdRJ&v|YfXkf#C9SygSelyo$ow+oja1g;9F5q!r94dUtQl5rjsc@ zVmWTr7hEOK!$c>QY#`*9Ol0<@F5f!{rUm{85S43m@_GCH4J1gFJ0IrEv=ugz-#=WC z>DH`u@5p1|{B%m)R)e_g{wouQ0K@owc|d)XowI_gW= zu&ej@dHbRR0;A1WK8?kQJZDRvOd!K_Kb;GL5w-7Lg=fHZQDL<$KacykbWe*Od&HGy zJR;3tZT}s5ZR;EXHHdSA+Yr(NsZ_T;iI(OV5lts+DRcY5R8wT*sayMv@JMsgdCF`Q zS>qptkPkTO7G7_5T}>h=;+0O-79MRnTjMiebqT;VS)LpuzXW%~_;kb@N^6FH4RQ%V zeT>{!*zMI`cU{|8c>y^yvejEfFMgCOLEyDTczcoBgxWrTf-~OoVltxy-qJK z^KO7~N(D@|5%ud%sz*8$Gdsz*X|9|y99i=<4cWLu?GH=pUYdq+!fI#~(UDug-7~j^ zUZzbn7x#Xoemh&nkgPK@Rwoyu5WdhBkm@;U%PyOqqmu$N$KP%oOgpDa zEqt#m*sPWNLCY@Fb8o+Buje#pa&beamQj_$@`@|ko`r98aNG*qXRoThA9rDAx?w_k z;T{>OCMfeZ{4{A9Vl;Aptai8XB~~}B=c+9BL+;mar5k zWXt#`x)V<3G^b0&FYi4dXO6FRQ>J^QuF;XjB*aN?H*q*0_jk=EI}2+HhKW4eZbbKB zhjw!9WNW$W^G3tijHp4kOw{)co)Vw@(eMqHFT|*|dG{yd4HXn)IoglmR#FX;+qS@p zDX`t@sxxTl;5Rn{^uj%TFrhkWcJeFUR=mbVR*zMP-q*hc+0r<>*G{aS$GJ^%H{fyf z91VVW&uLY;81CdIK8ZFwa>+J5xT0NNnYF7R-^Y0>>`-t}__ zlV5DyH$#MkWD_Q{cc;YE&j`qzi^MiHjIyh=1E)anvnXW*Gq*Ko-a)fO9-i-dVX4=9 zH3%43ik{vRHJOt6WnoCooFXi2Pu*VLVVPtRYk&rO^`Q4R7kfC zo`P8dH^NUa{C+9BwJj9}+zF_QFS=8hQb?v;4r4yPm~bdsLr*@TqRfUjfp*LBUHulo zb*-18Q|M?4*K5N#t_-O(cJM9Vdu1Bf1KK#!GSsQu9723oJ5q<+asA{>MXN$SuyhMhm=`$6HboKOrq0J|Ep6?z|Vcktg0wuoiDlXo!!?)m7uMP53S(!t5*b^kt z|EIC9j%uUp`lSUPq*x1WDHJQk9fB2iw_?R9?ruSX779g5X>q4Ggd!z)iaWvGiUmyy z!6kg@^RD;1>;7}s&B|I?nVECW-h1|$z2|pk_HVO=xy&Rc-C)(-gzd|7VR+gd{rdI0 zqtaHbN~CY4xEr<7tNS3Amz$uy0Wmdmd+nUbq&`+>blltr4shZ`E(m-P**f9>0Y-kC z;D%cFyB871V>p`Tx8w2Q{c~>)4|ii=ZLnFq39UW3zPN;eAGb|bytL(XH8#(liY{A? z??Aj@4sA?uoHNx5OC1?X65bGArv?)|rdp_IYT2ivRrK^I)*`AEHi`-6-9u75SEI;l4c(|CW%;=`ITBttVT0($ZYjGT# z-w`U*FQB#*9KrHUM z)R(&e;a5HCj&WYK)IO>+r5etKZutIox&bHZs5#Hwbp9-a$Fk&JB*mO*9j;R*P|mVn z-k$w3g)q)VwGHJKE$mjagX3wZ;!uTZ8pNebyVO6VZrQQ~YD%4V_$5{GZU3NLkMX=D ziht|V^Q=gEWXzmYa}(~qa0Z?rp3esz`GA&z>ExwfM9){GBYechPziib>+_0tYs`D2 zjJNH-Ynf#*c`e^o|Bc55W~#4CCaIP%09|fR2u)Koa?Abvp1p z9ZHF)*mb!6z@>~FdKZi;X3Mj0+4<$@FzPJ!MR^nn;<g}4K@uaJIK{{1 zWeTtgnOqaEIh>@t@PH+y1^kI@|8l z5wVe0V)e@f$2oOo`_5QP)ueAS4JP2dQt9Y249r0})JcT+~Cay3=F zrwC_SZSzi+|KlruEN^lSJtlM>`+7gL=PD^alVEtWOeVhx_CMJjrmH`M8#PFvX;9}o zUt3mJax7@)&OWEYU8(Vp#1lT`5n0~r3Zup${bu+1?A^_J283rOB>VNGWu$OubZbHus+2b_}#k!xxEyGL@>X!fZuoheC(~*WIK7ax8SYz(}ewI=awa za6Q%Hf>ioNm)Ic(Yh>%2(^tel?dWK!9oBDRla7D4w7;A`k+`S2p;EG525sbC4B!UOH9lMVIfKDeMXecZRI?mFp$OMvA0#G4>y3Pdk1_n z1qKNz^)ZkiKsbRHk1A>5P0MiuOy44Oa&E-V21?T47$hOLCN}Jf4Cxt&W=>k_2+KkZ zqaJTEaMeIu3lZz0oS>hgQVB0d8h+ZVI&`LOo3bPMc5`p;)?Gn&4i`N);^qe&{|GwE z51Ye0@?le_M66AFNH9seh|*WGz&12C@>FwU<)&rgxP+~$8YQweN~aP3e3Nh`t=4La zePr^GBwFyF?fu8gdNt#{W7br(`}Ge85AFZ*%sskZI8$%3V-1BVTXudPV4u0>`nbaX zZy9`6O^CP9wup%&C=nTqe6Itoc-r$QMVcE^6`vxlJv?T^%^H|M5)azcSp=eYm!c|;wwyH{lYJp2unPZ#~k8b z6#7ZJTm-XCKZ3}QgIMq@cgos#HCy=RLroVyObK|9Ifky_n z77vq%ovB$>OG`b&e^jI80`m-R;9^8_=`yJ+uWct_KjmGBCX@ZRuV}ort<5_Ta+J1H zU#?^}-O%l_koiHy6FO4w?E>_~x&R-JoL;0&G#hZYLbHc1#h9P`JeG4KijE-ItGVA5 zcp_PiZNPeWIQUlqF@mk_b!BgfiT0UMek}pc|0|1fe><5z=>8+r(_M1@v&=mjxW>WH z(0-`G5Y_YwlNO4;qgv~`^Nh)uWXP55&f7Sv5%K^iT{Ml5|0l?AR=fG4TDH3x@hfLy zGh$$#Czf6y2&h+GnFnL8z!Yh7S_E^8KV+mk3iW@Yl!glT$--^G)UD$wyPa$x#)>mp zI437w!V~S4wzSOI!gKAJebINfe}>CZ!yhmP`JznEgXd4a(rU8f*aZ|UB!wl!S*>h# zXIyV%inoi7AT*?oJEvLFTVcksnpKB^cbeA;SDBl%2B5ea?rstGMHGuPQ}%Y7m55}x`;Zi}L1v?ZyzUw{v1 zrpWiAHT|U%D+7z>80~7;PR`tygB8~RjOb|uOoB{CJn7lNFofB+Y#Pia*?=N?Kef3Q zj2G!7sQj-R{iS3OWd7IT%KBb^#)w8XlaAws`6;COkBjPAKNxU5G04AA`F{^SJ>76PG#2^y*db-tMUdBjJ9(Xy_m^m5CViRl zzs_H%I_XQJF*WYnURVDLKkUdbgD~Z~P8F z)+F(yFl)T#vN``U4K1Q(UG*oZH$pTwnyF%xu{}nyvQ^R-&WPvkBEqHSS`do zqn5Yk&lqasBG@Wa^?s8Ba9_>VuQZsbHW3cyl#Hhojlc>GCD<|i%*ZChKbC9#J8qN+ zF%doHsZpE0eWFh*Y9Qtux&|x!2K82}!MJPnq{yV{hJTJG3kw>ZwHB(i9!)C|>qZ&b zY1z~x+R-+D6`PT ztK)vU48a5aj=OV{y88O!pfkdPy*H&Wn@Lg42xWzXWiVgqTY;5Cv2ov=_){M$KzwtQ zXe&S9VfEq?zdkCw35TN1_X$RzggA;vx2%D~s3Ke1QmDJtQia=AG><{CZ@5vaO17^+`g=z$3`e1Gm;AAun%l;8wCy zz(o#ZZ?gE&vrh^USGMY~`>%>8HPoW*mXZaMlB|BjX0XuO&)|EMj(%OE>u;^nl-(di zw|1gZxcpV|o5U}l8^c^n4LkrqsRhx6{77h?6meJ9M57(gVhj<($aH>Py)hFeR_Pme zT0$a{Dk>Trr=l5^60`3$H8n{{CBzeXc0x2wO-++6dAJ3NHvc+T~>c_S8MUBTSU%%NyvYD&pqks`%}jTQej+pUj} zad2_p^OmKL*aZg%kNNk08cs2f3)*5M$Wk`v&7;T7wjY!J{XpTv!zS=SzM}}gz%dH7 zxtzKtT2eL*MY&Dy2Xcxg@&3qE$4?%JNjMM7SPnQFN1>iBXhRVi63E`XuFxMuWJnVj z_?qE?o#T4>TeRvT>sZr3=b76hU(kf!Yn-G~h zBy6UEvs{-w67em2uqvR9SQ32%^jpdJq;u+pi8B=q(0g=NI5ys78_+uw;5L#i>Wv|R zj;E8##eMWFzlfZSOj_HLzN4e#q!BWl3;*%8`JPl0b{{7lLu0Q>n7NW@1$Y8HsGg<~ zCeaPJys`wBu|JlJ)^^{JAJNg-CBYkuC*sU_F)sv$_mDm^E3v-!=Js#cADh+?d?9{j zjfMm=<#hn!=8NiIpl{D{TC|VL@+Z9E~=<`xis8@uW6VvAV zkE&dXGHO31E|TfAd5d55o}TfH=n?4{^Au>&m8ucjeG1x}F!E+G(G$tF2|2SsZE%4& zX;%_22{=S`C$rTPQ#e82Ik3^>J=6Le0R?Kiz2#wEZ*#uoU^6T?p~l2wlaj1YcXiaW zMUq9mcRnX4cNQf{4k09h=9{fqFvQn&^=#ZvX?!&NZwB84kV&<2A#JiP16eO`L6RXT~O)wgMzjjl!w^s7(@dL@I*^W3+N{3}=YAPgQ zIizit`{RLmE{wVxyj_urmKWUX+fwMSefr&6qO&5ye|)D$Tz2Rf=FZsR*Rhvwe>#|r`TLW*7AOu82-!YNywsB7wa~0iQnB|C?JDRw4 z^IqALhb#?>`rrpSv15h1F1@`dh$$1a!g(BtSCl#GAVdvEUt-()35n#eYO>6`1W>ei zU||urtH{gfNw1o0$GKamE&U2L-0?V?B6m2bp)dnqk{O7RJxzFNj~(51E8*OTv^#2x zowg84ZM9fY8M{I*&EL#I2VZuCxrXLhosmBnp%#lRW}|A!?JX%^p}aL2o!? zTFbf^$AIL?qsXa1519Y&_{`SSH3;YCHZ=*VYaQ>3PC>>v|iX@A1*lco6iZJKtq zQ2|Upier?Q`c_*X`)L1k13eFMgiBFGc9ZJQ9G~gx_$1Jj8vdSE18Ifjw&W&(#q<)-~Ob2(|YCyM~jcg!8CD&`3o-D=zR{&&|}<|nYf3*q9wt(gqKUPuD8`n zldYbgvu;vA4KKt#2;qh%IQEPfsX5$?$R?`0$$h%*7TVf*p?+wN_h|euk-#Se1dyT| zD~6skPDx41t&z?N*jmb)ze&g>$8#85w&hN%ENM}pEH#N3v zy40AKlE)@a+tc;1%?cH#IuO!;b_a`EsOau3Q~_6T>pXR;EVPXnnjM(*a!Myyov?rM z{L7It%K!yPhH934NffN)X`QnE=pwCH(r_;3!VldmDnT_qXolw9bm(kYgT6PdT2o;2 zSKvqcZfF_zHCFs<7zw@L#^jxwB@cur3*?l7LqeF+Eg0Hd zW%jSC_q&qPY|+;ou@$O!rMX?&4qkCzF-w$NV#s`>YG9|y)Oe2Ofct3L*Am1AOu_NH zD=4j83);KE6`G>|r#wj)IT+}&(fcEe_jt$RAVM0PGKX8u zN|=f0u{tR>8PRsa1#I8Q>57&jnER7I%w!NV;haqBXmM{JJ%@YGVG4lPef3Vk zlo$+Ylr=@@=`;P3a`&t6l3BE>9mizAixBsuLe|Txt8dP<7CP-BG=47=zqD%IUnMf~ z(2Kof#f6vxhM^70UO# zRT3RV+zq}nnd7Y02isR|9WRx5T_Q-0PE`!4lyH8}dq^E2278@;TJ=Zk8ftr3LADdT z`t6ja1hf4({94J!QD_&A>+FV6r*21wZVnSePm7!+ufT;{9}uA(-{E(q^ywUBHaoe$VezB8JAimiTp!$+(Qu9SA8o4gYWwUe zhx2LbZcA1-2g?jXbRUf6oU9v`Ja*ToT!<_}7Q=%A6H5;6{+S(V&$-sW&n7_@n^^?x$W^Wo3Lpr|DlVLTb*pgoS&+i>ejSxDJ2|DGBKg7m%R2i6xI(31Ce2 zU-{s~U$DKkuB?TZuXup~1j1>8sfFZc0D5NqSd>`33W0$hc!>R-?h?Z_dw8?e@K4h( zTDjY%8;Xs#5UVY@J4bT?vJ@vq#~XA093XZdpgsSmsZYp&iCYzolH3_R23*}>P3@>1 zo9UrEM?rm6=FO(%%nwo8h94$R6<6J}<7jrbo$+4}yo?4*TkX)fTm=!Bkf+s3cq*Xb z_HXOSQ4ia`T)e!RXprEPJbiLgh5ADY*B~x+lE2EnKj{Mi)p`Hw%|W?(5C}*kjRr9q$nLU3)~7?IBe&pJ(fFKsH8$PB=QX zc?atd7vPV3ptanMT0||+bUX_@0fEfgp4iS0$2*+D{Kni{W%bn8*+!IzUoT1}_8jKC zwC7`c0kt%^<1O!?)PE$z!Aiu!pD!tT?&8N(ZROr4>vR9wsqBHxQqFt>pb&fG&mig6 zbKdFSvvVcKp*guF_E3PGIOvgQvH?jo`m-YsH-pvmD_VE>Coue0*S$s7@@A0JG+pgJ zD|)j31oMJ2LeA!CaBMaPU6B7-@Z8jPg^%)wz0JCK0GYkPGj>ZcAABVz_P!synq!&0 zgBb!7-rk~4KcC#K2BkaA^|jcOI%%#p+2U$PMvNyYQvAH6*%vQ~X1om66_C81;}{7A zQV5X4HcU|L8#hVzV?6;6Us=u`T2PApa%cUlmjfH3f*f(f-i&2cu_0@M9{LSktF}A0hFC(DRzP#9 zxqY$zYkhTY#D@!!Zjd4@25h{IsqX}(Yd|~+7WnO^eCOTG=3I;5p!ZI`y?qf@^sWQ{ zV(;VI^==%9V^Ff1;T7|J5Z?uHNBE_~+LN@UDubQSyQkKDl2KguwQX@W-a9A9t15>O z?gCeNHCZm5bp24yJ}k^L`@1jBI=_BkZ$(l%R8OdKCUqmmEI7q7@%bn9*hxQU$|A$x9jhL)4p>)nhhu2z}a(Gf(BE zTd%}d{wxhx`P(*3T}!KSz{-sOFYq;^xY}+D3-5XPM0Iq+TE)u==V6~L7phC9ZT()g zfIfGzh4=xZBKdS<&TvB_b4w_VgSmO-iJXP4cWuk;1E(utJBO5v5iyYu8i^V`vm;D> zQmNy=SeO@OzJzm4HTD4sJFHEtc1+!$1!us4$-%@v0#3m~bJ{A9kc>AXKRI1`z#aGQnwZaPJ?T@0QC(kp z3=XIh^0iLEfrON0BfR#tSPssMg!B`<`aKHbjg|>z8f-LHz!DlZFyUce}l}yoS@N z;K=61P~8#7kOI}=KR})!{;bimint^#b2XEx)7uA$*H_4V*0Q*W35OmV{`UYXK1w3P zQ&L`nEezyYw65V$=w&+6>Gt`;$*z7OzIoo+r=8(1Tv{QbpffNa{wc|b+vF+R+|HkU zbX`S-jcrb^Wm!axP-S1XCj3gJU`TZggMEH0WhYE7kZ}?FEFY8V%PuCC_RSUV%SWO| zioWC{PZbzgSwC*+mX;Y+&N7XxZ1aeUW>5*rYJaW6^ZqLaJI^nr;;9+K+Fdw~j~Ppc z3I%h01JQ7|n|Ix|<&(-MB%W$WXMz)78f88GV&JD|E{mtsM`Awo{DpStN@oS5z09$_ zE#22Hi}IDT)qEMllJB%IP;TLnGv)i8?9n`vK#Sp)sP?LPpFeROEXI#16d3q9MR-2q zT~6{&o`pC@PAK2~GqIc5cV4|TFft-NB|d7-xU8f9jY`mIyu#PnNm1eV!2uk|^!(p* zD_%rcy?^Dg)u4J0J}%A-)NLwZCzR=6CuSU_g*OOgr~_Q4(-(dBH$3LIWAt#fDW0Y* z=z-};{+(=5gaE%OCyM8JotD2~YtXuShB&r0ZBY#TE33zjvBh7sx&*A{spm)gcRfT$ zaesYDs_anwFWOufKb>xd)c@Z-f(+%~a`65({hCbVM~-P*!6(QdQB{ZfyO#2i|7}u_ zq~3qQ>2l0ckJC~lX%GLdT2OXdw|T`tPpIRoWEMJx?8weSvk4eI(wWV_P`}j zBLHP2HNCS>)T~G5 z1g|ygh|V-6qR`5zXZ+X?x=*ZEl3`R?p*VPW)PPWt(*+0Wr3|0l3?DD3&lmxtnAo}m z4pIRo=bKgk%SqN8Y)PEZB&WeB!sF#;W}LhC{icsMC#*U2|NTA2@fOn%|68fueg}A9 zV*3+t2ECdcE!c&N{KK7xQSD3qYBk=>4$W23fEYS@i1fR;m?XT7<<0~ghglna9HdQ| zIfLz40JE>Ie74hd8=lu9fu@n%LcDW80lJ6YXVgVEKN8@;+pLI9v((zK1zdAdTNtfFS(|U{^4Y$)kE`DD@39F zT7xBry|EPvw#3v~%IWdTYV_(bM-mFe?a)W`FuIMU!9Y5r$w$2X3aV!0v0}Lhg$+OL zQwZ0G=+NmhUip?#zKR#pyaIPGR5I=8`!jIYVIWq(7f;H0!>MhpdvHeid5-2EHs#!V z8lnj4U7c5J*VPh3t~ODxJ*U)Z->_C9ssRh6)JKOMw*#uxDHwE2rn>!K8ao&J1>O+$ ziDL07!nn~N|5t=kh6f|D#3S~7`G_{0xx!~heUU7X*kg`io~t+Ip`uMKr0K3#knb2@i48yF%|zUSZ&}A{sC6L4?U+i+LcguX)t9H*WS-=yKYNUefeDZ{ zg1$E~cnyt)`?(&9&k=uApu1qYf=#y$##zNB4jbg1kZJnjX7yfW z{NHx$S5<7r6z*lz^H`BM1G&(*B~N!7)f0=KgBY);yUvF^0a)FM(GYD;;j$nPNc8<4 z{;m4e>Ym8lyO>z+w!L00O$6P}nOb|J1x4eIN4?a)hv_VMnOCgQ@1|`0JwR+i+)=Wy z&I7P9wz9-Q?d8&@<3F%sfnc`6yLvAUQGNXgWU;c@$l>ibKjULc?aN=JSyyQ7y&`T` zHQ8-V^X*B&J=pOu_f=sUo&f_Yh7024V*o1^H_6~iLP8ETtblt*K)iO`r0-!*xNShz7GFpMG-+IRUD3iZ4c<& zQ}FOmQO2XHRX?S%kr+)5Hemj|XzCqZgFP-t3$dF+X8~JW*ou7~gT~myd_pjCO zJgVvZR|m71&NZS4jN{E&YP6x^Jz4e_qxwv8*WwIQ1p?6#Agp*=8t0WmW|Ej#$P(M1 ziz_qLi-yY7b#=dQG79Zd;F2;jVCc*fe{21IJfYmR`29>9T-rV|JqFMaYRcA6RkF6G zvyb&0=e|kG&4?r=P>Ov0}Hg&u|hS; z3vM4SV1(Eg7iXGI9pZ%Ft_0neJ_Q>`>vnk9<>bW^a~A4dsv8*H>%-5BF0|A(G}PyR zUNc=^?`SPNRxkyojN5J5hwi5EB&vb4Bz_RcrK9JEp04Xky`VompP#&Z--Gs~E)0ir z|C=1VGVTd76pX`K6TjH(Hg-N~^Vg7YcY<@}N^P&>46Y@Q-*UJ|9v&k#&v`|Ef=^TRP-6-?MP9SKSnA zo+{!k*!r(6zO$B8@fK{8RFRt08b}CZdkV&6D{?(h0N+f4gFz@_qnI{yIO{dEo2h`{ zzt{3L1`b3yN7m;(U9N^i?~Wg$d{DJqvAy4s2)bG3jtvm zKAt#yGHCyfrO1v{ERSk@bfVdXlsl2bl117#IJGD9RXHFhmhC)3(^g-e$1?zoX@p+m z>Ml(F`;CS{tQA1wkD=~_XIvIqFm+S9Z&rtOQcR5wx$AGY5T>+506H)+iy|7`)#X)GV-z-nuY^YYb&D@s>7$ZMHNiAo49~aEwlih zWQ^9NEeMUjn6rj;fz^+LE@7I;Mw{ba*y@TG+fH~B+v-bYrPbx{bt(wr@4Ro#s7LihK(JX^K8 z5_(F<5!7=}8Mqpn~uhh!g_XL-r{^=I+*1eh|bL`r8eL&6mHH4^|vdx(7mHC8iH{3LJ z=Wi@x%)ZunMI$O4(pT7bcyB!zI!PKjXj#%#6&f>vxESo%q;~XuR!h})SJK1C`OuM< z2>G%9*`RMv|qGk`|zqwJZFpRc)sDe5FoCJ?Fu;Zxl)Ls_1r+p z)lK#*Kk#e1CQB6Gocr}RNDTt$@HifN33)v8Uc1^~&dGiv=W3Y!?a)=JqfQ`2ZYB^+ z@plI~v+qPh*t~H`x6=&s9TB@}Z~UchmnCQALKPjmc@t?+$scAc$Sf z(4GAf;}A{77gzk{>s#!agF$H+i$yQ<_GsYwN3h4A+x2n_}`E-S_yaB=kFO9~zgW z7F5?38v}`OH`P5(=3=iVo*mcfGm-}gq@?>R(zLWPjiPF+l*d%v_rV zxJam|a92O#ucGa#`^HAm$&vqxKv42YE)=utvX+kZ;TQc)BcSH)O1hAfz0SK>;)RDcqCnc5a2Mz?-_@ws(2zgP{{3l+%+<7$rlLn*oK~r#=4y z98lFm`Qv#{#mDId%?vq2kd*=o)EZ_yw|Ln69_c6_pH!h)-d9f1D3`n~|E_6m z@$26j)pq5$=XOQQ`gO$sbEhlceKowD)OfP1qu8IYn11O65e3Y*ofwfTz(h=$*w@5@ z1xS2X#Y0}R_+wgMI%Bg=msZNJkH%q(<)yZ-?^HI6k;D)x2NhdYMHlm+X={&OkW@(c zq0UksG%vr98gDzPyxgVH<@ehuQ4o@_m!r+=3nJVjXTAtSmf2DYAv7Hx|K!>mv)OVw z3+;rC_^NgS#V2+O-?0tZH|JCxFBHj9<^3z;3HU@M#ue*udN4B0%})CwpmA+eV-(YZkbI%2J6@YEivIEMC#dQGbq?zy@qHFol8szA zt-9eUbR>~BU8savIxjHMgkB^dx!Xw@dWb<_jps|JZgf$KvlX08&Z2R?=SXLCIP#Y* z;^jRuh*Z_)av^p#7m1-sxRW1O>+45%nh?~`^VQOjWIp@nhsyZCC1SY6K-oJGuw(( z=(9_+_pqx*G|V^vqhK74yVZky0DfZz)`Iv@O6^OeU8D16ZxPFqDRk~i=<*Yl*K=8D zsH-mjn5*-2&k+MNzt{8jH0+1eEKjb_jou6Rv>R^qwBu#4bl=8fbq`G*(T*Fb1)i3F zi&3Qx#Z=0BLu5|olgr|t3BugNx)m3?!_f!cjQH#B>c^ti_g)Wxe~?)eD9of>H5OBX_nED{o><|m7VrjQUVV8 zt5OP7y(I8Hse<#a{>|f|SbH4rGn1mOU&rmSWb4g&M6fZff|>N)p7>+^_RgNJzGfio z&-rep*zTQi6ZcJ>qmAsf4PmEF-MBM({|(Pf;EIf^R?D;A6SO6HU+e_UdFv^+;t4EX z+r<@P7cVLY1dcL_E_!!mvLen)UJS%Rmc6&MvgU9)F0r&ODM}~! zQ*9va;YiQ`C?Z3Vl$2yKxWVu3^&&`u^AlHBh{dH%!;V~uNlCMYoe1Bwy%LOsz3MDh zthL$w(@z_7A^|Tc-u7*XQV|J*9!mULx z2R$4G#83*weC(I!+ASs0ojrG2f8KiYFu&wX(U3jTefT zP`qm*1FWoOPx6fEKaJsZrA z{QP7pv%h#S5ks)-D12T+Zre7VehZL)oP-1xc%D0fqZ-+Dhmys2&(j8G*#&amv!z8R z&+&K|*}y5Y_hfuA22L3x6s@qh{!QEY0I;avHHzxRhMdvZ__%_iA{{+{#918&i}gG3 ze7rfAy0*4d#0`Z@`_yiliOz;cs{21dT4Mj941zR*A_h8%w?L^`%~eY5ljY{3t}a6) zu{RtHMwhrIJJ;4SFoBpD!mj5)XNdR}A=`I+$x~gsOu5^CYkCcq=(KV%KdqZN&r>4> zj&HOnp7N33n&|nEtV#Eej87x$N%DIrN0Eg5#PM}9W;5#aC~?jMBa~Mtw$DbERz%dS zCB5ZWu*+1G(M8%(rAMFartM=KbvfONex%yW(<8*mmdJZY`S)^Y>5FkjTcnvHT0(1uBVXR5yT2KCz`45M?u?Z~D;ip`oAM<&OM9LlC9yUBuGmNm2plSV^F3DEHS!!frjYoX?S zq3F6_wb?qaz66Ja7+AqwEZo=9lEClw#&6+GzJYsr=9dWNvMiTl5*W_d8RwAAONK{+v`yixJuFX<6f z;L!WaJq>krbstuTqnYC%_K#vgg?(?~-2n{HH-P(vj=fM_UC-egSqQo9j3QnXOVJ2M z6#3o6Pl;5-UUr5>RaGaxde`&xNl!y*dbB=tb*<)(c7s{?SY-&h)4hUTHNpBF1o6YO zhruS%?@sF(QAD9(nkSW9~_D$Q+qBeU-)$#LZ&4bClD{_-eW!y zW-&TCx*N?dz8y7QTP*#Eb@wD@IOV3v%TZX&KxZi{H_Kb4{Z3GD$3#@DRu*avHEKI<_44Cj7}Cbo(*F1=gZv zVv17D5vq4sU|R?8VGhN#r#H>r$jHfA5DRrswoS;+@{Hx|5KB^z;>9H-XbWZn(5k~q z?JTXWxy<^I6crWQjvL0)dF=4iM9z`uk|HYQ!xcCZSI7-e~yr5+9!e&Wu?rS#>W}uO&`q zTdgeS8O_Y-;VvW0Q+aPl$;qKC7+%r?{K!*rxVf#n#+vNn-4={MmrpUTXZ_lQm7?!~ z_E1W0*;G3sqOm*o4(|M;b6Cr-SjkF{O5J#5U9FY{H{u(Hl(lSxdZu+*>Ba{0l>cznJbT6mfK7%zpHk zKe~OqwbkQ8D4zlZAQwwIm;+iL{q_ctSkMjd{BXV9ykJZV0EB{{AL`8qF;<;G(XqQz zdR|X^a?!|8n0B@0Z%CM-;3gA+tfU67h!eJU7G~p;vK^@m8 z`K+s{;HD@n1o|hX>V&0Wx{nft_kC7&aIi_qUS5uDe{WW`$R;1XI%Lq?Y%G~EhzvP6 zxFTGU%_rv*_(4>msuH3&V zuw^B!U77N`NS+(64glRFLLlif(Ujd@&6W`@Aum^vpkr4$r zdau)EslI_Ud^p-x0;(3++!{N=po9jWIX;z?$b`!m9tnlXhQS>elAJ!!up`d-I2*6q zxr+^ureR_t&4bCCnZ1bwj#^qaTe|D?@%)wj@Y0ZNB|f!PP$1al{@5(iU0S%l)7xKI zwr*O~DR{|QMxqC)KGoH^ zICZ_yg=Y(fVx%RNh_m-vzoQx0q^_mLj#!g)RX2-XXTtYhv;2RjDlVJA8fnzoW0|67 zC(GSQO-(neZkK?6>Hhri<>mO8#Zj9~J@NN3tmnV^t4K=&MB>P!AVj=TW){{BZXesb{b*MQe z8<`p{ZY%!Y(7;7gR9L55<+$E;P&dv8kLH&|Q}mxcg*8r-M#0G)TU~~!3ofQrLXVS~ z*oos*scflt2ClQ!2u8FmkoKp zJaabkO)Y_i6MCwS9xRl#s6Z6Ix^7<|tyu;(w!ag-Hrrl08|OYuR3@L2($eG&4Mj*u zSUpAafGAtGXnOk` z2Of;p1N`dsL&{xH*UQMr$dpu7`GDx75v){}jkpwq{j1JBlBt%3G;h;tLWQJ8*+=^A zo40NsUHwERyP3a*9vttb-(F5XHTdE`Hnwu#ZYB=!+?kVcQ`7{;FyBM$8gKv1QZbmfrIT=etvF40TY zv9YoGrC>D7cLi;2XmBRMLMiAz;?k(UIIbI^(R) z1rC?7A`s(;rS0?>PgX#-VXd_p3fWKTl+(1X>-M}$u{vw zGHSRv$~ih1^}BsXT#a3}&yb!!_pJlnnj4vRW$e?F$WLlIy3A)(EF3bj z_?43y|KV`MXQ&Z8N7Jzu8Ws)@p6Ct8+Z8T&q?A%{h^v~0Z}1t%sg+Dty~0F6^O|iv zNh-?p3FH&weC*E{d=9f(&|jCC@pK<)|M%BY9VfISr-?ML=IHJj3^!o0TB6#8=&JPn zrEYo?@Ux(#WUpr1nvDFQDW8E}`yqcJ4b3?mQ+63Yfde;e^00egY7tmDcV|V|y6uNL z!6C=RbggC5_Vi<8*-tOSOn4UfXWk;-BDsg26~+o|Xu+RnftBY69dTyF`|!>l*=EL- zRt(4tfBu|49iwAHCn%UPm&_w}x1WJw)PjIO;P+oGfT+2}78)j|?5qa>SYeF)mUp;# z06;@qC;&%TQ~_6SaMjh5QUbc z4r-E;Vn#w-rCOcNK-F0uOIbJq*6P`1V`RMlell+ev*c=Crk9^f#-q}Hb~o^y{!YzP zyxZ@ET8w#O622O=B24xnE+u`4T>O|MrIj%QkTuxERMyTfekD820Ya!4<6aZNDbWMbZ zpM=)3a%8BT?0V$EVzr9H*`^+CMhrK?gk`9-l8vkY)(<%+E%`^jA&4K~I%|hg&wqa}{ijZT8g$)mxL={aCjx|UtelK&6$^j* zj=R2jY_lo{8 zY$(P&Vinsfv=wBO#gLO?IZ%nosx6AVGWA&Y@{Hcs6qyYN8o{0y#ofI; z{0fGBWaOZHo%tB97>T3`Hw-MSQu9etFJ_D!r#49>@q)~_q2&fa|7Ld~;TuQ!>R$;2 z2~2+5;}~P3%X$5W8-!1*FZgsGIb%QT&PTr2Bw2h!;XgFfM5!E7ZfDkk+%MS(yhp4q zN0Zj#!iOMFAaD11QOC6gLfM&m`B9{Z@kJ?W0p&hQ#_jJA&QYP2majXL zDYtciTM7?phx4brC@VuM+&k6JFNgF04IY+?G&{?{*`uWT=ip$DrxytvO)U>CS%?)u zrzp;oqEdZo+V;Z<|Be5XYj?=U2wO`q$J@$LnbzUfjjyTQ_?fd0GgNmT{oKiaQ*iJY z@h#IhnN4RVWh!zw53~uEeikb%23twdS}DF$ytC}*hLfuW>MLhfY#TqsG0SYsIq2L0 z6ez|6Yp2eIT@5-YMG5RvyxVP0@?#a+GZ%W^CMJ$Iy&?@&`#GtbsXiv#aWTH4fhbM5Z@efy))RZ5j7E&k=EF)%XF0StT1A)hVLWfM8Z zF^V*tw}aby@T&%?m4xVI`y5lz&~+GCSpXO z92;Mx+0#gDpREgU(>u>!fe(CLP-U?H1;#_`yIxC-PuCM!J{F#w`tx1^87%$}OeoFq zKP|a%Gx@SRp;JFinniED)_bfNPNXLmHNxFb`BBg3bz9e)DlabQ%0vPuCBF1k3)t7f zWG3@dof@=M$fEWdY27JqOgSoe0? z%xI6hmc2ZJg=bEc1^Rs}0b(~go-->$J%|xeE z{=7Z{Y14`u2PLq}jg8O68XLNirB3gX06#iN9BfI$Vex*qPETQB2%%R;@)s1K1P)gk zP94J_$NKz7e@(}g@Lji{(vNnecm4|GCz)LA!ZtnQFJO?%&bQyIoI}IetvVF;Q3x9r zvsZx)=D)a~>YP5Eni%yuq?rskbUw%C_T0CpF?1a;w|q#gyI7a`BPtMFDHgvQhYdDc zNtNyLcyXd61(Csa4@?E_PhQ;H_DkNf`QHfhIj)QpE;tu=HXjb0*B^uh)|Ib3`!_t< zyl_K9`JFTRZtsOQwr-0`j8gK_j0>((1&%zeO^lMLFzBVXZnQy z160lFNvnStC5tYXO87t@ySr;#`x^$Ph$4+)AwxnQR|ua9@A_mbw`N2qw~4WC^w(@Z zr1iIO`7U|boh!DR#THoX)kAn56a5q{)^0@{m^m93$eK3}Lk*>-$Z)LuB_KsbqH2BnVLdNp zIKgHJVu?ZPcHupd)-!rhm>3f)a^=aBcTQZZLZTAOo< zkZPCa@$+MlF=vE4jJIvOOsB267W13x?7H;|zs==xgE;7%m7Ibxus zu;<=;1Q-?q`JVFLbzlswVsP(luKAw`5JzBZgi`FO&tC>R6E8c{KpOVI)JJ)G3&ai+ z;jl}}j+*t+S z>G;JeziSq@DYp_i%X*X&>&H3rfC0WPy(1w17Rid>@yK!LRKO@&Nns$B@&?xhj<7?o~LuA0Rx{)Af7%q{asx?qLM4~!g2ehf4ldgj2 zrNp3q6G}^0DcIH_n@>in?T$k$WH>xeVL~^zfT)MkdN@$oo=Gi_=Rw*p@u+R=cj11M z9ZqXkIHZHEbzQ{AF;h|TBJov43lU_GurCBD#F?w7{ZcK=%~D@)D=X{mb&8^gRb@fE ze}2wjlM^|;C;Piu-+<9(kjw<4rP+7a)<3IZ{7Qv7Y@}AWE6t5C88NMM&3e7L@cx(P z6Le@Ijnkm_^wJ!`xRyxkV3^q;aQDw&+FD%q+IbF+&(FsGQ2omQF&=3t&V%`b%}eQ> z3(S&OXZp;K9}BiFeGq%sh}!;4boHj_!p<=0+a+D7jxswOjb7otC+klAKxgXCww10 zmFE5V=epMa0oK@NHV2sM)-yYps00eevhfr0LVc0Uzewj)Q6Ko`=c#J_R#ZH*vBKr` zVyRy+j&|fL>Rc=T^a&v}4@5~}5}1>JbCT#uvBdG2+U3AbbY(U=_3}m}hqIR5Y-bEs zQMQw}rh1W?;h$#ggGo(_s$Es~xsp_5#B_(MWZ+6==ui2*)+0r_Gf*r-s z4`l%&9+V$jt{?VEhfwgA=^v2D&9|?(EMr!~G$~-Q%-c!g$c!ID^$R%wBP=UJnK3?9 zlZHPZCc;u?X)ug3g1#{TO@9V$vHG_@lC=2QSiC!@9_1?7We84A=!gg2Ej?L2NUN@6%tp~T%5Uzfp%~Q#?vGA%+&xRfv8||o&R@>~8pg3ZiS_EoIoH^^ zYx7AFVh54)iwouV^ODF3=4@M$qvtW%7dEA&YG-MUc$^n4jpqN%i^=k=+*+g4`CLhh z=w8EypW`peUU1vIsx2{#+I)&#WqipotT4;g&i9Y_2Z?$PW`)3ff}uQ*2wX;Fz&&9M z#Wah=5YBPQbW3J2c7;`$Dq7@L*kEb)Cr8$t5VPrzhF%*N4tH1PGvtVMS}0Ij2B6{n z7LOR|4MGtc)9%3|n~g+O+M4)tgq_+H?e3rU)dg|1eit1rHqQ5v3B4K_+{68YX@d>iEXD>fnd(aH|JZYxjrdnb#+VeSCOUJG7E1J z@-ttc-=)e#WTbbiqofz=&@?~-3saUmLjn@FxEtJ>*8dBegaEJnTC>r^{OOZx*VDSq zaklp-ln=ho+jc0mz6tg5UrT7rhy$PhB08Pg_MMT$rekXbQJ=YUAW|8O+;VF8{5=rA z)b=G&v=x4c>&T6uA$VW)9_)r|5&;{h)nMN)A?NQMwQ=otFG74%>E#>lx(_M}Y9cf2 zu?yC+7;9_4iX#FN}F^2{v$ z;zY-I$j}v&$e_pU`U-c_LsOOVze+=d#s3QD_I8ptE`9Hx8rANPPCy%%_i-Int!?Su zwG$FA2lR^#$o;4CZ)w;%-y7^r{q24c3STh_Ady%cB*I@U!@jSDMs2!%e50sOIu(TY zz4OtD=J8g1sdItu>2~eaWway>?*pa!-V=Pcw!1Ye($#u>dVDrjWTLD_Q+=*$DXg7@ zn5NXvpz@{>-(7)GJ1a)beRCm)z}HZ7s@&4Imw{C< zD(>^ce0%qq9DyS+(pzup+;(hvJCbW$n+=#Hb(2bQ%(9~Nx(_Es>vaiHbv?#H8Y1K4 zB-I`7c=)4`cGji5l8<{g9i~4Sm6@hiU;k6HfXe^!f-2FR%@@^AQafl8Fv8jUH%7xK z>GpF^_9)#IuO+0CwQbHOh4gB4ZX4fxTeS>V&$<)K#zt3`vlUg0z9IS1*BpuDEOkrCXQVj<C1(v){{~p zts~=oRoXp_!{)Brz~kF_nScggTaxJop(ZM-dw>j8Y6sl+3D$@zm%=M5Mj8wQ3c7xA zz}1+M50_xIq!WMn2aR66e|P355+Uvj6*3Dc=SIO5blG48%{224YYfpRmD+iC8^bd; zs%7{|{K2`q^&WMx1C=QMYU|U3(fCj;n7EU6Mu(hQw_OD4mK^D?f=^oHkf0CbHp8u~ zY;kjBuQT8Os^#FB$OZvGctSfBpiGBv-ADq@ zwiYs!%|WvdWi~2@fBZRT<>}U_kFnAlGOsrkj3ZLdv43=9!Vjv&YGB#+NR7U&X_3k- z{Wy*Zi)4gTBKD3XRIzCO%?c11I016s-ahaN(B$D2YLT3mr{?XA1krqr{5aO;>7Y!) zFM|Ztx6~{3i>Iv8Z-(^Rt(BfBp8uajh&fjx zBs09=sLG@>uA$+}RX8O9QYhea!kd8Y?&+bM(l?LXg+#<4(m~+HE<~@ zLp;v18agNH@1z7?Tc+27u&X-T)cU6&+q^4XLe_Hx2Agv z-PP6Ks&GYl31kEU1TZi#WGP9}pI~4R6`$8na4?^rv?2{ppC>3M5h)e8&zBdRaTpjF z8JLu)u!>ve`G#vMme^*`ja?{whLb+7i$5g;w{%SW{rE{#v0+y`?$x-)R3`t!CEt{r zhoJ}>QW%+3yq|Fp<+qw&69z8S&P%VuDlS0r(26U&#gYo)4s{^kN z!;3u%zKIDG6imK_=Botb|9X8lZDs9^W%EE_EdR;g>y~UbPfhS)k}t`TFFlt&8jO{7$XQL(0EK@>_Ku zB%~oOE3L|Ea7?6QHZrrwB{VsQaidoh%K8STOvc`J@_i5GHG7MNymXQ7l5@u#2rCxY z?Ghks66hx-(TXj|>U(CNRXZofcOFT~WUYXe3ZH=rcf3Wp)Su|%9tRoVPGA>vuvnEL zO)u&`YF9i!4HmKMQKxI8uYDy zXB=c(4rK+lIAX1ztyFlRRTdP=?b<9WWc>PfdTi@|DqZT!dbxVY5{o^O@P8TtUPy0p zG@<(aglnOh$u0-7BG!4^;wcl%?8xw}0fs9df1uJY=S@m3y6`T{_~SAglZUajk_xAi zKz!E?HdC9lL4#@`#n(s;#bWiRu`IN%?ow76wzsqHUxp@#GPzgt8SZ7}S!<-J8!pwVl0s@{Bv*>@H!-#2X)l*=iLYHjxM%$ba;4 z)>ceI@yFcYssdEs5jh>01lieth5F&}$0NdM^tLBKXCSb=z1m&?!DBnQvIH8}nqs++QWGo+OjyPVL^#)et)&bVbyxN=ZeFH)+$5(_d~ z8ekXs1C|_ARM0FM6DqlCsd*pUMi2gso+EQNeRJnKMmJ(;)KvCS z`*LKf8_-qVjk?)8_xpz6)itc|{x>ISJo~G5J`Nr*r&oGeUvqphh{PHez8g>{()7mL z+j=zLbHY%V*5%Hs5-kv}xnTD<-v^mi*GKAO_gfl;t*@~Ml=oC;jG!!`?9za}_2&2Q z&EEZEQxnvORjzLOsmNE!DJ?rQq_jA>qO#j*k5`4Ur}~3iw!4GT(aoeVz^u_@dq2Zj znf?{Y2-yfD=-%lQEYPRtvSv?@kHUIz(#)BhNz5UAPwGrpFFj;~>K@LiZ9&)l@ z@K@FysvAiqlA4?U?!upq{cipUM}&11GPW@UNywC39&F9tqU1jA^*K1aaZzJ3o-j;G zRdu(7ONo~6+Awc*^9uc*4S0u1oZi%SdCh6nmxOqFWW4$7iH`{dyV(}b+kNBeI$eP0 zHiN9q>P)7yCvuHbRBv-5yZK^G+{*ap$C6T70Xi@6J1y92%8ksg9p0^Dc-hzPGp{6o zL!4c7?tl#hsUn=Op%BVk`mMB=`$bk=A!yPMVkC$m{Cm2-Zw6G%eUYX_W9L=Mn>P z8^w$Pi$bRQnkwg{_LIXJgZzEUzX53y&l7+=Zq=1&TH9x`-CQj(0O<%_A&a($mU+Jty?wIg9b8U z#$*drfeH4`_l2t`a&1u0^eXT68Yg?AL38&I1*V9?S96-2xaw84+%1Yzje0zF$t2(^pmfdvz_Pg=sZS9S_HlSat z-ay?f|Ml^U?8X@Sio2%e(3)NM#`Y`cmX}k;T$yGw=q!Y7t?%@~gLxe$27x*^ch$z2 zTY6-*J~}_&P`1QYsd4Q>y;4;LAf|-1(&j-ho!^d$=-0am;H71eg(Dj8C*>cJ%}(5~;0npo^Txcerhjkgh5A1ZOv-<)*MQ_snxSmy!WK1z7SS_bvFdv4I{ zr#~F9aK64vd6A4?7=m z%BmaT=pz%jmru(xu#Put!laYE$9M_W_2xLUUsSFuHpMhk$!x2k(5clyghsKi57ut? zff4(7MD1pXP%VM^g=bP;du%+DN}&EhD;@k^AH&d#_)7$9q{H)_V&vr^eYG2R%QJIQ zV^=I4s@-nxBVRr+?1Ut`Xd1`sg zoo!Y-WL#3Uz9rDI?~{@g=AxBXP3kyPCRA{n2*P(QRo zXE>}rYL0JLHU)OqyX)oZr5isi4kgR16S%}8^xsOuP)~**Kd5g8s1vTSh>edHo!_np zsToRuU((a;!V2z+@>`v!?K6;x+D-4q!soQ=J1GR2jIDH`ZC?$(6HoKvK~ONbWgZ|G zZ~6I=$KIVF8kJnOr9OjmZa$HpAZKP1Fzq3mc%S_(@Nq{BmnSFi>ts-`i~U(FbuwDL z;;>{NVoBD~Wy85V4JhwGR1mN_WGHf5zQS`IwgKDsddJU@2B|mVx@F2|PUgCdx(Zvf zo`fCSF1-G|a9tbu#yO(Lm2%OX)ypii(A5eTb#d^a9mMjGrXgFIpiWfEvdyEPyx{J$F#GX*$`KGeYCKOCE?!7-R1w%^>ZiCKC0W z*!UeZbk|^VRNcdo{kaIOkNBw@Ls+AAPGd_Qo$dIwG`YOGt8MZujn$09XVRJ~>)%D1 zi??la^IC+iWSpSG_0HoL~`cCaaKwkih_Pmp2J_!4{{9j-! zn>`t>vmw?%qQ;L-?43!RSQRV%v;RvbIo@r;8b>e_p-;-kg({6H3&S^9Nae8Bcg3os z5Rg_+P}-kw@VWUAmB5Itr0rw1z3H*pM%35;8RzC{ z$&B4J8oM9HpFUuq%C3#|cOmm6`Os>O9fxrxP%OY>vw>3uvjIaLfANR4oM_5nNirU` z?wWdv)A}}fm|pHXoZ9<-yh4!%+DkYQETR`vt}C=3yZ?wC~@bWr#eWQif=e_Faj<~<% ze8P26PRx=rD3(~I+(P_PZNrguE@Jl36#0)|cCr?*ln<-kW;=}_l_OztdV!A+NawDj zb)q-QzzPPdy_^-8JMlezS~OUk--*_~B&Vw$b*YlBz<7^k+RV;kkAYu)AbzRat>4Md zb2zj0`Q^>w<#FfZvf9hxB?wFQaVZC{+Rap;p|LvindkD#qb;hba32G2n`JNI`0QU& zMHMyDjB#mcEBTMB^cSmTbVHUuSn2s~gW&x=nBOs=7JGye1rp$pk^ASo)t&DuDk`$O z_+YyZ>WRC$`@eamse#!1t9DdX21WG48c&jEn-dKE@8h?EAb!^U{N<1hn1X z=vcD(98TbF9YoqCCsaYtZ(?A-`VKwLob@{|AyLUfPs3fTW~lpG#r>)e`=|nfk7)aD zr9pv*9!(l47$pIOBJqcl`tOHuYod2YXOxb6vm|L=e>IbQAo{j!%Zf*}W;ny-Iv+*F za5R`6a<*KUE}^&3d2OXyO0o%S%G{OzCXntnh*@C8OH7xxTwr_1IkzZeUSQm-zTRal zkV2SIdeGl}k=MD5Ku)?zg_!RHrO5oy4>s#A?)9u znC@85mSk7yw*UcJaWQw(9ChH52LY^@wI%+*j|~7)m9h#nHY`W{jzY8XNw@oDnwi_- z=lkz(SM?ej+zga?V$24y91S~g3r}xOnxVfD1$4ZfD>A8_3n||meBDCYi<~J%m*C~N zBR#WQL%6_mhGB|04wSL8xH9JPD*zC7yk$%+j6y4b+R1EwcDgZm& zVKg4&t&-OoOJ=mP=b0gh$ouU;{D4dolv_h2JqC~-yEq@gIhP0V3*%%R=kwjVR##p| z(rBqG7;OSgHy`kR2zq3)7WCn>?#UfanLnRSHlVt>kC3`ujK849+1K5@`_}xurN+0t z_``0;c$B_c&nmEgH5Ms9?zed9?ZtmY);umbWD5I7|8ji;L?2Ie@XGOP0*uF;!u>j_ zI5jtFJ3uM#A^wSU%F7wsE}K+1B?C09&^<-DMkp`x!~yz#OVITVeEf?l$QAv!(bQn` zU+_b(`tES)Hu3Wydc1saLrhe;mXH;I9E~Plig!m8HS94`yCq*Zey986TzM_YYAA2V{1 z@1vf8{#LEm&LaKZ-j!R*jq7~6-e2|%kVX7vz}_a-(xrmC*%*)nA8owBcf#N>;ztlF zsjzlN0LPznXa0WNWwfNvX6+P8lsAW^9Pl15z#za*GA^Y53iLFrk z{XyZ6uDvrnI^vOaeI9(9@NrIGn8i@tDo@8>PeSzcrZ ze34cMT|;Ys^r>0%sE6^g#RM@^!}@BRjmGyiQ7sBrs>vI9 zMm~_cJ9Fb=zJuS?%#fo*+oTQF?Zi}aX(a0=;KO+slkGo&H6JdG%0O|POTOuqVO_bf z-Epuh>%hnN`a4YcbQF7%7%yar%1fy0l}S2EsL@qhr}?n*Ju5LOQSlOIVQhY~x@lPE zY>uTq^}YDa-Dbr{8VS-Bq|o7f6j)&o2}d-T1o!c*KN5)RFh{>tcTkgo0x9vm!WHQ- zuhHw_>Z5j$T=Q{76$?vDvB8pxp5DLeh?!;Pr<3;Md&(KL&ID`yQVm4`9_lu&z zH;O;4&;lDz^b7GIcPQ;jJ2n73VJS1m2Xw8=3%5%`@tc^i>(-l z@Du)W8D8d6ID)Th2^}-X2t;^=irsz<(jGe$moE`@ZO5r$2p_x7FioF_X8;3wVG{SNhU=EX=04=Gi1 zZfP$H2S1&Eyit&tqvku(p{6=IS_T~DF6(=_6QFU0F-+G5>Qs{;_uRM5un|uX_$@6Q z(}cx;WtS@MFLA`QPASPiEt&XR!*j=xN z()%U}pG3b=@;RNw?{()XXE_9kDXjP9V-kmcZJbfkfe1o#>(rH<6J2`XNqOHO`6i;o zvM#?uDfB=5f~Sh$0wb3OA-yQiVpS>Sov|&%01vLQcc$h)%q0G6>BdQqQol0$qGK5i zLRp!r;Ku(UAMr7`VoIk?HBATTTK@-|06S=JZf>7W^MIb>k@$_*%0K z|1Ss0|55)W_I`bUCBO>>SZ2w!*FPI-5a72CQu8Dhl$1$}$kL?9OPVOgqEPb?{nuI{ z$1m(fqZ$V_jw|o>VDdoN?;b$5Qz?%16pQrz!-Koa=8RVKU}64U1>pa6P^qf(iR)~7 zE@(O>7qhrc3+);jfiWvI@u^^aUg7cClhvnO80$Z_U=siOkJ+E)S=w>|#i`>RKMnIK z&_y!mm4U#oY3{$NdD{Ocja5+>crKVCi+mb7YOQ`t@3MTu^uutJAOCSwDz{oJI`OGeENgqdZ;GfDCVy4SUPWo%LxdTUD;YeW6PKA z65Gfh<8-mdLRaFw$E%Swp7Wm!dEgs6Wc+9hH=l0?h88kBwkAB($To^~M^`#Ud^QAN zq6e{Xr&4{-`{&kQEIV5|VV|dhz7BP!ZN9bn6q$R7G|$qrN8CvaIc*F;RgqwiC6Wja zXeOC1*-U%|OOGhPhXwKbw+K95JDE&)nvB^MS!webeYAE{362v9@KgIwE`7^u@Bw9A zilX05UI`UjrTkPi3kghWcA>tkP#8%K|ZXy)G^w4OBIRfmHm#*&E(6R%1%l7D+muNf5a_49aqp0$szWekx57f z`38euq_<3yq4+9ygBz=u@3}}6LgIyfFUs+QtX;tAkskfyASv*Hlv>QnS=sW!XyaDt zy{dc5er%Te^8e&4*U)Ali>Q!i_W?q>R(My&gkxiMvvd4zWZ68ha5Q1EGB%gSm5b0oOmNSNZ^U@tDvJCU}9 zCd_H`JGskm+0omoGhMLGCQ6x{Q`;N~c-wPBUSQY{<@K5BC-l7A#+6C?7=_;Neq$C) z z6>w5LU^bJ%H<{UyJ*jxr4E1hQ{lW`tG{&%f_giC}-#l)aKK+*g$>K-mSce{6jVnBb zR6&tRi+`y`Z)e(~OwHaa8<8K)+E8D=R3@u4LI0=6@#uke8_{Tw$o!)eb+N2IC4HiKnhq;&%=8Xu$&#_ zHQG6*!9kHb`MvR5B?Xi?=u7sqq<#N-aZ6DwvLDl9$Db-Y-{H0LNbc8;uqLrBNm;bf z-%cFYnkiTA7oJHnf*v8|p~1P+(bUaGXQ-DsOOpEtxx zo%y#W|HqjPDl~D(XKJ!HS5y`wFFw`WSFz^re^0vW+`1D=i8BO9#4jO00#n-^k9xaB z4m&jWhrfJ_>W$wrIyxVCvQPLEYikwi%$?Aio&Ok~{AFf(zXQYhrY#XejXjmlj^&&t zzeRR!OhmR6wb#KCC@D2fo(HM(@^afT!H-J7Xy+5?O=#4 zES)E;>jI1sQ4Lh4(Aq*Q)XM_y)0az6HNg%jVQfFP(kG;uNt#m97f#y7GO@z_sP-(f zgJX=u(H{Dw7Y|kSwQg89!KbEINJO3z<%wQ=cul%djb=Ckvr!)?TV|4_5s6>E>Q{S| zhGGyZPUc~JBdI*u+nHP)GH7!IbWfi?Cl8<_A^Qds!xD!HXQeU!8KsVNQR3i=UO4D% zJ?a=a_x!MGO3IA1x-l>uMy3>p)f%PL7JT9-A?A&8pPMusZE$LR>iG2)n#c;%3i2RY znuFho^6@pa&8Diu6W*LmCu=}h$LbakS*Vtyc-uq@V;l_lH0>7~s|T(MO;NR%`zr;> z3(kyIOIq1)MT@aVOA|+JP?e1t)>^WDm_oJs3zl@W5vGIrO9GfBOMEBCK3WU zWeKH))2YgZGI!Zwin#ew{!%XoZY@r0ih{A=dl`bBr#~qg4ep3lY=nVV$5F^V*`qn8 zcBZRk&tC1h4465<#snw5<4uz>Z)I9~m{jbQj08&U zPF(#9zuA!Z>_+rJbO->qWlSfPakBB>P#nN}J#;WF7Ia(eEm)|e^6SmZ{l^Vr)rDDTeC8%>A1lI44Om`?i zeZvoXEbB(5LHrxV3u!~L^)q*;mY3~RcYSs#~CIZv%$ z;{`_i$*}rf6$*_eAp}5f)H8c9XckukslovZq}~GrW(r03NF^&x1hPxD-DX1xb~h8Q zQ{T6*Q@n0v1|8_^DjBaH?k33giYu{H9$a0_uICPa8op39T^)(ZJH{tu?td*-Hs>kp z^WZCGQFc2Xa#LOR#q@o(X6HpYKT2^%bUUhjb$3lUOP%A4c)S~1thBDoZu*rB@W#L^J5(mUjr>7I=W=s1N9vd=uDRU69M7xC-2vq8Ha<{NJU4e)D?&q7C<<+;geIyB zc6wgM3;7BYhh|GbOCB`S&*Lao2Aydu9Tc3Xj)(*0A<4Y=lR-$12k?Uw(8-aBvUpT> ze?csgNQGAR8I_8_RW@tCmx?u*hsYj_j`VRpDG3HD!GmC)dQ^&l{Nuw{m!fBaN!iFc zGqzH<6GW)&E_A;9pF2GpkGGqnS?4QUvBjouS&-hgdqZ7a@-WE*N>OktW0^_1FtHaw z!C)S;(&V1KUmSVljrD`7C3%~>M+&OFdSkU76Vh5^9|Yh27&KzO^Qf=kc+odBc6c^- z{PDJ9G&=%acs=eCceHima)R<69b(l!Eihi*rF*tOBM|Rxo6mHZZz$p0R!=*=iFqFJ z3FnUEWjNO&69mLnn?%cTMcb9QE_ceqx18SjZr||@*UiBLNWET+wXAT?jj(|0qV^-3>gBjZ2RbjfW zCc`PeW1z;?IoT07rQ71q1fX2ljFx(@^lHferrZV#hG6hcozO>j8xs3vM$pZl08Mn{ zw%h5<>IBPEMT9qY_ty6<^o;j|K&*@LU_<0;?PI70S;2nAsl6nMbR_!2J5;M}w3u4v zpG^M+;$R%MPtT&mj-##5&vt2C4zuAX1!BoeI^%1PSx))=aRj?7V^#@8*AEYZb=x8G z-HX+d|7HZ96J(O_Smt7gRw9PO;zuSX96-#Gn$8Cc^~l2wTxTnnjg+qSwauLd z4JY@NI85htg~a5;89PS3e}U17o0UWGgYg@N0KTE+dG;HweEz7pOeT`MdtHM2KLROg z@i9^&GWKJY(Pm}Z#VsuU;I)*iBNy`>9}f;Xa$2wJ2=s?J=!(hQLtg2__v5f3(rz?-txG z=!5RbxdhP>1wK!Cgx-h%3^#Pdu~m1-OSWwJMwV;R6Sp;Pi~j`Tvt}Ip;O1bw`vRKc zTJj0|B3%PjR)U^29ROJi1+StMV6_3u)&0ua_iF{HneR6>Oh+TVP>7Mq6*QLf?5|xw z*^5U6y8p)4C|? z-D``fk9*6=GbLo@)Vu5@`VY~-F}#)y1l964WQs<}{}Ydr^M&Z2(gkHB(Owk3wIltI zhoP){&vo>IYnaErfe^T}7)}?Y&1?TuV)0ycHomp)f$^;w(Fg$#b+ezIk40N?H`*>& ztn1UI@e}kYyAapLwb$W@_;F}q`A{=AQD;v}FNU&8Jx4~6_@G#Z%rPdapGt5o+n&X!8U@&~`n65@AVB5x5;~z#|jy2W4Imu!`DIXa+RhqB5X+xfzQD12l z2eY}-yM5g86zV;xvTWt=&6NM=A%GsTfc=E37)S~$Vp9!{{5`O7hp7PO9st55hNPZ9 zP8vcRG#!Fa{THIv)U-22qnAb+?;TpxDc38OtD5M|ejdZY-qqJ($D06F_k)6*)YN0+ zG2g50kb1i>2E#{hKEZ*7f@Q(F6P_9O;imux)~O=fz=eP&K8{Oy=r^viA^apH5_ zTMy_<8*Gs=)l6g;=f?8^8x>k=A%N0|@rlKwEBzVosk`S>bCeEG)+JrRz#F4Od!;Dr z)}(*BFSS{1mhrpJcav5^+QN$xK@?FJ5w_U!xJjNM#AmT&NU9_{o4Ih=b8Of0hOI|~ z_}uX6UVFNw3>8vR9A)j@6M~O{@ubQB3b~LLNRSqWrd#8IW{DQD+ruC*uZ_jk%@bL3 z%G{UwcK_(*1%Md+HRX0})BExMglda#4x9VBXIF1D$*ilVI}n@#&6aNYr*-P?>6sRa zUSHK~q+hPkN%gVQI0Igr!-9)Hfgx@_{4($jzSa8!I@Z^p^NKr`20BC#ghUE@RP9>Z z+s{w!G5xE+Q~8Gp{NLc^EyG_t#luj_Y(3_dA-96wzZ$Bb0T)7q3p^$X8>q#*!9@St zViesRvp8@L8s*PM%z;RF!wx2z$9wd1KLifdI=TEri)ij{(ITK=BF4^B4 zo&;Mc8WD4J?7@$+eeuTM-%f1&z{CVE zB<1$@dxvh|^0K;bFhC3r`jdA}M)UNTsxul;mLdQf0Dy<9F-WJ$}cI;Xv|A zY(LZ;Dc0%4Th#}7>k~ISTbAr<&8Qcu2U@EDID=QTdF-cV87B2!D4n`qLcU$4{pnW# zrBR-J^bU}LL2uaR6)|cG1E7kmZC)>a4QqcY*;2yhQoRHZTiwSU+i2#UYpyAfxkgM# z=<9M{4+%WDl71u@7Ua_91s>v+#MTR4L~|{|{LS8t8#5B*92<*V{fqb3V_CJ8-GXZc zT9++YY>B{wNU=H zxGggDXjY);BK7OP8Q`b24>mS(<3(U|SV6(T&+Xt1ozRkS!lI&X1$PVA#tlA86pP(a zjgH@>B{7a6OtxIzV$TPDwqUcIoCn9naczwK7r~*nuwR*P8>h;&=$fx06 zjD{Lx7=?_=;c9*_l4-*0+;RtTsU3Ppa?lzBzZrw#mtMA}=;^ zIuQR<<5D;r&_SWrm}#D2bX6!5F>iRhM|HTB(#4e{Gg^8 zy?qJCh*oJ%uS<-P1RF*6YTKK9 zm`+C$G^WtfLU_6QsyGyhLJhiVM#Mnm2*9TBw=4nEiS)sSQe}A{-lryJEpp8)zvUwD z)zG;UvY^@tDfMKzfe-u@rPM6Y5DbjH3vp5Y2VD4-NG|SqTllJI!qvuFZ}OlB5*LMB$A4XHFjHA!9PN09e6f~_}t=p z17Vls{h|pum9({`jg7fVOZn5+wE>jMaQ>8Ez!}fAW#{f)C9b3Sre~i_f>n4H{(S!z zFECI;xFf_5Sj`-|y zxv5Ng6eb`h=JhTXsaV#X>KX{V5GiSC*U?ew8;`S1)GNo<@bK`R?cP9VaR_EP%<=_s zOG~=e)|CmD8D%W!_KlbgTf0Z^|Dh5uj23`k01H2yS?LuOJyzl^Lr^&qgG*Ux$akcH zMGbR_#R3=Ni}KX;kgJ=*Wc?tL0DIg#8ozoh*{SNE2Epm7q}59@riVUs^z`9T72eI= z0dptD!!g7y8@5|Mi)E=e*x0{PQeyMrRs#N84#wZpmsZtybWR9HOR~sfsi*+RWU&Wz zkg$W%Ftn8Gl>x`!N#;sK#l(~t{cwYD8T{e2u=;-a=OZBH?Xt@%uKxX6m^`38$Q*Sl zT~t<9SO}!x<;}>?|B_!&@Gb*??!rq>o`;2nwOwxW8DaGI_kT*lWN!$$MZ1b)kU^>& zy7JljA7=E^Nt3-LVY)&;_GTliP}7^S>VP}91g;v}vIxL}3$y4h)@>95bpMo7c4*&7OiEHxQQ7alzasRIffJUON3m@_E6K=G0sPL- z59sR?p`$<0fBx+4^XLv)d@um8MWy~7qXw{dQ%X)M^lRpW{^`|k{e5yM&b$Aa0|MTk5o0?^UX_m6P5?Gw?7h$1Zz*d{nt zt)!*ZcK7H%>z;(>*pT{{h5>VI@$vD?txnX!!v1(6Be3+5Px=R1-O_LIKss)x-SC)y z@ElK8gGVA5g)LqYI|e}I3l{zEAC$yhV8!4Xvy96QfL*jXoF*ayV~!YoiPYpnTSWoA z??R}BxTGyyEn0K{mG_WZzR_zX9Y13KbCN56jnxoxUl6K2T?ZSn(x0ie&X>IjP zLNsWuT8}h7o<|kc-TB}*ZUeWE6c4fY?I7RE@IPeFQmv9C6d+o(d%=ahmN%tTiJ%F> zY3My@EjgPaI3md?ct~MQ?`5|LK6IN>j%`Y~ki_D+#+Rzv{1O47A`H z=s*%bL*zaT{U0Nm!NpH#ZF^`Qe#9MqU<)+D?2ZnaZTf%PN#+;rx+=Y*%K@lxie>br zm6dj?jCu>5jd`P$%yRjV>p@V*$dlD2z@LhxMwZ|b6AAyb_0zIamZqXZoL>QEe;{iP z$*osOg80FdBcb@=D*V+UfNW;q(vn1=Q#*?P%C!!9i0{Ahf!Y21`!S?X3^MF-WMy&*Rue2!h)mFtMpFaiFAUngO z6@^zTRB*jSYTek-3w%e5yfl3GckIwq%(&a;6rRCnW(b)~lX&9k@3HoY-r^7|SejP< z>2#Os`o~k`R_6aND`l7V#b(Vr4D7a_4wUZ$w+u&KNf>)#3?Fn(ajK*{lH}J#_vEr; zj$NUHoUK!Ow8kuJYXtXds+Iln6?MB%#gyJTwf*x;%+pnMge%M9JUVre`g<%JzXbKL zA4GEAsx0wR;<6VW_GHQ}1e zw^?YIoa@dMx!WU=qD+;!z_GFf%m$_@cw^l|*L2-6K)yj-o%BD-2BoWQ$$_yoXa;IG zZ5>1-t~HdM0YuG1(kZ<+vPihbZ;nA?tpF2s@;p60<%cf#fxD+SCemhOQ7ridNEH7DbGKtb5pMtow;UsDqd0?8B0^ru~75V(4NeC@F+TQR22 z(wPdvS_L*sXmAJyG5%ne_v>ddQUKSG3$@ro=(G@GIT}d1a^)CVJH5l^g|Mh{OMfWNfRf1U*pluDn3{m8{7BhZkqXR$EGli)b4t;`2$ zE9nSdq+*Dw=)${$CL)SvD->Md<34#^Rmy0CN-YXsI{Tephaut4jS>pktkn;PAGWj! zTfOv%Tzp25URA)O!cb)m0SO6@f)8TRLRocm|8J{@RMlG8C<3xlNotSL^1g6{^tYX|+vHvzb zP^&TO4)_U}QDozBfj4u@&ypnMlBQqDR2`rEiJ5nbM1U@_bpGXUNYFIrXu!mo=}{HL zBFT-OrQOI2w-^x|e4bii%&R_$%(`%tECLymqS%ec$OMzg;3h%@a*{lx5k5(U&?8ro zD=Z(jS7%)uQGNIYQC1${;hQWuGj>wUhEXcUmC3_Y@Oc@U+yEn-RK!8uSKK>Q+yp)6 zV@8*vsF)xW4FK5CkyV&P zc#?h-;%@4AAqG!fZ*Ppu+oX>wN{a9A9L_ota}B35S2i}mC!3wr(C!kNo!MnH%M}-| z#+5^#$_w#dIV%IZqcZ%3gb`8UwIcu)tdZen|F`IL|#3RqWm{ZA0s$HEZDT24F%#F(yOBG>!?yN=JrlM{c&&@+@c+m_+`cS*#(^mNl`gD(V(AvmLAP18qJUK^k zDp5hw29h!2zb(W0nAP=AfD#r^M`Fp@nnTNT2q*Ir=ti}SWc zC}$#FYD=t8hfLp;x9$AfUS_SN!t)qmEK(S0au%_Cbgwp-A#){3xfa=nKR45-Fv!Fg zAzmEA(IIjB=cYjc7qb8Qb^-RA!`~#|fO5VM9#jlP(GXC^yk)5`t2 zEy{Vd@p%tfz9@9)gOEos;rZtC$7jK~I^cn{=jO4~zSUYZ#2Txatfe{3^Jvs3X1zdm zfmQYxcxmKY1hiUGi{w7i{CKz<_A&xjsX!I0X-+K69>=;St;M_#0d35Pr;|rf%Tl^I! zc@SFgNvmBO2Cbt{MG|@^xm8cPORIXRVticUpOs-)N#^zlxLnD(PT3riZ_ zXMsU!&l8PvRI$8-N)$?PEB>l%iVwCpa=WVpT6*da5oy4vM~JKuA?u^xp_L~EOcuGf zXYgo%IQvCyw?j^&FZC_WieF!E8aO*vVRWAC8NBS8c$%7k0-MmNmD656#!OO8Za_W! z&QfDxqpi>EocN&q!m;eZt~80(>UJX5aFsb^hzQU5Lr5ap>umVOTb{~n*^wkeh4meA zL(zp%==kf?NMpA7ScC5D`0H0E1?y2he%Hwj0~5E?m7wtS+*Ox#LHF32p!viHo?Rr` zwc;4OA$_*%MRPEpscKjsz5nEo&bo&iSS1tpa062M*Sff?6n(@dmhDP5HHzF7E#tgIqseW}cQ7Ly=vviDOY0P?Q^1}Ty7%7NFi0=eW*|WB7 zqkMzZLzpl2s7n(8EDk@ZqMz7##gLQ6|i4tNSg!H@01Un(hL7c7DFz@#2{} z*Am`Fln@#FAwtKd9|-gde`ogCn8n7i#9+r{9Nv(^fM)JC(e{gglBd=vpUO+%XL`YQ z0)*2H!YWAQ=5hH+&t0mRms&BMJT<}@>gaz$QR>52z0Y%FY!aA}v>7XSkNjP;T)1L3 zXWAl2rah4JoK&L*Kbj*lQ$e>_ZeM%&IDkl0i~Z2~i&Ad`x7T)BkwsBY=J>^$0xS@n ze`81#4sp#{9Uer(JB1jXy7PC`Z zax}8o?oJA({D6rYC}s4`JlWkk)%&~a@P?z!$(v+#RixF;8KujC8N{C#93MOnNlRoT z$JzqulF1w9fq)E&CZ+nBo*sM3a{TMMajhVx*7Y}$cEo$v?zF0<{VM`3$d=f@i;|Mv z%YgdE)^WRMZ~hs*dEt&lgv~b-LUrnKO0!1KT?}t6>Cf|~9@Pvkf?oC+xW3VlNr{`y=Exfmq4o5uY` z$mOQru8<(DQot=arx}S+`AfB6TiWm~I!6OC$BTIBHiG5G;AYxXyhN~IBesoCu;MlP z%o^yMp7~eEPWfDbj>&Kt)vAc{c_WecFKvB|p`s zc2p6(fA-Poo~AF;6E5Bu;fcQe)B_TpKH%_?7ARd`PteiO(=p<4`a%%;AtP2yOKT8r zmW|E?;D5Kpn%dNy(1WjJiCQ09Z}a_k^A{9LY$;pZ(stolnRsJ(p3;M;1N(_~7#yjz^!I}SMWv+bc^eI3IKf~3gdQ$`8 zsbzS8Y6JI+$oLLHGFONUgTMQ@6X7$b@W_eThAgG!zt=wKCu)o}=keun1QQFLN50iw z7m{E<<{sO3+#jVvG#$%?IrP?)0L!MauyAyPbS#w3L%co5XjiHJs_mo$h+8ehTo%nZ=q)Zbn8ViS#)EF() zl5Y9Imma0Ke8lqFmV9U)`0=Ck#Ta{fv0aoUA(}dllBr}4 z`g%QdpPs8!^-M$n&Od*<8ufy~o7>vaC2AGfswKhU;X7klqF2Yz1aSLf_$lZ$9p?Gb zz``OVI2bc7iGZT5jYh4UcxPvaspSqTiL-*qoeHYYpMNoGH=o^|8$b!^9hqPK?v83knK?M}^tuDofByU>;yXBn z&Bj)fplt}9yCnQD+jUvY@hZC`KEl3ZBxKg7Q?hJjTHCsYFO|mM^kXb(PUFY3$YDx8 z`0ve>XZbhR)pJ;w|uY*P_y>?d}trbG}a0x(h7bP@epAKfqh^9-_48}5j zLy38!c^q~=kdO=mPusvrmCUjkyfXIo7ZApL=z3_0_3qDmvxhQ%^O~>8{2?@17p72>(T0&zkYyAL; z?~;X1sU^sh zjO!U0d7m@h|41$|QD6hOIbM`dSH~~YY={P{|CMA6kBUfcY+NkjO}7CWAIL!}RI2#& zqq$3Ja%qWJwBDuA1X(>MCORlA>=Q3#{+a!-Z?NKz^NrrB%4!iKTJ7VFX%l1PzsJnO zf)#`P{l7inPixefvz`W?&NtWy9WU19$)+`{tM_Y`LlwWDjd0t1j*XcRm5KfN%15PO z5);QMLzBzK{!w=8-LP_=;`;G%a7!RneSI%83r&Xub=~cq#kEL$+3Ltkr0r(|4&D7w zxuk04!j(VmqQJ@ATnZ*W{-F7DM5C6|&g@C|E?mwIS|K6|Vm(t~psIl6{od=goipmi zV3p?5hiks&r^gyPf{s{9I;P6}CabJC0DqcdQP094ioZw{1-?qjG&}-=0@UPSqaeh` z#}_KwM^i$#Ab-f!+^)`+6{AjTXj~Xth0F8myJ2=l!EkN9U*l$VvGn_*RU7X|qy9wo zNYS}fEWVx5kxPLxu3g;zP-s&m|)ZvcpZxc1GxNzrX z1i7Ftt=1)a+B1zx#R$j`^8?CMb5u(JB1M1uW->VVaQBE9qcF7iy&`k;xSCv^*?|cW zSxr)(3(y0xUiE>+0A@bgX1cW{l$ijFbgfd*@Jw&um;&tUZtyeIh-_t?P=@#|6+K#U zFQf{B_MZMkd)qCCA?8TmCtfV-tS2xDsWqETz|Hix+*0c-!MM0Y;CX#WOiEIy*K)%~ zp%`bW8cp{(p`=?O=q-1ZpHA#37lq)jbYLAy&ko9zY85RRv(rV8?(DieReIzB)j}q1 zg_TMhy9QP8`d6ZgTblfhz@53y-WtvAv9KsmHO<)_8NA`<<5k!!x!kfX2Drwm##&9s zamHDqyzG%IJMADePp$=85Wr~Y;JH%pQTCNd#I}ss+9N?)L^|I5xkqW_%<30 zvgf=RC|7?@!(n%F?8>@umE~_AxY_qJQ^>=X4VUGHAKBG-NV7xC7R6<|2+N0e3WN4x$ZP#FD?hU&P!kI|q zK+aAyN?inUpa93GHN373d+ywH@(OH3QWEWsmI|)ERl2(41=P(Jzgt)QCqxS3G-{r` zkLNt9r=Jfg(eoW9HDVo{x{8!lU;#u!YKu04=j3s-?bsquQhU~y;EfMQ9?Okw2Y4eC zZ5^$#y~xB|DZ#_3G#w-aOia(&rG+!vE+ND3!u57{WqU@2>={{3WnM~D=>dI(w-WO6 zLOu$o5xTt>Mx$}EBT?y$nAR?SL|WC4|uYDzvH=*`k8r_D{FH)YC8ZZRfHAZ>b_+C^7 zm5S9h8p^{LiNwbmd%5FJ1!ZcLIDRD~=sGwtY%a8q)Pl0#Vb{`HT8tI6!7XWzUc@AI zaSl^>Y1?7YCo@+@iH`8qesr3VsJe}rH5G7Y2|UqMV$4LvjoRfo+kE?rcW7PzCg`l` zV#3~G_yb`b!RRP(^n+$LZ&(U~E^w1e@MJFbwqEGt?gYV)x0=$RhiihTVfUM5`3;o< z8sF{dCEnI_GXaZn%O~q>`-QurN5!}2#gjU#9TS(^t~NV{gy2$>`=Z~{@0eI>!uinh zUxs#<;m(;3zZD&5-&yWzJKq0H*OpBvtBX2%ZYB$ZlU!fh`yJ>_)Mwf57jDQ%Pb&MU zv2APT*fmhVd)!yPuKx=o$OxR`MBuI3-4x7W2W`nZvV944WA!xXLQst`m*B|2BHOE;s#p)b_Lu~*w68EW-q)??Fkm!ksmkpfEZEgnY=rscV7))VG2^zSNtkS3 zg$^QVB}Et@M@-yyX2BWSOO<|+5wNoq0_viMa_%_ZQ)EpUyC_EJxsbyu)7D5fr1KOOFltuu&aoxWtn zLfR(BJ&KBRrdBdqsyXo@sM4n5>G!6%Tkrrf+e^D42eyU_SO>=~>Ey zRH{Lu)sCPr`xQtMI@@{9tB&nUs%k)thn}}&q>`n{_-@Wd!UlHWb&``aX~?n zx<7|=lkN{*UEx+H%Y$gd+@61?;iA>K`EqsJN>MC|Z%%%{L%;VNV3{E0k9TyYC@J@| zDtVcri&1*z0nQ9-Yu>IMbmO5D2|4Qw$lv`;WZKwjj4=C*G{*8V$XABLQs;rIYJP@?3rPCI zZ^rg%gW@LCMc?R@l)f>0c=w`!xzFJ$hSTw$@egH2>CV`=pXEa{-}aPvDE{{uxAFT+ zz?{PoHPD+lV0YwpkLMEg$K04lZ-#V{p?L2AILN~`qfpAB&>~6TS>nk3m1AZ8pl6Mu zg{Su1fp8^Nc9#n`Qh^`M1e78nU6Fy@WbZFPrhW-ILq`rDT>qodL%2dvg|Qn2x|kh^ zAztLna3P8p&U^EH?QYBYYGtj%$8C|v*$@uE-rQyKN;EKo#PeLdUFB77Wgs)@oqM8D z{`?`x@Al2jF2)3Y7|p1Gr@iFH#$cY-t#`n#L0^QVfQgN!}n@ zB$x5_VgopEKyNp#r9Y!rFy+=ieBuk>*ghVXMSaa?vhKX9MqdmYX-K~+`? zKA)m+HH#+hs7AaQr4Ff#QntX4V`;vTG65oC%zkJ8{&a>Wod$rAx&3fJQ|gI&Ag+`+ z-tt-1%)nSC&5ZL!bLHG)=9l0=R|A!etH{s|1+kYQJSKOY2T22s?4lP()v#5nweNwY zM1hUTxKIb@vo4E+&2Zr9BTN;E=KnY-OGr12v@1qQ7CwxTf zZgrqdNM9rZt%3P6t=av)k-;l|ZmZGubt{sUPFltRX3w*m;K_Ma?9?;)f2e59b$Duh z5UfLj9=Do`Uw~WCYi2tJviW_hiEstkAuFSBQ1D6XhMv0ZF!3e4q{Yu(Ea8({8VpVZ z);>5RZ}LrN|B`bn<~Z%`*s(6G?0793zp_y9`;#ZRzF0}71bX|$eA2jl%OSID{lvL_ zB{Qe{D5(`^OUj=x?apY!ZgSR+Y;1ET-fiZ>lSQoWG?obqa6D9?AEBAvpRTyv8n28?!nXi6dg?e8=1 zBCS{-$@wR1-@A@W+@-z*+!p|b&k@ZX9O_S(q=bdz=r7@5iz_{Mb*6T9Mq_nGS|HfA z6gd*ANJ~G`ZkhC?+hzJ+$WvRKLxTDPdo03qUHci}J~%}MiIH`!)a1b*ZR zrVC_*ku<-y3Xrr+1+TnI$_9tCQ@TuN>nWI=q8>mJzqcphnDn~AlX zUD<#;*Oml5w)&IEsMJL(ZTm4+;jk^VWoIho>udgSzp2{7mEzg1mu~VtY^WsIn)4iP z!Y0l4V^HW4jHQflrm5F5{n;TQQ38!h+f}F%9$sM?BGKN@+X`JFBFByzG(9U_&Wip1 zU`-84Jh|as=>~pCpLZhJHXvDbO%0zTZD!(eJk34rOu4#9&(5QD0VwZZ6lgP#3Nqc_{IHe};Ceou*e&5FlArWKF)8mgfR@kN zYEe!X(i+W3g;Pbd#jur58}hM_1i$VHb@wD=a?*HO1T$an06Zy? zi@XY2-no7o^NNfoev4RN=`(>nc|<>au#B|qc@5+hvbB&iePHNlB|$4GeRyRnr z*wJ?)B-YMl5r@4=<6Gd6An!A+=sgDliJ^_vaX3GVe&Mj zDg8A0sM%2r{O&3?c%9L0qt>;5ymSGpe~OvXW@W#aAQGgeMGua*{(LcR;2!HVQr%-X zE_+gc8ozL>FIF+&vELiSI4|565_X~S;t@Ljh(Ech#CV%H8gJwq>s0;C#q^_BTkYPv zYdnDO#MBpv2?9+*NrtYD?>f=w*uxr`F@rPmOH=iC^CQq^{T(d7)0iplIrBlI(adxy^E*i8uEp({d+TT0V(Gg7&RmE_0b z$;|288&fK(EDoQq1z$_XGr4{#RD4Zn)+(8X6Tez8tWBPZRLkjogYPt8$}#XwP*FRKQ1KzdnUFd!9MKnWISfexk7#o*f3RY(4B{L)|_YvaPbi(Zr0+e1h%;wz;=FV)uZs| zWSNeCJGa%xNtHHZoxah>O#lnd9nJ@Ny9HIRr{#2qw~ecsO>my5@a>V*C$V)lLEfQk zT{s3~8>82D&;7|096wv3s^4W8W-vkNDS>jvOR+_5y-`@>-1k8Jq>Ak(Hirsvvu&ea z5kl@8D+pFS8NYkfcFMA>&K#<~S!HjZ6kYb@Zs#y}4q-=cMmro=u{yl#kh1d^Fwviw z9bbBgF^C{Jqcgkq@C^%QFd}r?Y-37*+9vkmrKhlrQA+(C1wU3wygA1;>l4qFY6U_cWrd1*zup8J@N=Rvb*vxusa+4V#&2Chy zHggY+Y1LXSrz#c58Yg)lO#N7>x0cmcRBWG+iE%(L86=c!(+O&6V@_J1Y^Eq@!?WGJ zV)bfS2*EJASOh2c_}39NAx}NIBLJLT1_(nbBrtFIZSpwk3Q7}ret)y0VMVUihLXly zm{vT)e>)69!e*Y$S*&{$oHO7CK?8?IL+RC>?}{Dtwv9AWSxL>`0{geM7EV_3fO5vr zD~c4-Yt^KO9WIGuliN7Nkqp17EfpSdYry#Z6E_@Zb&%RjOF7;adZU5-!z*_>qxh38 zwa|x7|MN1E#s`RL`}>NXKsws29Su@Q#!Ft2qvgO|d&cC$GK}e1B^8nctWR7=< zuVGI<3l2h=QPT+V5lNjmAmpcwTgy#Ym}rq*R<{ĤrATE8fw&d0{0t1Txr9La)s zX~I2`5CzX9-PE3xI&GE}P{;b}ZKms`17h5OYJKYrQwDJH%KAlaN_#X7?R3K1p9)Zp zFA-N@rO&QEgsDR0TIurXF*HnlEFTevl?)(gGm+J!A8*qrKAL4ch3u%i5Dj>HdJL=!rQkB=R|f zC5Gu`#NU)|Sd)vUpfNmX`QesI{b@p2*kbz&!?$hCpw7GC4BdQ1A*D8*fmPSbL7Q_g z2COw=B?gv%4EGBiGW9K<1@ z5^L7S^dA+({V@4iQ=ZukGm*G9q0h`fGAv(oRLE6HPLV-a0V?FhQ`OmtEmk8Ob8x&T zJuwz?jbXZ2Y(AXlg7qhv=7WD@t3S_c?+%mrVFP3W&i11|c!?mapT|v%Td%99;C|iI zV5EXeT<5cAt$R%uD?pTS1GXXfsXcWq?w_`gSlla7mlj>`lRfeF1gxEF7pm0=l89Gq zWs3(-6p_>zJAJgb#~O^U5T9f*F*~=TBA#rCuq@=VhAktNEBGl)F*r>Kt~y#xK>;R@ zEcGnmMtQ7K1vMXoYeqe>LC?HzGfX@t$bBZd{(ylXW8p(yc;zCwQ8NAghi-kuSVb6B z<&4@mnN3N1OARu@>0;5z6D)NsXqfFh^#r!x;JKhSY=f+*#dnJ@i&(%pm^k3lIBH@b z!ECEYFnU?)eP-cgn0fs?X{VuTK)scu?Ro*nZwvaj_;o%}<#hJ|3Y+2vLU0}~*?5me zRC7CrQ=e?E(Un?lnFi_WLJm*5dT1Y8J#))F3GS7}clkiOBNw9H;y6E=JoovCGWQp- zhSTAA%sG}&meS))t@U`~NJX9AQ;*!kI#)dvTKHmeJMy=&H3IM3!v{MAT z)rxK)+3;Z2`z8x9`4FBb&J@pP_NZ?Gd{dj=9*p2gm%DUa-U2Qk)hSrK-DQ5mnKpw}UkRgnUu4*Y z5r9~0GEGj_N5b2`cj5NLbzpO85b|b4$Vf6K4o`h@3D=dyNfzZk(wqU;u3-mV>u%GD z7>D0QCm?VUUp@yfMIY)9T999^&`0>gj!9H`4-z>(->^3mFO1-O`rID67`uImJ-H^4 z5<31(P@q7AUB<48!F9)Q;+!*j)&A}BE z7n?S~y9d8;)4FdbMvdP_u0yh>ie@AE&`EcjM-JkI*sQORq|;tFUJqB;0Q=#O&hI>V zx$<3FG=!~1VRc}PSK97q@B>^Peb5>>+0N^RrF&4p(Sq1g%_H0WwP0a&g**p>(%3iV zv}mMKF?pxeK*)z;_$T3hbOz9AU!Tz&1KzQBrBq5zE0AbjXps>P0BN#*`u72Z9xprPV)K+S0f) z`i#|KB+uNY2=_Nt^I6CqSkTr#Ke=!a_IjPEdfXgK|MQ?}@hXlOGg8FY$bW@i5O;9r z=jlY99ztpvDu1JMI)sJu?ryf=*oUSRjR!m;cc_=Zi@7+JLj-YV(igk@)7Y0`yn3S> zzUq>BzZZA(RQ^uq-Zl68h_v0|9U9ONlJ5N2@;Wn>RROfp z-qA7Pq-%prR^vza=lk(W_`GX?;2)$w=dGCQ#rs;t!Cqg?Z7IWdyg2HrN8MfBRO)O+ zNW&$3QTSeoYik0jtvC@Xy)&qZ>=}98wA;HsSfHsIG2R@EQ1KjTH)(?7>#OV5HYvfs zvE4v;5B_!XgQ*g^dla0?%Kk&r{$DKks8D*n!`&E6C?Z^)`K(*keXv^MIt=KxSa$Vz z%*zTN@+(CQ81P?QfKq^SFf@k!6q1LAoXEMs!OnE2AoGfdp*E^epd)I%;wE3XFMFp4 z91(>&&*xN67Zm#X`fn|Z-aReBfF9;8$$&9}P?&%(Ua9>yr@A ziS&6MA?o5*a&IcKLJJu>i=n9&?|`UO;DgwRj-zHCQt1h)PNw|XogHfDVtxCVbQu0$ zSE>o0I8SE)CQF!LF%6wu+f zQnLnJC$;X?OQNfnm0H<4T=q<{NApGbUk#0E6-vvTU)=PqtgI)kQqaAGNmo`ZM|4`L z)ok`7JEsLnAW>Vj7B1wIJd3wWG!&2C5(+`pYQqixP4_$R^*s`g|^02-%KASIykhY?7zCmQx0k?zfB@r)T=NhEa!xa#;r1e znS`+}E?u4DX%jDK`)4BwrTi~%p+&R*>B$x2;yRyhcp8BJwD8so6l25~VUw}D1|=os zS@m1IBhtOrAG|}o`a(sZkOFzv`p-iz3>PPQ(>i+NKDD~j;T;MP9*=X}TQV_ByK`>7 zc<?%s!VuB9YnRyT7j( zq$ZNC9hH3ML@$tb;c{O7PMx(L`Q}gT=uU52;Y_~J^n@y>Se2Ff2Z31u_)=;d`KUQ1 zlX<}sE{U#$i`gz`ZX?OZ3oaX$m8m#I=gbIRa5IZ&;gl`jXwSp_r|XA&4T$W6*)%y+bR=jiYWwZ-oFESdoI^s6UcF|`nKT> zb1%rVE>@SrnyHOn(VdHgIL-EKuREQ4EEUlI+X)>;Vnxe4*`VbH%Uu^$Q1~i;RNX@% zhT}Y1bl&j>UgCB*D;#!>xU(SVhu4gwrRJq)KU#S}po6QT(NzA*)#Ed(ny7P)*FeM2 z%Q_YAtsTNz*8+o99AD`_%cDau$~8CHldK41blz+mOcXI`Oc>nqgf|Q0+VMv=?`M=z zP6}}wCOQS%j%)3qNZ1A?HCF3cwLkgz+1-snw#sOHxB+;*btjIMx>LFgzT1HDnLpa4 zz-mWPvA%k>rQZ`x`R-JZ?CW1e+lY%c=_tM_3_#**`V~GVBzw{5^r4sD{A@n{8C7d8 zw3sYlyE2Yk2I!I>`Yk?|`q)}>2O~GWmqDr76^C}>B!<7)wibtu3;RytL8W#GCGO&bzIsZZE=&m~z%O?h-SZuSsRqQ@ z@Y?j2z&b2Gg|=KC4DgKu^A)3HMnLO%r{+}c@NUOAY`%ex8#{!up&+&FSCD9DD)VVy z1KGn4lg&T+sF3?FwFV$_AL>lP+jeyEPv=3emG?l>{MYB>Gw}|#)?}4`uO@u`PZo+2 z%0T#Qb*Lx4{A+PPd`td6mNff&jL*L^u+1oqBJ>p) zoaD4*R(nR-oS=>Sk9;*PUpQ5(EmC7N^MH&7w)f$(jR_T^DPP%m?#9kiDXOzAOUi4D z43*$>%+4zeLdhM^KO`f$Ztki2J}l=~9;TP?(IYu3c(d5Jn!uLC_6>{^FhTQ;1U0|A zqX@rqca2rca&sGJEV+_%BZfxIjWGspZ?Eo}ZoD&Bf_9%BnS^UYYSTIA}Q`TY?$WEma~+j}NbDMB0&+F@6NOfTR0Vs&L&i!!8)*@edlcgxxSZLw%>yUvtN~jr> zRMEWyAnz|Cd0`E8H6*VeuFK}(cB{L8irS(paRqszwWbLaO+vok87m3>sRLEWlkMRX=$!T@8hMpqt z5d&ywq2yzPovD z*y?t)9uxCb`!W$~uh+bW86Nu8uE}=K&pWuyIq-nXbxdaY@)V4IbPHFHgp6docBLCg z%s*~2^SiW5j3$|UA9VS_k@{>+%F^aVxiyG$os4?A-fLR|&M|Ah{F@R`Xq(Yt9;x1~<56;wQokHMcU{-T;s zTUshT@W5x``>L6cfKlSnIR<}z4y`VjVjDmv@)0~w zke+%QP*i&0Jrw$BxM+v$`>LIQT~mF^77XCry5!()_Hbmb)2Inb-f&?<6H-hpe&8H;SCoU3J}cEEc&z;{x-DL2?(Bi%?zb1T zYlerV#W!MP0rtTC`E>imziK1F!u7cVFOGqgsb4TaB{)xWz*3F%FPh3Ok$*Ud-6_B0 zIt}o?v_>UbjtIWiU@_QHaBs~Kwb>XAjnsW;G6A_Fn=-*j4$)6<;Z_jl+_L0@3$#vH zG8iDRG>3*ECu71-?q=h=4)}D`^2y1D_oW>{ou=^qu-|Tm!rZR{N*7a-i&zH><+J4z z^~(oqvqWIT;oNWs-inKME`GyK4KCvwDdzr6X7&aWoAhA%IU5I?Y2W98f~mp&5)5Vc zRnoEG7pLsbLkRJzW9wW7S#p8*R3n=ceU%Gajd{>7lmZl0TH%?i4RZTXQo{I4pbaK! z=}!8#>}9a={EvZUew$zONptJQNG!MdlaNAB+w{Zp`|tpVtlgcAtlZVWytd)-NK@ix z0UFh}$DdJrzY+Wz+~;ZArav#LaddfK#n+XdJe{V{wzX~CYd%TWpGrQ7hnf70q1H2f(Q&2mhr2HCiG<7#lrd~3Z8?zuU&L)bG9LX6 zs0wE}2^4D;t@cMbNU35FT6BB>hGz(+LGDGqYY?%D&)2eUrsr(?ZA;979I@gSws>C~2=M2(hHwe3fXlrHWs!ZNZ!9;2K zo+3FdHD=I2x$$eWUpF|S+T!`M;J!jczLLnK%>|p-v5B57W*uUEuTmd36r|rJ(2U8Y zRIB4G%q(?YH09i{FNj97fU_KBbTZC~Hd~qvQ2q(ljcne#YLMZsgm(7KV7*c<6R7bA zO0Dy3uTO>lta;C}mO~l)+>;c&opN>qPJ5da`AU?ZJ`!D=v&&+>*WyV3N`kASvd6w5 zntYt5*x@*Q=6R}QPMRhL9@zb1TQ-`RfqUs}hLhvov>1@^{gfZeD#B_(A0@~GkSY3T@ z1K%3N@~`(Pg8ljbcmDn(8Ui}O&NQ}N(f$no6u5b*bNg*_+0ZVM&k2Mk@mLM{ti$u8 zfJ&+0!89D(SM)w_Vs$5BByRu80sbPF6N*&il&E1!7!R0s&`zaw<0iOycsI9aBN+|i zZMhYd@CWb&BwHS^6#zw?;^n%j5Nn5`LVut*CyUhS4e|>ZA zd*y=VISwu9@6T=%I{L;WE`+k0!?j#+MO*tn)=ERZfYbFmJA?iqP?vJ+)?Rffv`<3(>;=7f+@Ue%MkDkY_90*0P zvFYERpUEwG4Za2LD-ld(Q^t8hQ?N2jf~nUO+Wf2&X`mTojte_#R5ev&|PxGJJb_QCsi_@zA-T%YMN9 z;nt6EtCZ0eG^tF*EqVA&a_6>J!c$8p{j=z0;)OdNG#lB1OQLs;(WFu4+>gur`tHxt z{c&_h_Z`WA0PpX%u`pxy$AQActw@zZ65?E=OJpqFdB}o{`RjD-gqUx zmmRP2r2m%ycFTt7JAaUo@nBw2?QzE*9pDA&sNVS*qvST8TSe5s^*WfvM;O`+PJOXL zFrhy@*FXrFiW{O?9t+Hk0X8M8K@Vw*1ihBRB9taC7Bm?-c2(3KD`8guFH9c8=2FvT zd(2IZxSl~}f43z@V;hdF!=s|Ba;5O9NsUeYj3T1(p7$<%t`<#px-H$6baOJX&(91pP~+mW)-AKqg5( zUxMwO!V6QaNrm^y^|Y2ZrWWy)xvOrh^f_sLN8H>5-R=AQ%3P_dQu5*a z{QInt$OCID%FZFg0xmy*%650+c`CiC)JQ&IUlL@#9$KN47VimWb(sECPPOy2S<&SA zhbT7R%&6t+BH3*!FW(beZ+24&P9LYd{UrDHYtld9eUXK?1O6`?r`efUWyqmlxYf4r zj&108IRPL*bvF4sS$%gZMn^utP(NDOs*KX&0!8}Jt9QneZ@%^p>qU(>9ps$0qws)_ zk3;dwl|Vi#S7XvkbpG=BP6u`kuP_&(8+mFZde4q$Chd#&NO!vdUXPsr!`fnii@Ljj%`6z+UerHQjG!B}&c3;iFCuJA`_L{coI^N$-r< z#Gl5G7;1&gO2$J9)Wh;L4v#n-y=6w|v@#FzfYFHV%^Q^W)PCxUY!p81gpPYMPe~Y< z(n7by)-e-0?$xL}IQZ@7sAcFcojX>YmM@LuO2(+Vn}@^HPF5t`bR&(rWTsOsQNJU2??6h~Ja^kt3)nV+L0livLd1e7-EMxOsXn zLi+UMy9`&K@klM;Cvoxc*41clVmtjWM5%hV);Ix_4$uad*4#|!d`Z_nZ$7NCkKoIv zU|OURs8*JsMMe|~;FO;cW z5^zdSOg+tn72eh$kh8XZGVaq>9>DmdHMvE)l+;|8nXu}~S^g5U3_;gl$i?G0R*X+_ zo5~CwK;R^4Oo4=HHZfP_N#|I%-fm;opQeh(rGU;a=Z|m@*c#rnVyn$LP*Mtf_`ggW z|0h&D?Y`d*^n26kqog;Rvm7}^W{`JaRL*{^{FN-uIVYNl!`V0eE5wa1FT0*l5Q8U@&Z`zYMUB z^boO7rkeDcKpM}d!nDj*AQ?zP5e5^aY{_juNfv7*dFu=(gz;`74j{kdkdRw2N0LA< zx}Cqr>G?BK4eWnpIS>eWay-iVI~>j!y`ZdsW%8(A%H;wm1~D1#GyRYcCA>PapG}%v zJp?k){!(CE@Q)HQES}s?Eb%1|XAA5Vt@-bFO}lNnKl-?V%t|e_vPT>{amPxoxj%q#7?knRS+TYYn6g+x25=YdbIbC`&h*p`aUovQW z^Jdmw@JNyRs8FaCPbUG7<@A*M>VNlAFDTqr^>6Uu_E*~x+uP$N3VbL9_Kz?Jqh)3t z+CR}(JnSj}u!xvwjR!{?^nX~&;HU#tGxZ1b3oT2=i{hh548Ya4rv!`{LW2vVt0tWc zavEH>vILjrq1#98DcCl1Z*KX?z5ZP;(r$CrVj<8=TU4-$b&d0&X6sBfgD2HfzuBnX zP>MX9MS=5B^0aUNfDE-}JE06XHLn+(X6vzVtz=}U;nk8{)$5fHd0lL|tSl~mj@UeP z5SF*w$$Yy}%ERoMHqZkT$PR_xp-OHXZ6H?i-N7uynjw2>nKmPT9<2#>Nd-|>c}WFq z7%+A!lDq*wNJtpVNO{8H_|iT7l7DaB!h2Q_cx>W5x^P&kQh{q-2CfD@yDqHoVSU9_ z<#tEU?Ht}rr5jI&36os8PA3V=xBjH-q0(jiI8kio(E2EAY~|rroB;8nR54)TD?dqu zRLTyYn~wc@3Bh#L8@CTofgWfzrw+MAf}!90FeVL zudzzga*KfsiN4e`B8vtp;jZ`j*C*dKPn`)WIN^S}ea87t{>hmv3u)vckf7uHy|vUF zdkJ#j?p0RUs5_`WN6Lm!9LvK8*5Xd1nUU3zZACQK z@?hUcgo;U!gQkWPe#g{lsq4%0HT|)X%viN9YWi!gT@lb(Un!=1RAsHd*oHOVfbQ&E zXzN^~g;{r=FrPixcqNmQ9hlFD1q)&E*q@btlIWv{*(u2?omUIjfzzUi2cL+ELI2&g zwzp@Bn8@KkD7fs-fASE-zm7S-Ir|60>>YB_V(8NqM6hXs`%%Saq5Pm{#%Enw1-&FF z=#A7b#?^b^OQLEAc@l-N*o*Qn%1z@n2MhG^`=1tTKjNLER^Kb@_V9VemHr9(Ue114 z&`)lx(vHQ3=j^^T?fO(oJ9eMu@94F3{Q(0bq<~ZvT0#q>%2ZPQo0ynbPd1Gn4hEb| zKl__E=mI~)zA8f-LvDH~N_P%{NwW1~cfcc12tc6pxx zm$@VnK|%Z&q>OqT0KFW!zK1Oa!4Y>qHo#)vnECs;6fHOMCxzjFjJ_na7+0oNmJDbq zpt=6uT8~U4WwyL@!>R>>4Q9gI)6Tu4x0IzF0Gu=Z2Z-Q=GX5YoH4n$u?xk}VRWMC#lInsr5~wcn!#Y} zVsa3%V@vQ;`w*-D8E{#ImyA6^#uHLC0y0zSPG^l^cb1*_F3X~;l>2cNjWjnDTbU&y z*m6PeS8R*g69<6G@kY1rbtXq9Ub9TphHjd>QA zw^sbcdN%f%(Lj?YP7>lSv7lYf%@THxCfFBsGjYB02h0Q5fIfKFT3Tlh zXVe2U=kUV>ztuePj%4EOthkc5K{}AVPDs&EcLwo*|9Cm(^^(BZS>toD+&xwX3*T5c zOa_DT*zv$u2R@gdq*+vFqRv*7pTf~>r1e^!@$0QMhe|woC$bgT7Osg$76Ad3p3y}0 zKKI7hfQZX1y=#;?zF9EDg|rioEkO`+z0m*ZWSV$E#o7+4p!D)tj&=Bh>;{Fm44fXM zoeUq3mm*5<%23*uOO_|QlVugnjoe4nMdj70`BcODw!vz9ubp3Ch}k2hx2Qsz1kc`e zMUas1)nS$ru=#dKx$&oR#O6HaD|rYt^4IHRI6Q42jCidCM7#B}uYSBL8@YPe!n9g_ zNM6qBgdaMVvRcG+^?qSvJDityamPQ$W3r`rFyOzOMvIr;YDLgG0VP*%QqAAke|s-| zt2ZVN3}ARkuM{A1E0|`Oz5Y;$J3gzV|Cw;(U(5xNkdDMK`^)yZRg~bR9{Ipb<;Ksys$QGxz$gTH| z|N7~BYktHIc@vjIU$R8P44R?AOqOifLkwfG$MB-EWXX%Mhm4pqmSNuU zzW=`K`|%OjY&U2pUKKHq<^E`?^b2=c|jh`7ttsi2058eVMeSyTo^*fvW z_{>P~%L{~T;_}vX$kqfK-8VQ-H`ziZQkN;BH3A^TL+e^%^7%n_+#|~aU6SLY&Hy9v zcm&u}&iv22)7<^`9G9MfBJ@Z*uamS<~0bne6kwURsI{@~*ZO)d!YnwA^-8za@1&m>)eukOWa*7j?-Z)GvF zEWBsON?<_KET?44*#3_Kw^am8VRNA1`l^pm8q7{&j}>&DBEx2F^`j+Pc8aUg0-cs_ zS#d!r?$xNo&IYO3uVt;QXaBD=GU?KnbEiIo9?Q2?DmLJvO|F<>)3ZC@q(S6~?XeER zc9ZvV{L`zG5)zI}e`q1*2d(T!c&VCY^-zpVGN(q5mE-InV8_Ws$JU0#m4>(hndXv3 z^Q4ifPXCLUI^VK^MJJG>A$$=^PHo0b6Wk}*;=^-FoJ}QUGX`0A5q2!QWw8L<96p4f zHQ*0vFKfyNG0~pW9x{|P{-=%?!u0wR<65<%YubJLxv@HkA-h)mLKwxuZ23Y*cW?Hc z_~Rm~!P&nI^u^{7cdw5br2I>Fj=)3v@p!DjNJ!eP=jZ1^TTOKW+8SW+km5^X|3K7l_G&msx zs{n$)iE04RJYMBjLYBkQNzu8VP&2x(pulA61NwIeO}rU%-6d3Zavv}Clh9W@aKsf( zYxzI2s31TCWn%jE$D$p*ir4BTu$u;7+Sfw!$XGZbxDR|P}By|6_r%y={EN> z>0QF@+mafy@{S*xqa_G}y)wmvBPhezzUsx9&P)P0y<{HB$(RkmF#IrrQo`ADeDH{ z&y15g+s|u#Iu)i@X^PV~ByN{}L5(%p)y#e!v&GAx3-*=eeHQjb0xotLRq1b}rsXzH zz}zFoZ;FeHr)mSudTiN=wTn_dxC7s0Ud@P|N07O<4Mn4tJe%8y!cLrq{9?G1j{o82 zo^$s-dJ@I#YhL7jqR9HqnBXh$PoY$#mz4H!Lu+T0t0Al8@41z$vfsD&GDJ+2o%1f6 zrRMg(w^{!3sX(+Imm>MYy?u=(SP|RwJbLpUCvM%Sym(-fqLx*^xmfz}I*!!OQkW)q zPTSK~kxxCs1|9_5koD zmpGb&BU0MaZ2a5Y6cLh;;>I`Erp4H+^K{j@o<5kLaN}3YCe=(c^vllmejaocpcyFR zGy+8c02K7|f9f?RulCH0qx1Sg4s*1M&zOJLs9;)3T>QBaCsU{~Nmud8KLgH#|3q#= zg1%*k^bz2!$^Qf39qhZ_`7Vd~iTb4aG6}uaxF*4zdkcaI>A=E~yRr)C2BPDuRmHcH z<8Jf_&^o}%l1Y$yhgG7DFMf}9**>!|%k$naOSlu6DP4&A1zqj@aq9?><8<7}R%40Z zpTe3kC%%&(6~;0|+kd}kwWLc;zZu*gj@nLsJnso_>#9F<;O;x?idLCFAd1#QqG%5= zDX`S?_Y%o7DP+FGOW&ecHLxSa`Mt-&(*(Y%-`}J!$bR%#dcRaSOqchN@(~`*f7W|! z`46*UpTDBUqht?S4j{OeoGv*n1QEfu=pD8>l%#tZ8&emmydP9#Hzl3^8EHAyi30|( zsss^pj!f+g7Oj5qm7BH{ypl1l+N9L%4!cZuRd}VoYN4))-p~@!!=Z2lzt24}-wC=| z)!UaKNtm`#j$W|Qd4;q?;(p(2gcX9pt!LsfIA|zfFW^21QEPolRq1;bhiR1K89_^E|+}m!kv> zJ$O&cmuo#`CJ<>5kMuW+RN=(Ab~xr&PL6)6AF}sOCAWqxbvm%jK5juGS0QZ5t?gqp z&qkeNB8m`}U@&uu+c{1nD7hlgDWWmpb;uX});to6T~T_69#$3;Pz< zf4Q69VaRfQD=bwg)0o!^rh;=}d42WQc=EMHlPS`ddN`mhA-Phi>oNXqqO4zU?sWY{ z|1ui4Lws}RC{347Zy+-8D!6ycclQsR+J9B~;488N>yQeVKOFg#|u_mQD@+89oV^U53ch6LSyd;TgbW6U=8`I_&!dU?96CJ9`CDYK; z^cfMchs^It6$LNWS~*NLjC)F%IS-!3ZqHP-*&Tf~2B@(PjRcx7-hs9HO|Xk(lI!;J z(zWckOt#l-)!Pg8r3IUyfMhW?Nx@H~OGjIOUiFgSy1JAqJ{%s=9nE87JJt$pRrW$! z-WP%L83bq&09@kXa}O1kw?N?Bq4G`zbUEQJv6j=t{yfkty5_8j1FXhBGO?j4vYQ<3 z9f$Nb&L;5E0U^M7sKxK@E%(XV^F!3KB9ujtkY!>sJ*O!xQLedzw&X+)v6rbxWmd=6 z(>rB1TN&u4IOwH)dd7G~yP!;8MF5W=Cj^`?Zz!aBOL$sH)6A_Gal_5cC$GE{Wop$+ zI{Cw;>7NN{-0I@%_V6ho??Jq0k#`6ZJO8HE z>Q$@isXEo?bXE1<`|Kw|MM)Y70S^HJ0s=`^MnVk&;uG)32MZ47V-F$z2HM98%1umG z1MXw-gR}VYv5o64spGEhY~>C#b+v@Bc5-&KWOOrkwX}3{vvGDm|J*4A0YL&GD6nnD$2S0)7x? zE1AqH*E%tVs47;l+<^bsCV{8*-k9(CNr&(G$eF?5;-an;Dimp=+9&sug-iQ>Qn;YF zsu*HnB@+`9gM>uObbM|nztc1*QPinuhJGY9O$eWMqTsFzS?FFcSfmcd+D)IxwwtvP zB#}^X6QzL)wTVt4?+O!4dI@iC%Ynz?{F_FFgt%k2>{mpD<$86d*TWvt9u^i&^3YAJ z9x7CqOzukJ$5jTjO})H*)bcbfR|ExER5O2Rm3!-UPyp{vpk%wdySJ_-nP0fmeW$G_ zar_uJ&p>C0YqyC0a>waDlOAspc8lFTv+X#49>2CQ6P91h`l}^G`4PrMC88_xH&PcD zTbsE?&4RDyYo?(H_+=_Y!>QQN*x75x^@GP1*gT3Pg3oPKxQNfH7XNTfqFr9G0-19+ zC#nbukP-K%VIGX5C@uRct$uJ1q*6_cy%WS6^B2^ywGlcFfIbCx#a*$o;K&$Un;*lc z>xn7Jw_RN1ZQ5B_P*@dFNk~elbuC7jDcSmGhk(cz=1df!HT6AFGb znZGr6KS>Lz6&J7$6PJol&9C*(p|f%3`?!KcV?p|xgbOcbZesbzVK&CGPP(PV^60hIGE)OB+`kdNo*W%<Jtki<)NLk#An~WV~Eu zU)0CmkDq$paZ8Q7;w*9N)kKq|q8P-zEHJQ&iqdrX|G2D3oVEKYc{w2R1rsI9g+@fc zTUl9^%-SUl1v)D$C9kIHHE+KKy4lbr&b{?!K9qq&1UKhOvsdJFbWIgY*J^Q82l0OF zU7q^t>&Fra7~PhR z$1x*9Eo%I2VfU;=n@Hn8GilECrs=pvB;B#oyaqG>Thc|Xl2Rp8PN8#E^ty(RHmii! zfxz*a9^yy+ZBg%duea~&+CUBgLWTUx--iy%8nTQpQQ<6radET4nb_4(#(r=0GCHl$ zW3}!xoM)q;dZ6YN?Kke?MSsDdz{BB}C>@Z6Y~(obbm=y6SZ?8NwVzhDp1OG2cGCVv zLaG-64S`*qNHXl2=7KFRubNfFYkBo+&595po2C5| zLnN!;tOy_rj6H1#HttmSe&=EGiVniQ?ykZb z2#esC%Nzs0=9EW0))qs_tRK5WS6x4sJyUIPXLzG+uJM<7E`HNR6CkLx)(JiXrPP1P ziE4-}3<|FNMBRT9>J=VDIj0(nO-^PQl$4MF`>!+RFmVN~AwhcQkB;vyYh|_K4}Nij z&C=u(6FQ%ysl>5I&UpN;`bO_oyPJqFU@-!&U>-!O{{9{@WJ{*%Z8yXPS z5Dq1*rk^>(}{ab05>JCJ~qP*D;P{O3GO7aXb($E!!e6f!B-E@WIe~A%Nx^T31}6W zs}}CBEotgDcQT4FmJGGFV?F$+7k&5&4}?pmAZ##PEGue&AOAc|Qc(z+h2ct#?4!fZ zvTJQhsf^afBbIQ0k#95&uTVh#k$-UI^4VlbBCJupoH=kqDA{l3uROA2Yu|Aia9Pqz zJCn;XLC~nyN)cp`nBqEDp?f_ES}&Zm`Sw5o-0nj%>I}$k`s1B$bCeRZb+}D(a^vm7 zrTJ&Dl&YUFGVXT%jmCIgyi$w$ZiNl~cDGjGHwO{Tpy9}OZhR*+rf`twDp0#P-!-hy(Gb;>uIcRh2S+tRODyeB@%p^n-C#nQi`ca@G7`t2OtCY zRb~ON_B`$fFf0_XJa~EB7Vz>Tj(Tu9T9p;|L|CV|5g>WZKoJsW4Kr|+#LXuHzcjB5 z4-YTPJDA?d$o<`XHVh-ZF;|$#4t<-uXiZs*dEcym5@S#^YKStJ#tuecZK!NpGz3gm zKt@3UF4>f3^SpCh8DAnh=;kag%t#okLj;vx{< z5>e&0W4KS3vCQvp+(K}ZbbR-EPP&i~rFw7j_(X4l=>-Zo7B9i`%NdH}M&>!KWYFuU zm_=J-37Z6!0x@^qbgWLhE;-!9J@MK;`Nx%kpxEU8aJKy4u!Lb=5EmxHT9E9vLHvFX zE|KHfWg3T3eV0{9TYP>Ge^deOsXG?Bdzw%o(ll_fEaVq8BaE?FI%S$XAwv7TmF$3h zF~l&1#YAynD(B}H+8Q4Y%@fDc34793pTf4Xy*oOp)0Y@;569BR4Tw-CgPl?`{G3NY z088@^Jg&NIN{b-_5M%MJ?6^Lh-5?(>o8~8JC%NB2^ukf=QFM>F>W9 z)er$D*G;EmOgL6(EOEI~R4y6y9kjMU^_M3p^U>!t*D z`@K7Rxh3Mnq|}R4)0Dg-Za_gn`xn_t;-`r!In%2h*FL$gk_Y+E2Ez53!U5|8%{1^4 zD#*x=3aOc&4`8T6w}&r)*9g3!z?9*>~J=xxsHJ!!>OEg{~RNC165U;eBbG_pev4a z7V9wPN6)-N|N0LkUW#QHmKhrxbGVIF+Nh5E{hg@eeaL8rN;sS&IctX3*!YZk-Abz~2wgELNxJlQ=`8^gaDAFr8l zCQ4P~5vH|pI7ia9)RiipHf6z4Db*MZE5NHn)>Zp85B{-PMgoVs1RGus-zlm|mwb*S zJ4;9T!6kI_9?ZTY1d+U;(`~d@2lwNESZ0+8u^hB!E3?QPj8AskEIN zfwxK_CFGc-H23Xc<-NQ=;BqauBaFJpF9yKa(2gn%9hduSN-gt&JcrW#AMN7Zx#&(p znuh}0aN~(9Qd-YDsO&9TJ^elKzOd2;*U5QG^M?e1$?icb91S&Rtk2eWMXHN0O*}ki z=c;LC!Xw)cQ53XBF&kH)GY#gg@4@l`LydUj->qr=pbm&@YqF{DkYi@n-#jDbUdwA4 z4van%1Eo(04KC=O3C)25sEN&R?+CW?t}W6hdY(l1&e%k+9Vy4gH+_^o96tJfuU2fo zGthC*J+sluT-6tWTRi>94yI1NzR0o8^5duD+g7^sYi4V}$~2c|2>+Cmos0PPipmpC?v!L!;OoSi zO~GbTgnOlGg4kMbiAph{@c2V$5%1bsD@UcH0+#XK+48_mM`h`=qb?mM;Yg5ea@@Gn z-Z%?x-TflRF+@@29!sgAH$rMj|1WQGS{HlVsIkuMeHGt#Zl73`?Qq@ffkby7-Ba>0 zqev3%XHoaE9mSlNLK`73RLcVWtR{M=aY_q6TNzh8Cug0}_U>$3jRG{oGP{MEE#);o z8;>4&&s)2(1N&aw+FP7Y*BR)n)=;0mUIIN6#Caz=KM9|D7A#){XD#r>M4}W;6!e+} z)jQvNJMIY>)juY?0nY#%#Vc*?hQ*k(+PP+aqUZ=e1^W}R$GvfR!a*s3Wy5U2tR5qO zoepbix1-S7iv4k@HV%puUym~yC2ZX8GQ-ZvepZN1uGNDTYvMCOtQ!AeFFB)ZnR{LB zADQAh!>iC83%>4qHWEjSl=eMvOPwi(q*OcfdqH?AdVGniH%Qp`uY=bpp5LYx`e?ZY zGA`h5_F@(?^isd^zbx6au?kvE_YO071MGlh z8lIbzF}GP>6{2(Pds9WT1~oL&!7qEZkqQqyx+$zUhy$ReXI&pQp}}4Q>(Q3|q%*C= z6FPf2U{$!?yQ@-Ik)Ozo@*RtHF0P|hbiO7n^Hq|~Scx&-CWbI^>*k?Rk>li~%bt5c z$&TV1TJ)tc59;{v7ajLUM-)=|(fEhip@>4c=)yv}U2iUR6Wy^~TS0r(?qUkXFvM;B zp4<}@AO6#3OYguU&uXQb?hf}0`{3) z-C^jhFZWMn67<$$XkJ1Bz(7v8+9~&jki%#BOul}kN=G{O0KG2-lA{B;&^6Md~`KS24k=K!|*(Q$Djy5bsC zLoQ6EsGCcoIzhbMsa5NIzaSVQ{glzm^BDxM5|WU^?*=i6WSTEW?c*P^By%FYO1Gzy z_9i9I5;My}9njEIWn(}|b-shMzVVl(Dxva|Svp1DcjBB*l$?Zv&nN~dy{esh;dzq`j)v1m`en)*OcF5-`x-xCL5aQXs`;VCpMscW7G0vZ_c zC5Knyvv^%1Ccs}%>|7hN`VW0mdFp&HD&=)t%q4+#0n=%`m(*)&_S^IP_}fWdfP9Wl z1Nnd>-{#6*pvP#k)Pc7HqxgIPj^{jo*S(W)(bC<+cU+V z-%ULE8KXMhBi7HN+*}W3%V*i_=Nw+7qqlC4=gB4u(aD7)*Ik@?xpG1}it1CMOrGUym#i%`mk;X z|4pGVx>hrzCjvblKuni_i_E)jMag@F7q!G`VWt3Va5xerjcRJ4sWb$rNncQCdw+nA3Qc%=?`{qxREEjNh-P6|x6Pm_zM9fMzIG9JRi)ZqyZ)6qmea~@R z;ogLkkdN6KD8tUzOtCI?dJ>%3mYm=C+s1(E%t2-5bQ{Xf(f|TIm8?k~pU0gtYi_JT z=G)#T?O1z5v6_-Rg;60lwsV;fy@ns1lLy zM2K`AYf<#7+eY&FtJzM;F@uwKE^9R($n=^-PLJAKJ#9Zv%}8(>XhaV3_X<1j;i8e`4QM5PLVC4bbcQJ0N7~RI&V1qXqU#ds(LKKIVl{P@ z!*^{d^>*1n)z-J}UG0XI^zoci+tb!I>JQV(Z?Co1yl13?qE|1_vO?y6SUZII5 z*Z6`lVEd)TjDv}i-DChYCGGY%$PEK~4$<;boV!Ki9<{w`{O|O1BDr*oN}d?>2;<0O zsV@*@F-V5CO3hX_d&ejkqtQS~S+TBbk`NB#Q481(40L&3bq=FDDP_0*{02S7+7{ql z=3yM(tK3s+Vk)ck1zN^aBfBHon=^-{)1Pu^j=1mZ{C5YvbFe{-mP`M%C|SNM$;S8i8oxzHY0l`SrPUAxFVRO*EwE}1E6p7jPF;Bo6VaeRwG zqw*~n7UiP~YAMXdq9IKdc4&b1d@jhlqH7y$(8Zb6X zLR#9~&MuNdHcQYqEj z?J@ClF@LMYI}D)2*4kV^=A`CIMmvyo!FPur-1^-32+}1-sujxBxa}()%~eLFm*S3Q za`#NBQMA;toMo-}!jJH{x|86C{WO`#r};CWw23FKE8NUFM%EAC4SVSRK`$`rG*^~u z#X=DrR+{3A6f@22tmJxNkpBGngBmd=lY6CT6dgNKm)cinBKoQ+{q6JprAO{3BHNV^b=#vFjEXp3nV2B$df9 zO*l{}o8O~*X$h}T?fViK>Z9cV-mHvcn`8@$>-s33n3$N&QXOrzac7ZfPni4ZQZlP~ z-!HY&5}g{dloTuy*%D1U1qJZAl8{tZB6b~Bs9WCGBt|Z-bmNXOp;N% zPYqyO%EIE~ZV0MR#@yT6+uAoOMXmhjOOT1`z&DK-TJ*+;5j>NRGPe83}x`0mhBl{`oxA)%3Mer$Sr`bZ4g?nCzCh=_=< z+M3Z6WB=48PlX1D&4OjNOp9E*Dr;e3fn=EN_4zj6KOC8W*EOVEyIQT)lksx3iR0n7 z@B}v0X3xjZ7O$#GgBfYDzhq`+#^bsJCmlmT8TjUxM5~U4f&x@fRP1yGHE-#fX=Ked&XmL4?w zlL0nAnBf1L?EN1s@ENb}y8`p}P@_CiT$rsvXx)^ci7ut~&=|5<=G1mUT`UieHOc9b zCP`;GI&Y*#zGgLmf&by#Lg2Hqgs|56`#0vq9W&-_-lZJ z6yCgb%5YF&4my(~$|coh4f!3i^E=2l`Ik?tDTDCs$OAUGbvMBFP&0N!$}~c|a&Ly# z=5`XhW$z6+Y_7a3PTg~cxFsoAJD8_)EEfx!d~vEBl2eLkuP|-?(U>0neM>Y}ir)0M z5@W1<$&jMyebQ8#RL4eFwmpF^XRzokw~PCsY6_?8-a2cr8B9fZ#ir!|eucp)>my#L zh?+(3yfak?v92UCe?;IlDHL#ZAb#wzM&`$K1DWELc7aj*6r#;iHt`kog|B|&$V=Fu z$W0r(ci2u=HpAh??@^PUS)H?&P3hO)L;yjwc}R^DP|z~`s_-c~vf?9=u`~Ax;mT#{ zT%u)Qxal`AsmcGwz{Z-A+x8zm$=L(ju6Fxdb)fAyPy3iNl|WUY;JfeS3-=Mko31m8 zb4V4^tm6&~tv=h!0aX3Q6vSCWtlujR4KurWvs^AqdnU3;0qs>GEefk66-vpMcP>gD zFT^wCvrR&CeNt1QYbN86!WpS|1tP7C0*VU@KeqSz>Az75YxMAk(?i?eSoDtCm<0zG z2fm_t@ieQ}J#r|8Qeof>k6N~u7}GJ2A;<9eU=^>$A+1D45*rusDNMWi?z(tl<_xtd z$)XvcQ8`7Y-Pv2`jArydhHUmpALX@oM)nc$+O{2uz6f!yWT_KkS1URAmnjSGDcgoW zIMOK?^faCO(VpxoRc$Ha*1jKxD~A`{^4RCPcW`;?!RBeS{@PA&CC>Os;&Oh$ z$FH+DXY9+p>)8z!l^^~{TFUFfD_I_Z!yuD4R@*UPcO~1G;2<9VwixR7pPt5dWv_Oj zk-1FPZz-)`{A%tGMke9N8&dyYybpcd5wB{DXw0-)h+(}pk@vP+ckbF6(uk^bcqKHX zQNQPL!vq;=pnJ(kHZ@R8P%U~mjq43UoB|m8601r`7e8N4Mwqe!F1!`EtFo6yF08S% zZ{h=D6h|SN&Q`4-Y~y@0&UA7=t3|mdidyKf6rikDDtNA-|A6#UA{ArVRNHf|2P?YB z@72^!&(BjaLgZ(2(4nNx^6^f2+-hUFX0X`blJ2(z3ynpiR$b zAqXbsHdCt%UwY-=Q=sX6%xl;2SC&7yg?@P$_O}~PlW2F4BR5yF=Lb8w`R|FDwK#25 z>whP}+Z%9RZ?poq$Q=qs_v^;&oRsi!WIrd+<<9}OP5=#x&oOO9Y@nLzTaMZO1kki+ zt&@xGZ%?Frr+5Pl`ss;M>Vv+$vu0QRQle3&TZ5Y=L(6(3!@7;v?g5(DL%>Zw9jOZ&;zzr6qm3DY~A zjX~WLsczjIzNB)=?mbIC*pQU(*&L%{!pe)T#VPqI+AfW~Qa|rv|2c4_rs|y^1Z4?N z`^-_4L-mFuny)&4ULeMhUv=I}S)Rq0?HpoCgM7^J=m$ECH|^f-|_(BFZ2i2IL;!ZR2qyoV=vOKzW7p|>d6NuFr`uHE-q|a>#pUNu9llqe{VF# z-_tfyIJtna64AE-pqS+vnskLp z1Zornrsln1HiyOe3@@nkv%a~D(y_|tP9R@OrfcKNy$=DhgR+pq*}X(qKC90u+D4EoU(q<^$)F>YzIf^r zoqKOdz-%vL3-gT@jhc8`DFDRLyu z1Y<}2i{fT>e^A_kP>7kP zuXX!Tcr_N9m&rl}$rMmZ5JPhGhc3QeF9L)@euOB=U=24Zzi2ou( zTP>dkJyafv@WR5o#&ic>ds6i`<|&nf`{W!Y1W#C0o2ML>ptzEbdY!RGb*|+V3D7br zlhYJseEDg%a@-hG_yPDycNjM{TaUZX67d3qxSHV<{W%bx58P%iGh+^`?_Vep`EG`~6$FVzq~|fN8o5waOw3H> ze0F$7r^{Dn7t{nAN3HRukwN|n*;=40Fe z@@WT6KX=Q+)#?Y{OBP!MPdlBJW?vcxjSNatDv_WlG^k{kB>t0$$COZfcMyTu`9qHA zB$%;WiCyDX$ZQldccA3nRh*60{&lnfRM#(Xh2@N9oTN5XoqdoAwNh8?uB5&*-&Ys^ z{UWot8SC@GnJcvh>>a?irzvfE4jEu^lTje9h-+B!J;{j4R(R}vrg(;$Rqr=(j^%R3 zd(G9nFwZjsexW{cp89?m4}N-k#|STPJvp?1f|utTz%I@1HX)kmw{~V_Jggs529FEq!Ji zUxA=HeocqoU$J!)ta3)2HCkZqJP~GO+B4BXz`&n0$2%)E+jDWmLhf79Q*>{)H`6w{ zkelKnpD4r{n3e-e&HP~{AUG9QdM6AsH|1tn(`B#h?*`Z7G-EcxKhWQ_e?iYZu4n2O z+FK!>K2SZ!7l@oQUs%H#dUV`+X^%R|;EuEECHN_{{uat4prhWge&1w3ps4*`Pw;Zg z7D&7d1`|Kk&KC%MJ_7r$%)XP@$+PBWb!*9 z&f7Ae3I-OiJHmv8LJUs8e|Oj;^MCM%bY9yyTBlxUwS^bYOex;=Nq?H|Q)4WLoVfOq zN3rA19DpVtv!MsgT8M~KW{GWq76{rFX$z`F9TV5rEPe03 z^<_7|&RuD(ON{WSb#c;@AL4pS4)+lnzEtPM`YVnJj`^k^a*QNl@JigXw*o!@rq~)~ zaL&{^+-MQe3p@mLNzfVKDhE3wr~;)p6qm3_+5sjdDWEBw`H=IqRl?Vd5F7|22G)wUB8m3VpcLvEiG4Hxnz#kXqdM z+q2O_VB&js9#s$D0;m;e-RI0ZJj&n5)9K7Pd?zUOu4{B0pLMb=U->B$o^dLXliJzs zdc#$!uKZiL&P$q%x^$Zyr}bt`ZmBIXc2oCC!hCq~ zq<0^o7$-u7o7S(}AWQeLLYNs0;^s_8rJjr2l^jZx?hn;owP^_WVEIaI=!CmE_+5jU z_+G|xTPY6|oepY8IUVBb&0XL?eSToG9`B92qGkQe7aXESD7+H?fdu^VucdCR)t==Z zdihlTEQxR_o<|nr35_?pMVCn10Zh}89T`lI)FQEha za9`B;(0DZm@(6PCO#~V{BV>Nw^GFk@Mc!@kv=*&jy3giE3b_BB$md z)g(JC4(3X%RB(K*bJas6l`+WmhV*t*+4ltIUj(kkyY@dA3veHbQ##qvZ7wLT=5 z7k5>%!NSCn0U0J}Ve9!rlQW@!*ZQ8XAqvu^DjO-I8GM$m>QyDwFzo<#*C>iqWR98| z0|cM3^Khq$0w3Eff>Twx-gF328D*H@@5SRrAg6WQ3df4azTxzRg_-?wOj#yEn|eLZ zT=*i}=qZkhjoW{MkI)-yQNYhZ8~jQFe$G$GI&doZ9NhKywRn?jQoJ1|nl6*u&btJdF5 z&HwSUyD>kO=zs*9QbMBmqT2XZUs!HEC!e9^sGhF`hiT~hRKD=~Pg?m)zS!?}yi94|bmCX}}#$)jVB$PP!Y z3EYQC`FX5x$*up;EK3=%lyeg-fy!2mn6i_kqkS0UeBdhOi17F~lO-i{*hjTf!zk;c z*>S_5)J}@ugh|=YI0wVl{*%6=7E(L{@I-vcOyzA2 zn}o#FC2E3D4Wi&c3A4^RRMj)iRItomVuJL^2)p&2zFAI`-s2n7-QEj#M|{x-12&z6&!OUqVfPms zGvLLnC>dL%&oz9&jGy|$d2ZIcFP%9}r|0sShuS}64WxT!oAY@LE#S&MU!{oqAzqf; z^WAd&o9=bMcZ}P#-X3JD)`p~K`dq3noDD?l&Nao?-R)WY?V<4NFziK^!k(Qh5PD}! z7rkrw?9%E#2jQ;lk&$f0a@&#J_1aR!1Ai8E_t@6iwf^Lfc$65v_0H$XD8`Oza5R<5 zcG0@SAL~dB1MhNUG3+U3z5|Y)knV2kEet`sQYs6oHOkyqA%v#VCO^LdBroqDq}&&+ zl*60(c>-=w`ZU^xnH^z3_n|UwVtuKb2?PnWk9?2QELNQPbL+}^sb)%>#4wXJQt${n zL!rRl7=^5j;bBL9xVbjNVNjc}daHJ^j;S%&jmBPem4ZKW)~)(A zY(>}lR!c;#cKcNLF~Np}eWx2P?xkQ$ubSKl`@HQHKpms;H-qLVHQ)wDKpj8$YT7h+ z4kzdW+H$~HfCi-1UF|G1q?|J}ShT&aYe#akq81jLHXd_LDna2+1=6_^`;rDx0-!&X z#G-YIAL4@bw9}5IK@pf-eGHN+&3!;jd_%L8lA*ty?w;?Wj&Gn*+1l@UJv=q}C7g zBShy}DKf;Xe1y1Syj;HUqFl)(=awmU21QK01C>p^G3evqS)EN|+8!!imCebiT&|*L z9WOGzOSzn(8VI5?5>KcVG6QFlt)q7wu6?R^3V9j=dp1xMyELq)$%Au$GadmrnY~p< zzz{w)u6oqpC4hCd0`TYVHx{In)Q}9Q$b$m~adXYWDO* z8J2pidC^)LgGT6{j}r|qzXV|vpO5eA&hAT?F^g^L#Nx6mO?ca2wn_2Evm0Xu+&GUs zZocmzS<7C=w=V8+AifWt>Ryo$6xQR1mivVpYf+kz++A9ZEMcgM#kc*W(eL?0&Z5VcMIoGZtOYje*Teivjy@Xu5Qm?odytNEB+<6}iH z9zm-!Yl(5Jq&rZwubOY>q9%P!*%4FBGj`v@bJ|;LQ%egP8roHT59*uv7*vPV$;z!m z`ds|Q9~9%w`#V}Fi(ffe?ZNq~$L)TXFYMA+%7^eMEq@O`f6>LW5HAGqZZka~1YKxa zq*0_^CZ@*kxWpjZb;r&dl+IWakq_wxHb;H9mfEO$D4G?-LHTb*zBBJj0JtCsi-Yp= zcP6<|$o9?7d&(~WA*F|@8yLYMj+I|p6wU6xRA^krtwyi+t2;btg5nMZ1K$vU*7*6w zZx}tZ?!VN^OAV>Gk0HlMhT}#D--NyC-9;a=(5#M^+RhOT@l&PBCkr~hexQjj>gei2 zn781erHtEWCYN_vos2V4W;n5hGg1ACX1MXFvRIxOTHu;vbiZeDMw zeB7l9s^bJZw7Qv|uK}jJo3P*_z}OGOee+waH#at;f8(3*`*$JzDOH^<&2nB31U<{Y zFtVRRp}otv3$;F#$F8l(x&>mtMIW=g{3P^%VK%#8pXaT&;u%Gds;Sh*JcyX4&{;gy15zP4e=A&0^enD;gkQ zCHXILAqF&1o}xG29;0&h5+&|b8Mff{>CXJQtHliV4-y>49#4a$hGtrg0ys&ucZAJd zlc0is`Plrdq5tfJ+j;G~6q-cmR5al#I$WIJR2xI0P;*Ce<@S|Mgq+DRaHrn>4k&Ho z;pf>p(9QA@=W?N^3oy8A4lDleP)d`mcU@!pX=b9G+kI`DwPWP&STDE7^PeLvjv62r zOM$HJRr79<`*C`f_iF=Dqt;!%EVQ$LfgxbnIEAW*3oT72b|%bLFDT&FS~*X4#3q-b zi!yI)@>|3(|AoUDBooDp>mK>-grJW2aGSSn^WMKC^$g>1gSFL#ONCsYk=!Zd%Vmx9 zD}3~2&Ab92(N(JBU`X(|kbuDJLe0b9CuwVsLaRZ)k9R;qv4nWonNJXMT)xv~xUu=r z9F6>4yUjK8ugi@; zi+5%t+;crbo17%4ig6JFGv=TDVjGfE8`c)!jt}g16BgE z#`}=+X#*S)+V_nV)lj(cVxN+~p;N=@%w-e6!cGD1G`ElP;LWD{bTV!#eg;FDojY2| zWRrRAT>MtJjvqNxkLQaz&l^|`IzNs1^QfgzcB|4{Z}F6dW^i#n?tEVlUNexW9=tE* zwG^n&PLk@&n)CdzytlW~3wD3YR@bgVV*$tCW_MaYW+zQ$vG$X}^Ck%Qb8WOjGnWeZ zafZhbZ^g=sUY+g(mIe4`)W^O@7+4;9JU&M4 zUkzi&?y&c?TcGC}?{wxCwB>Ga&RXD)zg^WxkME``j}0gKE9|t9D-SCh6@qCXBz zVY!ydect(uvd(<$ z#9K=ed$C;p8-d*qeF8V{3WF)i;uW7|H(lmo5QF{ha;?8*tljX=vmURc=_kkCmtE?? zd2>tMIiWahjd9vQer}n$p>ts_fn^$QrfF>1qCgQCAp-8ug#F63>Is##Zwx%o9FQh4H-ej%lEDpq_sS2mVB3YQ?ObP=-93t3Hh2ZbCON?;zCk%HAc)Ke{rR z{ELhHztv#M5xDCA>5&q#{4Y4v&&#@IClpI9S598`PU?DLb>IQdhWPb=LBe4H=S~rA zbx4gStntJOq6Rwbj=@Y76v_st2AR#+ZK`oCT(8%8SE*<{@Y$ExDFYP$nJ;DxwdVPd zkE52JFqkG2SDs0paevKu#2Zg7_#oK$D$z0-j%JR(6WS$ziKdRVR1fW_;CAjFVx0xZ z5Rez3)xz64!%D7jF|B)1IR&%PKektT2kd^DTqr!%F$w1zbjy&&hU41F3uOIJmH9II zQ@y`YuRpeBw~C+YWo$J}H+eFnEk2_kC5o@xgHX|x&kM5U z5scC1)?%uq6U0eq<1pwHG@Xx0DJ!KPRKo&H4|1$WIx4kW&bP>pXw&6 zEfHCxc&pNtd!%!4CxLacEG!7eb=9G}h4}k7Q{TFY=pO<2z8?8xdyj^lX|JwcoB-F* z;i~^hN6;1FH14QI2Kdio=k}PIlPHhxI6ylljkOg{&M> zrFW{?2D4Aub1z9-KkyG_G6~Q9HsPXINao8iY)PlE_0O`%&PAiz=e-k&ve5jo)Lg~t z(Tz7Igt*(a>8-$j31fJm$rW=lzR4C)ccX%KDIaNbq}PSO-__)8EW=h1>q9rb)PSma_dD>#rcwZ5cSrLRG(SI_fNb3MH;ValD7VuSqLk<>^T$eM{?!W5 zcx*Ubn&I?pIvT`^jiihA@OxLkCLl3a@2@x%JMiiC@%D z)Yf*$F=B4hShu0F!?n8XlhApuH8-W-`?83g96+r9sa~Qw-Dn>$K3W}caq&E{JLyrU z2>S(3(ZLEO>#bmvj*5X(gDwVx5}0e zlFxJdUP$c_ZtjX_9$D+syb=#iED!6% zy0kU9RJMP zfFg}%Ge|&}JsFN05hz&=q^f@oJe7gkydHA-n4q9mI3|9c4?KLW-$s4IWILIi4a5%> z`))+-bV3f7o2gW+I88wJ0pmY^>{M@X5b$z&w+|$M*-CeCT)I+cW$Jt*g)sq>QFNA>ph368S_%POiQV_YpZ93Z|Wixw;MG=I*Oo6~cc@A0myi zNc^Y}LLrm&qDyVd8jdHdk!I6kAY^5MRLc}_5wK|^ zMV(g+i9UclY{r7lhr^1;?*Nt4e!i=>R})benl$_H*5_=!vp?_ib4^1-*YI%EhvFId zneij?gkAlIku6NG{#d0MphQvbejEIPbhv$!5KNo_JFMjfl1dyB%2N5Pm&_B}6 zGqsv9lElKtyRFUZX(wVbpYk8cv&%%J^aTx=jT!RJ^!goaEx7|t6vcrfd!*z%HtSJ>uvk;onu6?hB&Xw zvdGBvA+#ULqs8i9AB^jfu=aB9j#F#b7s;2{+4_GROOfYRxlI25_5xHuq`asgofA}H zR7@sfa_2`Ny=A}M%5QA$NKNid^I+ON+&DtiDf4jb`uer6{sFr57wajfyb@w@!z=lv zV-`DEX%)XW0@neWDeuJn#`pd(_@YHYKj1R(dnXtiZJM>8Dj7zH`HCH6$ec<&!xyHJw>Dk8i_q5NgG!w8Im!Va+;&WoF#=DwaKZm#pT z#hD~ZP1a2?xG3L^5LGrGy>7?p5cpR7eh-VE+9vuO(%Ag|U71IZ=d8BoK3IEkWy`YT z?UX+UNoTN0I>&0Dwj2)slC_f|r?1l2`eNkSx5?{H-rG2_r=e8P%e{tJT<9sgX*A0F zdMv-~Z38DIcN$^7`8+swfPf?SR5})P2d&&e$eEK|O0@Dkx~^dFP&7HiGnOMydOJbj z13t>orI#{50&CA`k` z`KV6i#T#R?f#IZ#4!N@{aT{%Xl=KQO68KLGxzRqdSqisS|yY;m2A&na%zRZM9>j#jDjL{#( zb+RNvXLnmY)HCjrcU02Ffg@^~Y%Tij?-hi#%`%%T%DH$URz&7tNd6H3GMU;309?3%T~40R7t9lOC4Xhv_ZzGSdATb&>2!c3wI$EiLkO&zDHH|& zEs3Q6gfSJm<#Rmre@5BGVYIiIUC?+{@b=_MM&aS?v+meOIk(65RqQ~#Zh3IT< zqbrD(HiT{t8&P^V)L5k7K+KoGdT2jWCT&9WHOY>lMq*m_c#JWG^qU z|MX;jbV6aBGCSXfB0gZl<+WkCQ)0sPltsi>P}DIOMCMNieLKYI*RLXCq}pK&U><=( zfKP~bxbotYhFaZ}3`6>a=Js&b{a@u2h^k3R_f4xlf)FCa0Wk8ac!vsRNNntok*^TU&{Etim(hpyo<5prJ}@r5;9- z*WmF-@Nj0eNE!$|zwIT=E~djSysB)>%5*T+)&}z8o<8yq0k*c*_HeCUv&{WJnUtd+ zMk>m^i+4(RN?_c$-rV7qu-Vo-nIWD-_A?Q|Uo8QVW2{EJ>Oi;w+tuD*3&op9dm2Yh zt@y0$x3|MC=a7m>9a<#5RL0W>0-vLqN@)}w9MKHSU3(dUM;_nf(3$(=keBjXUbNBH z)FoAw8h{*2WwO^`^kX~6Z`iSd-ctOTxCKqRyf14Gw^bN+&*us43;44d*^eSzh;F|f zvjtt!d@*z_Z?$TjP6i!sqN}2E{Xh6o##p@X;FGwW6do~IWN4Um!?d)u=9Ou>7PyIH zkT_6BpRxb^Y&f1-YvXT;^uS-v3c}*tLzkc+IpP7ZxM1rnipBT+;T=+ST{Ys{w}IEUD6a(Vae>-C}#a2 z6`eU2XnKD+Jb)@VFD8>nrg)C_CmfYW+yV)6?9=>@Z|;q;rC>&+xzXF~q@>Y@xe4-V zLdgTMVzLSiV>^?k6Ku5G! zrPKcVg-3--`Xq0tG!Q)9s=)SiYbOijLsoTH$0)C6JWa(J9rnb1u9Vpe96K3-|Fun` zpw>O1x8q4VR}8%BFrK4-tVAKK2P+sc{N+5Z{aBE4l6P#-Rcq5PpQ3cw*Weyn1G;rN zyC^FUiiAex24Z7nv@b$kvBT7zB?AZcX)}-PYGMBWdK741)v&&jc`jtMCFd3XECRMs?yFRmr`mRLm77%SEb~V&pvkZ)*m`P}g#ri%|)yHz1 zz3|02ZrY?Tvz88etuGFym8zH-X6hU;ATHjF=oALpvk$!ys%btrulxQfJ1=o|+RX(F zxgHpdz?Eic3ui#(0{U+32QY!IrXYCn78!M~4RMHYP7W#CYuS3YY31P^4YmK({-b(< zS^**XVIW);<-?C^sQjGVi-$@p;4R&TLzDN!MeL(XG(f z;lI%ypN#m39x&S2IbnB82EvXa`t-t>@z9A$Aq3RkcfPUdnafp}gIu$}035@0)r8N> zC?j*#JPq?`eg!fU)}`~PsCN(dB{MT|C8>zM#Ydy^YyN#;yi7?Fa$DZ}^85%1w(L2>Z^C?u3I;7Vx!$I`99fO0pD_@s_a^^XFE z9m&EUozxvn3B~iNQJ-xN9Se)a#u{HeXI;`A|oBWAt3?-*hGmg-{ zs&Kc^l*G4;uo+ZoxP-rdcy%dHdvi0Pupb`U@Ue#cpLa~+5F1-GXeV?z4g3Op3Q7An z*NasV*s-=#Ug4_Ej3+G2x`yI8T_{H)=9hK3J;>$raB=lV5hKK@qBkciq;^%Pa_Ip- zleg0Jv3ce&nKKHeAk|3&e)4P7a|k9dzl@k5028+!F$ zmj>3fUp<{XQAD+P!7DJDUOY7~RzR_o^Z9)P|5qMTAvXXeB}~9)V&01x6|t!*ppZ;7 zf$I1ja*zX0)kKzFLGjbOxU6I4p{+h?J z+mEpEO7?FRKsu_r`RmtmY(1xsVE{^?zJr3MYNLYRw{a`OSOM1~oY&|3{hi^Y_PZtP zv@x?auVa=%CL#cmglS9FzTH6^+G35C>q&%v{pxgd9(CIk_aZTVaCRZ^d3ZE8i7%`n zztblzd3ky=5||m7aavOI5Jg7f(Td;aulT!WF*OgN(fW&-lZH_d>vQXCRt=6)jdcZr zMwWOm0*CLD3l=u^;dBwo<>jUD!$z=_l$72s5xh8kHRERio@)S<^0M*eg=|a1cl;qW zB@x)nMcSuG086C0;1OcVgq~Pt1v-CCM0Q5|_Kjct?tC<4&__$u3uy+=ez&_e*v8=Y zb8fX@Oos!COi~%R4tfzJLq3}KlQ%#d#U#ZCJT`qr4-bz=O$wx5b?j!buuomgm4#No;o)I8 z1O)xM%F=lnq~rqm3fI+WsYX`u7LM@v3b=foROm$cuY)=?m;s=pImkf`gOUy@NDcdc zUpDJFIhB{^ms$CVeBRWNOALVug+-gb9~}r5g31baEf#TV->Z}1(xS0M&p2W95kQF6 z;t}!A#%|#3nTUuJ$Sa$rrR4%xU@nJw#KYTrrqt1-_bAkaGgT+%Io4Kt9IWLN;xNm*W9T{%~aUI=@vN7hs9L)GOA#rF_%BvchYdW#?aE;3g_gW`Y9oQ8XY*CeY};cIKtU zjPFmT)W+_f>~BrTd$IJ80E3b`q~0C<-sMC}3N(9b7pumet|-N05e|^ES!+mGYLs-i zzo2)6a7W3!Y^n*b@Pz6f&6RJZ2-4LLf4xS4(s!!;`>_wskD>E?F&1U{1y|1LnKE6K zS&u(Z>43iBp`kCTCp4@knl6bmbrGm2<-IAZBzDN?v;r)|;Na^ls-3K~VoT$29b`pX zu8iVjFLqhPA4>R=v+{<#nUmb4vgo_vn@36;R&kX}%y`^I4-)l>0HdpmFL;zXw2q+X zCoD=joa2*$n5>seSpX2RY>1=s#Xt)vFuHd_S63oy+T%WJ>Mde#fus5nd-8s6|=I zls`Iu?7}%(iq%qE;?jLbGi)`4Ar)Q`DLr0~Kltq(aeEq;TXuG9XO#@~I=!uvVkH2p zUU+j)fZLg#em5>^vx|uRLGrtUyE~ovGA|l2suUU#Am~hR@*5}HGiBrk)&s;#Z{ z_LfP#?x(vI82M5DpUfJ$6B`Tl3p=sWLkJZ7Tk2`UZ~G_T{Yco&>}4PbXrGvq6|1R4 z$cIjt1QVSRks*&GGX@`AX~O-rrESDx;ny&K>bN_24J7+yk7nDK@*rd{Jexz?xXO`X zg@rkjtZHyV%jAy$E0Rop#=Qw~r%8ur`>v+N(*$2dR;#Gv-^sb=)fyg;{dK)7H|ctR z+o(P-M<~p!nVK*L?(SUWU??H&U^-6X+ zoernd+PTf!v3K#Et2soCC4vx|9?{`o`#xTC0uegAtmVUg*Xp+>wbB?zqesMa;tLF- zRFjK~hDCH}gk0@y;J`x%!SNFAJDJFZ)m&t}Q6D=zTmS%bu}cib_i1CUj;1l!@5wlh zRfN=887(CkQ5ARh-zj~G7P}WS)9WCV&8`_uJez&j+*EKKOr2Ki!k1}a9~k8q=u3{a zd8Yf(k&B4qS=wo#)INM-oS64`{&9$9~;I(CedjfoeUGCQVn1YcrTKRBrj6 z=PF_lEknJwc}n3iwnqi*Y`wT zwmU%1aw;K6?dw36faN<;u+&jbjIppq!A^o(CK$*+Yb zb_bac*0X}Bju+Y|YV_SPu$Lpk=zJ!M?Y-k)roNfIBxN_-yyeW;BEN7~iuiVw^*6Y7 zUCCGSeWz)^zdG~Bbo!VGz(tdGRhMpFZgqHIznlH>p*_C*+41@Q zdIH@9*+BGH=Zw2!o`Vsww^@hEKzu(5f9k(^P2tC@;r$05X;_iWE`zf#3)=e!!oGyy zt#{Mgl^$-Vsj1qU+hp*=goJ;ne`~@+M@9PFB|Ekks;Q-uBQTLTwV3H8^9r#|sZaM) zQSp4u&^F#nQE1xdv!S}c6w3Q6j~R4}!%HNDep2muN9WW8ml)u%|L>!I6}E#i|I5cC zJv)C>`mvQrQ4@-mK_=8H->jb~cLpzdm4lCVL!`nDEimVHTD{kQ+DY0xIvIb=XdCDC zS`xM805+{JSIz7Bx_>--iYB73*qKZ|FEVg{JR~qY_@qAqSrWYs!o3ovR zEUD$lpQ^varuYO%CNr?zx_ySdZo-Cy>%y>jQYMKm5O&`A=Gbh0`m*yYF2cZtn7mS@ zz&+P`{ik|=exWm!FF7sbOV~z9_~+A@;)+z}ZKFHZ7wsB%5i$$TpEV(PHeWLa;b)Nb zl(6V#?u=BYFL@sgYCj(zW&;j-T;dq_uAPtzTnR>>@A(D1_0W8CC1w<^39e-PFWuK=Q5{be-{4}rTNTNZ^$uNH& zX`r}V#*b!7x*s>M-|h=>Rz>_?vn}IlG{?Nd2!YN&$jt0tgsp&>PJ*6&f^vzIF1Ywf z#O~6<5-bx4%!0xRB%bK_zicYY;Uke-uM#NgxH!x;E_!BvqNcqQ+ybi{lX1U>WF@KL z2+3>93gdd~Yca^L;i7%W2nDfkXmp8An`&~W!NRIeD`!k!I8>u3rz|Wu=P5B=tC{m*6-<5Lh+nq(@p`AXl+(~X7z$T zK#(>G3yD&f6kxxvzCakn>!a0eMa-0)d4UW60o#AQ;I)+sf6M%3>++$IkPXWXCfdZn8j&7MU$ z=cq>TI;*2>7p~V!1puK>p~1{?3M|5D-!9n0*5nI~#G>Z2#Tjfl!9jGLq|5KS-Ytaf z7rf7T3h`-#6HRI(keml0A#BZEF^wcExlt4`hI8RoY)fx#w+E#=-Tm#OzwH}>&>^Z z$YRfZ?^XTBNn+86ez|Y4ds3FD_9E9f**KGb6h^YHAIw)k6-$0cNwCI zA^QAHSs=o;d-z4ev~_qn#4_~!HaJp$AB>~zgMr&1^8TLauURb2@l&~vY?tR5L}qmu zwL59nG!-!@egchA2En@gSs8G+Iv>-U&Cg?(Ke{<15#mj!_7>Q zX)$NgyOuor6pHcG#r3oLoIs_d%2JVdIaMQ21FiZsnn5iU`(g)cpvgsYfepunXv!72 zdeMNViq`2YQ*&+cQT1*FWzuKa0x^of&y$&#}+;}++g?tETcyJ4H z$<58icSfTL4_aHZYIKlu`Owu)m$dHBq&wr?eUv_e?CpOPU;@e(Z8MHUhE>3JMr(zH zqyDeR`Xb3cbseaeZhTTy3~XX#KfJh)dm(hKC_+Mv$4!1PII)j{vbGl-oD{jOX zZEz+jA`Tp0#Nm$Lv1WNR>o6t%ZHycY3y8?>v5$(1hQtw!J1X_VeSH*9ZFFJK4yZi-2}1{yvhGK1 z-v0@tG;-YYGb{;GP6IQ6I>;y3ws`vZ3j;yAs6@!1HoGES(kVpFEzkVHISb+)5S%V+ zd3YYx%z=R)Oqa$}w=#}#LLShw5vkM>ARfeQ&4@T1w_#Z!I}tizln9i!$)wK3{}DH# z2z5wjmzJHaec8ou%&bXnJs6V>>AI(?iz}z{a#rL%07TyVXDgqob~+rKv%m7NLxW?9x7iQj)p1W6!Q1*>_Ls1b*`M>M3l4a`#`P?ONDJ48LC#u*5(%CPXL#=p8ZUw=A&vpfmj$2K`i25zBU;Q5=qw$w8lNa6_be)!i_5l2*k5 z3B2DVW(FV$(3KeUGoV(%z=XsQ$xTPD*Y5A>dp%$G;vPS&E@fnJa8PZ?JMuiQtCp7= zH|o@CF@wy_O&Xr2|ITJ3Er4qo1wN$3*tKM?aF}KAXL}={qoWIph&Z~svNZBHabZ&K zpHw+*E%VTaw*`~C8s0*UsmmdfQJh;L)a82PJem2H`3vY_+2b}=?{uTAPJ9m)8Y15mxh5gKE&2uhYOwinx|ar9 z!CaTMAY``+2#TjLc}Dh1RqDdGqx&s{T`0Esm-QFJ4+4Nt_?~A6HSi zppdfsKkni;TLDff+&*>auJ@n1(9-_TnkbUcWPT6f|D`l4pT5IPYNjDsUhX$QkC6Bv NC#@`1C1Du!e*nV4`?>%C diff --git a/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/1.png b/nitrokeys/features/openpgp-card/images/eidauthenticate/1.png similarity index 100% rename from nitrokeys/features/openpgp-card/eid/images/eidauthenticate/1.png rename to nitrokeys/features/openpgp-card/images/eidauthenticate/1.png diff --git a/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/2.png b/nitrokeys/features/openpgp-card/images/eidauthenticate/2.png similarity index 100% rename from nitrokeys/features/openpgp-card/eid/images/eidauthenticate/2.png rename to nitrokeys/features/openpgp-card/images/eidauthenticate/2.png diff --git a/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/3.png b/nitrokeys/features/openpgp-card/images/eidauthenticate/3.png similarity index 100% rename from nitrokeys/features/openpgp-card/eid/images/eidauthenticate/3.png rename to nitrokeys/features/openpgp-card/images/eidauthenticate/3.png diff --git a/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/4.png b/nitrokeys/features/openpgp-card/images/eidauthenticate/4.png similarity index 100% rename from nitrokeys/features/openpgp-card/eid/images/eidauthenticate/4.png rename to nitrokeys/features/openpgp-card/images/eidauthenticate/4.png diff --git a/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/5.png b/nitrokeys/features/openpgp-card/images/eidauthenticate/5.png similarity index 100% rename from nitrokeys/features/openpgp-card/eid/images/eidauthenticate/5.png rename to nitrokeys/features/openpgp-card/images/eidauthenticate/5.png diff --git a/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/6.png b/nitrokeys/features/openpgp-card/images/eidauthenticate/6.png similarity index 100% rename from nitrokeys/features/openpgp-card/eid/images/eidauthenticate/6.png rename to nitrokeys/features/openpgp-card/images/eidauthenticate/6.png diff --git a/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/7.png b/nitrokeys/features/openpgp-card/images/eidauthenticate/7.png similarity index 100% rename from nitrokeys/features/openpgp-card/eid/images/eidauthenticate/7.png rename to nitrokeys/features/openpgp-card/images/eidauthenticate/7.png diff --git a/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/8.png b/nitrokeys/features/openpgp-card/images/eidauthenticate/8.png similarity index 100% rename from nitrokeys/features/openpgp-card/eid/images/eidauthenticate/8.png rename to nitrokeys/features/openpgp-card/images/eidauthenticate/8.png diff --git a/nitrokeys/features/openpgp-card/eid/images/eidauthenticate/9.png b/nitrokeys/features/openpgp-card/images/eidauthenticate/9.png similarity index 100% rename from nitrokeys/features/openpgp-card/eid/images/eidauthenticate/9.png rename to nitrokeys/features/openpgp-card/images/eidauthenticate/9.png diff --git a/nitrokeys/features/openpgp-card/images/gpa-keygen/1.png b/nitrokeys/features/openpgp-card/images/gpa-keygen/1.png new file mode 100644 index 0000000000000000000000000000000000000000..1f1dab3712f1c2881023c4c219c1e5dd623f7bf7 GIT binary patch literal 40252 zcmZ5{1yI{xuyufzLh<5OT8g{7YjJmXcXx;4?heJ>-QC@by9I&;=jH!qzWHWeGTF@R z|ssYm*<&9`+_bOx!I@0RZ>)s?1Xtg0_T^kAVnAs24-zWvAgFM!)Vz8pWjFXA+xo z7pCzV$-e<;4%h&emydUF+Q+UQd|zgoZ8lN4&pU6;^zh5u`}x%K%2IB1 zW`drbJKbm9fm^YynTm65IeuFTkc-c&_h!=5>&|&a{tCVw5-hJqtfx7%qudTdbb%b>1>d^@NpApGvvgD^v0=u#fL&~ zCfnl!lsdLilmE))*4)E~=9}}?==L1uDV5Vx$L;jIt%LclP8@hC{&9=%f|eTl!8f_d zS&`F_J9nR!US_QuR9`~|l=F@gGi+@!>Hhjb?n?)*0IA^akr+mrBX<`&OnI2Tw4S7# z16zIcN-~`ppDz(=w&aL_O?VM@zM0yIL^9~r_mck2DFB0FYmz#a=KIh_Q# zcQL~RZr;yKdOEMrYnOtkX!(g z2*ajDHDc`sh=noXC0=WHnDe^LxUf#nqP1QZi9wWydkz=-kN*@MNoqFj7WQ%4h@>|c zFZl1<4`@2lo-EEmvS4ZZ@|A|RlGYcE+*c=D^Pi}c2l8-8MZ&d)(g$+k$pmMVf6Wyo zIg^!@qj67SL-iqp-~U7FWY^$Zl=scQ^Xb!_f0*~%LCWx22F&uu%1 z94~{><+z@bl;pVIcr9y6-w9a3QU|_7tl)?YVyvs<@z_#_wxkxatQ`_cQ;|t=@xe%9 z0U@uUNmcAZwF3<14Ia^W9t9_fJ`Gv4Ux5zXxiMa`o3W#BY_?=WJrS87bdF;AFLol+ z6wWoHJ~12E3R-VWlC4mRn3l3O9Dt266H14ToHdjqqkESlYeJzD)-O48DO2$yQObMT zA?ETzb*i~|PWs0e0io-B4u^H-eI4cS8Jy^rG;alU%8+$=H7WY4)JpM+OG6bu5hL>b|9s$G4 zvRG>xpHQ7PG~rxsiGFc)IKU8=Bl42(^~ag}=F|xpvSg1USqWtt?}J`VM@aZ+b>noG@%;Cjl^iXTkinY- znH(8o)S($Ac?)WOW;-R~Z+qZj@%Ocr;xL3{s4cNoN-i>nkYu=ph@46`K1&>y%VnHG zO64L#vBAx!yCpe_&)=HXz`tABidz`gT8Q3vSg#0&$FxFRDfqg>bQ2;+ zi_EifeNg1OoCC#YSqccr{t8@f!CKBt#T&>=QP_Mp*K9jZ@xhaTx?rY5#)6^yyDd?wn9i~<(_W_iF2TKwc}8liog(x}#|$0uzs!eF=rv^3Rt+T8Kc zO<a0-J+~0*ZUrQW6Jf9t)&2DG8zQfq`r)?2o+xrEZeS zjDwj@m;;1NjYL(HChpJ~PKL1KD4}I5FOdORSbc8~3#%paQWQMV+a?4nvLFHU2{ys&Wzs_J)*GINf=0~*+&xBxBv&sSTnkTGW>E}QDMkoe}kxTpwON+_fLd7!Z zT*S_Lek>7ce2T+lq-73S8{rl-5=yD=i%SS%(fLVyv$@5XPrP&UEe;n(Ry@#EK2rmu zV%RWg&?u3lR|$h!e~`iqQ5TCyFDVd_N2X64L*%wwfiI3M0rBG3{#P1Hfqqj1ad8&O zhx`d^@gy~|SkcBW;3}H%gX6}%&V30qRQnkpF3EwQRPHoR0fS6*jR0k%bg;*${B^Z$;_?ID4kTm-;z+~4)ozSNnuhOvW zHOGyj{+5ll5GgkZ9?!yLj9`nE0;a3|6S((LTq>THzo7=VzJBrBma* zCmAl<1f{e3pl-+|zcIm?Df$cs$1;j>{K}7knuOQ5B31azmYK8Di_DFLS2L0THF_QJ z3Hn>9x@DUv_O14gYDr3IwSYw;)U(4t-*xY*sjP7ff(J=2+@6Q{Pa(LyNk9U*Sl{4I zShq*Zy8dWmfO;u@IMS2r*T{CMYvEG(S8g@&`P1E(gtSavmHH=n&_pcfmjpaCvt|Jz zojHRoMkTQhIllSRRxJ|P&rm9Xa{|Y%QRHghQg&7nF#D0Rr1sJUn|6KzY`XIiuJK^N z{u!2?D6k$!_rD8lgS8hwKhg(oPe)f6o{6kt(pvN$$Q%x}I9K(3+MI>$*DfQ%?xo7O-a`!k)*weLUHhXQK{w#E?(-h&H6L-8 zVZhUlDIZU7Ql%2*C6#DGGF8`PzQ)CYagL(cto#+$e&Aex2#&l2UPEzI-s9T^1JX`(ZXmvyibpuV#~t3aiSnW%onjTAok(F7kc!CB_R zrF=wZI1~J5r+lbu1{zJV8p=N3KkcNW8CI4wmmxmW^Qtp7Z#Gm~6E3t*KtUN*ziK0n zf3eR&P~E>w9*>p@WUPo;%To$Z98DHl65o&BCW8Qoa?)*|v$0lp8_qA6Csf2z|8sAuta;nzB#sOZ;+NVM<3CA>8*#_Te+$}k zdRJt#kNAe6<_QuV1o;z|9s{x3?Q$3kFNtrYfY`y-cPQ{7R+-AOXF8D@_E43ph5Xgx zj)*GJBtkBGTt~qjDfsksq%(k+ zPhj}~=fn}FKjpbxx7Zsj-1S-DNy3z^P-riKE8@U_U{Pr(i#1p<78d(2&8LYr6A1^w zwgWriz8}IAYA5iO;(u7@$i5<~^(qPA(ArDD2LvvwQ{s_-z#Vb7^!62o%S?9X)d*oA zc#q+Z>X)OU39tQru&atUD*eXt7n4@P-5&Tj{Hc(an-33D{2kh_PX7wM0Xff*?dcP< zzkNK@LWT~`9=vry=+R$rUpUeXbN0*?lS2_9XvgIt%0YmhvkJp$z3(sUKhY+%ai2 z?B_O|I9Z6ZCwJa@5e`ac4u9B zT4q>1*4v#uPrGPWKCgT5+xOeAn}F`Co~I5d?`^+ZH<-unkE1Kt>ofj9!pj<&vH-&z zWG_30PR1)VXht4!a zCYmSJBvlcO*P)wCtn>HlppV_A%sP8QG>2_7Nwoxa5&x7BB7fn)yn~6gR)4 zg7ipkBlpd|th5ft5(7U_#++fzG3=G!N5fMh%G=FtY7p~i@yGbiq*~Ct?=QnflRL2B zJ@LJNUEq4O3;3{8{5u`J>h}Ct!uOLxDA4mK?%i)G9niAWLbY;1H>9!>cvaf0twhCo zUYu~B7#RT+h~Gg ziu>o1noY$>P0DB+N1}}s%}jyy^Wok3UYOMCoL32C+BOD9%W`P8`q>>uviVv*RwX+S z9<12BTF7m28NS>6f19J4rHb_#Q&kM4O(W1O__lr#aD0d*5g+%OH6QYs^Di&DF|meS z-MJKXqx)?Y<|=;z!ItM2e@ zXWhN~jQK4X3z_ail%n9*cX026Docr(r+i~i!or#SgV<)l_bZnD1xjrK59#?OC(Kym zSs`j-Gp?HKz94ML{GZ~tqiKeBl<~a;QUI2uV)2(9OED^UXl{mGsZ4>NdHq^KBl_v- za+eAHQu}z=n5WdB(vX_Bkw-hGM`B2m zfI2u$L^}?PggFEEU5*W6SA-4#RKK-*W~~EGUy1*?wF9FLtU<)0G*Z zpe1@G?=I7&W>eIW*3uXVEoPjw12e>qzmEI*YBc($ChBAxlGh#DgRr`Sv9yBhi}$b`!I}-UBgy01YE`z@y*R+a_;ypg^~^???JK7-4lb7X0oOgU zOw=MQ!Y^}u)eK_OEYQ`B`@>P0pAf2N>8mWW!m`g9CL>Z#n`%AfnAK-B((7CZeh5~A z^F+d2RW4SIJmTk<7X_Oc8eRNaCZ(k(PCMZTyRR$U=6|lxQlA2C64atTX%{&*j+K93 z_4$h=8?@v+Y=Bcr+IGbU*J;h)1Q4fB*O{r@5!jLa=T|jq_T`V~Qb+&*wD8i(MG?9C zT>oPeU>c82@rB3LE+K|n_24@<(hV46lK6+;g*kI6KCTpVK0-o@z% zZhwz38k0h1+*N9A*Pq>K6mE;5Pi^s@VjM2S!Iu72>5>)S5|1us!lUu)=<(R(CVmL+ z3CjeNk-7bK`!wHU$x+ljD}gZl`Qu^FH-P`I8Z{a6WNBCwQ9yrD#5BNbpE%If=1v%c zt0uHjfGCy;Tm5T{l^wQEAot#vmt8kPHcFrqxN@IA9Ze}!IWuTr!yqE%%0C<9 zlh^C92ofpaP9CYP>a*t}d|MnA9*T6)P#q@yWjp?@joy_#zcDW%dA=)%}27~ zHn}}`?=P3z^&Meqs3;V&V*#{#DA`Y^(w0S8A1BbOj4O%7m->c!(eQo0D(+xJ7Ns?G zRNZb~xLP227uHN%*3td6)0^(nvjQQT%mENKQ`R--Y+j)xzUAs0p>c&4jB(Nznl3l1 zfBt5b({pHLS>%mh4N1FmJH`-!2d-YO{oOtmbUcxSGx$`PTMWm#J&`yfVcq^!fBk5c z_o4!|JD%LZ6c{#$Bh@h9_GC}ur0=+z#%S=B)q@VyHi)%rkQ$PEvcqf0p%)|{9r$XA z&nQl#kf0NVEUe-b^AcB1>yT^azvi(wH1n16;t;txxnrNUka$MbvyIlDTwqeMj+-=^ zE!@xl>@aGJ#rKjKjpxJvYv1k@a69EOu29b54kvKhWX>6q9tj0~S zhX;Djz-)ige@GbO?Pbb_yq@RskNV5#iMVKr8nC;64Xlh<)6Ou|owHWv#20QoG zSaYHg=f*{9e&~wZ3TcIKLHRutCp5h9ckX}6dx`9ViMkHu2H z&FQ^jLca@MI7{5nks|J=Bx$Q*yLF2z<3H==-5R5MaG7blbue&Oe_?QI*>O>KSN*X< z7%9XoD;_OD5_zi*O0Q|dkIfmViDRaUPS?;WiMR!h6Q5UBh!#b}i`;2t z``aa33WN(U(Z3W>IKO-X|L+j{u9XcBR)!ksl>YqOU!g6|RJS#WLayKkhq$TGjx^=7 zp(T3Z+@pne`Jd^|<^(T)@q;cqXHZ+lMMwCPzLrnN=6WpnX2U5D=D8=e=Wly?ZL9uW8c%Z8q-Rr;1WN{%b>`(u>n3~%92Y^!M&51O{6xa{=q`C;b^ zmy^vH;v;rLT%%s*)mS&^73&>X@RSPf(POEps1-zk;jU>y%!7kTEULKN40=6fHCL-m z@}gmU48##IPzm~*FX9YcbslBF^L!ra6?2IJzl`4WOx^UakvwWe9k+iCA(YE}i$8wiTTM+U>*%tn0N|9e9HJ{qx^VxnB#8=ClUJ z4mC(9IG}B$qC6!*dwnt7CYrJ}@p%J^4lXoDS7=-rGpKL}MtshB7pn0-_>(dCI_O_? zv}<-*&a+~UD(zmFhdSTpA!(XZ-?!oDMXiPiPqTxH_&F2*re)jZZ)UX4oAGZhdhgkz zK4G&>3nFXGS2pN!uLhSRiE)vVK{%b7**N-j+?H}H3f41aM_Fm1Mi7T|o@V-NK9*HJ z4yUb=0#;qP2W)G6A~HdNt#jxv=`g&+U6|qBab3yg$IhD zK0_sKBE3yT$l6$1F@5eNG$jmDL;?Q(a$EeswTJ>HV0bWQCcPoKIHq`w9D4`ei=$S? zke*XumLnR?$jeur*ni=`S45Sn;V&QKQdU2sQz>J4p&2J9jQqmmf>Fl=`ZscsioHcb zq7Ib5i-BE91syrCbp1FmgKEsgXe6?2X?9u+<@$Ys#lvs2@ywikhFMkU6pCzDG=P~y z6>MAo@JKO^`fH&(=s}>tO0#8dvhX8ixi}_;ZNw6Tlnm1+@A%evAs$|RE}(Ha182<$ z%{|%x=J}5te2Z6o&6$0>s`P-FF-Y_N<*Va+U&T|fiq&Z__C8srzrSpL!9zORArq6K zA-n(giUvo@qhe;B4z8e&SqY}fUk{lZ_g^rSaE8<^-@kjlTW^ zkD)2|Q6Qmf&HAd_)4l}7a(j|P@g{kkNmsmxn-+1gkvf-ycFt4ITywrWvESxp^qo1sYo20Rz1Cb3DQ&r@V^gKGBq+j#QDWpLPqq<9y~H47yduN z^9%ss2S7qZP}zO`V$)3>{TSxUH9NeLY9NfDXgU=!6`abfrHXv-vO?c-b3_$Vfr`C~ zf@RZ?!d$LEllhr{dtWhovA6f%a8N?(KjD1&V`EXY>D;bf zwhp_&-EP?C$1}Nlo$icK0D%7r4519$JLjB1ewy$0f%lB_*93A zGJ;`01N`~?2X=pZBu|-6G>{-*(-AP}3pAWQJw2t;>6~dxtY^NZ(!b$2Q_Skm&W0C` z)Thyyn3&*YH`{^f9$uu5dwPQV^h?XjC4J52-XaYgLIQJ}s&ueq^y8zjYd>e^WfQx;6fe`TPH4kFO2fKyBE4I?tDPu_=W zIaE6)Xtox`rnXg_KMd6g>VN@wP=HYtt2(N;Mu8(NI&JsEv!$ooqwosx z?bSAu=5x=FnH|r zYbY;O0|#MiD{N6wGw15b^<_G1w#-XInZ1H5Y*w#$Rs*ySZlkgjU+?&M1qJU&%$9|`$c)%a2cWFYtYwlAy& z9@g~K)zflv-miCsx6#GtZ*+NH4`X*jhb!mE&d$zEO-&a{*o=)aT4N{6 z?VB8aWvs8a_498|C|4B=u}Bwn+=LZPw-_9qpZ_!JHI&V-)`lZ`!R^B~XvkV+A?BG8 zACJZt2>|e7eCVL~&gU?GbZH%RGLG3+jPwWf#lw6-rlF#-_w@SyQ$$>RWOY?tPEJlj zqHHOPhNa%Js%0!oe`rr+o9Jhxtfv?Yc@9o|BTEYJ217P_%_UQ!NEoIj>zxb!a8INt zHX>eFJ${V@&RU20h?F~ag~r{Caor!Z@M)TiUPD$rXh_@}^hBl5a&6@b3g+P?5cUUI zCl?#_{}&2Ys@mFkXu2DyDLQv4uB_6g&gvQQ6U0HqzZeVVHL&!OboB~sEJXXiF_FQU zQnnN68S^fbGtlZT0&OreNiCX(4b8Q*8usRct!$PZ4KtIchMoQb{2z1O4$oACeq#sq zTwZM7fwBmt>{KxZb0*U{tk#pFW`2>KXPlm$Aro>b>*?ufXrzl3N_h1&vn8_dE_VDu zfmtna`}r0L94WED*Z8`vrT+J_KWB`X%2zac-uT!?LSE@oLYMkr!>M&A&9|IMo~8! zHkc*+H#dZagVUKayNh`DSsffg#2)rkP?10A4bc+Nd_a5}#-vT%!KjA%<`|?|MfuMK zf*%hU8v^~-xN`>m!xZg)j8UjI@FvtuX+OF(pmtn9Xa9^>!kXgWVigxC`O0dRGT7T+ z!N!C`zT<8kxX@8ca2R(L&ALmErMinS3h zh?ItFK$qs{P*7FtpIXGs9-R&!_H+d1NQu43PXV;8cT=YLaRo2fg&Qx`WW3;hA!12# zq2Hdv(l9W~!J-%NqF{PQ4oGk=(qX53F`LAw7dEtNm+?IMi64Sh^-N^djrB(1BTd<= zYoEroYHG|ee?|RvHiea-t_Mojam#m@noRVT5CZ%gTifIq9=D^x&o;U}#EdGtYG=1e zebi3K4Hfh+w3J=KaQO=xPKkK|MXccniN4(YR{hfF1r&2eUNmGC^3GsiF(K{z_I3P}hdNKWP@tR4HcyE=b8Vwr#O$~*=K_(wLmYI=$p zedSA2N=2T~X^?RIO|+Z9Q^oY*_u4kv&Eg zB{hngg)>+Zo=xd`36ul)cN4ve%x8Zv0m0Zwixx7G$0H-m>60~V9i?Jl*SWh-9WqMV1QWi+t2n|q zxE7IL&GkktI)fP&1mc{tC=B@J#zw4NbZO*oeib^yQzwd0GV5C~L+?0F0ThL1sF7x8j(#zSy^q-@@_^xLj?u#vj5x_`( zNOKdw@rTU`-<}+>T3F%m@DK|NOE?T!MM0tM(FdTCp{ApwqoJ{8miZS#E7WdX`Q7#W zm%sl|Tf5_Y0ssyQqZ$3k5-lt&IE_b9`#$@MiVkht>BdG!)6&xuv6#yfMfLqhv=F9> z)Q!!Y@G9@#+rFiFuZ0BwMuQp|{UDb=@j5a8uhr`Rs*F)zh*RJJ24d@pASUh&V*aln z$@5v0E1aACuX*bP4EbsAdD>e%uu;qvO1mGaws7sU{bzc3-;)Tk3Ab45r*a)Y>Yu8{ z1uL|!YP?Hg{A?_-$>@p>~&9 zl`g@~Qg~qxbCLBsSU>S^Mv=%KGc@3O-NbMECmgGXNOgF+jbg-)%eLM8qxW|b&Zb@V zy))}qNp>Ym$4bc20~)C%zxaLu05x6@QfD4cFc-!gBL8YxI{cH0siU1sI30dhrb?77 zqXTWfon=sM?b|6@+xlm(Duy&&SPw;I>xAc3%pjqVnobuV^*i`49;iDlkip=@10iPs zfQKuns@MYE140hbI$D1;>$F0-0^_r{sbX%|>U1YEZ1#^3BArXt+B!Do%w1i-t;>wR z0_%B_6SaGOyJhGI{4IrYzy$#E2G)qqO^A7gg7;4_L>15mTL!{3=Wg(Y`UfX?0t+ap zf`c71Lgy8z0%=>tW_JZ&)amJwH^e(9wkuZ$7fKxR_-?+2UG7^DoRZT>hN+obTYk^X zl7y3xA*-GqhTMt-rFNg=F?TbK){S>WK`ESTWvbqJ^ejibI7 zb^{?UJ@=79<#Mai@KvnT)^MZ5Ng)a7 zco4`Cwrm1ldE#HZu%A+61iZ|OfCB*{`wh=_71JLgs=J$(iHB}zC?+(})*tysJ3&@j3&DbfjWnT;`VODH+`AV1!j}h@?m-OHl`V7nsheW>wJ3uP_PA178 zN~0N^h_62ri?R zzzh88u@TPI9VfG$vvpi2U2phmEBTFY9{^yQ@ikI%>IWq+wU*bFc?|Tjv-hU{+Gywc zE`#avPKvp)x|SUL{KP6_ZZwmo>^E2CMJQ=PPfkyKag3jt;ndj~jQzsB1UFoK^!MkV zHmL5b;lzkplfYS4S67+#y;K_A=V=T+CV@L1V|Vla@Sd63n!h<2f~{iQA?0jZW942O zi2ogrdY1|Tk^}T$!zI_-Df3*Sv7IlWTZ1{iN9#LfnX};8;5yha9$j(dZmxN~;ng$r z|C<=3^QW#`9nRr9B9Ijh4*%}N4q^hIUN1mFMxxnp{~rWb!Hw*pBy52@lcMr@!yQ=B z**X%H3_!?NA_tPsl`Qtw9Lt)>oob&EnvIR2k(pZmZd#<}%8*XMxmR|T$4z}G9)ai` z41h(r!+tlgqJkPPkY(^K`3YmMAk|J-uVGQ`{u~_u(1rRsKaHU2y~Ho7P|tI9a&*|z zoT92Wh;%J;gTlE^Yjpv%e5j6|A2Rh$#zzI@xtaO75g8mheX`rugv>`W-MZ%YGREPq zzq(zXg?CS;p8yV>l{C7Nl5$nq2A1QqDYdL7dlKKcJm+;J(-o1j_3nZ+bCi*V-u z&G?;$Yjzf8ELN&5G#Yxj`89e{a41zYn816;%zScvmXYaj!z?aF)YD^ep+5&79~|)b zz5nxBDsQS#`$E8V(R9?%<@?fNx1p)4@sv|hk&&V4R(S{7AL;0M?ENsuh#WdwJ0mA2 zPfbaY&0r}j`Fagm($LaYEiNv$YhI{(;bN@xkp~M?x zQY?fadbxd-n)X;@9uYFM8ja81^yDVdK7V=zyjnFlIcKJ!ox8tcU7I<+b-UW+7Sj7T z=k)?#ZQhPt^3&-dzU(TGI!w>G;IsQagGQ7}WcXigb_T=IF)>Y^T+p=X!0Th5ul!zn zrmW1a_+J}}i%nyd`B@L=;`0WUis)}|bYt+C``nX;=1nFJwL>8i^RT$+>GIvNY2}EX zttOpks;(6xR1-*fTh$KuWF};~7WCxwM6KNYHg|bzbrh9q^m=6B(z)HL!^0)EIsS#| z^7Pnm^?!Wlm-J2Q)ZY@Clak9d)p6#XKZ}S<-_DYae!ZTrH>)%p!Q?yRM~_B(Q7)6l)go}(RGS(b;44eCdIXMGO>tGeiQ zH&e3Rtg=oYMcfca%u2!buzS>h&X)ZZeEqbT%^hw)Rw*&05rel~|}RtIIhw=5s>@ z%DY6IlLRaxf&0^5Tb@x#(yiaqNg}H_GBAtN$#e!-=z{67PZq^QRK%{{b+Q(ei_mZg zW=(nlU#%=GG&D6Gde5{u-_P%XbzEFrz*pPb75uk6-($rJr!p))_75YEj7E;Sy`T0( zo9+3%@24zn-08 zEb=*~PhZsdJd5pxUCEYA@Y>sLJ;!(TFL>Por!u>@IvtLOUG%W94!cJ^){VMobl(p1 z?qkrK$k$|52)eRl%{sj`QZlI@)g()paSBtkWv_59veeZ^6(at}L^6crU?p6&eX*8Rs2$o`O(Q&7^> z6LpQH{?s)Oja79USA&Etp9cj<=?dJ^h;8Isw9RI_wSZ4uq-I=vGzdzt>+EEpR(o zT3OL&A#uNM8raxe#`3?bH&>h+3O6k@9M4qibad*!cbFEAXtz7p6_gt;md3ZWwY9f< z2FFE3-AN>pC95Q*MdPA>_w{Lgx5tv|=!hgqjNq4^*mNLywh3eR4WAetqxOD&HL>B9 z(^K<$tnD+B3FD(Jjqy;{FRidL=8%>V4M^~+o1h+Fd@ken@y#8n`4xPEj3-kv2ZM5j znj6-qzbc!td-2#!z<0r_a){BRD-nQ}Yu3I17En-7u(T{cS&HRnn_FIfSZnsJ+lnk7 zuYYdW6eUfzrIiyEeR_NJDk?IunYOU8;gvUINYIj9>#?iZcFP)=;D3I6G0GCXYIoko z1Z}>&2FCjMfecT|RdRLUc!^FvY|KwWoXlpj5&7yo79hyvq~25`-2GIg)gcy2y|g&b z2kd$D0V^H*!r9+GTa3p23_J}F5BKH9qP^#+Ea5hfdTO;Tzu6Z@iTw;*Z636bb4`4~ zargEWHM!gmLjnG4WA?Z?u-$~OZ)gziM#*_ z@wU3Drli^v4NavPywRMmr6-ytV49?}%z$&X+qoJEt<)!R;uo(OPKD&92+IJJ*l*!^2|IGF4ja zwpEX5GH@OV$?2(J$AeOZ^mJT{e|M(~rlUU}O%B(uVyP;u3hl@{S?BEMSoT4`wilI^ z#@uyru(C1SnG6FKjL~`T7qJf`zTP>&@;V8l8=V(ivq z5kJP}Eeodgb%I-X>T`z-tF(7PQ}4Wb&lh*+xXwi zLw6`p73}zFs5@{GhodSgsHllQr)Na7UmoEbwrK-DT-__zupWQhWRji-_9Is@W?eK- zTUCve&wT#?=N1+kp#ZZnML9i#SZ{TYhjz4yrE$qNm znzQ?EuCB-^C^OU^>AAV!m0Z6WFR%B*iBu^msWt0|tu8MwqlXRI`j`C&JB00Q2(wzS z;AL0qo0__U6i*u2OFkYp=#@&kJ#JMG{NG_lGPF7kn9H!2&SzfIm1vP-tg~w>7u}`L zXD-+sCTDw{@YL+c+o!z}WlQExS-$6<#eY-8xH_D8<^Oo>C~lS=x90X%lWTIa&$^^a zC1zzCx=d4_n^CeRpJ;P%=aFpj@iQD59c*lD#8{(`y^xcUnVOz{e>m8!al3eSoQc`o zaI;zMoOapu(wND~z{~V*IzG3_wd3{KfBh%n&@2#Mb%-b@uApExp6g2W+Y>wdS#X}Lho7l+&RqEI~6 z_Z2h(86~29f*d}hhtn&*`t^&KUJ{5zP_eOo3_}#LwNJ5gE#l`aeHm!xMlj$e)}-5>1_(jdb9oh z#fbdja%04_Au=LD3q5B=H^DH!_{V^xysFFM?9A4 z^+b6RHoZeu@r_;yh`udU#{QiP+ z@o_RxWYx7?^Jbk4c}Y{%{Qb@5`=;gV>nkMGAC6AGYR&eNIJD7xrS-8^K)cZ+B`f<* zcQSf&IH6Xp{R9cg$k5Oj&&xnfNEfq7Yf8JLgvV4>PwvV??sFwgU2(OdhRS_S&xfq6 zY;#l7Ww(u4~2Ul^ClA27WF+w(trluxX z8F2Hft4)oK?_Sq#eczN%oy9yo+lx~|>+2mMHJzH5-UahUur~iAIfyT)&)(VnWrW%w zwMJV}K_UJ5D08JoFO$zk%ns34Xf%h_i6Y{fGNJ%3pCW=7Bmczt+0DQ&IYlj-!!2RN(eOm!vZv)06%`ayM$-Hm zZixhY^z1JUZbyXoz0h+6Bx_V#J=WiPv;L@sNqeZ_3*tcg$W+57yX zY6TmAxk|mmU?KG52}s0dt&S~KSWs~D6nf9E^I>r+E|uz6Z`d?4zBWCb$!`5yWWd5sTzB2`}_ouY=BI=f7?37YV^O&Yu z3TnFVd4*2L?{BtK?=^1LFWxJlj#M{UA3N~nt(Lg#hxK+&_J$iUo!QN{w=Zb>@#R0R zG-7*MDW!P2N|jSWzs(_GIEiXMYlqZ<%q=Y;LR8VLcG~&nbRDuCvj0KIW~vFU>MAd{ z?DdBl2u0#{I2yDz^MW8@hOJ7nGuPd|rYEvuq5*qGQYzBuJ*uj_{46@xLq%n2%x?9Y z&?80>+uc-qs^8k0Y=L0P7`SaTMGN77>Iy2EC>b0?F}t$GzeQnE#l zvc6tbxa*5;eYzocI)nk9yd(Bflade#N*B;G9nj`}7|$9*^X9yro}TJf@Vfc5xa~%H zXmx`)+rigkS|#k>?Y5u-46MY@S5A>)%fH6%|tP;>jfo?-{1=1Q2geW-YcaA#_rEHBVmy{m#5Pc>iGmkvP)tFVb6+6oSvG(R)76Hut63g4TBg{9r)BEQ1~TeXJY@k2s( zNUKmr@>l=4rPW9@QD*X!^}^Bp(GgY?>r#CDu5Qk`*EQ4~@)#|}OW##u2A3~y>`dN* zq|v;eyEO@ch%9{kVf9F zUQ;@+%kd7kcU48jby1gLwRW_0~-quAs*LEpFvLK zS>@To|LX;q&_X9092$Z|Hyw1cEspY`q@tuVta~=BYs#~(uBNuKI2o)q6WQT3v+CH+ zRDqv+>)_@FVX&E8etwsW$-1i;vts^Tkb5W@tls5z-FzgkvY)w$C~5ADUYnx{{oCrt zom))g)wW%l#g#$q8++Fd>5PDiC@UA&`mFI_3au6)A)$`WwvwXiJM+=ZmP(D4!%WSV zkFKtc-;w0Sd>eYPG|rrL=-K+S3=~>8CFc!2{?PG;j7QK+O;r_jO;tr{MNMf{RcRS* zO%*M+On&Keef>8Vq~ffJ;p5v!@9(iAUJtJtVy2$HzTXQ#E;GKYtWCcJ#UF_HcDinE zbHCZPuG6Zw8147*eu4WrkxEa*px-+#r+T?|KID+)nh(se1tq3_#P z8edm&In_SMC}Jzx&qh#G)MOxqFmR{G$M^h^^W3)+hs|&ht|#aVKlp~r@wIh?Jokdn z{ra+H8yNpKZ&)u3nn=jx-}HRAYYSOg#YMK0NjEj)nWx~V*E4GkS&jqxJoGItIxiH< zfIy%eD_-0rp@ZbnjUG0MK8Q?Ps!($S|H9eKFAr_WNgNCxz4Km~{U>m4pgOitNluL| z_i?w797|M!fr+`*id$!NoSNC<&F8sz(r_#bE+|*P*uACX%k|7qJH0L*D!YEkeG%XC zdaTTAW!m@HJ=9BR{U{dD&dhJ>%GrbkOdL)yw8FjL}=F|-dlckk4U zC>S4?O4D@oXjHriw%D+YBZn4{NFJ8KT}| zlsBAJs-K_>7PZmhvl)zg|KNSMo6QS&d%o{@8@cq^Cdi|(d`acI-O`wiEFa!ivdci4 zq%M;fr~3Z4tp2r2Ln1c!lIPt^R+lkbcEOMdGwB6s5noj!`(e6q?uP!mr~+cUkdM#* zQ1%{BO-0?-D2fV#fP#opML8@4ox~moZ?Flk9!=*=6mu=bCd7QCWOHO~X((UsQhqY0|!a2zYaD zkhKF$Tgkpr-PTz4dClrc06cQA1-{qeP_x|j?uMvmZ{?<DB~)3O{UhM#C~o{T z(7%R9&9*+9fs`O?>%QPNqZ0V}y|HKgh_UU)NfIWEOP>u26-4PeyLEWHXF}5a4WTvf z;NXw|f|!&w(?@*8Vp(hNebJCJ8S) z0$wLQ-Lycj?{D8HL&4s`9W%^oz`dvCq@kIrUpesOk|u-#`yU1uvRkNw5gSWfkH z=|Dq0Jv{}5b>O@OmnY~N=xo;i@x&ag2K5Ow4PIj_N}XeD8-r=;ryZ$}CjQ;xcYjR% zs<*E%E-sFgm5hw6PE0IIA%#iu_QS+cqed<+32))a={G}uN2D%ZatDWG5qRSMN)mkm zyQ<@h8AGUsJ*J(60IeE@e*M5^ zzfn+7S5O!l_wZ0sdMbyO(ro}uz*R}jhgXh-R%+3@AXBTU@$pKr^*H;niShB9fB3N3 z(Gw=ntKih<_`#r0+fq|d%*0^C_GGBZEtA!<8B`1Y6lt_n5!evg&;Xp`$_?padjQgg zsOy4pwZ~?cYDx?q=Zy=YII#B~EA!f}7Os28Dj*Pj+YPfdq0rOA7D6$L+V)>Bf!8hIP`Dg|ReL+TTa3@&0xsC#;9%1!aY<38M@zfS zt|&N?KIeOUI=YX_==#_|_tywK$5w8^-(}9Pv#_^><|Zhv3VT|de?7GpjVTv};U#ug z>Neipdz}B|30WLl&aj&I>3ae+ zY!xm9{k;6K4Kmt^M$tsV?m}JNmnnAAoFiDO>C?}*+kT}N9F4tsvvZ>LLXLw2_m?fY z`#|Ed#v@7&$D_k>RX zaD1$9n>MfcA~@srsA?;yuj!S+cdmjZ8XlVV<8!JhM<^2jjy8&U&ZKDN9(U2F9XRi_ zOh>Soi!!JE5t$Y*D)lt{;N{~yG6ICQfM^u(>pv+3!$uY0r&i8c(H-$6drjY!759po zf>^|V^u%O0*O~J@o6`RnEjwCgs7SY|<{lNmAyRg9K_`>3*T;3(v{oDl#&gY zRl?eNmX|-9lh^dFqeMwEO>?L0(NXld8fVQtS;(}m=Jkzo6+Xg-EzCK8xY}pvuWi_E zuDp1UBrS5S(yoWcqXf03{mAog<-^m-1xu?>X1G}ocj`{Zk#NdSyU5MiGNx4oJ_g}( z7G9qqGmq`dXy|CdKt9p`^?k&-hPzXgD$4tpS5kStVGogBb(X6M0F&Au>k^cBbU-iI5I2<&!XSWybBxRBo;!a0GzH_4_ z=1xu*J2y{-WvE^-CE)>gcUB(0I+dsC^o`|ZjGThPbqbRKgo0USWEj^glr+gskAFM) zAGjwa_+IlIFMBt%?;+dsvKo=$?^yEohjgwz0rb>rx6CIdFi@{M^t)%5!Iw6;IfgoZ zbS3*^a{ToNp97A@1=>)>}K-$UD62LXcSco+;C974Ldk3o4bLf&H6{ z(-~zI1zZ;lMzc~evh||Q3tjJw%pH~KY3<5CKGxc~s<|RSy0YiOY3#}4c_+TsS1h}+ zCNt;C9-q9G(RelHWBdSX`3VSn<=MAhSLUkoALo6{8**iqH zn@NgGslW1hL-oa;TImI4n|b(M53`FOP&FO3uNUWbb+RsHeVbz4#@}=LRI%9d9WR?Y7el>&vBgk=oR@IFIh7jYo0- z1KXQgOGZzpCjO`CT`|4ft4(csO)=}D^Okj2ynbS?@r^GoK)@NW3Ul8IWq5loJ-xNs`QA$w&Q2m z$J?VmrKmTDB8bQi3j~>))9%yqS8=m`?guM|#7*bZK}=?_?;Fviij@*Kbyn zjvPZPmLqD85i=4(MXokvHE7-sv5Cnuo!^s_NDUkQ676=}sqzeW`K(nyk{qwRn8S`Z zcXe}`eqZjy_4kWPV?P@`Xjx?E{^<52jLs&?`FDt2)M`j*S9xFu=wVGjR#*~Wx6)*j ztr0={3pHGGY%L^KQ}`ywT|(;Xx}4!W3+0;!#Wm@_l55`aI{0bZqtFU%Brgj;NtCtM z=(;79kk*T@A(`A**sZoH@7?(FegB^1&6;c_-@E}mBdII;{HG}tzfM;*WBhz9R~k1q zMehG~0zVaDGwEgAdC$0&zL)`_6aPN9KdkSrW&W{@jebwm0s3+6#JJy;QLNjR;y<&qQim zQ3_vq8a#|wMZE5@Zho}kaI$@C()m7Wu!;5#DCH_?SA2p2X}tOpN7S_PWm7o{4|Urc z>!_&dU9sEM;?;pCJdM`M9#{IO$5Vw&znrWp!qcbFB4BylYsC+{Wo4KVH>unhX4)Ns zK9wrTiJHrHhc#LE`%34~ko6fQ*- z0hs-+k_Ez|A88S!gLTDI^NGFkPWheXQsy*k{K(KccC|76fh(+Yk*>|x8?Zkk zM+oUn&z<7*)JtlOx$(>OPPAP)d%i zccyl2pZV2;)I=&3+C4uwyF(ahgfxRztK%)XnP%p8#jj9Dt^me>P*By4A!Us;A{=ne zs(ysrD9y{lF^zQUK`OL06h?qsf$iONbPIi%L~lZj;++;8K(cMrk@BTtYQWO2{#x7n z&Z^v6$?7=Y=ZRdRX#W~B_htlzsAG~(67~-s{j6KHjeKmExAa1Jx=M9&q+E;M?>t*57)jAFFEBdVBA?O6bOa}_1mz!Yy4 z2}_IWEdz$k2GwGSYl{-Q?tEkYnQ>d!SPGGp-|sveX5El8*M{c%qepQz16%C{d&D^W zl;KjuwrU9=)_9?Z21q~#2J;PH0G`mRtI39B*M(jJTF7Ik)*)SR^UdF z{Uau#7gTM6fIl|OcmI;lgVf6w09Z;|T266YP?(`1{XeRaTHwA}m0lKmb}&i8)Wn^Y zG%hU3t^4mo05>iv%fL|6+Y>Dhb^+^8FivBr-FOU<(PYD2?JD75+_HKb(?nYBc zH|NKkoL1wNdY|q{CcBpa+q5|zce*z(0o~EJ)|pu1U_nglAD(^ucaAwbI|D#^*xBDu z0M@rtxcqV~?!o5f$jHbEc}}#RgEbj?#93(5P4Xwu&9K>1!30TV!NUxVc~c`{L1>AwMs;Z}9Z`M&9;g+gGrZAxJ@e4djh>MTciPO{7 zfj0SzvI@N-jZgzXMQt4|JsmBUr=z?Q!T#7OuK6pxmyF#PkU#jvFif%Se_8)wA6Eoa&66 zoE$G$ebCRy=H`jY2fjlY*%z^IG<5S@t#ov>6IIg<3%ZWL7xMu2(o%s3=0eHyp40Qy zrv3=b^3)%rnrF{4xC(w#(m$&#Z&dLg{_$_GINS3MM)g!E`FXpk z_b)_Np)FiquGuGkB1!WXiI_kV<;zXgTzTK8Nz{+~zM5g2i(WiW(7Wq(513Kyh>Y{I zkxv!54x3+ut2|%#K4FuO=m|{D9<MKU_YIpp zy?;xXLbd5m2pQSyyBS04=<__s=OA37u-RgGp^6l7)(4poV17(YjeQ>%a_`&balky= ziZSv-a=4gx;!oz0H@usOvn1I|xTOAo5~ru9=bFMzt`iZRd%!a?fBY^iY%3^PNBi88 zlcNvQH za_7Ru#pUBQtP=BS6xmU;@?3v^^abz;Qx))x{H>NN#QD9iw;UZE3JPA69cZy|XQ$&R&Tsot+?YSoDBR{%f>O0%S=a<`_>J)@+#kB2i-A~D^#>uGo?$25-bY`>LW2K^jODVgN?5`FX#6x!uGDp7fR zgmH;HT03)c<|8R8%gj&i+YuKi)TPNASRa1=Cl&gOfm6 z9hC*47KT0TE!Vt^BxQ2t7gs;tMUq4<<2Cb(&fB`XXJ&G+^%t8jDdYKDKi2NvBqyI; zwvh=k;r(Q9gW7rgw=GcHM}XBOWv14=Awq7$@LF8z9h&m7 zjsM5%bqqVZ<>hjPZo!PaAkGw^E}$w)chTwDa;2l{rrUoRMS{+gIUv;@`^qk`l+OuP z*~$W4{J=_iac~T!(He`2=j-!}`PQ#G1p8(Z9a}V~UR3|HvA#U@jken4S>~57I3c0! zZHJ8Pcd^TR8;*igMJLR|aM%=?yOv=BxVLW;K&UsY#>Wje+J> zb34?Id{8h5sd8!;Q1b9RZMN~P*+yBCr{f)u*F6X>fRRQkBB{Dx>!Zp0^9-g=ejRNQ$WjEo(T~$X%3Chgs5${EK zNlY@jc~pFNwYbJxz+Sj8t1UQeAiYZUs><*zELEPA^@J~EZ6n??`cfKQ86x8w2^*;iLG#%LRmh!@v~B#dMuE>aP+R zSX=pHieD>yBB61cnvFqxRDNrjP8PDq&<-aaLAuSskI~SPo|oF%(FwpSIG8xreskVU zwh5CTAwT0`#%dphsx~;Uo|Sb|A|hHme(c*1FVEkSQ*+^nauplYL|ToH#SzYgCmiVM zLo9i3$wy%%p16&)T_?Ns>4%o>J-@<03~xbB&SMb3Z+ZX0<3<)wcG;==bga|nuJfif z@8+g-ij;ZESEJ^>KX2lY3kwwOc#6O!uj0DRTG+A=d}aES+8A6@R`yg-(5TdGET|j0 z(8^ShuX1nHCIv9Dm4aA8Z6J0r^GBHbf=G2@bOP>TFv4->OO>Ht$c?Oim2RVjW@vVE zbxwIb`{BE1X=(*UdHCZ52y?gW?hIk~MOv!~PgG`iQE9hIf*D=tx0}@bSO$dhgT{MQ zu$MVV%5Ta+KVXUvGr3KN0m}n?zbPNZio(Qy$ z_uEz-AD45*G{M@Kf%Q47dEw{*bbe*+SH7ng*W2+Le_KaGcd{ELw$@e~G(&D(%R;My zI&!7<7EO+v`8(`>eUu>Jrlo9fJw&i!f>l_@K>gwtAaN%4()!ji4!Z!lmZ!Xf_y-Uk+X3D6H>K?d3 zkve~k>Q*I2AKt+lTIKIV`VH!xx+w4Gs!Reh=T7ABv2kI#FbuAyv)Cw85>kGnt^FoC zAvl}-oqMcLBzx1PcGz$LA9T^^%rH5J>~z(!+o{(dw{keS0?pi210)()a>cMtNk{7I782Bh%Nb>kh+%QKGW z3;g{23xHAnRCPxEu(iS?t*K@nSoA5?E_W(V)k)neSiOUrOpJ{iV+Y!(U5c0xVKY@# zxBUrA*EBqvK(W`&Z{i2}hQ7^=JO-L+ap{XEO8HkWCae#o*YT%{dNf81?9|~%woOST z1rQcr$DBx-SY_e^5ArY`{&Lo=X@I%%wD zJM225@g*Pkr0=zRhBP-f*CHD5Gy?+zN&NjyomCAqGRyPxKOm;*zi9L=pT7Mhe&z%L zh2!_lUOCCro5O*P-oT0gS5iWLzm_D`Qq;BDBZFhFo5p zfq}-w=WKOxvEf%0*b5k*;jkUlR0;CFU`3IUGze7k<4jVAmR3tki|0uHzy&t1ROpV`NU7ehoI8hY7CFMfve^kV0X@~mjiuxO6au+!D6z=vNicC&Q z8`bD0+!Y)0dTUatc)@Wme06zw45EV>+SUUGsN@MqAsBE}8kdqKmw_qrUm~{u(!2S& zo{ZTERRW(9onK1dhDEt6Q}5CS8Y8+b{}&g4VHfy#*mim-bw>V#=G8sE)bM!V$_6pN zY5jr|S=vu7vBKvP5=J2v$7F$dfJZT$5JP%;4*2nqp|iMDiEaI63-b`Y>8YB{_2uWI&p#M;e6-(wdKff-rdSkb&VDrAF$w)El|Ol7?y>pnt1tW3W#25W?|PhD?WVc7<)lK&3h2aMW~9q!iM{(+ zLGItIMjh0+dI4NCBB(|J+G+qBk9YsB+V3Q$W`T26nz*B*d$l|3&RW|w*9A0PNplhG zbM8~tj(5^Vl|tPZr`B;o6|J&=nWcy$3`s}k6G{>&B-zGnP`gJfx_ zs^8n>UInyWAIGc`#f8Om-)6rD)LOG{-}u%CuW^aVcP6A~J4ZG9P_seQC7N50_ChFDe2@nznN7heC=r~hp{>7TOc{S-fT7W2y=;`fl53J{{U z6eP+16QusQRABx0fvEq~vi?_cjsLvIzl+1fKa7H}{SZet#Q7mtbir>hs=Qm%R$RMep=rBH8pzDr$ zDz0!VscYO_VnI*^3LYDU2W;kEB^qV`1#dHyB9yhuMVuWUK;E3Mc?;}wrGM8mev;VD4rf?D>R%vc+rQs0+f5Q!|^z=&!-J_Xz@K%No2ku($4tfyX%#29{Vjul#{-bo#0r*1<~* zx&X3eYe|4Kq!&;FA9d~Ij&1&2q`Tm4Iz>8tcuoaW1$j)xdj~-*wzMuuL_U(~z!M$<6Y~YjAE?Iu*rvyg;FlV4i?-4k zAo^R;(wEC=qjMe?54sryZ*Df-2g9$Fv;0VajvARR(osRL|9iFeFX8Z$%@ZWHmtX%* za&>gl4*p{d9I5qLo_K>H16oE%X=qT1xc&3TkB9XqpfcC@oVaM*u!7okc4{kFU?9L2 z`ZUBPboT{I&NdceV#1{Q)odCffJYu2fZLc6R87sNpjFBD-OHIpM5ZJ`68_g@Yp`LE z@%D`4?e-13peaGToZg;NyL;dxJFfRr?AT7!?sp#}D*P9cbKo{h@KwE2A^#StqHFu- zN7zpA8E_&t*s3`R4ZMN_p3jnqF9W^ZkryaufC*?wveSIO@Cg~$!3;h>2cD;*RoyV4 z0fKE3?2}$oQ>oK5k(ZaZx96U@_hZT$esl%a0gSev_p~TE6wRG>|Ij;4@N{i}VLPze z;kP4@OK36U{qV|)m5}fYkT|a*hFP6Elw61jC~~Uw!V!YtNz00uKi&rWI+>Pa7H1ac z6c_$%#2u=N<M}>{02UfwZg+Qg&H7BE&z3Ugs;jItP{X_F8p#CLUG^VU zawg43S?yo#_fUZX?~e5E#byI_75?0*@%Gm6o4hzp;Ns>f$j|@TdSzt|AjHP*<_Luo z09>`lOKWewVQK^lb0qn2!YK1&sx=T_f)ab#*DA%0fCp@bA~Q&#?lVWL70AgXCxD5? z&W-+{%a&C(%{4{tVy^Fg0;A_}~|g3dEAb zQ9Gf{BGkiva7dd%Q)#Jyl#~=FXZLBxH&-w00SseV8$k=Wuv%Jz0s;cSo-sM8tF0}2 zc=bs8g67o>kYvKCA3i`1dw#iGSirQ=i8%k7eqYO&dEKZ_B*APXl#Ke?`in;=lCM5T zMn(ce!}Rp@m>6n9>L0et0KEaf$f*fBF<1O&4^Y_w{(6Eb(&-hJn*(2hrenouYyln( z+PA~XM9{=!9$@HhZEpjluq+wC;fo}uhIQIDqFS4v!yyWJn|CwDryK?tOk9LsbysE_ zu;>E$nR*jda=v^aqa-7eQuc^|3}X{~*1>=Y5x0T0u$uDam5lXs|JFNc9992N+*QEK z#pQFbaudH#)xtx4aoJI=z#Mvr%`6ZpfqYBM-{(2@?OpsX7K)fiz{STcuv)-&8HoHO z&#r6TCIFTc!Nrv~mV6JOUMH!n>7_`94jGn@x2gdy^V$C2TQ`VziHEfwtEEmKtVzGT zP)~h+XO|e5#_YM=UG1U2*Vonn>IZD}my%YlS~gOwd*R?a;EDsSpCS1{qH&i4T?_>t zeeO3EP^R%SxUPXx?t4Olk-q*dAU_U32wytAqHS*qoOuDveFpHO0b_VOwg=GQFp7Kp zUc3tb`Ev;+TEfH44V21y2LOX?l1M6NTX1a8-Hc~;!#^;G>si)-cZ|C9!T&Q6gY_Pp3k@vuY_$4lSTAanEEF@KZ6Ag36+8T|4Zc-XFu zAV(m*gI6cLlgjf(dl@VZIRj^?`$)E}YXv|90R&HXvai9LKt@*H=<`kZorMC8V=TiM z$gZd#cG*GgFGOsiRV_Eb3S=w!D2 z{8SHi9(Rth#UF1sI!^iMl^pP!ESWU^A*Wb1scn()j`ZGRMC}+XBndW-<@)BTAF8EM z<7qDZ)^1&1t#fZYT=%8p-+v|JO9%Q_w5hkjD*}cS#|?q2`uY^27(_ceR~H&k@sd8n zVa4FO0Kv3hB$(?BVxo)_W5JB{@_r2bS3gIAmFdG>e8OdJpAvTGVF59ZxC9G(AIFezq&0P62)9fg2nURS}Nuk`Sui6Qo zPQ}dnZ4i`ZxsAg?hoaO^!b4W?H(0B|k+EXwsbb30md<2~9Y(I@q?=QE$urN|`=7$c z1Y(;f@^q~Dp9Y>37E#z1^6!+1OEKq8Y~6HJ7KK=zTU1DE?CmPe^2dg`2ehnsEC-%6 zVkduPPcN2}h__>+c51izHaL6Vp7iYN_M=qrD!)KHSX=ub778nH1CiFzxhTA@KF4N2 zL7JL?j-n}Pihu5{77}7*B`Yt#GMe2_2ni*}fh^@cKdcXNn!=>;V;N90%mKk`)){_2 z=>52{t~!2F9AygAQw)$`>T#X*b2WLRaaV2=Etf(jHk6W_E%WLM_gk?$uC7@>xn2)5 zq4y|KhL-H~f?Ue5esP5(YoBXW#Yb)E6dHd1RtC^2OCYy`_p?Iwxd(4+s;Aj^@~G58tL4LE9!Zd_zW7)7>l!ei2b0X0liq}nJiXK z6=Q2}7p&}+ee~{R2W1*~EWxR!V&S5YC9!xsxmk8+JN&g9Y0Kp3R^-u1RLy67$at|Z zlM`Rj-m8Sz)b5ducsq#G&w^^KxS>-QLd&Er=e<(MnV0yuj%?%cjCK;wpTv0&PkRO% zZ{caTT-|c9@3v)_8U^-oV-~k#JIr^fvdyi>rwDS3lA;GFfus`eAh3pT)rlQM1?UXV zs`~NFyy9p(|5+=T4UYGU71%}yn>BI@@wHxp;~gLCCD*>q+$!%IB%DvhCLu;Pbm3#` z^;T2{8h!y@yA``faI}s(CpK&J-4Lh9-8*-}K2MKj zJ+rhJqk4`WG9BLAC6n8l{0fs(Ojmsp@I1ejBePh)R&dMVtx)Z+8b}oW6&1~k6U!S0 zC2)KigfQdQN!vxobFyPFKHs#l(zA3iHE#k%HFd2T71u7MwYDOgHgg^Y5X~lwE2T}U zn%;P$Rbcz3Rxnyh*=<^C&6Rw`Xpmjkq!hpKc_t*x^V6fQ+lU6yIL4{cqP*A_DVskk z5IbG>brsS%CTYK{%$D{GuR)yBcQv|c#p{D(7&$~!p4W-@3?lk#x(xL2Mr0H3uwDvR zLVG-#Xs}_L2_uEo%uW==cIykK&hM5PAHUz}cG5qlgN+al`r?HhN6Rt2Jl2?lpGB4! zw=%=Ac!&wEpt+f<&bU**KC7vl&bi#MNY~M!5dlm9%HJTbFB1OoKTcdKYUeQVf?+xm z^z)xgDp#jBXgwSqxOv3m zaAD}rxmn9;?&3F16Pr;MSH!M58aYQvYYHrU6E;F! zgZ=E7T#WgA@3i`co=`NS?EQ6t2cZ?UlT@F|836;h>5(JsodHIN?aodM9|rqn1hzd) z=l`boH6kJc@L;}v1r+fBxz=twvwVuV@#nryM`$Rl(q_PfN~+Sw?BPgB#H3*{ym=G_ zn(40fdACB7q1bpBS-tEx_w zZwN;X3^Vn{a46s7Gpw{50fYp-2fqNiismBxFeYy6r-6wEoc6&gL91LS9JXp8bPL*43k%RK5**8cmgatS6~=@}xCUfI_g%6!w=CCfr@ z4gGn1!a7JIFvaW7UKVZE8=TJ1I!**(-?RrjwcZ25;E55pt%{x8nTE(7NE} z5ghM#K>}9vJTGb3Ynyc?Y<<@&UZ{%=q$C2WO5vrY-G*PR(!uwyce6$P0YO>Uhr$(? zifXzjnR$n{24J{t2z)aqW!&+TOVjb>@%B{spT)%=O1bbXnXax%n6_@b^W52Cb#)cw z!opXF7Rv}=o0jn=cyttJJP5W8Ayhe8ZUv2&p#l`jnX#5Nv&Z2dGyM0&jzJ6}PJece z2nPv38W$~aAq(#J=xjkF?j&CwmfU0_KAK?%rlZxD&`&A+{XK--Xu48cT@odEJT45uZE08Yc|SF%c)6|p-4teM zFi|PiRn(u7%xi%2BI9sz*9l>Q5s!A??*eg1s_7V1Y^YR;jB%D<5kTiOXl2M&r12`ld<Co_jv_9hL?w= z5aHw9>wz!+9&8t5nXqwRlB{TB2ej;j z^}a9coLA(0_f>s7R)AEi?r<)q;D1Z(@hOg)IXB-)6Xt4I#efsEaedK`8i#0Rz!I>_ z?8>wx$%O->-F0g{pFdUv%?M~@@F01|M%IRk>#B^o8c zhaCo=G$Dk|Re27RRpROCGmOJ#QyGjGZ)}k9aHPWX3+q;F`xoBp>v1iq`Co&jN5wwT zNi{Yz%${kaxeNVDCf1x2o8)!j4omHq66v`*{Nm}mD3&j-J;35R@3%GeKj?8J>}=%Wzbh~+b>7h;YI|Kke7&Qb*|5}$8dBC)1RqHv`ubyQt0Dlb=8 zM1)@*L?@&?*Loy9_mNXM-pW(4ALYbvw(!$wy#qmSJUT~fG{)e$>*N|;-GqC3GpwLp zB#+|r@%M$N$-OqGr}A6$zA-ESE-CM5Xaw>9`{^&?LVY<4I$AtCB&X4Z-^|cV!y^f} zviy7k7KbXqwb6ZP48xFDtQC*WitJfWVmMPg!e-mZ@%L)emU+dzbr6#CNMi;w$F~SU z(6t!V zC~{ZVo_TUKc%&AxqW!^sU!j z)}Jd68t8}wzJ1Yj*Q}AEw912IJEp{^?O9$-_jRVFS5X=-yQe(L3%3~``*}Qu5GB8A z;-Yjo8*~?Z(=M8Dw!e?wE^e?q-OCq6egzX6Pl&xIbiS)gafrDLt6yN@Q5QfG>OY_F z;cDidX+n?~#E?svd|v`zN)-U4NNoEX)ipku8nlm(+`F#RV3FI;Jy2I(frDAEgjliq?h)Gn2@sTpG zsba(}=(l}SS9Z(ybb0A8BRFSZ`kg#anr1LQ-f#XE zNUNWF^N?>IiqFt~%8IO85VfQ;JJ;{+Eygs!u?R5U5}^Qo(!+qEc7-#6ecptGTH7gx zgjB+BQAK%q{F1*K&&SiS9GQW^Z8Q6JXg=lP(>7ABiRrMrgcZ2n`}ww#plaFPA*|OU z8M#Fzw`_Uut6X%$*!fLf-=g9S388LpN5in9%QOLfsK&$Hfj>J^H88IcD%P0Bkmb{CCzz^sk6WW(uQ(P zBkYXn`G9a3R^v-v3EtYtiI+JF1c%vh!b+{PeEDDKWxzx{%tTcyTO3~J6(kD#TVO?wt5y97V$oTh>$ z`e1j*)vYX-TgKG&<^w7&7EmUQKJNhY>f@t7fCu=6U(Yg_BJUmlBqSS3bTa{9$7lKr zw2v_b{_nq6I31|iXYoUVgoJ{e=5;7_Sea`88+1i6e++IjFkNmfMYtG3Il45z{o4kl zbjs}_3=a;P#-mw=Q@Awcaj z&A0?4-V4Fxt(b(MO7GNM^JqRWHhQ|c2$c(FIv;T51=L^ExGCVj54U~N zi(+QNoOK^B>UCcn(-080I8N8LPaYJV`l`(9l$Wh@K!LNa|47f(^C!^Jgk}2g`98hP zg`MtZUk;O6UA3;6KRM(~e-2wuTVF;4J!4w$(Q_Z;utm4a47Xx60nVC98CBjShmteh zBZG%fAj{|rH3v6Hy~k$L>4F4oOclO`f~|ko>ve%k?UJAeC6Jg^&`|UFmV{S>_@5F= zlybS%=d#a=cU0=5ix)f=Z(MfS50Z*b3ytmfK!%l#>#efv%u!K~sa>H5u|u$Bh6H|i zBaktRk4Mk2xUqa^Py(c@gWF(0-oIGk?3P_Z*NQ9q`uYNi%jM)g)u$dDxP^EAoTN$F zs#a@`<|pd+9Y1*aZ5a}Qk$t3LV34h7W9#UA7Y_kfyUeE;)p)@$eJpi{gH-cS z|BKOV_malZF$AV--aBCyunc@gfDaFd#YTZ4=QpVb29-lOURzgpD}qQEdwj3u+U%7` zFS!C$P#%Ce zINfVJoTJral=5^?65v{0MVa{T?z0fk*vS$|xs?)d&vNU_`va+EfL9gZ-~)A7?r&$2 zUPd-J#!*wj@Ww`C3fC$g;Gbl}Ax&u4qjnbNchAQK&vovF&pZPtSjIp`qMra!7Gw(i zvGj!<*YROyeoFmb=Dw-en9mm9zX55{X!uMM|@z_lQ0CaxSCFbxID zuj^;Wi&Im7Tu6YsRxlDC{mf}D<9_%E?E@r=3II~pJ19Wl3drZGUR}0*`gA~yTfv@! z=(8d)D389qQMjtY(v@3H`?Z3>b*oR!Pm|@+E!-d?0=|&XOT}ukqF47L47wl zPTF@ay$lA|QU;(siD)&j46b4dyG~Dj*{aJQGxJ45Fi{1l%rRl^Eiu;ob?pZr%=KO@ z?tJc}h-Z8D+ zXmWB#vB?ezfTrg3o_o8N)8uS~+QR%B400h%TQERXkC2lq^W4@Y*HZ(!M1XV7XE|c$ zBex&AlMZo{>zXD0Mdl5ocvH_GAHbZaoM7;a&C>rmozg?dz_2Bn*_txPwNTkdnfSc$ zTxE7@OG`^22@oIxy;SGZ)6e+*-l-xfF`IgjXNlKi0@5-sUGukeGliZh)UY@VUSMwB zm>|cc!|=Z6IJwPJ*ZKOYoip@K{mt`Y-6G_v%?714kRdVr-yu{3Sckrv1_nvzwl~5* zeEtoyQ1e+EHt(K{IKqDDd3eU@3`ov*uKn-;dhv>U#Z91#Zkq|E05j`E8D@4;bCg&kRGoD#S+%=yVuD8cIWe{d$QHBW1p-D!kiiUi>nh&3`{||5kCT4H zr@LG3nMk<#DS1zDg{>B#dN^}0Y$gmZW@7c!Ekeh5fqBqRfD&5pL#RB8-(swf$`R|c z{pn9Kq3{tKBzc1<ZuY{8kcuY zRBf462HpFOnp}6u^KSIlrXUY^)W&UT-DWWgb%fjP8Q z5y;-}!qbQZm7DKQ*c+7CtUg8Mw9lH}m#j2gN%Y3zKMb6P|H+fGWoBeN>Uru~g)Or@ z#fpSutePAl_Zf}(9xX929@%SD!n#?JW-m0k)1**ag_EI1SA&C7Dmde1s222!tbZ_W zOTR@12X6|dxNN1*v@Ejn3D=-te}{2{*txA&k)Ee6(F<9`r%1Tp;)b~awra;_3<>k_ z=4MikS=zF88NosojW)VModsO!Faf9&G1P3MhbbY8O+F14QrPOB}OiQfx}Ru9UOKTIbUw8HCeS>P*VJz7~9pfC;`yQ zhEg@vxo!ak9fA&fL!2QJcW>8tjnpAJ3Tm8U+oPmxCRK;3@@A~vh_Rj^c;-p+*V&xPOPXb8N&VBcz!P@m^V+N1&x1$ zcYiO7+KVpKZWh%%D^U<&y2yCL1m|?c(@vf9>94J0r;3d9#8Z6EkL)99URNN2c)7DU zK;v6vJd*@E=XejF?D|+&$8QRwo(>(hJ>_DNnyIo@CSJ#D^zV?E(VIO$gGHY$2%Xfp z&bT|Y@6k~frRUjbDa|1vw>aE}=|K6N@+0wEP#O$QmfAKGQq*Yp=1(c zkW?EQFj%g}qVqt8a3Qpge|bWD?fyW{b>JjP1wC!4fzO<9H2`~>fXS7dE-*}OPhAC2 z)5~l@TyWF6$8c~xN*%$M$aT1Vp}cDdE$!o%L#pX1~R}maYiOf@53~u1<6zI^j8vs+=Y9*(yQc_A?#pZcwaD63CF* zSJtJLwaj5+vd9P_SI2AGsK1N$_F`^CcTsdlW=Ot!RQ@gtms~&d?OT}yN`;}eiV^JM zyK={iz6%qW`ln-PSKupV?%WQ^K7}~lD4LlY+D&Y;AnK1Qh9S_)@uCZ6>MNQJ(1B2C zZCo%*z-bqQ=x4=k!UAR;)+{62jIS!W*hN-9@V~I`j#B?QmchGEagGz4ABC=QQWa@f z`WJEdv7@I=#0+mj^2c)e%hxh9*qJS+5*|VcPY)~Awu(*S8ETd0=l&9o4eoq9Bye;` zg?~1&LSf@Cuy{^~V#DK!)4>ELaBB@R=EF)pon8E;rRk;&K)utX5 zR_O!py0orKq$@{~S=~C$U0aXtKl0`WKu8F=6`@0_#&WmSe~6tLICOmu*c_>f;)s-d zSW}sy^xO8@o}UVnk@!K&GUOS!fnc1nKEsykzC_2|qJnQ`fURPVIkDv4%JYWbn#bVU z{uqGKx!0{OKV(%yQF-ddXX8B27ljP zDX4A{b@5sXpXl5VY1!5z<(4z4Xq>tiGa_RF$cSHe^2gFU>`$`i)a&ArfNz2$u{GmG z6EkF(_*!6KR$Q3O=ozl~;&0xq+h(~nip|($h6&isY}Wi*_BVT(wBd>8lyc-_zVpp! zW{5qeW`F*27>uSIT>lU&P)E&s4iS4Jn`CXVPod{mNel?Ov)4?g~1 zm7RMy)Z4$uze(w8|Jo_rJ(Uy*G09yn<+9yUD2;oB##9J{A(iCbedIDCB!*xa9ZVX=Wqik3)Bc@vo_)^w{hsIe$HOzvT5Hz&tk38D`F>t&eH+&gz&h)_ z@K=!*xfM{}8|2#imuG=$+z9y*>mSiZdNJ6^^vO?LrN-WO2HQk($BjE;xmCI26-HDK z^Vj%sDuHINi!3{ciW<>DZaPt&*RaHeLC4ElEsDnj(WOCE9ydaIW z${Cf>Uo0X-_&gI|aFJ_VUE|reL<_L7iY&!Fd`+FFBKHwJ6&sBiza0KY;J8uUNqoS* zxL0`p7o$}Udp(R>@$6`d^eP~T_rAs|Co+SC)% z$jBN&xhB8)idWu>{jdVg><{%e_QJgC61en*wmS~fz&Z|@e18BJ4iD6X$iB4Fa-XW8 z=y3Dojn|OUr}1ufcq2n)K77!cYpnlj;g7}$ zgK|OU)h2sh02Yib1Qw($bsUHBrQPUS?dy}P8CrZ+%p#K4Zon4xP3e=_cOjjZau4eM zQ%8J1bZ~B32er;O1r!m#H4$4oU^t{JX_xAO3>f#s5Ib@kZfQBuQb9D5&**Z|!sADCeoCf6t!h zV?>0GVpCHqCjP)HFSKDj+b^!YQG>bzEMs0PaIZjn_6gK>Cu5xOSFM5PjAfu#iv=2- z)dCnSze|(R$UrO)GC4`{NRN$Iz^NX^lBz~P+k4KX^FF$Y*aBQEq)skl&Ywq4sBEnu z|CU1D_DcDNZV#se0eMc(+R(eBe&Z_hH9KV16~PH9J<9wWk>GTv`mf8r#$%|@{;P&A z-~EZuJQ}owV>9q`m~yeDkZ=XC{PJs<7XN_>wCs#zRVxJH#C)L0TE3_;BYk;UO=A|I zq^dWNV${K&4pvQZ4EUzG;V^d_^bK5NrX#{F+o2IGiT8*GU$VFkKj((pCYX-8H8HoI zduVCv-RRT!=~e@fand$H8tGNWv9(-7V6aT=)^7o#zbSupgK({C&|dJNcko^fxxVpa zDDMQwMYhf@;<+F}0Z}G82!h6Pk6s5*>;IXF3Nx2~ldS$fa@xPO^siIjzkLiUybpV& zgKFmJiZVDQD`aPdJ!*t7!2RRP0j`&+9O6p@uWreA@}=D)SEo2OKP)J$0=r_o!KNVf ziS7hL=VIeBwa%S(YWiUfiauf4;QeBr7(P5y&#cYM2W&S{-~2Bw0I<&w^N0b5Wbe|i zU*Z&-zpYPA%0GA_{C%BED&|yO?ejeSjO?>}na3s_Jc3>yvpKbLxTq8yXYPIigTlJW zgJ+UV$w!G~W+3T2!S;qFnv$5GMdHq|p~&7cr>uZHK^oujXwADrjmi(~oddfyqvNBeU?FL<(J8n(k`A_0fB* zJn#E(;QAd=sMN&wwWjytbyUDi0JbU562@L7E-vlYZIEABc#$*xZ8UO$SxevTwsL0j z$zm!cKBqtXQ+*iE>T-{$u(xRc$l<%n7mhrcD-0QL2bZbM4u-QXa=?ld6I?5Y!8O^c zF6Fz!q58XY1Rx&>r* zp~#~iJ^)}Tof$gU06`MP!e!r$;jw>dN2oWK_R_*u;F43*W2G}$&ZRoKW^~c9plwlQ zw(Cgw=~qobmx4o7nKrm@VEXi1@XXw~mkh9x`Wg*86w8;ul*dn8T)#y{!2TyT@?sR6 zNbGvenq{}0RZ%aMK$odMjs67c^7NA;Ergk@GFnhjK$tR1{q0gknzV2{`}oQEjox*Y z4F|=xLg1MQT#X28>skXmL>}ch=*04c>Vf>--w_YRau2ox_FH2F#-57ml)D6q{&c^q zH4BohhpK}r*eH6^Ix%Goli4+4=gtPC*?qr)1T>XX#zD!gNgD)rib0;%)`bb^hzcFR zaSX+QX_is(3$y^wO_?%|YqR1ip=0YH+&BZBwX`o*Ze|O4Y(3=QYtSwE*Ex<1xVtT4 zF$T=_dt{`S{YzOB%tbE^)0cB>0Xjdkn#PmI z8+KYPf!6LbSffI0CIwt&@uLAiM4flkzf09uZ+s#x5Ox&zJn3^^N@B0fRk2-WPdsD< zoa(!`4DBePRtv@QdeFan6 zt0C$M(1@yIRvMfVL841m+bsLpWdQnRg8Ao2+%lxMx0DR7{Q@<{JE|a}mDR`4S&e6b zEjPZu&?dmK0!Z{b7vxfg!OAM_3h~ufb`<#ynDG$ypHK2k0(@i7D-N1&oorsUoBac< zVmpt&U|PF@mF^!jdE`e(cw`>1Xssv02W>-s6fbQLcG8`np6bzrE$`DpFs9EZ3}aw7 z6MEvjlE;HsnY!f!op}CHzlynsq z0#HI=>MmJV_3^&0esPO{@cpXGDoOdGg`X52fT9wzbN+IC0WwB+LL2~6Y1fq|ob3(2 zOPD}VkuiUP3kQDJ>%aNg7j-``x9K{5<)OTrO{xCpFL>QLXM%FweY7pXu+x`$r&mv4 zdt;jXVrVPWsO=v+zsy7LVwxS>A-)ZbLC?`Zp{Ew`?=AJ`1~o?n`lb%r26U4Bz8 z_{WKW&s@DV}`0h|o=W>Q#9d zvnt$sdLB?#v@5)AbC~gw57z7M1?$AD9{I0Hkg$We}$f4Y*f1bG# zhCS+Op3D}m-6G*f03y!c7x=0S_*}q%gso8#xpmh|JYB=iFw=PX@>i=t@jutc00Z~s zwXUMpg*$Y3xY^vXe;XC)4bIAOwfR*FbwQveS`eeTIcomSn3Ntvlj2mG&z|QSX5Qpw zA|kp~d1<}r_I3f&-RxMMBTt2n=Jy7cdcKj0u`S@EWK(BNil2VXajbihK9L@F+dRu) zcm{PwjI*!*_z7oQ_Z?=<%&Vh0M+tA$5z)XWSo8c{7-zHABS?W3IamC9XjAtAum*Uw zE|u>|gJdVQp)W$jj9PY}!t$jzdL1ew+G*?%$7VZl+(5d4?TutJgS?T?EPqC#ztdW* z-{7&&K|gjomj3|5^o)nGLL13Yp~&!hqAb{5U!*Vm8W@~hD}C8J=!%8@B5y2NAd84p zE-#|z$|5#}Z~QC+Wsb(&wh@4ly7H2b_dm+h4v_qeu+l)p2M1lTGEa_jyQwOjI5xB3 zPy3b=sz9O1Iq1A_8o)FbKUyqIPzQqq3kH7SHuro7M;(RI&c<$(3hRw;Viv7qRZew1MU5kyH2D=}_z`a_VXx`*tk$5<|tJ2n)H064SS{o)|}FPD8a{Y}v{F{PMK}r z$LyEQbgxxN3(@5V_I*70dM?^IyBAa02l)+cJwg(Sd<($B{Go@g?^e)KYX@->@McrgcCyd_HuWI%=F@8R zLPF3vhT(4eUeIPxyPxQ@2Z>4bkb|%C3|I>W{eP6N~3AARs8js>CWV5TGMloK0f>q-o97%|;yg1%jH-Xlj){`wEt8YYEGE zIi51IYy9k*Bt3}VLVeuP2lTMkQ}Cw0B{$2f%>VYP426&GM$bTKNby_i*&>k6wD(&q zNuR3(>#?sMF8Ww3G|Hz^x-8?ucuK$!KK!+-$C>9{(aT_;w5-5^f%XkwIS~&mOp%&9 zNP>#GF0bn7pBkY6#Hs545vMvW$Rr~D9FTmzCn*J8gFR=^3uD<-_uem;Nhf=hbnkCZ zC64M`%LBXU*>pHjReZ!)qF&LH*BKLD&=k7EI;x>9F#Njz?-``%JMX}8J;>bm0DeX* zO{8@8bT$axHF$V~^I+j|Fk}k{N0BcMo-|~4+voN}pfsi1C1l@)d+Oja5N&3$E9j!} z1mNTRbof5lVp0S7Y*(nIO9Xvq4iC)Lfuw5$4=QV#pk-vQ z-mdao#Z9&AQ371$g^H#!ade*(hp_c!v4rW3GQ=nnSn$DM-YE<}M0*P{U!M^c=7d}* zifeNZ# zE6#{A_XNC$GKtOs(_XvYb|oP49*%|YlK8W{^b1SIu|q;Ao~JGRY|(B`l5?}Pa?wj4 zrw7J8q{oH&De$KwllLGViXcI*;BcCL`H=em;% z3@603OOnHDv?TGd0iZDGvsqMRaUdl9-zn?t1fj;j?fYNC`rlU*|0|{X+sAOfs9dYB z^lsk512Jl=5+A(L;#2uL$n%-++J{G~3}6&g7h&}M*Qr_@gDQB{8VJ5%LT?jDz!b7N z^MADe%5x>q?;bw7w()mwZqnkpq&Iyy*0}-r!h5xxzBv(yT92g+%A>4p)`kyQIW@|i zc{sbpcc0Bs52O*YItlwxjn(sc(W_y8UbT(J03r0y|ILQK!--Wu5eZQa8!EGi_m zf62}f0B`(KQ|dR%2KM}7=BMG!|4F@9gdu4|zD>g^IsGZ(!GZ3j%XznkE?e|l1H<)7 zqXvicKQB`MmU#>=EK{TAGD9UV2A>0pYX$Bvx8jUs&D_GqWL6G*32?PI?z8f$b!t8$ zyZ?P;x(oe2mzp(xGo`MBD+`WvYG0%z78v3l34~zI5s;Pvos)0det~n{@?Zu=^V<|a z*B#?Ok5vTx1*j7heF2!>FfN{=-~P38{A|CR-%Q$p%`edx%g&rXKX}7V&FrUE_FB?= ztFwHsr_hg@m0OpI1}YL(Djd95d7IIlHM`eIh`-nR>}A#uMe8dLqaLIY4{@VKo8}FT ztmIgh#A-9gez_4@^=_r{r#g>EZu(AZS8Z=MI0(f_wPDrZ)S8{_Gy=#H(D=IzSnLQ z(B(CV-ajs1;ki|oJM1SY-eXF)Y^% zhUe0sEY~fMe_GkY&{vCUNdZUQaV67|SEuK94dok?={G;lzE|Q;3G-X~i@SF0h{8Br zEbFQ4mPBz|0j&Gt@foY?$H5kp8GcRQugz|6U!;o~^XFB3>nj^3_K)R!sM~;k)plYX zME#wYOek!UL|I?|021TxA{Kmgt1&2G0kInUl62a=(F$&che7-+!M@dohizL+ZHnb76M8goQl)n_EvG+9m}Y-lIZwLns^6T0_(#`7dn5r5RPC?Yk zj2P}J*KQQ)Q{+EOq)KW1vIX+2brreMXt+3_KXqZQV^K3 literal 0 HcmV?d00001 diff --git a/nitrokeys/features/openpgp-card/images/gpa-keygen/2.png b/nitrokeys/features/openpgp-card/images/gpa-keygen/2.png new file mode 100644 index 0000000000000000000000000000000000000000..ce0060e11108353a9ccdd1cd14aac9032463ed72 GIT binary patch literal 24111 zcmcG$1yoeu-!D9Z7$6|6ga}G^OAgX0(j|<5fV9#%V<9aP(jhGj4ALD6NO#9DbaxFf zFmn(7{?But|9$WCu6x&d-?bRvFmuk{`|R)j?oWIVA5l=+kWl{IWnRPrQy|>JM6H6`5 zS6hm-&DWW7`suykNYfr+)51$Ephs*^q*P>OEL#o1TWqcQ`ef*^y+`Gd-DCAq$H}yQ zOj}sIh{S47VpQgCN_US%<{HHAs$>aF0en56zt_~xqoJ8?z7w)LP1bS0le39mo*Y|n!MY%x{30A(;3a8 zPR(ar{(5i|3_A}k@^YN1e#^RX6ZjxOtZ7)&FFo{#F3tkBHqF&-7+1^=DRu7z`{ymD z9&fvYmd3;5Or9~lZ9`~ zT=CpyLuU=Jb9R5nZV1$8KboaGjz_ou{zgGqYC$dHF4^Eqt``2HkD&@5i-!D4z|oal zRgY=nOC>9|1BE7%^v=R<8fA2MWLhS>*n2y*#7~|Znmx#&G57)JH5X{}%9b5f!xgEc zkDpEIEm2$t)r92=bdNr9UFvZ1NRGC|5%JZ(F-7J+QvR}JxH9q{=YS44K7^beLcGz9 z48DOiuRBYuijQ%OyT8)WNPX1a#%T~071fQ87Q?xkoZ|9k9{K^jSwo#u5DNNlvpW%=H1sxUBb2fRwQ1f?>p(S+w}Y~RrjO6Qr35}7@0*W{n@^p@hUXP&Jt%qD&Ygjf z$mOh-#}@45zL(Of)^Tz=C?WN9l^^EwGLbWzK2K8iqYVzeVVc<6!n@8THZ^0Y|2-If zQlySMex^1vAT%`-e{M|xN|@rQnmL%6xBXTE2|w>=fS$yeI(HWLtFb&JX5=PIs!`hD|h8J0ok4H^*T|^ZT1Jm~|>HgF@3PL}lgGz-lfIx@mY!vZIBB z2gF87S5u;P~Bx6%-Oz(@=??0$8^k^kX!K#|nV|(Y3 zO}cMU5M#NGZX=Ga?TL|Z*bbX?=|JK4Y?8;wh4ViP7T`fg&!#|81zKUqAZDFwvj z=R=e#2-DIR7&F2@c4?D#n(fKYJex`#fD|`|jS#j!_TLnQ zHpEbDj*qu;;(^u$?o-uy5-H?1G3;+;#5j zL-}C*v-oEy=o4CG`ViC1Kp8j^+s}juwYZndnUP*0%7pzYC`G(O=jjprUe4amIZjUf z^>-I`fok|lG{^6h#uDQlIfUTIiSrlS5?e#KYE|k8r;>sm*LI_YI#G@bC##qd)llI5 zihxd@m8_Nn=i_b3A&)sRca;|5kEt&-hbpw=Zbn}`{jn|P?rwxFOzdqq7|iw`&}H=4 zGWkAMQD?@tZN>g1$&<$3)_mJE{$#W0oJui<@gdiG?g*8&C31#rb6$&fw_ghwYYRe| zFD0w$#rd?iOKSttUxX3G;}4RpLol48p#wk4kK!lekm+L;k{Nm3oDND#kBL zUc;gsC#((O=@G)yWkp7`=O-=N6=fMNj)({kbIR9{uHX4CFMm4NUX3qs^?6X-WeIF& z^2jawfydSDJLaO4kVx6&)oJudY@98C47R4-2E8lfXg}6nJzr+hoda?{>~i7tBuuf% z?TEr@_u|L0BWyKZOG;URg=KQ)`ozFIGlKIlxExsP4&H8s?|(obLX?|W#;qk+T18FX z+LFX`2}#V7()#N+Dvp@I8|R;wC@UINb?+>{h$Tm(kN-gXbG}nW3IH9?LU@1VUC&u~ zJzAM(PzXBOmNfAdW7Du%qfN1goF9w0?t1=kuuVchqjL+KR-*fX8OuBXX3Vgu@pCko zL8L3L+x>vhwL8>F#cr^>P|)B#bGTVC$om3fuLF?MAmGz~sR8+Mw{%1sA%9Mudg25wqS{#YSM*eVCHz_%{s)OgRa$Q41r`d#Xb+K4U zys@)c7sY5ntMhJl{QiaNG+kwRhtRPeXRcZl3mviap!WDr|C2 zzLiaek2k>0{zA$t_Z=sGGI@xm-@}MGPJD$V+A&Vn`NUu?<4P)U-HAfB&b8~g-Mn>M zvz0E9jR#X`Z2FkwZhcvOy;Rd>Zvc=b8+j(5WqiaV@)*@8@LF;|2R6Uy*J#Q}mwS%Z zp0rA~2lq)6U+F7?-c3eTwl(1<2XMZz=?Mwd^PlO)3XRKvWz7bgp_1OmPL|nfrOQYs z>!;{v#AY}oD1J<-9HO9p-jfTd=sZ_^uBSdYJ$X%8O+dVLEI3_z;S5C7YPSHAE1FNQFdWS@?@R> zfcz>}{@>!Re?Zt{`8h^M>xGS4Im(R!E8xe1=>p?$)N^Q;>&5}^f@JEKfnQDA#_&Y^iEviz63x4ACdQYEuJkvoZWRR3Wq(PvBxE>y?$@ptM_i8gO zV1W#_i1WpznVm@!+eNo}CAox)j~!pq!Dpclrw)T&_cLZn<5c*hB~vA|iY(OCcV)y6 zg1(RpKS#;3pA?Ke7s0nB2f!^CQ6n7ezPDQghf-c{u==!&ZhJX(#b$sC?f^Sk+jB*!B z#3hd~U+#gsQgJwT>L;gVbeqtVNRJ}1N|Klft>*IC4u9OLvc8~gu8SjUNfgk?Bl*R1 z+Wea@g`en^$z-4{e}2o~+^~;`%*&Q0?b78*#cxaau#g2zbp;9a`A5|vd7b=^MH*(~ zFAJyEE^mSovIK8pf#%)z?l~51I8fJZqKErZU^`aJ-R}!S;ggI29IMMO7GtvhyYoE} z{_3gsFe3R*e7+On%&+7ShTGQKi4EEdnjP8RIg{5SCdO_Z&gg?fPcE3wMK&a37q!XO z$H(swD2KcjR_Tp6|IEYFqAaiQ5#wuGnLPpxCUOn|0N*8#{0rOj!@H<^3?9TTh)qI{ zKa@An#N(XBA_cF1>OM<7ysZn}xzobmW249*=s$C{TQWo_DVw!A$*%#UNG@eqG$efh zB>$3!B{g0u8v}jjg%@czO3F~1VwJefgr1TOswXb{;vR?xq(L3c|P|Dtor%6Vc)4(PgFpZwYy zf2ScakeGPne+`}{{GMx^UtzH1`zV$4-1^5hGR37^5?d4Y)Lc904x?9*gIAro@l_c5 z<%0j9O2O0*U0qE2s^N5EGb0$x$fSRJZ6l8OdDw$FkiSF8tuIHmsG|&2$zC>N{cbp!OSIE@W7SM>mVl zrC0spg4Y_-cY7M(kUO0-Hea%-8=(Q3eC@#SbyxHyNrAoNF^cQ%#?&NTQ|8)qrCW84 zw$}NdmHB|wr^{`DjhA~rxI_ovOy!{0<}-=rXdU>=Aog-Ip((Zd0tCE8iw$}M`wB9Usn zP61Xz#HuCcs0pbVN$zbOsG1y=VOiEoF%lbWwS&Wl>1?x|^pB}PE|XPgRmd8&9M9nY z$?c*|Tq!6?oaO!G8mRe&VcZV!XN%}c$`f*n+-{nR*@Su;?S4j^Jy*8lf#{y)u%bKP z(z{1*fZlQE5MKyga)BkaUn$}HOB_nb_HB0IgPLQ9Zb09?5I#~6C?o~(lX9Obp8(`i z_QmAHgi*=n^Lx8Zu)(cecgL;PtzAkWy|@tB8sK)2bzx=%?4?fAl~i>=`gB8npj||j zTC119L5gKAs76b}YoM18n(zHT6Y-Dh(EUlLwsWxT?6Wi}pOv1(!_|Ie<|qOo2P)9_ zpV9c>7L~(`ume~tG~r7X3W_=1U$pH@sd+OmSF(u*;#X$r-{`MMbwBT^NxwJ<{Mba? zbUwBpBD88?R(?^?%{gY~voBo*I}oCCS2)^i<^s=RrrW(lZFQ$K%7^;2lxEN8mgd3r z*yQ-DYpXI_8uHd1L?391z3^zj9vGs|*H)W+?Z#0H`EEqN*4EZGM&aXy#<~Uu1|}v+ zy&kWGX)otVB_aO%ITLYo&ed2KTqXYachJx0EH|-6VPHBiepZ&;RxWfBxtuW9kJ2ca8!x+)BV{;5wQZuyZXT+(bQgyORm^cW+;;Z$loC6g4I^ zV1&fJ@j)csdLBs69|bMu-MB1f^xf|jVuakfSWm^cb86_4Hmn6Bj;h zf=yxu@odDYwU3Q;OYHLKvXm%T>y|<|xRaHAT8B?H}S#HJjU|6GL8^jpgf-pZWgEX9uHl1py zjydIhs5-?RZQRtNztAP9^R+%ZpuxFsH9-&a;+0Smm;0~Q7pxt|%*qNaJ#w%cVFtYF z5Kw=~TY9j*T$p5vDS;0!TIy?GzHVM$nzW?2`27eaA^&)08deMvVUrZIz?N)EzIO$ZbQqGE+l)4Ujml$UohFdQ2!Zq!DOs~3_ z9Bv9&PDO+LFMH8_n&#E#q59*6m#qNptcPA~&4V9|o4r-cao!Hiv7Wqnc*hU65W=?8 zfSxT>k3LOf#30jWYh}objH=FU80ubY+pQ7LqxrrR4i{O+apMwNnXi$)YF&59_nFX^OBeHRl&zZ%-;Xyn&mrhcWHFvAKGuJ1&-o zm&^LzpQC)BwHG~%;+6Abbf1RvSj*Bcot(?HZP_(!Qa7e^H@ff)=xti^BiA#-cte#Q zRn68utqEA}`o^d=6v+Ph?Aps~I*Fs{nw7RN^v3odkN%75wzJ;4`xpV7Q70s!OH~c+M`E_T2PNeVmPl!rTcznbTs*Ai!Tj4 zcSr&a3SXSf`nAWucyjp5kMTwDD>3{O#=V53jkX_*o~8>(oK(As^pe-THgmr;D;|2= zD5V?ZItBHt%(O9;8N)D9j^a}ih6kaSK^V}rmloY+ZLpSet#Vk6bLYa+RzG$}zaLh= z7q6MlVu@(_%#ukIrE&t!CcyPxt}P`>-!!*eQV)&RSy}kjz2W=55adg|0p7kDg5aG~(nnPFeZv`gouO2A|4Pu~~H1evGY} z+P%*iL(w{xS8a&iLqPpk8=_P`k6IHz@K2nN}sh8Y`oR*b(m`#ljfUQ~21U^}ND z)!2BRG+GjnDhZpNUYlu$7(Ye?J$)mLrV0?l<9NVGL%) z?_)@|cL`Hqj#7C{8xbBE3GrQDZbOiPnl(Dh+HgDjG2rcs^Y+z8F*M9MEIpF#Y_$(C zqbMV>xH$eCmYlBGUH>0aJw>Ei-vc64AJCs~8(|xN!cN5XDF-Mg3JKt^8usBp9 z6Xt*1LeoBrvpPlc%^>=7AE!37G*{Ma26(2<%6@r<_ACqN>Lxgjm8j#BjjMc~aQAfe zol!@m0`ubHBHObxcFzb9$Y!8CZ3f+qYV?5$TGp&nfKg)ZC}}a5+Ow(b>$d%xp6=VY z=TBm+-xIj(LxPpqz}V9TKtzDN>>JM1g4$nBNHStQg{8!OEC!>k^B$>ljhnlU$Myz< z_|%mRPplx&lV;cQ+St)^)Ab*?oZ^;ZBk&7HA2kh-MQHAxeg`o}5m|1*4vWOVr*i=s zJNWMcd2noK#VpDYg-20qo4e_i{^y_DahH=~v(kf(jZmaM{8@?w1`|~U6}tEXW4O&o z^DH2syU2Jfca8^3!PYN@tIG;gUvHg!?bFuAVjX4xsjXdD2-8ZDx}5c6vtfq#Fkn^_DN@9D9c|h z$=6=K?`~>?F_B-E&kv#7!4G6uUw94<6+2zd>~+wgF2`+WeIV={7Mw^4O`n9i+W@|ycJmVn9}gEtA)S+1rj|Qp^zPPRB_phk2VXqh2F<+{tycb!)-6J z!S;9MeUaa)%)Ok}igbU8X%)Q)2(cJt5sMXEWqq{Trzj&Kuz$d4exB~MqNQ&msb2ux zE#;;%QCh*&0rskf+smBb2sKuN!tZ3Xz)17Yv{CatE z0p@S(wzXTEj3}yGpZYLzLz~e?d3&V^fxH-RLlA&u$(F!>z!bSnUj69<0&vAjtu!uA zDiCNTXvw)}p|WOh0dO4>w0#hLV)CJNUI0%gAmxDq*3_<$r_R59~Z8isxknv2N4<7QsZ87QH)C@G=c;y%naG9E=ej2mN`yEl#gcCx#H50 zQ}xGiNX;(S-xn6n2Rnnq&f*~rCBBzAY#*%`iw6ia2u+_fUT(XXdToJ~6k4adop%Yz z0&6z}10+YAf`)}CtnomU8lMHOn7J^Js?k+P&d+GhZ<>msE4Lz*NULlsek1j4UWS8B z{_q2+#1<^$w$cM&88+5usZ!zs4?vJ9IMrj3n4GdD-vo2$mt3zW zbj8F@>wdgw|MZEA(donKN1%7CuLR&Qzy@$~%bKtu^cZcc!`%ejiw5CV{SfKoE7tDd zkSZ+r^{dXZ2-)C|a-J~(3Hh?~`?(6tf3VR*recmi5avyG!?|$28g}3L#UtbPw6h&A zg#XgIi{VN)h&#vG*&6Bt z;yBT0t&&wh{$G*(wU)eV*Ii;yR}oCsATY_>c3-$e`h#I^>L$Jh&M;K^TsC6i->C=LgxYjthS-ku1tO}g@gos9qq)7BqhBjhvv?G z6;0#6TELU#{43d8>$d!Dp|J&9wN`_s%yo#4PW0#w0=HzXpm6ky!poH|-c1KpQOq}n z!`(W|o;&i#!69#?VN=H)m&Gy%!IUeb(G4Ekk!Jm1`-g&3k53{1hXOY%pjFc+YOX=svCS4>`y*1kpEcWma?hq%`hk)MQ z=O4Y-^jD>}m3mpF((9?%EgjJsdnK!_IZwr%J$Rq!xF7Z_&BF2$tD$PJSzP~^cmv|P zJB(OGkA~8ro}9-`#38FwFk@E5jhsr$5t@*ayJX0dKoi17oYK@Qv2lI1Krq|MUB~-s z$YS5wYE%IF92Ky`lJ6xgvhM`>v5m{|-WQ-h|CL(fRnK@#x^fo->9X1QxX`Sq!`F6v z$tOKl_g1{>txwnY#+)-Ud0c;h-b-Li#?IjllYdQsR8U1Af&{QylYGM=fD5Fwg*RGU zoH3g^IrAfyHRnplfQz;${JQVBA0G?sz$y&b5*u8spJ^FZP2dx}x@pwJ(oa4BpNTnhKo<3NCRYmy_yF>*VupZV z@6sK2BXe->>yro(;emMH#9RpEQKTW@Ze+q4K`W(>X*1&kOc7AgqwrdljbHu#UNAK^ z9~(VD>v(k8t1mRY5b1H;Zmx-3sG2$B*}&;^-8xD-HXO3DNAA`<_Pf+74wYVVxr5!w zp+6k@lgtRM4Xjj&xjjM-(LpPo_baDiwbYz#SDEW3AU^GvXwm@nL37yRpzT35iHhNA z3)p+p)IOD&<8Q`i%+bnA9fg=u%&-RV=D}V5qZWV&-7Zn6BX-rr&thSy@y3VY_ zGChGiWjsb%Lklizlc=G(M2mYibRt=Qhqc7E+>2sEZ_hUP0q(Xc{7_M=p~-n65R8+f zAPZ?B0RSyCmXDT$hvTvs2bD1LHB&uXP7Ho3PaC?^DOYir1(>ax=t&R$IJ!x}{qnMcvi@Q|Z`Vlv*Dl}gHjS={&cPqr%aVik zG@rS1==rZNj9~8&lZ82SJbI`xoPm4;n^9tO@$uBU)mOJg+6lLqq~+8Rt8Dy!6ZUhl zozz?o5TxCpBP?vEb0LymGIE;hWfL+!&Zx!!M(FAMRE0xv-A-+V!#KjIB(uC+FY49L zZ4wG^09o{AC<^#S;cxvPWQ} z>^uwuODN;y>>|Bv*CN9JEUlP3?Ir&AH)qT7*wq*?v;dPHYDNYEbtoU)!};4{mTD{w zEtuYLHqzuhOEoL8=*Y91h~HP2{^iW)SJ_J=wGH@gk-8}IGOmNB!0$Hvyis6*pns>{SQb|r0G8Cr{h zjgKNdPPW!9$9anu+avkR>#OVQ{asyMCrhnE05}T*k!eq|#8d8lF1DO1wGKO2Zf$J^ z>>VLd(UYCJ-87j13Gxt1xaFbtV{&nzfdYNQfXhwOcplT*O#jIYdF-@{SP?tq~Cyh5gyV z^6O1}P7j-I+T>;Crv$KyXZ9_h>EqO;U6*dn z8(#w8H0eV#DG2nP>DC2sK&zvqVB4Q2?z7N(dg}dDjhlzZtYTwfnahCJr2NN2f-8wN zBUbZS8W=lU*Z!s9WNdnuGP_kVjM~htcM7gUry-53$wmlcf<=qo3R5 zTvVx^lFO+G8{jt7b5rdHF#^)m4*ZP4>5mct4A4?1LeMw#b4wg_|MSVXk9y&8zpMeYSbEc*zG=zRa zQjfhZ_q~9Ywk2q=;$#dfODSg1&1?#d|G&SZ)2IKH-#DK$XS28*Us0 zkB27~jsitN+O-)*z=(B(O zP`D~w$lk!7YGX=#W=Kx5PL6o{{LVU1iIe(yu;u=6k6kD=?o5@i;b}W0>#$h+NTha2 z#6(n*2bv}XGRr+e8IjauG|>3u0Xar0dwxy*o;=5&>q_Mbjw_V58& zMiDP}VO^B$j|q>?b|AbHmj5h(o7uK@j_yv@Z)|V0X4fZ&XQhjRzYNrSk8sl(dD!AF^mLEg@+h2|& zQOj^Fj{sz&d@2hT8QpY0?&|1wD{SknyX0t#^O@LFdfBhJoT|k>Un+b% zcKQF9cimq+vwTDf#KVj;2dwK^j8|+ell)Yx<}gCvAd4{Lz0AK#YG7Bc9U%wqfupr3 zdg!hp3n}5J+KqdvWXiVzzxDy_;%$0=-ptzJ8Sv|VNXU|CJ@Z~Xnc36w55d8#A+xL! zBE$MD%(Qg-6qB@hBp4~%atWzdZzLMbi-&Cv{OHFjWBUb{oXdPK@+UP!^TszlXg^#k zsoU~**RF3QYb<$fsh!0=SVPC;=gU;Un5WfD!Y`kG9NzSp(qL_Bx6nA%d1j^}dXvi2 zG~9qRN|Q5C%D}423%u-pt@#C0TR>)Oht`spyH3@^Ti4jcEy2VEbTR7grs0>G*PhLH#D%)>b_k0X@PM48#*&=YT*|gw7!`b(;s6Zv=Jx5cZn+v-u^=@Bml#QzD_N{ zX?b~>6nw$oe^@fHdwAxZ20NV(>hA82A?L!wiDzahFp`lCT4o+A(DchWon0f1%C8j+ z%N`YVk=?7=@+_Nl^g6?P_U-%D+atRAtFG^xOQ)6jb}ZdF_2=bC?sw>b8kyVf{v`9c zLGH!udFb_nq{iB~lQmz-GroVdLR%+^gRpbuyLaE(-gNzKJI5uh^QX_#5RUz~K|P^H zGc=Ey7TB7XwkkJOF5VwRhFec0=wyPI*{Vt+dCg^nr`Yf5V5{{E zlBEn3+a1{1MJJ8pDtyT|;?LvkrSo*T%G47!cDAoB2_8>0Ta(vP$KIi^(((7sXn-XLe5EByJ z=%7$ZqR44?k7=Lim8Xx>q+xG8(oT(jExztdAH!Z+lwGQ{qD04%-T6Yr;AR_Xu!n}q z@asov=TB9hn1T4c_Uh=N;txudg1|Wha+YiA8MOitKc_8OiYH!)YQk$f-96JEy6Yxq zQp~a*gKnu3qkCL>zx;aU{5lv;?zaW6X4*iCF|wiCEn%O3Xx)Af(-tqnkO%x$qB?+u ztf1%ht5tGm{-3hU}VNCky)z=whdSf!UUyWSfAP*a+4grF+jntdnlbFHk z`1z1xhj2eJsD~2TY~^~xa{l?PCz>T4eEm{{jBDt2EE(KcBOC4_$kJ!{fNnpG0Wpt% zdEZyg!&iQ*_7RXmUSYa3$}o7(bonW%)t{$xrk)!B_ud%J(SCXpeLPmHlqHabFcCN~ zyl=m(bTQXBI}#2Uq$LiYfKo;Cnq!ER=R!9eAOE9U1)gVM?HgNzs>={3`&sZIz*B3gH_8psQRf>#+|MwX5W);ivF;(^?*gXdHoA!{4SmQkoz_v|Pz*Y51w z4Fbz*ZA+&3sWaIdsVJYi7<#2R>uIGsL&f1WgVf1NG*+GjDNo@OX9Fn8j!b=CEm~oT zI}DzwMtE(sk2nI^8o%lE%Z+kI0M2%W4!B7LHNmX}4ZwVfo9(?a)@AIYW}PO6$ddsc z0XV4C6j%1?38mx?1=+Xwc-!Ff*f)%@w`)f?n6+^4e@ZXj(wIQn9G_A!meF~7N!Vn3 zw)ARhA6%bxMt}#_RZ-7)Ral68vcK6JE#mj6+r)o863QyWTxVuZ3ofX_TsL%$i;XA| zj15dQ`ylwOOLM=AazA|IcCS4QzO7vJDW6cQ16*XXuG43e`8n;iPV*R0rS)ev>_o-X zkKKcAeVSBxTIib$nzEsdk0g^#OG2IL#Dz_?yj>|bDLZdA^=tR71eL9wU2ron*Le)H z{Z-L5)X}|9^$n7BK3`R{tjNu=r8Z34F*mim)~+*6b!+$YB+q2%_wdc-Hla_~s{V27 zuuktYGOy4oDB^;|A=eq}&z0!FG)W)(gkiu+v(`*>%hT4+fd~ZR)?iVO=N9+cnMoAN zBht47aG=k@tJusiYHP_a-^(!dq7-Kg29LT;o`kghE>(itehOZ?zfO`B=yoWzyTV;4 z@;bqH$&@~w=CHy>->lEHmY zf`gumX7>VA1Z3Q)DTd^yroD8UPkRE}7|H+jJ};Aob=Qm+dj5xzy6e+gM&vUL_1W8PXl4>cbpRs zvs@ptCg7mR{o_^$Sa#IwtVRHo`waG8Q-{>&O;jYrHTa`1~ZIt*Bs5aXrwD|%p$TmXJ zb*LOaF0;8+ad?nM-@9&Zm%&Lhqa9!nFA)@3(AtS~*1bdg2h6&<4Zhi=bv&wXOar?4JKdhRFcCZzzI;tQKpB-@wA-cCzik*yN9T{<=tO#MTXC6}q-H_D?vTj) ziFhrAdPy_1KQ%{=!^d3T)KefbK}$R$LwU}s)1$>e!YS_Ew+Mi#xO+uM zK*Step1=|4ArxiP6VaM7+&~&MFIsNpq0=Uc(4hll4!##w1qdC!2#Rx z@Jyd8+sxILR0&(n?*HxZro5)b$L0R8S1{ubq1Vga%!GCF5ev2{Of+PPDc1xN=LBgs z9|HsFbG?0G^$4o#k#kzr=iJ^OK(>$nz%(l{xT7AadU^A=k24cs(9nDMel&8uh$$)* z&6xyld5>w$b*NibFQd!8YII#F0D#}51X_!m4=$&*-M!XdLR}?Up)Nj#qQ@k!8iggt zpLFl(GFBw==r@qV|9dVQ<6d*pq(eYzuwZvnk??|~Ye zJKc8Ss4a3l%}XW4(-pujj+t2A%z4J)e*SS3smjo76F=hTc<7!>`V-o&l9kZ4JMr!9 z<6paL+0G?WT+>QOj+&+G*Vx+5;briGF_n0E{0P;&_p60ZS5J;?|LpQx1~YD$Z^V}QNos&-EsvOHm zmZfNlwJiowT*ri-zDS+0B;8Y6^z9E1g-O^Ylz%%DO&c?Gc&k}jT_iO+0v52>L2as* z?XG8%6uzZ;KdUCX`!3!>86N&K-C6x!ttXV>m#K>StGBJ=>n5nuQE}cOHt~k_a+yD; zhm?@}L>U@2z%p;_WZ661F$&w0Z9?gpsY*1w7d%F)TbALq+&sS&*Do%edVG@s+8iUV z)Fgb9$NxLZ#X)$OQa{zj>O#+$2ja6|M?a!h-0eox-|oCXx0g`B6>@4uBCjl`3l{l1 zpW>Q3!;va2wMs$1Hp@1Hdl2tpmVV8aXEm&B>tt4v$vg8v0b_UNYJHdDzv^bn>f|3{ z9oKV2+8U0Y$=RZPI=f1_9a#3WI$YGPf9Og)8j5?vt}=8#K2Irkg;^(jzrRc!pwkgn zCtH(c9-9VF?}nOPJyFwPps3geaCt>V#fNu0WDKpXSsqLRo9urO{(oct|2puwjy-*} z>(&$nA3%58nw)vP*ENcId|sy6I;=fa{YP~?kyM}O01E`D1Bqj?z@u7EoY?%f~VW<~mY zrxKg{?&!Mw*;$==va)%KVZiN`pLIg7%Ls&|%k3On`M}JB*3Z~EFHM^5HhXqmTN%$< z-5hNzjI{UVwaod9d@p|LRdz1T?6?vnoyX9`;eiH9Q-I}*T;cboimYo}sBep|^+p^> zr$4Nw6{5K-Gf;eRw{gPvrd`}i62`T>-0kUPLB77^Jw4Rkdua6dOO-n6H%Ssf$ke59 z>E%SmTWVbVt)kfwz9%OjIbe$T+oH8VAd_hIxkzcOsG?f&PuI7z-lTun=0I1G!#;TrdD4;}9an2zyi`${m+Z)LF zY~AnGFLcN@u`#6sc{hdz!vx^+&7Yfs#p&I<(Oqihwrq_wOmlZkte&!AfKKG(Q}=7K zt-C&jVs~V-q+FwGua_;@GwCixdQ^2IcYQzluPmyIWSbHhF>N_-x~NGAYCYdt*J7Ae z>6^YE4jFq40qW>pn|yf>Mw0&MDyTaMt(t%S+}zm^U~nwf!eU)f5a%pwb8uBDP`FVb z%+iwaurs24LZ@DVQ~i=Rh041O2qJY>TiLsK`z$me>^`?wKAGd01yFPjz6i)no3I;z zJ=Cx4#%O5rz=XPxz8WS45a_;yPE`PRd0a|X%?Vs z`Rc2N!>HMzr|r*ShG&jhIS{ZRkSyfHDsukZk5Dz2ssg#6INNrWH=L69T<`{gD+MD5 z=h^n_?xsJ_8}g>{qgs00sH8?87hFt`qENz@)w1h#Z~}OzM^k=YZ#BZvwQ=jK7ghqrSo^k#k6q;DK+ax*n#NgAiWZ1z)odUpm%qi0 zIc2e$ZeVK9Sr5DyoXW#DSG$I9MRdO9o6YEJRTNT6gHZ_QNuhS1~zE|?rymLg3&L$#GSA2 z4Zcu-%5QWZ$bE4?*~x`2%B8daa^nb)2Z5#x47Lbm2iLY52~ho3o*8^ZpoiB?{;G=q zmSm!J0i0E_y7CDb=kLs}u6rR@-3eXEDFi34_$VdD@uc+~bcq|^(|QJA;)kwI`^g%e z{hsPZPdsS7`vBk;SeUMuxBe#c1zH@fz)>$% z{P&2!b0w3Gf%$jRisNqXf8fZwNp0a{4FYXs)!&)?|>PdhVE(=BP zZ*DQ%2pWx==mn3S*T4NX%38zILF%o8(&AAzM7`?zX|StDU}L`FW&UOVuui81O3g(Z zwmuSX*ax*+EGN*ayXvsTnM`y0mE^JRmu?v_dyix9CwDi=SIvsOC09Va7=Kti+P$yv z%DKF4C0J+a)i=Ui}2AqYT4KnVoK*RdsJU_cm)W`BE2b}LZp9_5^O$w!%!P?ege8&xz_ zM%;1k%im!D=zVGP>dpl;D9YLx9^`1AZl>JorWAx)p}PJQ5L#{nl;g*{uqSZkb5npb zEQkx#sgc-kP=9(itN?B2O;h=ckRrMN;SfFVxc{8C-F>ET@h&J>${^0#IIAW7YiYi@ z@?&D6QwF8{LEe?0B1s`Cz-%%f-06ryeIM_v`Ix~UHM3UbOX&6r==)dZpy{*U84o#l zZ!FMUCj5#wGfcRETBZi~q zSjOyMG3eZgPgGg{)2!wf)N674B;2v-Hu~<>-KDhYPm?ySa;CbTF(Cp3!8=Ewju@bZ z071Nt_kPPw-@srYssZ>U?f+MiP*d1<)9nUq?>SH-4m`a4+kbpp$V3JY=YO2TH>T;9z{5~`BI86DCJ7W41R~=; z!~*vYL|Ahj`&ZL@cjm<5%rK=yJ|fE9jV+m9w&Tks08j&|aK$5l7;4I|)wwXW zRo1%!gq4@8-F`Bi6I9vM@}qPBs;TrXAGQ~e2IQeZ+G;5YV(Vs#CqJj7>nVUDROhN# zh??Q|r@(pd2)OeEpk?Z}gpcXIY0qwv*I^q(wN~}C$G6DqMFqw2KgX(dCm+X*9MO_Wv~4rcc7*@uD_UR9Hh%LI(9Hxu-6atFN>gc{Eve-C`R899BW&ze zuTXo!>F3TGq{h|S*5;>V6|Cdu0?u2>rGfYhbVmsB6tkh%w~)_bY~LAbpoyMnic<@w z)&rk7YzM5s#YphZ;aMzQfD8)wRYpKSp!?euICri|mcGK>1&DAhG!dXevE?8NMLUb! z090;bl3Py*V0M52?8;3b*P~2voTDvQRs21Q|BZxgTO;@vlHY4vcmD^IUlB5rN8P1P zk3KIM)B%v{(8w6rX0MfYDhf|6t^0BMQ0;P_Y!E*AXes^&z^q(mGgqv(EViU6SUWxV zUtCxJ?x#tV*ir=8`_>iDO;|kHK_(w9HHL(Q>;gK2LN@JjB)vF!Mw_t=yeTu&(%-*6 zGn4u5tyhqot}ZpHQh+SHj0@g|?nhdVUb|9CUY<}2EQK8;jb7!GLyCWUMr=$s{5uH5 z(0TQL0seX8r7Lhsvxd0ql1d5u>z((oMqk%m-8KXO9$r;ePf$I7kN8WwpN7F2f5%`z zAnG*ZwO+-4IJYYy5T<{OXDkToc#Oz^_FiH;D&RnlJKd_CPzMYtt#5&VA+_=81<;k} z^lMkFe&DO!4QN_S?fHLj)U@BuVZ!vy`~ND0HjZ125vr{@{qeqDBu*$TJibepnt}1< z^Bqm&N5EB7q8#SXlHnm4#`^|8Yp*gJG`?jHNO^a!$4~yxpk$*F8DhW6v}X);t-pJC z1=7b?)?>4(P=l(-1<@-y8e;6-H-VzOE2PcFECZ}brJ5Vi7~SyF{I@9@n#U5%nO*iV z?MaI8>7^NGR%Sslz!4yiQP+gRl@kl65i!x7b-~uR0fy>825$!oD%r%pTL(5VkX=vn zy((+<6Z<0#;ZDML^MtGHgPs!TlvH~I9_-^>I*ixC0=z^HO zA-VRcY!kQ}xkkLCx;Ec_6^ydJLU&J>@B1nRWwan30e#S6L+1;)cty8#lsZlaGfh)B zO;UXo%~*~!Icj4P)lnkpkP8DNEBx`|EX^L8z*Jw*Z$WyG1`0pgaW;pbA7(j&ugt>x3mGT?Imk zIGP{0{%f)_z>_aBts?yJd@D(oi4#D%y@22Nn==0S!#|Kr5c!YlwoFW2WjaO6c<)vn&k%K$l=*l1C&9Q>o$vOu zr%D_QN=(4$O8Jq^E}nq8bL+#^n#M0i2@J729|8iYg2G>p3%r9I+3hTn9j%wL-Etue zzMW4&26q1I@KV)LUm;t~Iyl5W!&G`-^S{h<0`N>h*R=ZyiRm+ff)(PR55Qv?IiIjm z0)lnd)6K+?9|8DaG?z-R7QTtL=I*$_)yGN3;LrUN9^beEFu5noW z7M6{mbu3!2KT!tCJb^;V2$wB~2Uq{oV+}eLVgUoBQ)cG>%oG-Jp7#J#`4Pj}ai133 z?(g4>Qk1Y)E0R_Pj=QHfD@50rwZhM$Kg;eljH(q=HRXNc)C zRby>!0T~%{ZEdn!*Gu`DN=scUcNbT^#IyS@CVSzkJeVv&g#e)4%t_yOS{MJLl`D^j zx@-IHN_A6Fl(IBr-%}y7l(_Aru~sNT)+zf=Dv}r_yD?!jvP}#rdzNf5GRBf+F!r(U z!!Yle>VBU4^Ld~5^ZfJv#r)4YI^h#L#P0jZ40c3VdxS%&Ws-%9sxEc+k?%nf3-^%MQ2Hk<({ts5PI`L zVlk|0KLP8Ub9J(mChp5Zx&0eEJ8c(B0zL881jv_?}fk&f%% zCT!~xqZpXpvEoXrR5YGPuHpbD8sr^H3}9mw_$$2NofuvHAFG0zn1b(m>gtL>1p}n9 zA7j+-n78*!)sdrsEzQwke0DhoiDpjSx0Q1VTK>IrV&k5GNkbX$tGrx}7&;~H*J#BE zjaj5$t6SSwV*umDh4xuMynXzER67Tdyg34poPLK{ul>qDKrW~|TXC8MOo$eLZ!L(1 zSTt5DVZ}ip3CJM}P*zkcxG_>uDF=_Yv-lXD;_^8jlhFGw?R4$>n z`j)O708%z$hwEOlgFy$-9OG6J;ockJqidbJqkcf1OjfwzgzWwqr>v&7wzeko{6t-_ zFK8!ezrD??bfA?zwVo`?VM71h02e(P^$rAs>`9-)Te>1idPjM91p@wI|F4zw-x}rv z&vOC98~;@Gt1Q3c6sKr`&m4dulTgBTrbhiDzH#;~znJKj$}wf!dx2Q_@Sz0JVzf9P zI#&$aWF^M(cw#GT4(Rl|!_B3QF!zJ>jDdlB$pn`;J!K$1+@;*bci1YmNi2eHn_Zi+ zdDb9cM%iKcMm8;`8>G%k6`(Xix%ER{TK5~K_c^Fce$0V0iNrn2R$q?U>|UAJJkb?C zbV?&Z$)8O51OEQKRVnF@AQ}V1hpQ83w(1u;N{pamV7tgBd)B^tWsQAAfsIOLDXh~z z0Dw(jse~R~gj=yspVIynk=@Xyo>vpokBRs0gULL^8Kp1+Uh2jXAeKa(IC%~(vK!%l zZm8fqdHM`g7wivO#Ia*`2I$sxCXAPx>8s600ts@4-y@5gLV5hwqoUR8dddsN1HeKy z7INN9w)`YSN1!OKC1`fu!)x@$`6h%GRsCIq?!lk5sy;d2aTk4s8w6hB0w7{}`r0Pv zr{hKGA-WH2Llj_BWbhCYCO<~QA-I-}D23alOZ@>(6KOWjb$ubj?P+JH*$uxIvFMNF zwSzha`FXI+JMIX!$K${v%W=O{bH9^{s^Fx1V%` z>YV&GK*F<7i^7gCg9_n4{uyPDQ(ES}(wS6WTVGcTQF=0SQG3=Q-Hy*R=pJb}sEi0tLiJ?n-+L zg1MPYqzuq&PeRlF+aVFn)GCA_`CpiBG_$ZshWa1a^Al}5qzE`b;F{S_L;inT{{N?M zv@B+YXfQZcX3KqcgM0*eVW^z%5f>;rWdXH`Z4x!SaTkHgvPXRc-8(NS_Lv6$k~kl- zD*t|9h_)gv`q=vM6ze)5=E+ZLUh8f5YPgKRqQ1KzrZ)o7I=Tb03Gu*1nJI1L5jvM1 zw>SRToHIsROCL1GyFb1#_?)7j4YhhvKz$6kSDRMN3U9iu{xQb4Z%QGnUi#QB;Ki)^ z=9&HaLJ>q_2(Jr=TSW zwdCfLq!mLw3qQRX`Mi1VM8gO`48ujk>^z!cJsS9xdF9GbZMt!|w+>=D2GXAb|0q7q z<8ECuL;L8nnP0%~3aQ2HA8@Fy6MOuSY|n+&Bz(NdWF~e*)Z`ZT;U9I(!z>@dy!iKB zlPbN<=y^3h%6#6`|LkDFvGDsU_4heCyi+SWqXc!m#~YS)*J#JX_@nKmkkC6lFO?FN zFNz}PaVx>wRW#I>zCZ%-BpE^vstgVfTUl8#@p)h1_9^X%{eS{*yd)+pEDVRkTNb0G z2Imv1s8Y|FR;l3r54XjUv&3>w8{!h-t%yg9QI^=8O}^eTHI< z3298Lgsg~DTnOB|cWblhw?wyVXtWbF3*|isrKYuM(FX!L$z5$9NxOGebPC<#+@hYY z!fHLHsv5LytQ_p&@uUIVP@1B@o@dF=xuF|3^Q_-%!Re*U*Gs+a$HGll%>2`)df5}0 z)uPswUW6m4IGcJ6)r9PmJseDJM`hK-RV|#pSr$Ch@7mqD1=%v#aU}8qX?py@r>_`A zn|Fs0pXk#*HHSfh;_8@zw5vH?qzHxK}oZ#81+d&O@Z zhy)b-R)bS$Ps0x(d(!7ACukdv`Hbq6K8lP3c%iY@-g^m=lIew#nhZ% z3q5*0%F!*!D&upSNQpTvD-c4g^W4oORU%DfjIXyBifS|sIcaHDs4O8i@YUDBvgGen zT6QpTl3Y5hQ`(X{j1|+PNC;;J1=E= z&a_s?wf~r6*_<$Tux|puw|&;KBV_FG?hwzr&uQQqbWiT}p0k>w4xSi1=mSp8d3fO8 zmf)h*gCcEtq^oqGT}VhP9}im~9K!In)WE>tECdoq1pHchHehN{-a0xS;q6r$C0H)1n&{ z$zqE!mVzIcDNKzG7uVQBvj7WK>FU_&EpPfRMc)n~>nYNLh};p*&vz_$xTznj5!Tb1 z7tnQqJIwGS)lHzG)E~ScsTI1md~$uqXRtwjw>a3nJ^1}@sGQ0hQoQT#e{wt&LQg12K?S0bgQ0|<`u{vU&^qo72 z5vDw4rVl21-yEDOG&SFDrv0%|^b_VCP2f-v68`cs+D}!|*`w?N_I=D!G%6fc&g^!H z`@8usN^kE*Ts3?_-F{=z9vQw`XnrYgBkt>{6QyzH3_*KuqzpJW&522Hq1Qo~@9H;=5#Zcyo@KUTJ}h=;CV*MO~kYl?3`PVEY;_M)5pUm#qf z(Z3)cDlbmKuVzxN|CkfY`yO}c_DM}+ZOn{h2=4ag!3En^r)}-Y+UD>ex52m8B2327 zcjoPrRnr>4q5+UEYdo~J=TJqn*xs;Rv5DXZQheF*(^rTUOV)Emmn2B?)0piS<#OTH zOQ;vqn~vK3ER?(Xe)J;`s$%frFdx#1G9~s#T6)L^B!3hi|>Id1L^j>NHE|XX>*iKg>d;#GR##5y?El8K;C6 zQ*R)W&w3_JuKZ{g^xzFhuUwtjEuMj?E_eX<_VNjlE-Yh4qmX6M7tKh?FPngrZ;=}{ z{N?&<4>>*hxj0z(#UVACVIZCoeHXLWJ5u=7T)4BT4+oZ8%>IQfYmz1G@DT=v#p4VA zWb|M3j(RjEZC2-Ji3spT%+dDIK({`;w~tgEIAsP$PAaY$3S>u>H4^0VjY(kF6H5#^_`a z{#--dj5VClQ5YnwcxXFBoFPPUA0%Gj-M3V7VjuaPNaF6}n) z8k7(t^w(tp&B9PoJlabU@JKTmAL<+X^Gk9;C2Ie&(moO!eORmZrC7_x#NrY}rk3j<;}7j1}(m&ke+ml6#4y3%O=O_gVc z_yiO{w||OlA*QQoG@UE6C*_eN1WrSyJ0L6T$b9j+f`Es}CocxclA)xCosLPzquU)f zHrhM}a!FiPaG9^$C@!+%XC2-C%_(>PCX9D9^^9T*H){98pM>=+MQq8FR#Fh1@8{l} zd>2hZl^MLnr3Fgb%(F%nF+DCg;{y@!n1zCN{KsvRK|c}%Db;dhw(k)G0|RYsx_k|% z!p91Gl36xXxWITU4I|RhlvGrNYNDDFSE@)7iP6N#gsRc?^K~f~fmq#Rr@ts(?gVX2 zcR?9fJ4nA6{JTkc%mPGq20Y_fTW-E#P6v?tonpVp{5P``S-<1)`09Ev@S&Dl9}qD5 z5s9@jwZ=e#T#cerGDAu8iw0y5&hDja-a-A0rfeyWD-073rt-sTr=1lCgIW+lM}a<+ zG)dgL9<^>0knko0F>}p9*H2q}JFWlH+!SH&P66BWjCoxm_64>ydeafV_R+=;cw<_^u+tjY|iUGdl{rpS|mybUxv(DW>E4DEPGl9x=hLKXSNFL@;$(zrWkQ>gOZg6o!^hb5Vkygh5KPdH*Bl?pCkB_wxKr(}qjnS9TWm((5< zrEB_S49{-qMsSu`L%?o=+JT(ZS(InpX*+MftnS%GOHY}3HdlF=NR*Q8{ z?ucnOTRwT+zb`Z20)4pxX~_$GgTO3Sb$!x-8s>AhAB-8#S4}MXJxjvln5ilqb+5iX zzGheIKqeZGzRt#$@)bDO$N^Fbm4|9m0V(^&jp-|bA5vTt-Y@T54sqQ&hpqg}8r6q& z=bzED3Y73IT;}{~y>R=)a39?s?4~+xC0Gxh1tYF+ytpOkao4vha7GbGJDo*?NRfa} zDeLq^pmFptFs-U$$G#%D0QVc^o$)KrSyn}oUyt})GjV<# z44fa&`~S{)&$qt!tTSt|nEB=2_rCYNulu^M9j>AzjrW-1F$e_0la-NF1A*=pgFye> zJh}%QS=zAk1ODNBlF@Yqfu45X{r!`~`jip`dI6G^e6Qh^vA^hVKslYsc~jLL6du&| zj!;O6O6ZX(VN(A4dJ^o6(5WOUg?V!RT*qd`$;F%YxmMn$opCM0rJ;}0&2A|ktStwB z3+J_F7aY|Gc$Fw$eB@Z?8&o2J~ zfw=p=-McM_G@mc!D=K9HuH~991Ye3>y~d0!QBe<2gDEJQKCOs9-n$Q+tCf5mb#yW< za&ZE^T)MUEk7tl~Nm*ZCZ@J1dE?+q5`x8ZJl?S{66f55U;KtSvW{f$Qc5FHM!_X-2 z;_8~D`*+d!=9KZ9yMpP8l_(-@wu}J;YR|B-vx`L7`uk%HrYx>64jL9*3h`;{yTE+oY20<4@)PBr(A8XIDn4QedH#Y-+z0#LoE5#h#zH`zmf|2D0JP_8#n z33!is+v{95S_hqkM~GAG+L&X@pPi>i2C?Fu|H@?I7FAVcx_MTeL2p+RM66{ndH7I1 zH>GG;MVV55{BJMs^?8~LGO(7@vwk(g`Ba`Z#(#bN{nl%_`m;$2;L!pt94fE-t>|}x zlF6>s$@bP1<05I57(jyo)n>M6-!F;tZT{CQWX1~@muurQ0f!5XU7T&d{jV=}k_6nB zZ#xqLE?U8FX&~!koc34U5!n2Ib<*0VZ&W^I@;Q}=iU=C0sQmOf-yI)UOJm0}t-1*p zr_IgDqKPh!4J$6T{(A6Sj>jhi*FZs9iN@_BqlI=N-3obsx+gd@UY^aW`_O8%R6braV>EZK^nQRF*qDGPce zS{j2qyF>&eq#@wzSf`))`ScGSC@=Nxyk}`Fiw(10Uk~qyAC<2BX@+Ds6&^W$a^=kxG5`3?=_IZ`MFZhGEjxCqMTmSIt+{P!9n#qCh5PFWeG4 z{9&d;?-$l!ZTsS)1Ie+FPV?S}%%hMelZFcx5$c53>jQ_ZUKipp&bgoOFQS;oE9r`S zi^YpO?gp8XuZogJn4swR7>hYkpWTf#lFyz=n2-GJ5y2LBZt03s1X`60uBpb;7xfIM zRR$IRUTa4FI4WuWgIjQdVApACZZ3f%eJmjeBoj@39c~?>n!SpBQz#a&f0QNcvg3Dz zKT>%+Lzf=XHh#4%H}p4&Rl7p34sc5b`D7;I2ro-AlGl>-t)-L&?DVZp4|4+UMj)5a z!DN0Vj@BHrDW3Zh95*^;i@;CPjz+T`f^Qgvk$g&Lxl%uARvdr2PZQYR_NtuO1r z9Fp2B9v9H(U#?<&E6H_F63r5!V^qc1@9@Fdq9@Gya^|=RxQ}OY;!jg33!l@|B@5e* z1n_$gNE~h`#MT3mXSxm7QnZ3kA)<|ibU-WR7^&ff`OZ&No_&m*`Vy=wU z((J~=CoAoKz%4BzOeNES4;E52E3e{wvaz?}NnmKIx~x8F^%iG&qJ%zeuom5L$)%f+~ zga<8pV|B>KINi6HwviEp2X?KerlVyUn~qGG&3#wNuTf8)72-!n`OAz>bab4JCD$bH zAiR^g{&74HJMIw+PQ7nhZtnYwALOxg5Rx7}B^MIl?#KIWI-25)W_%=cl;z_H9yajD z^$U{0L|3{GlwZ{zvjS_15J4+10f`-d#6>xt9$a8!{V{crwCTV zYL6})tC3jIOCfc72lMDpbo4fZ59r^j2|ddq7ko`Cxd((K-SO#ZvWdR_AdzrK67F?T zK4As3#22(nqnoR%oe_+?tWrue_I8vUW7AF?(U-ix9oKEgyA<-xUUyRn>v(C)j#ZnS z(tfy(Csh(D3bp=Z(dG7(K3q^TqqGFomlxx6H*r^*`jiJAkx>-HE_39Hx}S)`Yrtd2 zgZDx2I%!eobbnBa5-lD6#{Q_tDm;r@{@Wz=h6Ca2MO4`Vdv@zFC9N6@kvH79+5?N) z^`g5~k4(!R&ea)V9Kd4nI5g(`{zD8N5I|Fk3q@!vjw=Z%+?ug*r*WoD9KCd`ucI<( zsGe4;@{qso=K4+Yp`I<&FX#ghTWQxqa^D*t&pc+$;&NmnT$AmtiqA{Zr!lN1W-8aw z=I*Nx9=_@8PmoYQD2rvLdivx&rGU2?*RH$lN^tLtdE6FL2UeUnFr4~*#A@r!bc{3c zPpRv?MkPds&57j}?)QF)&Y&R{)d@co*P;bGg#*)EY6}R)aXw=t37TxP^nnv< zEsby;w^3$+YvpIEXnzu?sgz&U4ndM1DESgq_D7A&7gZz`B+IlmpY+b~x$w?nLi|aK zC5<_k7&N?6+=?wvHhuiJ>9h&?7IKR}{Vu9-(9to<=;l~wI6EQD>A?RvI(ULSHy3c* zRyo7+`#K|bfPLBR=dv`VxGOGYYKum)YF91<++qe&IB(B}i?Bn6{niHXz?f}m1Oidy zdLOq#MLAuWx7F%N`?p|`NX8XKA8Q0LMr_AFOi5hxJ}8y)b;3m^^x|gCbEdkw`uech z30A5J1PN^D^k3u4;BYwbT;&3_Ax*rkZ(Ne1A7Z?N>1DG0 z(oK}5YK~_NK%YPF3=U%hNDNnlb`1gGJd?P0%fRox7mv`u(dYLA!2n<7b{U-Pl5$I7tS$6tE+W$nezy-$J>Y1+l2zxt9)n1{#a`M1 zpCR6O7tWG_7khY+Tz`p@+!@WmwO%H;>rl(2k9;lE%9jiOISIj2bN zULA&C6FYy%@18$dEA*4@MqoFrrC+9c*WuhDH0b&`Yc~&$MQwD_Ag8#)mLUsZ+plaW z4QRtTv%GiF`XBMd8S=eXbeeL!N&ZD&RgMncsyNohS-rTVguz}cV}ahy(UV+m%q`^5 z`)JfdD83YE)@40jve6DQv!guMlS^2LX;^#bgyCzH0q@#8BA$W$D7LjOevIZ&PxxA5 zw<}}4?kn^(w(z5a_X{kplH1P~e zAm+Jy&s1%-gK|sj&)yBKv99>JgKJ0%tu1GS?Qt-(;gW5Dc0LETgJ@OR=u z&SqEFWx?Yt4vH{I$=yGT=d#Hp>gBc%zN7USoLjkLL$jR~@4al?`=o!R$E#Wr^3=@> ziy9sG#kUl$rR-nS^7`UX1SZ|l{Lp>v5M?y-u2?x|@00POlvy`XGKqX9%G}3o1P+JFpcTSIIDM5AASJ-h8P)BXI46AJoE5XJ}>wb17t69 zZ*bAObsLk(ej#EWHXRlX4erXPI38Exl%CTK4oUaLob2q##y%HmTl)hZa5gNiILYg7 zF>9Oi4%fJ~zGcV^$L(0Tv0?!Zvm0Rc!d`P&oFHw=dwV>Y)z(D83$zvWw81N%pKSL} z9u}YTkCktVCmz_)mS?^OK(>~@_(UHKyT-QXfxY`YBktd?Sz(mBi^)89&?k8uyvke} zDfd&`sZ1I22~41Qw1sW&uOCD`rL3yRtLm=)1Fr1-*HRCCVi*6&UD2>$#{I?m3G1TE{o7)nBo3qH*^6 zNlyvduaXZ0qG$TJoPAJ+UXYCY)m{34`URQW#y=nvIhpgjL^SrpZJ!YkhaUCQP*Ev( zQUhO2qF=!NO-o~U|Nq4)GtnCU_bF8dw<{w`XH&IhNV;*LhI>0W%X=%U5SW@vWQxt zejC$vQ;=<Hq($m+$~Fv^&KGxV7H^`*y20soTUT2FR^ z*yX#8CU?qloh}<8I z7QX$YH4pQ`PBl?g%j8vOot<{Dacxb_VdM49$id|R&%gwtNuao|kmp4OyMxVfw&o?`c_UDeP zN0^DX39vr*n12tvJ?}u?I2w;IKEX$?&Wz6Dhb;MBWA=y=%Ct!<8WHur)0I95G%PPb zxJs|FM$&yN%6pdCn`c=Wa+;tVfSM>_V$N!SL-wr1?5Y+on1@8bf^OT(1*|EDZO!|w zNI22G+tFC3wLej0oKd!-XF1W)DO2S}>N+|+^O|xifyS*ame$KLMN1mr4BOf?cEm0d zz?c;_D0*|gw-)Yq-WPe4)wYnH?ylaUcza@~f7KL~ee3sEugN@x1OA)mcBnyF2?b=h z8>haBk2l~)H<@mk<>lpnqrepEzlxWK@FPGDlU zi1FOq+{FOIS&>r!^6y3@(b}}D3u5z!76{~eXBjIfYHg!z+SkZEz@l|GTzV3jBH}j@ zxw?rZM^m+x7n}iVWiOgUz2|pu(N=A+_|A4^NeEnQ2aLRC3=gC9ZyvrB$U-87 zM-Y%KudFQ$1l~4MxYQ!z`LtKrph=2<(T!;2n%`cB)3D8cw#JT#r#~+p3?j|3d3a-- zEsTk+_gb26VDHCE`t+vO4HK$$fH|olGxo1IJPA#b3sx&hJ>$%81hMdIwVv*BHU!wF zFCA$!5zATDOXUf8ZMW0mi=hULZ&q_cX+*~t-3Nvm;QEjytfr`)N_&?|qekwV;k~2H z@q??D>>}i!R{|Z_FdYOu&5&Jo*Vn`vg7Q6O(!M>}{FYGATeeuBYHrm$NK3lVoVr zx=rthvR~l^on(aXG?ygL4wCbS&F8~LeT2}olR>4qT=41;KU~kd_kb71OU7Zay<-Xn z=&Q;UA%0DfmUqn;oH0=!m5sd5*&)3matve07-QizD;h4pbvQP^|1J1tgzRQ>77Hq< zQyo&Nc#3BG<%YTG4^)@PzI}tJXn>P?^4>P+-?T+;ZalW_Z;R6LSptzK#(dxyJlzVG^rL$`W}TY$m<91-YH; z2mH#mixJ{8GYh#?F*1Tn;ESQh<;8r@;$k>Pi6#xo+jmOiT?ID z-#yjzgq$xyv(r7hgrFJ`QOk+akSwHeqYDE+|JG^`A|W9`GGB!WSQD#MSY+Qn&XOq^ z{5v!>V8~5YauepOn$yGSCLsJe~U{>x79i3ucH5XcKmQIJ zIlB4G19MeaK?9ii3 zPk5u>hD%8k4=XF{Vv?eG;Ht|lxv>_p*PAJLe6v~4>9irV(eI=)WGE!uZkk5d=VEu= za4i9Stl1N!sadkvyd>tmv0Ims!H`mwfw;zWR(v?d67Ob}eJ>y&&tcrw#ulJ!>zNs* zn1qkQK%h$_h?}voF?}b)*GP8|kk?E+K_6v8FSFSLoE;X#Uhj;ku?%N{?Jyk!0X7S% z1sWF2U7ahlu4MWFe!s5dV+wNXUAHn<%9M|Uyf^m?ViweWa%#=dsB`?KfFsJHC0o?) z#Ks2F5b9A^R@OCsd3LX<Mb5ed^(QC61BRYuKBY^qGe9a3V^W3 z7FFtVtzTpAI)qEcIp_@Ftj+OnG|PxubEg>POFZP#MP65{GNi>!y~mJ%)u2^$Y;sOu z&@ipvXcImX;CVqQwiB?rGVcLVJFnO>!i@f1okzg8cXnn^XOgQl{rp{ATx1X9$snhl zRWUcH97X(s=9=*F@+G$o^!z|2IvNODt-Plm9U^Dg)4NFxa1Yn_htwYuAP^HaPhREe z-YP50t$g9Mj%$o&I?eHQl`$BMn}6kR3HIO=a=pzTY&3|^i z1lc-p-4b0U8%-q!eO^}-J4Og!VOo|(pjRE1U0q0#+tsQipCj?i8~CbF1cyNr>iWhL zGL4)H03$QEI50i+4-m1?xxu6l5+si%+xOkI&T?M{fdO&;`9;U15vyUty$#V)Q+p_P8KFG?(c|IO+yyurfL|{&YTo+ zFQnh7=4@*IsKw9yI3Z>sp_5{y6fX7@zop;*B%!BK_pkbq0XjSZlg=sZGEL2YTXL&B zkh0X|wll76?0s&0bEPjla(nQm8GLKu(6pDH5sz;Zx^$6wz08)K$$wSoxz{V^y}vIr zObJ~?U-kwdR;zP`w2a#p#N?Ydy+!5IL|!|y4-3j!P6bDjIYQatKW}H3k;>80(QU{Z zUkKD#rv|}!3uV-XMjV}Bwde9++HVi9BE=xp+7(UyT_T>|OO5N^*W)$mPGiK2F2>2L zsIRvu_uIbU>gn5Ku>h$0ZBG1yHyWk6`OEvhRyHo@X)9&^(4*_o?|y6Md*Rmh`(}=g z90ZnDR#4B2eG#N}8>T|bwEtdrz}1-MRk|o@GuP1xY>z9mWh&Y zs!d-Kgzk>`>w*ES`pCjeroV|0__>kH|)LH9&o zvx=gJoB|NWZDTI3V?#R?y9#VW11}#eYNbN$CjO4?J*J&gIWaxBls$TMB3$5S+ZM`# zw=~-jdRYSA`E>nPNM2q|KrFVLfq$JfaW;xJsNkRHM?v; zBy$W5>;7o)1c6Qqy~CF@a%?XX9f2s2J?D2cwv_F7>l8C`Jv@IDleNaduHTe@8J)f- zntOxpjpApMJ#pi7U0#WRao+4DK!v<**KTjtYbc$bk#25mV9qCuMdq&e$O1gPq!*)u zDbG_#;T{KtyhT;UUM5!&)fweCd;A7SBL1ve+baj?hBk*`tyzy^558DEd!0}PT#X+& zvK}sxmejh4uHu9om8JChNwyN;GouZULn%)qzunq#e%$`&^9QMFl|Nh~L-ZmDl|M9Z zL7>5hzdiyf75D!KiPQZUZHN~U8&Wy*;1R1X)_aj8anV*k- z*(%iPwU>UGnjdMW=m#JX?dMRt{^z(}>qE;y$7#{q;@L~8;c+WU&TqL%ag)-G`T$elb_0MK7Ln ztCyF|gi6Qu`v7HBz;wR%%SVC>TDsbFU*lEe z>T)8RD2Vmvi>K9CEclu!h&A!>I@nxizH>u~2=MMF54o7}DD}`jecAN=1i!TGy((;O z?isA^nfuT1jHt9dYbFsD{ud5=p$EMHw>4|{;w8JtyVugxYrk7ouVI3V_Vor7ey zt_6W?+<*ZY4{X>MM?9z03mo1J7F=A|WUXCcU~zUnC1pKoaOQQhpum#pn$WB@@3z{u z>GAl^W5(n9L!8B`?sA>(my()7H}7$zS7!f&QU^EG$r&iWosk^=GkC7Y=5XFz5QPcD zr~zb4eOKU{MRy$oUE%iQaoU)&vK$_jy{+wc`m1#;QQ#gcKbQEv>HA_XrkHnQxDwKT z@n=x=4-c_Rk%*4UDv{Ot_>n(6N>4%WC=_75VkTw8=D|pfY%l7ixv9P9VQ~6qHhI%* zcl-^W)1KxXX)}>%h|~XgzhP31L)N>uGBpuhcG6Jsi&rz@jH!hh+ox;IN!-eOlf@x3 zhlv5YwCm8(x8(ktQ{`mzAE`uAZ-XM#mx0Ns<~^b+&7U#Gq7ftL^*;Y+=2}vheI)=b z6Pf;j{S4p(O-SE2ef-f6)g+u|$d1~{paOm7No9dmIr4a%SOj^0%Z6mwHH=gQUvfF1LPi?7OUHIfEV?2`eLpK2(A?Ew@HBiX@( z#Y0AELv^yIH;NfZ4dXAkJ!E%&R}_1{Siu8`Ac($6ht|8I_J3&s{Lug-Ogg?%;~+{2sBdX)P3b6@``Deszt)l(1`wew#*2son1OJNbcsh40*MgC-H4 zmrtD$4biwP>>%hvt7h40w2PZI}zU0Us|1C$p0OIk9ST0z-+XRrCeha^B? zkrQcFf6L{}@n5tO_fA! zID#VoP+Gygk@j+OgZ=%wwVT62+DkoL9{^?|F%bv2kU0)>IPa9Pi-iAXyTw^6Qde7@ zDX6BY_x1A=FJNJAvhNIkGUx$cB6KFZ?{|kX!nJtY}!u zDhkZ57o9TW zA}41K3Rct{if`BZnmO-}Q=XJe0hmZ3)Ivi{?ERY4*rg4HnBuhZ#EcCEIK4UIa{r-J z8LyxL2Y0xeV5Z$+>9ZjigkEXgN{Gr;iwM-GP;NOFg*!#dW8~-2rBOldJpt!>*|E!D z$7ctF{ZQd?8D>|A_IE zgEp7@>eec9BI8Hkt1mK@w&eCIa6oJyMSUZCEpkblmBlbwvPq5UZx~zn>`e9kevKYo z=gZJ^RbzG9%W6aU%uVc8IBN9jR+YW4mVWbz=TH#w9hjt|@8J#G=;st-66ohm8&4Lw z_}L*-xphr_>+4Nh+LQcg3X;*JS3>e0Rj?1Qq8^%pK_4TJWQ1UcbDHwb2{Ex0@MtW6 zZ`P2;7Hrw69B^y7n6ty-P`JhN^SdC$j_YS$s(fmkRHrX40eV6z#CoL<^h!LSIi`-h z6Sd`EzG(KyA@Ooad8qPZreBk>^&$UJsccPr=T8u>{CcE*(PeNS4Y6G~P2#e7mt1&2 z6QL+Oh>PD(dalGHQm*a;#g#6uIY7Ti%)F(a4W_kGTeQMABKrFDYr9H8`%!uDYr#HC zSOoMT{}Tts3*n!ne@q&%>tp6@)}wRDx^?;e#=hAlsZ@PwSOWni1sLym-_l(bHDegt9Hk}Gl9eU=V6{#3n<>HRE56c%Js$=3YV z^LC3=z0OpOJoRUMEBrl#( z5BZ zOPN;+*Yqg@k?pg_{= zWVE&7+eDniF9LYz>5>CTxIhJU&%tVjHQA)~CF zyLBJ5`IQ_Q+{f8?fBQQ!O_Sc>hXE$YnN%uiJEF-2DDFr}x0HH`m?7BAikiR9hf)xE zw~R;1%cc#RCej+4v9pKs!dr__#Snd7 z0)o4h8|m|qaL$oW#ylXSSlKi%pr8G0#VH;Y`s*~*?HYfl60CMpC{S7@mHBR|4Q`K1 zdGE)ZT3KG$2t{0pY>n0r%9m)Y{00HVaBW3snJyW846J|{*kmHC$p0mUq96*cAcDqz zeHwA_Y?r)VDJq<4^~*DlCXmUE2~y9n!>iA_qOzFu5l#+g#C|8apGQz!hIoQ5f8MT? zT3WM!BlsYZenm0x35aa$Q_Su7!nSSo*@d25@HhXGf|R+ZoZTH5v;7#Nb7r>Vt#$Pi zBDeJL$6szYhMQkUiYC|TvyraM-{{%74T!XiyjXGk`j&PAQ$2y6D5qDI)jcyd*uOJ> zeb@U{kzak=Kf=;upJ!2mQrYc8C8qaDyIyWNPKC#by*=&o%wJ@thC)ILvJgZL?ZX}?w>F8NIympSm(1)KC4PkD|dQ%Qd^hX4W0NTWYY0a76O(NSn33ohs6Ep|728SVv%Pe_Sufw~xC4JI?*+d+Ve^7UL zUvH!1eUM&RVShQH+>7ehgqmKL@~Y*SohTWr5^>-DG2MWfMgRkJ(Wdb4R*>O%U)Al+8c^H^)OM?8WC zD>1X@v-;((DiSXjkABwAcmk5s&ikx18aO2^BJ{Wui3>qC4#*kZM zxR}B2l29CM_I$kaj8Ca4c`#+Q!0szwqOmF`vUUNoE|*$*{PVy{gH>~K_K9|DcFdz0 zpt{#`NdXo6=_dAplg@ojwe7Xh4nlcOA1%)4v;L!&NgN{7k|Q!B274iLU*_!W z(ae#gsI4wX7QcO?G)E-!-i!rp3XGg{=zl$f;R&`IIb9paUhO;)#ugU@VpICt!XRI1 z3~U;Zu}@a*(i^4dQCV}b)L`BHXnXGE%>B%3tte$MCu zZvEujSYBGwmi~4&S$%D7`J&@%>nICuh5#LuVQ1>JSCC$zZodVt?D~(d&CD+3&rKOt z0^jM`1-K;r^Z82ZqRa-z&lvB8jQ1@DiRXhIU2qtVNZ~Nt-SrC3&iL(mo*C{`(BSTR z*uG|eFHB)b$@93G+9!S9W;|}dl=sdb|Lh#XHIr33GW5M3M#HRs)vH%bI3#$(;gcHr zw(id3=r^SnHNo^QDlD!I^UReNzXZb+hM#|f`~&*@;r+=}x)t1S4KI2v@h^a=`iMr9 zmCBo3&ns9R2L_s7GFWy_>foBYrDoWm2-!gG;$0UlsP2oHqGr-JF59Cy|DwDb0Oes4 z(=(yvCa_G;&GpSJe*mxT#w8@QHvRs+y{S)dzNJQ}{O&%WwM|x(9B?#CUhFQGPf(KU z@_Q*f#Cd2Q48SdG8owBDe6Lst2v<&hEph&9ze%bi5ob7ks zERRsw$}`CHj>53N*QO{?TYcBzY|yj^JcDbRw0F79g8xLF<6m$}TfYT!(|#%PA8D_! zmjx$q)ga0LLH8?jF~AAUI1~iVzZ<9V-LL-ghPQBSf z@(CMM%i^(2_NA@AfA&mLa=lhRdQh_hRQU8@jP=EFmpG6ruYUE;+9J3%4N=Mx)>Tz~ zd97C7KBD*S={RpQmTGpG#>aGTJ{Ig}FCmi3>sFt=8E9jrCH-fGK&CG{#S}*R6BwC2 z_G3;!U?A}3mo3s}J0NHA6k1d}qxt^GFk>}%DPA77hve}!cXU4&j@SJ#w|og5S>*7RS|n(U7#KkuQQ~? z>DOXoz<~3sDfsA8_Bz3`0oYxjq|)c4$D);9tfd|c?yK5C$W0R*GP(^pDz$2(9^C7D z=bQ`ahK@ziM>OHTTMj*o5AoQ6I*X=_``+t@r1IH7+wAva#(Jx`kL;%UH{qJVq$D2P zAR@4fNy<_-8ES8Re?XdaO!Qg9ttCb&_8!|?XVHBao!ZU)nFHDh4ta!W+Q!BF$h$Is; zGubbYxC3+)m`gSAAkBS9s;5Qz(Kt{FJvwX?T7=z~nfogeKmi7)Jl!Cw!HCZpmuN^a zq9-&pb-K-f$Ye6yBR4F)fc+>CY!VoMq4vR3qu=ohgjI$ec$74)%gy*N=$T$x;oLv@ zpWVL7m9H?@WEz7?fOLA0lRzys|w9%=s) zW&4)}&9p;rnyqK!BSXgiKDswGXi7xNI{Vdp6;GyNv%R%76Ra+zM>$6& z?`}jcm|*>7=%uSPqCcz+iF(8)2I|s?!1yT5@&=moxmalE}tVNxK_@1 zdtw4BT-GM_KPJc?7N#lrH~eM6Ba|ITTDRf} z-PKx3+9lN!#pqVeZP(ZtX;Ue)f_H1zcRLiql|^sNw{kpNB_h(3?=~o0WDEL2+)NP3 zyAyd`4<0>c}s*ezGkWI%u=ue6GQd z<78diYi%0dXN8=4bmW{-5heq`Vy!iMl&(N$n1OZ8boa`NY4!*bwO4g?)zQ|05BJBA zRh6rj;2tp#jf_lN^Tddvwo&JMPK_JM#Rn}F%DR7rV)#n2pxQ@E#v+KIz@85j*9j3Q zdj9Lg{i<4DQ0#0x4mt?KVW=B^T>IBPD|0}E{_DY~R9j#vLKzNCLb~~f81koakMiUy z2;`o&)-qT&kzapDww=`V(#%{gPY=yUMn+Co8VYgy-DJfG`>jRslai5XYiU*LH#h=& z3j_oN0ILC-u_>nnyz?A%fCQQ9k81ebv)Pv~8uTP2l8)`PgTznG{+9+ZXiv&fsOPY2 z8gD-Cw~yvt$;?(s+54Bxc7P@_{~^HOmrj)^dH*3W4^UGDn~2K1I^MHWs8osMe8H_b zs7D^uV`f5*%PQN*IQpR-__;`vsYZ$zS{(rr|C!l#2)ljpW78{4NBj6_=UYuf>r5=s zDn>W_!l~aV?4kyG4Kt>u$cNX46m@bRjcdJ3N=DDNV*Gci>5N;7EW1Po#4h>@)2V_| zv~0C14H`|mLKM^aDs*dK@$>V;F94Y$ZG4ClCxJU}*wwAl9ML00E9nSd*4EW9%1B=R z1=T>sRFQY|7E+r?^9bMV#bm>Q&AHZpGUgX8OwH^M_6T<&&(xl+d{DiN{=d`bk+DF& ztF^OwEr$Z7Swr>zqO$L};tGi8+AsKHP-;y4?%MSHTTh2(Ey6b4$of_-nJd8(hG&9? zSvCFyI3}&^u_Al|dS=)SoH5yYkHmQY1qn6e%1UG`5@vR^Xo3~ z*b+Y1ErU?0vE?BtD(E@D3n6^EK_+hZ=f5<~v8z&F2fl)i5mbFLd@;Ihr?7tV$L{mq zU0NT=8`O+D5A^l#f`!XDzLKV9E4#TgUGd-@5yDFyzaBQ?XrlLb!C5(crdRC9F}-aT zmD#_?^BOWSiy)Gxz~>y&g1_~?LSG@QhBMN9Eb2=hHvK=GI$4uLAjk#^InxpQ?Cq#$yrrIoMCI<;WlN6LFM1W&1M%-JWNIf9`h+a1POgtVW!7scJ;vKcqf}ZdHVdjm zF+I}{Yi`qT|CY>qWMLdJu#4moqf0yj=A>}Hxw3S73+AX@Gwmw&qIwbaXlM*{4$yIK zOCNhsZ7Y7%2Q-tGm-6bQB>TQVNhMDHTzg8y^H)Os!;n{f2X``3Y(2fF&sHH{0jv^+ z`T3Kc=u)?NhE{m|a6Bm~R<0t)tMMA-tnuSWrkS;5Hz{%F%lpuSPxRF}tXvO=fHdB+ zbZmkcm}vfJ4K>mhgc(u~py_PC%j;;N35`P~w6(;$59@5dcYa5W=?^(=N%!K?2&^El zpNCvs7yjV|U+*V`lu|miI1hd21$JDhJ5~Y$R?qRNcA16>|N1Qon50H)K)Y0+{qKdD z=Fh*&aQOd~j4FHoNHc1!Frr!@v(k588yh}dmd7)!`4Fs~SKH=L27qee5AHQ3keo_) zY&jC3%r|RTM(LT-P?scq!PO1~&^&1bPIUmVg=?pj;U`&Xbp9FtXfTlHq?(nZ3^$SAh}Al$Anak#K3>8qcw9j~u!`yaw^ z%1O`lx+^V=Vl<1kH34C>PU~x*Y*<`y_l)~Dr?(crbe8IX;7r{Xf{puSHJHq3rrI34 z*LkNB$D(-K=}n}1Qe;A^qLPx5!rjLJ3c&yp{`r|No}Nq8W$hD1%Gtu+HMzNF=esbu z0vA6&w5TDhb_#ImF=;^PFB&Rc-|nqnmX*5|o!gNu$BIPnTtzu;03TrE-Q3r&kVScQN{l~oK8yD)I7*<` z@!J(iA)C(W)gzHvftFHk*MEozFwi1kdELo69#;y0dJJ8FGjMKDdjY=#03o9@KEO4s z%5onA7({A*iP-OEQB*J)#%>%>1si(V_0{bBZAV1Koxn6lmPT2STgno;oz@(;k8apSKLZ3%_Feo*@# zo}Mzm1^%-Lg^K>A{^@B*s_Q=qwp#;TTet3ZlJ6yM$K*zYiTvKpv5H_B&m$Uz*1%*y zSvf^vnG762$-u(OmYKnyILkXjmnA`?z!zEYsBzg#9V6B9YDXwm`L(p-dGm7CuuyRO zdZTQ7%yqZN+ppe{7DXmc9Si0N8BecUvf3?V)U!XPHGXCYX|sB6jsCN_TvhdRc>H}Y z=1wj>C=#A-eZE?8Hyj*iBx4`RkP*Tl2pn{zsG`T+blNq z&0$WRZPn5~j{Y{LXGrfydhfLXq|`izi1xRfCtk3p{I-Kq!d~KFtHlV=^OLm^4PZN^ z?RnQo*4vYP>8#6@wCy^eXzVRpcd5DgDxr%h{I_UxW~S|wVUpe&A!R6g^!7ARIlqRt z9&|LC5T)*F1HqGjPuQqm5TG}|@H2?|%4bxr^^Em`MZ6tdu(i}kAvgC~T-8mM{m+O8 z?L+C_UWjqg8eedztk*WY?eq-+JV9pn>&Sx^twN-=>%eU7Q43;N->LQd59>&|K5{Ss zjPCp%dM>rq25yy=bYk#|1%aNi_iI4me;y#}pLB5v*+d$Vmpi~h3S7DxoWE0vm!{Y% zj#ZV_PsVrU5YW}ZH=ialCWt+KN;fI>r&UEfZ7ig%uwLh?g~lb!sf*{(!YpcJ;>h;Z zo>H@N)gjsZ1%*|EF2mF7gv1w=R}4q7>V4ApQ^=Wr{^*|Xlw_0Z?i%qBnZkr$^E>*{ z_6I!xeSW4ekY4h&?Ta_pf~n8M>CKKj>x7~6=ln&C(~+5;kqn8#0IsZB8WL7-_r~`J zu<7q%=dYGDdCNnoENsw=iT}M`%qFg?{%Ck#KI1guUEywI4&tMSWMeMfQ<0kd<0XdX zWDFp77{rx*0GXmiHtg3@79xUc$a^?LIA=%NidpTy+1a<)L|SpTx~OfU`*Cm-UZ!S@ zYGj@O{MvtM0qA3E-Pm@rsbBy37QJs|w>?Hx9&E!*#6lrVxxx@iv)K)hM25#DX&^2r z{ru|m4lSpkX-dd*6LzW4{(c5DTT{=;i!7UXBU6E*@V@m#f0y^=VZ0MNNn7Xr%Jz>t zyqW!L>HZFHZ`U@c)L!x^)pt#_D5IvIe>az96FAd5BPs-$WXTA^s>Z(F2G>$QP3TYj z{lj(!x^l)~LVZvL$PDC|r+-FGl*)CLSm?H2x{tviUnt zAmed-thYU!#FnXVc!W~mwc|_==V?4k%Zq6!^Fivj-}j}-WU31vCa3Ls8u1$!E!Q@D z4fb#B`u0tyx=35e-qt)VfzvZ)*p|3aed)7dH;=(59L;+!*s~)gKjaN zz|<#?3zryT21&ss)Ltoqw(GBS9#z)Vw(`+>2nmZ98t=aeYpig)>yK68>))I_IYwvY zhd%mT*Hk_WZ3A=0Z(wztZn7kmzN#BQvD*Py#%A1~`{N`t82!dl#{fK_0JBbQ*Z}I@ zdhOA#_UCGv*K5X?LQF)r^jo_1UmNMff=#w98yjiOl@H!(o{c|nSu%?d zbus<E%g8_UzHWAy@d%~6_U{p#Nj)4k!^=xa;9oct4)fA?MiBJ;-`4_+z) zuG1H9+QNPgl5SSi2HP(K32dQ6}Mvtw;64%i7WUT?l_tlI3!>C99UWze&qi7=wDH>y7s6C=6_3ik?jn!L>C{eaWWkJI z7PYDq?l-|vJzk~sEEynN#=ow~=(sulbq_SiKjE(hg=qg@g}nt-lwZ3xK7=9yA|W6m zAV_yhj*`+L-Ho)8k^>3|N=SE?bax6OAl)6(-9rw;f8+0c-*wLaobUTsvsfa-erE6I z&g;JJ`>6;W#hbvsE?y%liYbfeH~li9q7k1c7aacnVfYRos_AcKP`$bijw!_!GnSp{gqPJgY{?TnT?15Ll-(!}fb&UsP!eV9sQPFdFU0q?j%pz7M*-sBU>efjE# zkT^wl7Pc&{`?;%TA6+@|Ori52#dlAb!*ck5!K@kw*f(#dM~;kLL^Or)YhfUun_eWy zl~Z`2OabA1fC@E@inFu>#NtM-6Liqs4Eo2yEHl+1R;okRA&-Kb<}QbRo0RDti{5V{`Q&; zO(b#;6>87PCuNrg=Q#(moARInvDTx`i% zfchtOIf0usL|X#jU@41Z&uW8y?BR?(-@NQ}!|15`OEU3YCE~4=DMd0my2^K|<~}ww zl3v>O6e;=qoDVJi2`VPw-Z&=ElOURgvVQ_JO42&pyrz`@WkQ)p5ozvRp-ZoONG6`8V(mx!@_YW(_c@NfOOSvZ@*F-5X7vr!9VeQmBl{da zC4JSlO(CQt4$~BmxQ7sp6h1j?onB>o;r@g;cwWa!j?iZC3YgK4MK|=H+T_!!~etR6PT16DNR_1<^-s$^;e{`n|SK%=jua7#c&{?9|tAiy4we9&|o8 zh_AhZy9qB*r2Y$NQGU=cv4!uNJe_Yf%6Q}^Y&@*^MqTtd>!F+Q4`Wpj0G7&>!_S^t zy2dADS!h?Ir}tm==D$q-WdB_g7Jh5D$d1eTP${*#g<7Tl27;({-T@rdQYHAk$j49H zQX_9&VOwg>_!g*%nQ({7fP%?0`O-HzsyEgqRU=o7+ zjeh=y6<6d1>CGnbH6XDfp5w;*y!ie{Z2JVZ`OOk5e$3>F(G_O#_}tTK(>1g}lqHos zp7f!t9sL5?h-myhXJLJcyirnz=P{~bw9n(wF3jUaysO)var0nY>9w6%_#rft80l0W zcYCW@;rI(&>5%1+dQq+3gQf929g0rzR)h1d~z>g9sKQE0Km*_bzG)e=PY*or>m+0F@+^Bk}mCm1lS) zV?D+lulC29W^(FDuP7Ib*h7^KVJckKGhfLHB22JvTCD`qNG=zo` zzxb*fuGpKF@1FR^WQ;V_W|K%8;=AVeA>f2JSGtR7FH1WzE6H@Lgws`!=SM7RLo|bt z49FuyMVNX2U78~6%x<9lmi{4y82RYp+WU_I%D`>65$H$-UlSz;EnxNvZ}p<0fp+}f z7Yo|)HmA`ns$~|>F}|*q-eBg-xtr6y<0lKhdwP1hySw}P`oQy7cdhRK*6K zUA2?X^&GE&G8foqE`<;`MIt1giO0~t^CoAdM9gF+-sBx+9vO>RPpqUiQm z`uZNFj!t^6{3)nnh_N9nO}5Qo&#Bpb+-8MN!Vr2V7ivr+ngnM=oM=LZ>ht1HC~Af zFYy{0&J3ot5w?qm;Z>_U!1=Mzd%K2LJ(}GsD>j#{RQ;0TAbBX;AMTV# z+ptZFjEmuPrTk3MZ0mYnuw;vFJp_WDVjabQvV6lk0Obx^w)v?|vaCPOtcqdit0lM4 zi=H=ylq71c{0BE)>jg^Dqvn*aN?WH7hm}FlQ<*QFwZ`| zov@YM=n_0!-+uWa!U#p18>}?+LyRrE;XeEREwvFe@fuKJSmp zeK%dsD=mBemd9yp8z?vDp;OQ{5t&<@M?ejGOVG`W8G{DFB147xU^n$WetHS#HL{b* z?S4j!{?~Idb8!k=M9nUyk_T3wz<(^paX{sk7+rTi|t*f%wEmcdR zEi+TtOvg`){$p4;ZOLcd2P`I!#(BoR@yD|zyYSFgSL5L+o0SqpSLaw!Wq^?&mFrQl z`J1W~@akwr=C*D4OyFplY~g4WzMCRk`FhWaib@5L$7;yPDP@YuAg@P30d+*r|Mfit z)>wuc$%}#GCEVLSQ}338%!U1RxA}qpX`JG}CIB8=&0Cg2t^@0XXCv-_WGYC&Dv>nE zC_O)(Uo_f%Jhoz6_-aQ!e{ac*f1bO zLY3#l`4U{&iGxe)G>AVRQc{zW2&XUq2?f9Ndan{@szh`2TMFtV3d{<#xZ?4X z)n)7*`JPn%&~54N9{Z`K)wQEBefP8==zD#4b#A4qQTp%8%ik|_)b=S#)uQh@o`i>- z>dP)h%gjI)zQ@>6Rg!_OAgO{}Rt%N3%rNy^+#7)2;0xg1cL3}yjY=tg#C-QodPgeC z8f9X^hd=(rE<2My-p|_XW2yx1y75G!-K>fIhI(0=)ib4#e%&nkYi~CBpoC3`J(x$$ zwF!{bpLpBt1V#T9GuQW)mX=n@Lk`x&qZ(*}`xJ+VON2*T?WBPNx|Jg2;UL$TGmk#E zJ~`nZ(!?53A*z0axY?cavU#$eOn0!L6v6g_IqhQIWyo4Nms-F|({=whJ(|rdU#Fm| zZS`07dybMrv9GGDI_`!~okp<|*V#7UxUjD7k{3}vo!VWcofGS~AT_TJ*^&9w=rptP zK=<>NVq2lHyVVWe36iX8f;*6<|C)o1tRI^}#gndug5>D!c`sL(u|HIV?byTcwb2F^ zr9x6mzM{-YKs~iNSiWHG(?EwD_uFLx{#|Lu@%7%fz`{i4%(WWy zif@ZmY-b-K5{lQ+op}hl6Cd|GeEc?YOm(OteJ0$i+iTOYJ(2_$U;iEonhM z`ZBGaCGWJ>rn360n)PEErd(W(&k7o+PHZsw&;T`kk*Vw%l-7HjW6Pe9%o6GP{PFYH z0$ySf_?P$jpRVE=b8(-(rf4)Jkt!mHRpjjLmi-ln)c8&Paso-C9U{4bE)Dyn=)JUK{!sEKG2Odi%aIL=EUtH%qO^0s3 zYS%o0YE|nQ!S8fg?u=Yn)y9)!hhRSh8>Q}#QSB#$9kXPjy2ejuW?BG<7JGR(s3L4e z`Do1PLgaY1U~|WeDx-%EH|}tbopoqAmq}cshmilJQ}LGs zDO&5T58`fQ{wQ9>H7c?Tu zYlI6V*AD2SJ`{mZ25IzYJW;iaHh|u21%X49nrLqCf8XD)Udz)QML8GWO8r#iz5TVHZIK zLutc_rt>4FD|7Q43-g@Z+}xZT(U`o4?S7)qXn)4RxW@6sOy$$!Vg)fE9s%Ugm$9S! zoR12tIxjb@F2+21LoY8cG@cM+ExiBMKaSf*(X{__s#8%Tv{>i^64K5-Fz3p1cF7UI zujJhuy!c1(!SwP@^hj8$^Vo5cu-eV}6v5e3oWfcCj}Jqk9~7@;eR&|QN}^#f)sVgz zJM*xGcX{Jn*d`VhojcntXY(HW%~yK_#8)Gg## zzX~m0A&0*6kscAIQmJJgF0fcY@h*9hhxoxpyewUu zNv~FhheI8K)4W>PRBR)iD?B>$N3>wHpJJ0kUauybRt?T~6x7+PO|hCem)m)%r@J$J zTwGjcSpK5LC_bdW{0Em)AzmbXX8p;6u88yZdJ`UAbQ@G~e*-y(MW_SE30qjB{UFYM z=q2oT4_*BF-uADJ%hkxeF%*)r{TeLdRN_!DiU!%Ph^#-z6+ne@4{gMD+Pk>8czAfY zxKyh$R_Wi&&g$xjU9&uRgBmO}o=f4{gqYQG^lLFW6+ki=uD5+Y=dDSekyi9eN+IrJrdPO2D9cgt$o|>3*0H#ym4No^ zI0p5jQOg|eTWdCWsMIo5Ku5JiLzR%Y9&KvlJt5!s0oZ5GiWD;@Qp}_h#^baY`XV6% z*{GPJx6hTb@17r*>`k?l~w*hJ9!?Mb4p9E2TTVEb?;?>Dg7@wlvxdGdM&nc3Af z>}MKd_#FGp%|{PzyT5!iEQFDls%Ds1+_BTl$~Ji!%G+hNuhjb9{l|oVx8!ZOdW+Vo z^f)mJd$E=N0d|Fp2cqBG%tmhf^?%H_vCGKrBljUWQ<@Gu%=berwQPYc`E!_c5zcrs zr}scE)cV}2pp$LINmv8MSd}+n#<|)kfm;0R2hXE@GROJ+k6*_qJlOErJ3&9+AUZE7 z=tAQDnOaBi7fm$$2zbEfc{EPqv{DcVF1j}fTLPI$rVf*f%V(Zx62u7kYZ@Gg7<%GK z>x-e4Y`N$AGHXAxzm1_lT5*KENvNkK)9HVqQEWQl+{`?taGAT4e{GwA%A1zIkbgfJ z1|i|TUC|sV#m4ir$~BBpdeyYBN-xcY8cVe&q%se0cPmc& zy9e0ql$`l$$EDguqyfr2*!k)OW68-ng12_a`FKq}qy2~T`>&WH6~$|QNavysPdzE` z113zPuK$;D`5D*SlZ@sgEEY!b3o}+5FFMP5;jVm)nj@6XOs}fnH2Ur~WV%`Bg{Vw* z5raoB7)p?q-U-eBWiHEC(P>|+y8SqytfIo?6uxlFwpj2w3;G&TK;YnRDMDnXb*!V$ zXd6+N8tD}gE0d^4ipO3MQvR5VQ}E_T$C5GUV>2#e{V><{U+ndJ*C**Sb`7=*e-%72 zK0dx25F92TFL9PdHx3njM1t3-4%#OV_swfcLcl0!$lN`i+_g~kXeGPk=BwN;mturd{5x_m_=sVp3`#k zv&*&VvXZt|Yp=&6rJ5kjNxK7d@0rD(e+0307>^rgY`CEPH0h(LQ%3AYUUn1GheNB8 zz3C&-uWCRqV}M$xBf^~4fr?7MT%nFD_EynU8IFe&UYd$nBzIRUrxQ69sWZG$E=$dz z;!wyVBa&?oB>k73VIdO8WL5Mh?hLO?st_lPNcyJ)TSBO%UmOKpU!5(~zBjQqz?k!d zkO(K^zzt>?6Ff5BKJhnRHr9P%jC*PApkCJB-*@cd;^?erscN)Xg$%YN5a~4F_X;#3 z2>?!?s#pCIF%4K!%n!D9R zS=kt+W6Y*#WCF*fnHm^-%69~`=+MBn)w`k#KRWk7=tfr~F@`bN9tRi+iLDQeE2O{< z^1-#<2a$JH-jr@-O@xv|Av>>tsVqjA@EQnI-o@-slI7u#3Hr%z;5EMRN_qmd1WuH+ z==V0dM!$vbtXG*T;~=k7A&a6$VYt8om))|WH|Q#`?UOYX_h@&Zu;dkrA?{^ztCU_J zp&P^7&Xak4!Egm#&VI6|PSk1qt}7xAE3cVi8xPvBkk%*=?a|cMlJ2s%zqHXQ*WlF- zNEe4)(|Zf=55`QUdUE@3-E!wZLM9z>gesSZBTQ0?>6y?`p{7$X#*>?^rL=T#LmT3w zenRI+5j#C2p+WJ^9?GN$P@tEo&orQ|le+u5(dGpr1GgWe^Rt0*B-gBXaD|`i~BW95lu)Z*u%1Np5 z@k^zQt`!$WcVT{3PGnS#Ipj+`bJ1qKegu8RO5!wI%=(0rFx|OpxRORu5iKdR@~bck z$R!|=`viW-TM6wKWmS~sm3E`kJRa8mLd~@wmHd9#+08hdy4)qaR7C7~G_X{EJxEa` z+sesh75c{C&kO=oiGrv^;)ln3ol3Q%ImIPIDw*qd25o_}kobm|`m{2?O=cx9?u zux3=H&4Zn3MWPC3t_cd(xZK*Q?X|u{@y{N!^gPK~jVT5eBl$dcm6&bb<`GKW+Sy`m z_u?olDf-ChSpQ2p^x9GLAY<7_A#bDm`Wq-HTl109$4fmWJHR-kfLBUNLc)Em98qk7 z`~GncO^|(>QrO{exnj3EM@Xp!!01f-4-*@Nj)$So?{}B0{>I~@Gt1bWD#eII zP*Bj^;0BCe^8mW6+@|bijd(va|Y;-=J@_zXc6Basn}C!WO`I&CCghZ*$fN z{+kOhlN??%cPrdO>Wdm9DHq-2mJZC?uPa?`F>27>YC+o@QyV7scA6_b|J8sJa#-w9 z;`Bj0nIUPc?0cWsCpi@yH{poXK#?2{rPuXaV~_Tmpba+?pn zN-IoxtQc5C3MB)Rxnzzxv9Pf2Au_lB6=|xRiV_gBim;Jgh%?bxSXk85 z)PV1@*(%#`Fisxs5^A8=r@4Fp5z9R#dz&fj_{1Qv`#FR}t?3@3N(vCs<2q42Nc0<3 z9mpkZ=}yof!G-!+JG&0<`aUVkZFr2T-1r9!k08J1=!N<*2CcX1sfy!F-pq@C6W@DP zcxi;fqt`>biH)3~%TrC3i_)I^3W1=3j5x9|E+`>VC8|av?Gpc$wxDc+h2FO6E;fE& zOfeCcmiCBq({p8WOcV-8016OVPK!{O$o9!k;ULPY5YZuWoOcY&5?DdQb^`?mx8_Ad zUp6Zm-RBh;kWRToM9>)juD(P3n*`PIM=PA6B+N&d|Ux*>3tM7c-1(G|lU(lh z`*##LYG;p_=IXlX;+-Ux?f0hg01THNv0JRkFy|)d-pA+hnu$E;nMD3nuEG7H&MD7X9my}@zQ>+M}P4*=uS8|&As zqEi`ZF2aZ?w-gdVGFVq>}S`QtzW|k+hisstZU^I3_O0U_Ib!ckE$H-xo0a zv81|m;&kMcjGU`pHfv$9k}(KyVQ*ReT0m#5!nfqc@Vy0vNZur4AQh_VENicW+N*HC zd}GqO${m$)%!>}p5J%0yn$3s;NZU{i4!k{*V1C!VS%42a>rpt#p1zi^ z*goW?CI9v5vW<jt>>n4i*bB;IKQ!t#go0hY)3z$QI*B7l&J0ujp@rmndGo$%u~>ie;b z^7?w3nj1Q@0YAZW9DtDenA2`QwMx>hJx8P^4n8$s6Df~8!vmm5v!ch`>@53eZ+BJO^tnX)Aic=eb;*9 zmer0ou1M~~wV7Nf*SEVa3-H|ig`2#Bu-Q_?)28#`v_y3Fa?njHDZBc4;bw@K6|t`)bF@Rt(L!L@#1Z_jlSBN)rp%>a8D0jDgw-sT_4adK6x}_K1U5Vl1*fV1I7<~o? zLZwm`%HnON{4V)Vs8=X#Il&xuRWX|0hE@_RZ;%>T+;WbvP7S*waT&{bx(HjNx%zpn z2u(hezc-qLS@^M;01}A?I`KviTpi}$+%!1!37jjeNf~@_x;Pc#%bVB}I7m+$`Ap-u zVQ_({P@GmqR_*JD#INgL?Zw9i1{OoTZgNv@b_V(~hK;D)8J3fjHl%xZ+x@`NlJIo! z@$Bb8F?AROZ&n0}k*9qaNi^QeOH~Ce_l4}8FFGu&bN4P!yW7RZKbxfH78&T(+{Gq$ z+c?z@-)@=Cm}tIY*dCU2Mhj*__x1^IdwNB7lZoRx3_4;Izf#0I-bGo9fjRu4UbxWQ z>hSq0HL`o=eOhe6cTIgXk=ktVd=)%3h|e3j+b~^pa{Q%9Ww6QxVn_vm#Ne0%4T|gE zHy>KTAzzJmHcJol?K>0Wt!QNNHPaXB@9!v3G%UB@c&?@j6l5~l!8XDNpiK4V%O%k3 z6It<=`pX3VJMXSL)(xy3;7zGb+f((2h#4ri;()Oq1ufC7P~ff9uniIyt)D}si0v+k z4;GMBFvL|CA1-FW(|MW8?R^}H9VqkM`9)2QxCg@m-^P5q_-94$#OA9!kk7%Ew>&Gz zZ+3C@RM(2ay^crPjW*ZEvo+^22<|l;qXbjF^7haoK3*>;_1Pf1!ar&~GX`+1r(tQJ|2gHK3xx4pWO8wY=M5$o?*=^9JIr zfjmpzyl)`b`FM?UsA9>r>d{XEk(_M3x`qt0p!nYO9X-h_@#=%=BY)s}`YuSwQ*WUK zbNoc^aRLN67^K9s$~Efn86y~uGKKp+`>0QF@MHv>9)X+i)u6NU=m6xl!lJ?1XD|8C zvg)`(t%Xk0kigMO=kGbmoR(GZ;p{^P{V!DYClQ#&u&_mqrNgtCenJrsZdXE`7@#u~% za1VO~MyU3iMw!~o-(T9Q7ZsO@P_y!{?LbduAgU?0RHesfV{vf&N$`kEx!PwDx9IVa ztK>D?Jl_Vb(+C2VdS3`Cc!hCuc9R4oh9o^G?LnYlz|N>miEk#Fm>w*wyyFFvmtfF#7-<#HV?4d`YDL>1E$TgWf{ziaYtt z*5WQJ8iZVX1bE@!M*0?UmBPyK=BYln?t7mVyB*{yvL(Qp&$FQvHj$Eq%fl-(ulNXl zX|*cdB!`FTHh$nZ@T^Fv9sLp~%?Rp9Psbe-X}(BsooYhaqE%LcPiNjQxbH16m&R;u ztot0Ux)J>JFuu9obKOV&q1d}ISWmsSLELL+&&!71^ja8yvK#$wyyd1(s#;)}fsXEt z-19dd*q*?1s87KHS(fcqv!s}aZmRa-g(yhi)F_ovD{%*SI5NWfk>#JR^=W2us-+t|eUaQ{ROT98|g+hYa0J5o)GHKuJ0hZw} zsYiq2)wM&7wz){?>AV}zS}w3`0$`4z3v+Nfajy+x@NU+Aos`^6Me)5UuZr!KiV7|s zp4Fcot_Bpo6nDD_dXmRH6?W`7JNJuGQXy%?AcznAV160YwRsZRRK0NQ+xqk^PObnO2unhrMM4Hv>NBMG>$Y$bq$;SN5C z>kqCzXX0LG6OvW%x@-1%u=>V_`L$Uv=$`;GwO^#r$OlEQ6%#>)Vt;8Fp_sfn^Q1g5 z;M_<>`vn|6HaWowbLy4eK=8H#%6h>CCMEkk^_E!b#plbsAEmHG3{*u9S2d)Gj{-oG zAHJ9Jy2(VW`HpPj?rdZ>;EH8P=Ryy}UM{ZseZUn4@x9pRveX5~RHsxh`yldLSS#+Q zvG1J=G5{TAc{%aypq<^A6!#p|RYdakS%bjNa+DWcVcSCKTMRD)F9&5o_c&o(+AE}_ z9!xQ8A?VugJ1*Mlg)_X<`~Ky_MG8W{MxcborJ zq{%<|l>1n@3jm`8q0Aw^!biAAZ$1rq^R27>>OWae+IRbkLTb$|v+x$t(yew*51AX& zUYuCbj5w-ieHc#L!-y$r^+wUz(-nOul<;Qrcj77^Vtqf@)33!N{bqMlH*-?a#pg_D zaG!i7H?8v;CE%6eek!T!2_8H>R~rlQH(^h5>&Y1&794hiM%+G~QR9sY-**wOy&sj#kf@9l{wo?`c)SmRsLxhCeA>yqO&D5I6f#(GBbp>@R^1+EM4PQ18JH*SMm zBww>6Q~E3^jVK05VXJ}i89sD9?Sc*ZlDLZKT)JyBTl^U*p~ILH$Z59gi%XPW*_>5 zHQ=B!Bb?n`MxWT)^4C*eBvIG(pLNL=&BrP-JB){X z|1Lfi?4}(|FxIixrV@ppE${mgD|gA*L9Y)JHE-L@l3z-kzo~mYWGGy-{-yZr=RIEB z`_{PF^%8SG&~3-p8z1o+9AdDmqQW#15va?qPu%nSIxlKR6I26>3;OCeLPpi^SvlC` zU2k{0r%|3~Q{frR)~{W1FS0Z;o5h;ihL*4Xoc`c+7PL{*GKD-myF+#P;mF=Q{zmq= zH|@z7&mQ~228}C9qh1^P4E&6srFD>^2nSwJE?i!0OK7!?2n?)!_mlkh#7g0C7QTgl zTD3C$r9ny}9~vKC-Zlyxl%5z~Q6p&o0S|brDOCTR?u|ce)9gKLIqu)@gQhHVEI+2T z)rT0q*xhw~lD4g_J4-zOB>`(SBmQ+W@=)+uEb%Q~u!B$Y(>$74HYx}}2bGWh6uo&r zq%{jN=tB2N=ll6m0204X%Cb-30A%6!FH@FM_E_y8dKpvQoU?6Pkz@EPzI4TDFOxeY zFA&3RN=E;wO*SaS({^U)Fv-Vm;lw1EPb`bgHuHuo+!7N8GXQ^ach~mVT8G$$%dDh6 zf#GO)cJB^`I7oCYS@<^0op51isHj2^NM-i%KR|av1@ZCayU@(Ukd^G=H6>n<45ldx z;39N2BF;`HUvq=e_-X6fa*Lpn23dyqf=02iqllsR$lJy z@F2>;lyzWAobu3-(DcH`#OwHZv)Uvkq+~4bT{|ky9^XGA=jYUszu` zbjF#OV078C9K8#BvunMjo!gD14cS4oN|}T`s0UPjc2sR#goNO669LoL_@dh4ZFl`b z+Yy4VKzZ~goaefOb(jZAHZRxKzI-p7!Sm3=D~h`4kc%02(qog3(u(-E>glIyX~;`) zg*O&&1AP3qG~J7G3nT&GcdN%wCh zTK!^f*RURz(pdE*GVZDAeE6q}N6`|A`x$xFrlVZ znxL8&#wMLz>&%iSEvm3TAQP}B&8+vDS#MFqsm6_cV-4h~V0eDw=9Nd~QnTa30@ zW^l0Mc;!DfhN@)(5f|@h3y?GoA^Q1bH?h;7+BEF5LePri>G!6J z+JR>)GAjJt<;*?xclUL`4?&_)A>E{)U@P7qW;9MQm=#`m(K~?wz%2*~%D)g&aQ9$) zxj9qtTCV9mcT?EAtwe5_TZwA@nUI`3H$TtYQtfO6OI@B=vC-1*fx}Z8NZM$tf?GUL zP{<*W>ERmP>wiHYyh0{hVw2AS^fAA6rUYaX;$$}AbY*}F;PrcHA*8z{cCkK%| zWzSdpriEB?N53?cu!YwbpPxP7tI9Wug9&wlWA)X>K`6}fQN!K^V*ipgw-UO=OSUF!r%2ZIKf%3K@l(mX#x@K;-*`H=2=Or=*>%HJn z0q`zbl=u$rFg^;P2me-u!A?OmNb82>`&+D=@GGGiSAV=S51mtKNl0ADc32HO>!omm z80$CM&X`ku#nQhHMRLW@L9xeD>o;rnG?`gXP!*ER^L*F78iw%l4HQX1BpR&U3=55% zfv3&1f`N^lCB;mQrZ^>uCaaB81IdZ&yTujt#g!ivS;?N!G}O4gv*Y+NVc=m~&^0g+ z&QDU>BVVNKCg0EKvJWHnG`8hZJpK7nsi&?3{gJvxGDlM;zOt^ulo4U76=OCbU8(DQCy*l%Ea@MN&u*r!WH7cX2d}~Xl zHoiKguIQ}tDbzbAmODtGB58U>cf18zih=f8HfJRCObaMV zL(`IXT=*(+sHu2tuXR?a6FOh#sRPE+wDZ&=dW{~OST!)QxtgW*vG~#bG+?QrwysYhcr7o5h3S}^CN#DmmD$a)&QnpYU2qbis=$lepOWKF zO7y`XR}DygW)@uSTGwg>I|E*3P!P5IbhmEwi>Al3x2YZlJ*leGZ_}HEzo|1MHoc26 zi_s?5LM_sFaD{xjq9a@?@h4+309}KH{uOhi0X|boBNh4W>Pl!eoo41dpnV zszpnmAA02ZyzUhgL_4dh5dMC3_Z{wj!{=-8&f(3IVheCu`8K%G)}Yj{SNf+7&x0NS z?lO@wNsm5)D(MEy%`T;eI-#Ci370tZTLcbS`8pAS=d~;-gq^Mv$oFga{BdcJNTWT= ze#Lx~npgvM%PV-CKg04E0-;S29KOmFscNicYc$(^MbRgI1UH%aFLnPuMy=}Va)aqF zn!?`CSOu&%z>d^#8x&r_@6|=9`P#dIvUso5PV8{LTCL4E5zBKKehb!&O%|&&2cE)i zFAQH$eqjL4Au&rR2VAeUC-}@44B3mjeLOeRTXzD^Ix7S6jG}1YumBK)1ULLE;3>Fj zq?=!Nn73VSh%eUwrhsD|H2JZ=*n7Pnb~zf-YT(f&oEJ#q0X#GbGuJ$Zq!(4fUaj|z zG*At8T~Z0Jwmna9_Xz%u(f+p^_-0APiET322Y%t>ZCHPde(NoQQL%5IDJS=DA3=Gb zbG2U1JX0k6R+q;;zt9Zgpl_*Li`Dm5#ptGH_VK7Zcs85pojcwk&Avk(Pf($kYr`kN z`nh$@;t7qaH8ZK-j_nSX8Nn_g$wzm*Z8Md)T}x^JgQr<{sB5buf4s}H2&(g>fbXnO z?XT}>2phfHAItaA8MjX?$eGdrj=;5?^-w!wyy%8IpTmvJF_hcRH>z?=){+q^|)r(xhwu(g`rP?Zx;^N$<@jjH+s z=f&*7H_O;ORe#_B?hY~(B&loP{BCoPp3l^$o}XwfqSf_nkzyAHa6Ze}BVYNpPvE8w zI=&LS7F8H{GprpPlhwFKYP}9v2d57kg`4z&L+ElTa<;~aopxF%u#tbhbQ^Hhyk9QR^d8qY$8kVUw68s zGP=M(zGCWP*c_`2C>|sLPv!J>)cU`~{OAVd%_HWDyH6wI!7m}w5(?tQqJ|&;KW&!B AAOHXW literal 0 HcmV?d00001 diff --git a/nitrokeys/features/openpgp-card/images/gpa-keygen/4.png b/nitrokeys/features/openpgp-card/images/gpa-keygen/4.png new file mode 100644 index 0000000000000000000000000000000000000000..0d1e0c18d11b199fa61c41a30a19f149e32020b2 GIT binary patch literal 34643 zcmaI6by!0p7k9T(+}#P3;_eg+Qrz9GKyfKr+}+)io4)t{@w?|a z=RA2bJJ0N$Wbc_--&yOkR-~%3Ec!dbcK`qYU0zN~9RPqW1pr{c$gt3!jXgVm0DxS> zS5wzr-OP*J+11I?#@>S5-N)I2+``+&5&-aCKFii~CE-sl+Ng^%hTS*g|2Scb)b#p{ zu^m-Fr{0sXw4ja2Y#H@+75RJrkQ*R;9DD&0*oRz}gla1(7VW1s?5Wt-JxyZHivV*k zCV#&?yv=x--uh$uV@@IYh;A4i_&z_0Mb@0`ES?mPA0U~Sz;%f{vYSq4 zQTLy8KNHeD9<=+tIWC{Hk!~m*+(C3}?2ex9uO4(&e}9g_@4OOhHGL91VTM7GK+m~| z?JNebmDJy}yY56cT5=X!LC8r6YMk?Rr09 z+v7i71-Tk_Y8SMccf058Amz*)-RGu%A>0NJ#KLKXz3A>&TmrWbTzd#jQhAk_ny33V z?FbjMWmkrzTMWI1&RzoABP0GenLM7q-EJ9IqoE+uxdIR2%l9zG6K(**_8N+rVJ|FCM}nbe zv$sjMWIXPR`=^K2w_aEl>Yi-=zck-tT*?e0O$Dlyy z>$W9@LvfTo)0ZUK+Lj$8m@D%iB&8PmqEM%4y3!Y=Y5SscFKD_kH!W!U-TZ9)t3Fnh zp>1H-bu%+Lol_#{bu03UOclpnQgPLXPM)0zo(=79Wq*xp`~LG&=Jdc z);c@caoWCej$|UZHIS?t2&i2JRqY#VCl79S)x0(mrYk(Lf7cL@ zuP4B}`D1oPiMly$%+oMGcxb`DG|r=<`YC?iFv%q?d9c=Wb+Tk<-Tq<-~&vijPdz8BcCLaS}?w!h_!{*x|6*@5pkj5bWUr9*+>~Qe$GLj944tmW$j5NGY7=)AbjIW zBonsSP`$Iw+T%)xt+8#(Ws5$;etYpoWcU%WJ$W1O`}d{GefP3G&u91(Z6QA?PM7ds zQv~LxX688~RVlR%tY6lNW+JIf;OHO%PWbJMmd zsUHcaED`?_TG>hHWL9v=^4}XWF8`D~b;Ueht7NKv$by$%rrO4Ra6O8a-aw|9@X;@ZuCj35??-R`{KDP&(~P; zX}KNAlf}_7D8|Y1Yv(K5!4H(Vq{zOyHkjCuvT3Dw7Yp7FQAJ_Xs;+%+Q}kt27?nZu zNN!lWLE(pG`o%amU;A>Q;GwPWclPD>_EIQEU$7te)Ccy;4ZLk-xD>nEe*|vvqwu>D z#e{C{G!v{PQ`HJK(2wzUykw7Cn6{qPb}1BDP)8hLY?FmZ%lu5(!rIK|!+L-7@~u5Y zvip6uNyD>zrzxnGXxW3P3w^2XJ<`|8ZZuWqDJmq&X=EcG0*OToSh47|9`JF8&)eql zYI5I*jvuUSwyF{z;9H@fcV3E?T&OvcD^f9&&lpL_H5PKeX3<)b<%zB+jApj9O^Bw= z!xjn50TmHrs~oijCr2(5nIPi|j=Kh(GVEu0ePUE@Dw$a!cI8~Rn_#tO09 zj^MN11>!}0QVx)bPSbcUTgS67-;TcikfuWepTzJ9+M4X>rpWcl%*}9aV5a?g@KX5R z+iRx3ulEIg@SMvkrbKHd;vhin>$lGJ)BLbbi6mQ0lfB~7t zt)8z^{=^_Eg}({-mT~vvGsy8+E3hWpeC4vTwUCQIgN7m#apkGBL>+AyyFxEaZK;8| zlb1||G>`C^h*0vcDJI+0sls~%@(5#ZS6SY(i)n_y2fy&a<9W4=FUWJeyrMiBBDMUzRjEUai<08QGoczYGvW(SiWqhhc{_DCm%4g-~9X>u#l( znL@M2L1xZ063nnmu96&464ne?n;hy}fn79UZxdqnt+BrClr6ybz*n&dx~eyDpH~e; zlyG>ljrh_sEa1D5Ob}0!+2ugx%p*JnuK8C^!ykT_rlr^@Fx^6f;>y)x2aDoTNMiM4 zu62ZdOFph-`nLeJcLp}oOtwtzH0Ynl%4l`OK+cK>F25IGFgw%^>O23YiThIACD8*w z`MzXjpQ8cX4W+|oEQYb=bF|7bbZ9+<6!m?E5-Skq|iJQ4vFk-}VuBCM7#bI9x;Ws(p@x*pK zwLT)FA!?$`ow%WY@lW3QO+PHfTn_ z&JU}OzbH`dsR! zo!>sH@YFQKsrAZ@jBZ)ZX2S6yu_;u+mLaC_dSlA-VMjbN1Bia^_Ufh(&KX7q=5x_1 zP6W+0hWQVo2#Vn};})!9-G38YFZjl|sgFb4Q?E+OE+)KA*D<0pqYYl7JO71Qj`vl% zzzXwmqK{-W!$6imT!D@5xl~~9+iPMaJbs_iZx>+`x+HqZ!0aZm@=fc_mxy%yO~+lu z^ONX$tG$NjO%J^>5#iTox*xBYRNcalE>bt=MjM1zYi_&a!ZGAFngWPH2wS^l9q=(O zh{%M})Hj|Sk+2*pAnl>@>C~ArQ-o!&k4}U*M5DlLL=3sAA4rEbS9J+xv)TwJy{;pD zjszR`YO!#)Aj!707jZ5alsT^6M@K~`zQ1MyyHyhONZ`be>ijK^uCtVBXnHZ;BPZPi z?x2|u$Gb|5n?5)Ra9WORO;XLlmO(JzynifwNd(oSbP27^rDvu~Q;gQn)SD0;VDsKM zV}AhDd|E86c3{UrW)LCigQX1IywpRZCgejJMm%g6M}*arpM7_Rxud~}M2>x&fgsfT ztG4`;I3klDOM-2X9xvP4)vhBbu7|PEoBPScLnRoF*FjVHm_zaVUqiK#)yv9F!`+26N_w&PKVgSCp+sg66T znY?eNJ%RzTbt6^+iz;WxGs5^3(Koo-X`L+3(b<3Bv&2&;EJ&`^0bTl2d^Sow^&@sQ zkluW=YPeI(2u7BDH5@-G0qzdK9hjm|mC=qiK!{N-+SSVFzllQ*G>Ynl@5j@JyOeep z58Hifb#T~=*u3ID#M79%UBzgg|FGw?2EJR{_iF(Lv^+i33wdP$S;yS|=SLr}jx%Q< zGJ@7SRe{D+)=#14pXw0?BZ7MYpZRcHet*b=e_xa=-;}_#^%PCN>VHkq|Kys=hn?3K-fTJxcPlX5 zltuVXCwroAhPV^quVyfA(uZ?}Hg@aiaZx0j_H@^+3#{5hI2MGuWlw=RnomdMd>@k2 zN;B4BJ%Y-K`KH(_^#*^TN$&rKNu!`vdiwPTc95BW!ReA*wJF(_Vp`KesKrr6r8grl zJy$HE6`NuRB_4rY4Z(J~v)mS@YbRk^n~u?1z=q^2+gKZsy2GnmzgZJDR!V~d;FBt4 zlQ$0BoR9fj8Cs1ro|&}2C>IK%SCA#bwlsmiSN5)4Jlm@~8YXGhqy)|1jtr|JSQghN zA~|%LwY(_Q92dv$>wTy#&F}>@o6h+du13WwkMF1xXCjZEt0JGA((Bd(ctOCRowd7i zOCoCIO&AFO>y$f6xN}9i2|imJSSZ`l{`C-Uy$bdjoJHwNOcQ ziMSU!wqY39FAW|=*Z@xY0ll$7oo?0ve#!@%!9`*6!3#;uVho?Qvs^oR>0NC0GRtut z*nil{bd$eN8A{oZK%=DTO=ZW%X}6&WVmL$i_zRZbx~MX8f_iUw3mawfZx=i5eo!-v z=#TeH>L|$L9LxRq8krEWI}y}~it47%DWn_v zwUqDc{pjDH%3gYFd_?aO>qy73E`&GhXMd#*`R&G(Icqe31t$Ge`WffOi#~FR|J)4< z_2G@xMO0?ZUc($XCNS|Mef#XQakWR($a?+6SZYKzw77h*LL@TY>+ki>Wa9tULN?;N zcVv4%L~M*tK4(&Jm!XOI&n|=jl6VxFUkpI7CatdQ*;g#Pvp%pvFr(o?_ZohGmfQXS41%BzM=_DKjn&_&Y!gMvNqesdqrA_;{lZ9{Mwic#Z zD&?UV!KIWT)Mv_f#uk5fbH8>pM;PVQa?tw;o`pY#(tgLf4B0eXNNf00Zl;Q*uX5#_ z9EJRC$qclT2IE?)7%foSNYSfXivC{9l7Zz8&0}bu=9F$dJN`~%1NTa{C=EuyP~rUq zde7n{&d-)m?&$lVIM0tni21sbYg^x!e!wBOt!Lid|E2#}bNoL4)yu~D#dp4QbIBR8 zD%(t_Ho=p~TYPQS5)LO`5hIm?OaDWqD7o4fK;KHtHgV@SiNMzL#>}fgUw^cnpa;yZ z?eckB@$JRL0=BcMgU2(GCznl(X6_jFW-8B5qJKiw?r2hbfAU26(}IP<(M2O}%@2*y z)w@vc$fSL-4_op(#LHhxZwqyOS6IKjsi_oq;~$wEj@-)r1Xj`B)UWp}B>U)Hn4FBX z##6pk<>qO!PihZ0Iy2bOP^cGAcWY>Th>z6_Bs(hE6dge9Hj+yVfqUs&JXSXdT2?6c zw)(C^o~=b`;FD6diZwE2Wj7cTBgsNr`ayMu`mbJ@kS-5j)(=T8v$D0+;?*-v#cWdA z9Yerj-YjjO&hVM!3sC-#0>^j9Ipoh6dhWsr=*ha-O8Nw}k~zxTXCoX`3H;N3{aX4I zAo1;hPN(|i_g5M#)zteIjqpVtYD27yVxg)VdIX;lRAg+N+5QNfZE}QUJD%TnS_?AI zM^lV#-0mqve&U6+WN*2x zy5LZxN)qb2hsF6pn?s#xBB`!wp|O!Lj;K>*sCx9UxcXII?+xCgC;J!pDN~Lw(jQe;cLoE)u29Jv& z<8a-p{7d^Mf74&W85;byj7$6d{bZrqH>V0hwNn?c-H}!zpsR2c2+OKdff3tt(s|1e z&~~!~c0KYjI%t22;nfd4Q?%mpg4-Hg`KxC!@2TM(#5m;tI|1DJegWbJmDlpA!&oRZ zX0P%jU+5o!-aizCRr@+Z=G1FQ%I>%A)nhr5+vCb8&ZY7!bj+ufj+!o&IhgV;)+B4J zzONPEiw(?9(2$*?&lo=SS+!ZjBS)g$!-qKqIbxD8G+S$N8dwac2Gy)pYvqtv4%y0Q z;kUrWWTP7a0zAn^ECHi4B{!N(*M`E>rNVK+1q+e*k3I9B+9gD6!*Kr2GyNg3rLi8B z3%*@$jEeFNdbO>ajl;r~A-eg&RQARbZ!e4Pu17+uihOpJTu#M3W@oWfvC*Ji5gSw4 zBrjYo@>JxI`@WQcwp5boY4}b|I_gcg*s>{9L}6h4c$Q8mXv@1!0nd6ZkL$P{iLlh6 zGAWY&op_GerbVlA+YbZ31TPcF$m$N4mr3_Oea#$M%c3AU`Tub)rG;rU2Ty<|wQ|Q~jbD6>a;Aj)m+FGs!`jf+!7k zX55NL;dZD1J+$_gZA8j%^b<@K!p0FIAEXsYejBlb`JB3v}l_{}YPi*_=I8VFlY?}^w^F*=!+lha?t08xx8d-}{ zA+=?+^I?j#T9bIQ1x;^Do(}#DM{N&Br5tQ!CJu5jK%#jFmf*MSPYTq)YtjDG)LKW$ zlQ}^~-{I&jNzsCW_RYik_u0>cv8LA4*uur~A?iXJ6Wnba zTd}!yda;c_o=4^57CPL)#eFY%y)3Lt&I-2=>*M~bUoGdAn9nxld{Up_;m_4UL0jnl zt%8R5n4gQ7YMOZY460Or@&yHc6mG8M=C#K4u#WsAj#`~GA9fF~!l=_^5@^Y>*I@2^ z)=qjRCSLcDYPAHoCK#3&|A2yXQ%KTmWYoj%JwcUognhFl`<|i9zDVJ3e{aTduWXyP z(wmn~WWh?_sOatVgjT--%2mm?=a-Xs*KBvU;!H4EJ`iikpW+5H64(PaUiJEwSouIEhJn#L7D;8(&RE!k;GiF+ug@19vgLbP_gEXqF(xTqYzcnNkp9-he zGVzY&N1}S9c3&FPrrE(SGo%?R(WLtBfd>4%@%kV$)^CBl)l4@rOrvjvg5Bt6>zMW; zajz;!JY=%q61XhLr|bA&lH0Exo^ym}o^vz2qFCi~x|8QD6vECVMNkMT+c0!~i{a~^ zC3&gk;;Sdsov_K_&r9Yf)K*wS8m#x6Uy9rL-Q@e=ZeDJ67R_v~Y$_-`5WMmtQqDxe zQ6`HOvlY3;NU9!#IHR7&MpdV@;D>urJPyB{lIo)f1a7y>VR-P9o-s@PVbUF}wC!H~ zi}`Ne{ZZnO+Eh1ZDN0|yo+4`Vdr)~@`ef@sxwJGH3_lAO_FSVum=*|$`s0xb8m@7Y ze~^8OzR>ElTFR=3etIU(7i3cxec?S{(!u+DSFX-y;(~reX-VRoA9@0I?+wV+$}Cu; zdaaiQ(Kd%$iCMo$c@q>lE}Pb417~u(l+*f@$8?QL27P~1Om}0yWtJM|2=SddiV6-u16Lcr7VK})T@nG%PsG@2NtT^*o)cn~PY9Wj zSz$U5`{^Gv({#@D?hnKc&PoBRKLtB8uF8KkZN(Jwb##FEw1xR9%go27+B*psr=$9f zc4(Ju;kZH0Qy@f=hDfx0{Nvs*jOiRTE2NP)H2#G)l@qnEy+04>g-{s*iew$s_Zkj1 zWg5Z-r_EO+41S9QSlpdnD>AXDQwzqcG6n*$g_7I?3p(dL$kXr3WGMCSNc4S^f%9=AOf*XSO=c2@-jKU+?6t!=#pRj4?@;eeAzP~^8=S}cG{<{Nkw${pp ztyx=%DRV~_fzLvbY^>?VF}+;_Ugj_ve(a)m^mbJQ7Vw~Fg8WW>Ulz9SRpJw#DsAKf zj_;k90jo5MY$~` zz={8)d6_qC*Lr6}iN_?Sr^&yXRbV{FEO7}x^vh6EPL9!c9!12)O3KJpTX+Mb>*elr z#{LK0i?VcKHHG-7K?xF!gf&&FRaMnos+e?F+RurUJZ$P-=i!n#b=Bx5KA!FG_c#u7 zHd(SRJrBYtiXWDkjjpdG`SQoDv~H>M?rCll1#nrLsjckIcR0&Xq^0|5v6nCnr}enM zFKm8$o~7Z&*%kT)n_Olgg!Pp!lWw_h_(zQjQq}!YB{>?wXx8kvfkwj z4>Om4KNQ1sQqVV#fj?0_U_n^q&k+#%YMs-rKSwp1=xUNSk$k57~m@}k|AzImC( z%l#E|4-?}uGCYfnB``2ipME=MwI;3|8V2TYB{uph=Nk%`!ez5(!AgHtM~x_8sn9B_ zS357kB$BdkTmE?_!TF>y!EGsT#)Cc$pk6i z9EThW@hc6=ClD+Zzn!hY2Xgy4bkc@6RBKLO+j+Es_ZiZvq$%eeXDYNaWZ9G%7l;QJ zbtoitfj@HCU?}9CRNY~?=3RH^$I-<~*tmm2@jhk6Nm}G(DDS}axCi}0eM6~_w;H;b zih2`N;UzPA^KA$EJZIDjB`w4FsgjxsQ&?O1AJaJ?^h(MNk83)%%4zmE|1HnJ%JJ`EH{v;4^V=$anz^GGtSS}OEvR5H%kjVoT^+e?$z z7D)ToktAvhh0h8K@o&32cFpU+hc&N49vA=sPb+%EzSQr2$>eYMRTJ(W<7j$1t6uvq z(7)?!;29VClLF-*pqI&K@m2A&jEu4NWOu&qrJLk>%5%H}cL%6si39-07FeA+pB5PZ zGHR#P=+?W-54AwRJJVSP;9Ug^g)~FYC5vMNM8OkEEv-d@Pn6fqY-qFFv3esbls$M) zRAxS>Nds%tB+3px=iUY%-hmcQ)2&APOUkOslr^ialP87$>J5z_@H1FM;4tlTCKY}u z0?!pad($#!9=wAMI*p_scVWjM6Y*DBEB<~8eA-LDC|hxVyxdxP2Nv}^RS|t@n}WEMuzJ*HDs`z^-oOnpZy4oEn%ACswW>)`j+FNsAZad zt+polw*CVIba2>i^Al{%_W{>%{%xyjv1wdk(ouh_)c_C2^4w|f(Yefvc$A5*qcCQ5 z$Y%MrP&~t!5}vp2#BGp1E7{*GltES`d)jv51T7gKMV}7~Rq1YDHXz+^;YQ{cJvT2V z!ad4`UEBNR*VnE&$`8G8nD(o!SJMDI-Kugh22_i*A%7Z8pnS4_!dXZ8BIub zy}7+u5T0HX6*o82WS+pO(4w_v!m#V_EH7xgVcZ*NU<1$B--IV7CT{%7-@4}J@=|NY zd@~El_#IA2X_mQDFfHnQxpbZ)G8n72wOXk=MqJ(h3#t zy7$iW-H9mpus=)GW8->n%&GJ0_ww?x;CZY0-SK=;QPJ_nkmQ7cdZ?1tNj0IP!KCk( z6Mg;TkHv$GywN-DfmBL+*0lDwP1Yt3(K-PYyAgkQ255k%q)8BhC52O0Csd6MNl8O3 z_oBydJ_Z@>lapx~;OzmWVvK&A)EZx=qWglu$`hf2c5@>G`)>$>E8#f~1~V5zU@1+V zXkkaI#&zstj{H)FHjw+ma#->57FD9!C#PLH`t>dxgvsZfs_Wpz5d;`OhWP!I&|L{K zxLFi8^hlSi>B}ssl~xH>^MJ@&8gX6KxB0rnHXCrHrcN z{d?L@W-V9t2UVx|=fDXA%2b@>HXBb;AZ2+)8R_E62Ol>?xh11tL`qVH!TFhY%Uo8% zKi&H>kP7?Y2YqS=@X@k zx?Jt9iJsbX4mER~_wcur|>0I@=U-NKovXwd(wE`KF-y_IA5yJZO}?m$Q9Lv<{NP~rfu#93<}RsX2p z#M}d&Rr0NjO29&*U9kQ^u6C7wOn$HRsATDU=W+?l-jKl^RTPb=n9M-qyJme#;a8NM zw>C`hg*$j>7opw#>KdEOSbwG+s3-sDdW4fK@Nw%;p)4&eZOPv{&j56#J0&Yex8G}f zIz<(+N=;P#II|hi@FS(4qXo2t{w=SfN@UN4`Pm@%SuKa(27^sY;VCJm<*gJ+ELe?I z;ZiP`4#^F?TcAJ7a&QGlM;s*_Oscfw#SPu6C0)FBZGmO`uW90q(5jZA9v!T!%4oHRik+N z<<#E{ZM|H>TH@*EbKCQ>_>Ld>vx4(=jVE>~>u07`ek$!bi_Uk3Uq~#xDH)u;FS|6I z*pSsWA|FJ5ou9?#v6kD=WWFHz+-`uIfOTeUt6wz15ZFqJQ;TV(%5N9ub{TXRC>F zCai?UTO$AfH!6#0;3jV$EjSUBkFqtFhwm(jZk$eAh z<=OPSx?P|(-@ap@smd?Yw?ZH9yk@tHSxde}92PL1mBdw3$5gR+Qqy&>Z=>4N*m%2$ zluJTLn3<8G+hjXmU~lg#*);h_@-ZqmJ~JKcNcz4ZP7b)}u{<*IH^0BX`K-MF|g~efEz<-MF(uKc{S6toDK<$Dfad*hR zgR7os{u}4ZdZwwBQ8e$O(|C$gOG{|k$*oLO>^cw-)QJYBsAdT8_BJT@&H8!%3}ZX> zd?Hd0q#iDB&4eiv?QWrURB~(Kn`S~sceh$Ht(n&tY(IdM@`85L7KJgvLfXC13@IwigIetTvMS>Ut zjmvYg>e#M@Qc9=rdd~%1yq9iHw0^cbVS=tTNkhRiENPcH`Bfe%QGl2TB1F^t5~}Zs z38fbVNrH_H!(S~RYnC=nO_MyFSc%Xr!L3@EU8`=F1{k1Ny*T=I$;lE)JOZ_8?vo}d zErH`R%u%@4kyLV$klRh_=7ek}@Z#ybk zxsL0;xNcIDaq_BiQ>ox-_J&TDQy(aDKUhx8Jqv&J$p)(0gRhU}&>AC?*?yO60HpC)9Qq3>j2Zuw_cp4)%izUXBP6X6U8(;?5Vj5)X6u@d7sGL@?^nany?*h>_!K(D}WCPRB|qeObs_XA%EP z)=LD`Nr@8(KS_l-ahNlu;b9>WlE|(YuPYhA)a;9tniO+y4AhPD zT%#jZh6Xj$sXsd@O*6hzw{=NnoV}F@jGmI%jfPB4{IROJY?Xlr=#KY^u54VpB~#uc zY59;O$aw*R2GNb)pgMs7-*5wcHk^c{x;pkbs8Naqi|IhML<~m!-{F6ar~Ze|n0BX( zJHK#RvA!N2u#)-H-~L`9Q_k+Hy}q_stS)c8%48(%ekexbv5h$Nft+k?Jj^7YDLrYi zI+6O_{II(Jp@^wf(?h>ibb~+1N^g)UUO9UU?>b^#K4NUaglR##UihrmP>Jmy@ucit}pWztqXSE_(Fybc=5tx(a7 z=!0NiRBSw5)m(Jl6i*TG8hZ?0&m?^@+g?Tb^#fBxIo@ zg60caei=R>d)gT$g9RdU1%eZY6^7!vp2k_9&)X{Q;{?yghaO%+cAP3P&T34kMe6Mi zLLQtLUZy|+=TWtHW&Kl-=X1t5($=0Y^?URXBd@ip*&|o)>2%{j@KSKs!4xPNtY>KG zf1^ay-Fe4)z-}1c3Aw(>b;{0t)csj-RnfBUHsv5KjfNH4zwHEkSvL9cncy9(LESZK z^94bSN#7zoROcfj?%!-5ho-uhCxw4i>-t`)Kc0q;n3HAmd)&`l#j~(58-Q`g;A#-p zAA5TI&s2IYd(VMBJn^<)U0v&2TOTb7WlJt@0OYZApu9q@#hvmfGjXK=ch(bVhjj;dXaSO{FG1xoc&tvGr zx*)Yt==c7uf`aYsEbu7?kGIEFT?yD_CAHQ6 zd=M4zeCQY%a9vxja54g})nQJNJokq~g9`?3yL49Ok&!|e;C%xq;40cA`|Q~J zA!Q-Zg+;hfrMRQx^@HMDBkDTdn)-jH~Kh?ct_F z#zgt;&Rbs?O-A$-ytZ%4_QpozNq`m{{)rI_mF;a2^viE5K>QA67Z;baHIO44WQ5rN za0-<3zCV5RbCgLS@U3OJ=jCdMEIuwy#`x_y1@Z3@1!=IaUzS72mD8D!w4So3Yl`mU% z7O>`@d@jA=6wsX>^>P1imQz*ReI}w?KNM17lI~t~KwvIdk$C3U(n};?tZ05K&`fn- zrnTPf7f=?E5sP?mjjvlg&s9CxKleeNFM!QA23fSa9=WL25ae}w%Drl^>SI~``E@8idlP}ml+2K2Q6oS z2XAn1an0+hYh!-i@!A(@p|Wk^!0!sWEY<^G&N!{6G;J!PqN8sPI~g)Ksj$D?eSVtI zg+$iRSLnR0Kdf+;D6c=|9nC!5Jg^G7I9`WECvVFhWcVE)yRL7G`knjR93^pDi6V#h z&lH7T!%%#Pj>w;xp|+Yd)K%;La?WU_aVEUw%twq7{l(kg|FyhAd#3{C-xRFBUCzY| zg127>FN;Q;U9jA?`y(gGz}KwIUikRzgVHW8-rFG>IikY5j}_t96~^n}!_~!hV}9T5 z+Y-lW0sd*=)vr($$JVxVRt;dKsDPlPD(W_4Jot+ zO+(+~Iq#=;o|7R!^-=JS6B%SP9c-#se*E_~2gSLhy0FdNV!{50;g?)&gH z`D%fv#>nUTwoONNJ<#Q`3MfkatjhO>Z*aX&;bk?Ya=v;K{$~ff%4FJ5&G`9+cPPHg z=N58MSy5wnf7kOy)Nka4K|(0tZcQgd0G7ai_a7_%uT5QxaW#lS)+b%!~&1 zj{RWvs~pF^6co(#Z(WWgLyZp7J@WN;`af%#R|*?^ao6b*4Ger#GMnF1fY_f{g~_fz zFJJ}+YzO3*MwFQ@B~g!6w_Be5a5D#WK=yAt^c!S4fRLVbkHyywP43(9c$s(8)S$0bu}Hr$J=J~!xn zEh_h z1N~f1WkrP_M^?&N4B8u|m>3yYu#|J&E(H4*h|~&6=i>eZ z^duVJ^*EZ?0a-cFX6jMYZ*@PK>3Le_#Xx`C{{gz#SZ?G7Y5rJ+I zQZ`q^p<^uH6 zl;TRcO!$SLD$2rWV)Inf!7hmjVB#2;Xbtz7AUqSifG_INuz;*8&NKjUPb1*~y_H;n zc>2K@U;_xRSK!GYet@?VG@8N#UQ)e4!>xCWkBR@HuTb1qDK554w0daPDo^zrP+o7O zy95|^3dJlLA)8Q;p~k#ECzzmJd4gu?W$2`UxT2|<0y$AxUHS^Nuj6Ey9GSLZbt)f zzq9#H_1sSU2}d4Rh$tKia@nY z2v!D(wD>=%Q~F+VqH`|ALtzBx;yRiA#HNDiPzhT+G#zxuMUJOBjUd?K!VSm1$iJ*T zAOz^W)qhQ-*#+k=7b80S^uRp=Lr3LKm}@{wUO4L?#3_31&QtYm&x6TfB!v8 z#2=a=5ktcqLm&{5LLuNt!Kx0ipYtH?TYLv#vMy*3-XA8MfMZ83e1kwyUn@0q&`&SL zer3WF$YM8&5zB>G4K0}t&<@XS!5l!kfr&sa% zquDgFB;nQe*&+3rz*-v|#qV0~t56y1&LML3_+VSU!vHML%{%rP1eyJ!SAL=|7~Y}` zmwPl9NTrGsu$xCM@Fg#r`_n?VC((vH;$-=XVP4L%G73%DkZC|udIENS_hSyZP{cyG zUH&o5EaN#B3VW_;T&KjYGqu{6bDtlZjsMY|w1{zov_H~iRlv*5sf+fp+Vij`*3Qii z@bk&STJ1f4&v0`UD_Kia1wlmISuu;Q;f>ne{O!tuz{>b&(C}qq-YVi6?#f!Wn!~tZ zm0K@AamV8BPG$?&*hR4yq}K5A5QXNH`KmJxjd858sw0z=HT6UAu@}jBr|XnE2+h15IQ!ii@D(%j44#=^K??!? z!$`%;z%dR5ZDZ;Z5v;cdBNHdbW-PTKQK33J9lwPq-pp?QBNa26n*Cy);+pciX)$yi z+>WvDuvshF{bxCSrdBVt`pZ+v1e$Tp`SiXPnQfbiTWI*dV`S$v8s#wowbmgZxs~<` znRZd*|L_#2O;nMt#)_}?oSvZnCzq%GFMFb$o|GKyQ$}6{3{AY?Eleuj4MQV+{mijh zCEzB;B<50f3ti zuTuLwPbDt<=W4VgYxPH2=JIw7UNTxP+#MXPC+#JE4^;8~M^lhr_iq;$lSfa*qM<)J z3A6OzxJPZ7*NNw3Jmnckx>*Kax>w&r%LD%3T7aVevICqs{h1v|nSRFvVP?&08aJn1 zR7=`%Z3e_17>kTv>kfrsDFN(F+`$f`e5yZ(XngYB?>^y5v>D8-(xkf@SCze<7?+gD6P8SQL6UY6>$F?!M|0^+|Baaukb~a82ZgdAMIesYS z_=n=fx|dsB%=a0gS@sOJ-%ud0s`_71!hZx`H|BH1;c8pM|5MplKvmUsYabL4K}w}1 z1(EJ9=?0}6C8WDsX+%Ikx}+PVn*-7e zf~@=maD<<{z0L&!it9XQLgKr7XsB&VJ2F8MbjDYaS~9QM5ytR)evNB%k)89}haHt4 zO#kiMFLL!)v)xguI&M1-HIw@4>gpqxrv6miT%OE5vcjavEO9dCw9h&Q1~TD#N(;KM zy5ASNP?16)P37JKm)Xui^o^o8b3cNue*1A4FQV3RGC3hUu8}Fwv9h^xHwakTiLICx_$?m7UBEEtNyltMOV~}gHw!wxW)E0;rd_}QI76wXo^1}nvbg!ba>in+qkpz z+mHp^3;E|#npwv@@A#;ar5mY8TRV0rJRBAT+&=lmUL~-__my-F*cEiO)ydeLk>=8W zy_pT7MXC9|2X6uqY*d!K=cMXO`j4KBXSO9tI;|^|slsK#B6xqM9@63yq-@I0- zSxMOtBRJ+5JQY(P*SrZkto=jYY7@y|Qn<2a@C{f~{tE$dVmy2fvn*|i$VP@AcK2VM zx0^b#A@0s~is+K`(|Xm=CTkFNCS)1RzfqQ=qz(DmWSjDu|02l!6m9b`2oS)WLw{O>(0Wwnl5o3^uHfoJ*Nt z82!-)myp6fspZ`;fxzLuxh(GG=ntd>D^Dj9eSC;$C<<8Gu$vujNUl ziw)^p6?;hGJ{nkH!DQCef^Se;Q+yjfmP|B9W}Ef>=zM3mcQ-f42cRw*dB zp0>l3w69Y0=#7MNb+(s@r86i)0=B(bQoQJ&W8}p@J5Ahm%bH6}e4V*szm#rY5k>v| zE{d+&4O^IZZ;?~(vI07rJZ&3B%+l$MOFGlRky^Tv={5BaowFHp8C+EvD2$H44nkt9SB}KlGnGVGB3&1@SU$=rUz*TR!r#9AdefU!Y=wncqQWq<4ZH%!h&WO>S&` zpR>Tf=Jf}6C$Cz|+ZR~Osz#>P&PwGLVkpEU47LJA9;p-4xRRbemIigh=s$vIu?uS% zxdQpPGew&YM8J}iZmCDl@TWyW4Zos}c3RkDie=AX{**{U_XzPcdc|Q#<$+bpo**{) zP!#{ABu|(ZRc>MpwQ~G)%+dRqsrC{|6I4 z7(ll?dT_q~Jtihw(&Nh&;obFbV+WDl#)qVulbEsJ%<9^9g1vezJ4ZgGL^9($aXzth z3or|?Ir@y|wCQLohaA_#QplP{4CaEDp0FuTvCJXzk&nD~Rk0Z3Kq1syW-HOunUwA7k(hFo zFz+jtAG^Lw9H?&jAW^$P8#D|hocm2g5V!e??_}54T&yW=Y;t*vr-^v|DD%Z^iX~~; zjN~gyWpxV){C&xXXLDq$`&intJgO>)_-UXDtWq=Gcxk2Y&F$PC^kO7alJy~KZIP!o@ATg zUF)EdJiR7hpJvB?;X&mjpD5sQSzdLgZgV&^xi$9jNS)~U_2H7afrv^#NAY!K%lfff z0pelJ4t8)G(QlV)AD%pxtFTrEzK0!_CF55)gG)~AGWq&?cIl+D9Cu%l<91-)3(R3J zsKB74E~tPA`poIzA>=vxYN5V(Si?mY36iL28`ng-L>i~dMs3BIZpGzhrZj^v)&OR* zKAmO0_?z;F5QF1Fmwi8RVi(S0`40fG5pY=cy5F<}papJsq?2>I1bfC}(~18Bst3R?GUc6Dt+=vao*@w*CcPm;EAiZx3T~ zKyk>Y`lH{%=*mh;U&F$TaIQtl9kx`I0DgT#gel52)ft8;fVm(Ja5BUXq7S>|JraFg z4^SVwe-~D~&(nkHL_*j-nu!UTu&YL1c3z_q=Ai(Lk6wS+O*4TgFrYqdV11q>W*F4I z+G@WCPQ3`f%q^JQCHIuk`D(iqoh4==XsE{@IcUwDFd0f>cI zyv3K?SL-sG3tfkCA~u_IfR_jNoayuU{5~)+!}wHfiTh!v#Rv81ktvT70tr>*aEm_$ zcvEpC+Ujc4&Mn~9ALXQOBuzK z)Q|a+%WYQ^=eb3d%QX;Ape-b4^JN8@VME(`U)b0x*Geb)K44m0s|$?p((a2-+Ef(wNjOMq)vu<`!@S=o~$$kCU4qD`)XyiIlrTVXh>|?&XjpeB^e5RjP#xfD zU&xD)s{Ryo4f|s*DuNiGt08NRf8YqR^6q(Jf&;ufny9x`3tOK2cF;Ks3&y9Icut%- zdvA>6r8|wk&x(hr#GLo5s1PW;05*qAb{>MNqFdgEvx6A8b+E!U+G_JEdgVNp{_KfA z(mhP=((VqwUG1FX?TFW^ch?FH!zL~A@{-ZP*N)A~xnSqSKt@a(d#{mXWnk_qJzPYt z$8c<~ftoo5OdQ*8KXQ=joZ#x1>7dW?L)8uQPVls}9nbu{KTAN=rlmB0|E^X~A4-lXg2wQY+%Kl~*xNHmz`96~goM3h)+9O&^?34bO!CQ@+rvmbLH)*y zYg-k2t|z;mxtT^$R%g=B;0Eg++@Q5+aTxo2?wrGW&ZaxWoz!l!Jwh?9Fl^ zuvZfAxg5gq0EZLDB%|M1q|DqmXbOmKilL|YPMtIs#Dj)oi(_E6mMA@?v{UkT1!3bmR?Ke>4^Fw!fK)=sZP6lqj-U8SPvy4Ag5sM_Gt_ z4Ce8u%xP~HloKO+f2sv`+lhmPg|)N<$aXAGsK8MnH4V){rw;It54>S50smP)2dEo? z%g(E9ug<8gxt{EV3#V|!I9`r}6)Mj%T-!LcP(+N)h}y1pf9d~bBC3@*m+lI^}N*jdp~ zJjfu>{MO~RsAE&*)tYjOH`nqe$Vxxkqg&t;98iTx*yArbM!C|@e>Yrp0uBuak#Iyo zFq4DNrt$s7LCawyDq;s(_Mf@&D#Af@2xG%MdQIh&Lvn1#jGpc6MctxgA}`0Ssf0DV z%z+Nkx}pn`u0f;Eb4A7gwBvV6p@bnDlxrbwc~DL4|~rZ zE#u*mp(qUCyl{b}wvT2d=yg*!aaJ=Wgs7^9^mwU@ihpKI%rc`vb5>Mx)WeCa?2)YYE~GqSuZc zlf?1y*6k?EWv2?d4Fp=x>IyB`WiK!6E@loJeKXVzqSBE(!CN#QC-r7u_DL(sCMPVc zcpqNR+#(t-le-|V#^(FkcM)$`s@Bd`aA&TjE3#$8qj2({Ug1CM?r}LZZ+Iv1st_C+`zw>#oO#?g#J{cJ`mm#hS*@APQG4PVW zaDTPSj{IQ9v9{fIqDYQYPUhO`E)W(Sz?LjWLOZd5j`Kko%O4+Aqx*zE4hjWUdeRJqIp z`V;Ec`A^v2UjG!ar=M>{=~^#2c1#&4Qmx~aVAHh*+ne4J^1(G7@Ha@FhDG(Ujk+is98X)$5x|+Md!WlQNrbb*B)yFy4w?N7M2=NAhn|gcj+U zNdl@hA#YP+-3HMNRfuomCetkTDCLtA47d2(UN_hT_-s#Ur)E&azO1^D9l3jUgy!;{ zc&1JEI-eQGI*XY9qUfPvk>SaOcjV-mF#ubwP384|Qus7#*XV+;zaPPW67n%|A)R7} z7Uq}8L&vSY&(~x$l7e<46>sX-^XtS~$2YuUl$WIt$l{MS!0_FZfq%iW=W_c;iIaAA zLiEoPB2(I>1+IS4=HW@id$G42eI1h3 z(MXm@^Y@X5!Hf;epkhxze}qRbn*+Uu`#~rnY6)HQ@`cMY%JvX51}U$j7iKn*14S{q z5|ij{1BlPGQ&yZS2o>^jKPzWl_N}d&b&g=-T$yI$X*SSyWXI`nmF0#gQ|lHcqqs98 zfS~jAy5!j=#lU6}w}2JmvnBi_FhmgQcVp!y2y}i$T5{2<|TjBI_b{NpRI~m7;f*1DrQEoyCwqoGR#Le?k&TJ43p&1(JQ&H2|>O$ zzG%l61rq|F=sudxvnt-KZizG~Y}eh*9ieo^Qf z8MDZboC15a+mv#fxt>Qg6)C)iH^bR+rmloAub(aDshQAkS<>NjB+n*brDRwkXo7Nh zv%5SNd6qsgZ7ji}x~Ie=BQRp66M6v3UGxQf@IqdO*hFnav7}6Lu7n!Z!xFV`&GH7* z3ykC^4f0F^R(ktCX?sp1l^xcCt_H^u`M3>>bV4b~^nKWDy(a#;8qp%x%4u!&+(9;1 z-}t5!Q-dwGB0&9au61+hJdtIv+I$IQ~yU zk8evbiNjNCBVKzVz1j2&BX~aVoa@7X$dERUU<++1Z#7`foJ7Ao1LIvKJ@;_r>nX+N zQ0D^#GUmX>4u8Hlj67p(J-L%ke;~I=Yk6TMXpJAVmeHqN`JFvqxTQKJrdAcJgiuaRSfqJ-@er&THJj2HZd$jMm@dhzMa(-}li!*4riP zt2ZRQ@H7E!j*!^3`Iz`^g$`a!%sqv@Fb-}6iUtl2wU?-uzd!S*3|-1IztUEM;r$p; zy9Hq+kSbM!dA>+VtE!)tWVr`c(w5aU+9!zOF|z5T&B6tu1CuMLiDG0?#E2@BlLdgr zEHb)!a*hg~PLuhE)7_amkdX;uyoFuu0@N|-xx3e=rTyAFGip>eG^8M!0J!(<8>zPl zC>VCzxGe1cuHeKVHFc^Y?cjOc`tZBW{N88sKiGjSSK3jQeGrygByNT_d3%|EEm3<5 z91unfnu6Kyr8t*;{jXjh*v>XaRNsNaKXyk{z1-vlPf<*DX&SHZW$nUhr@aZ zinsBI>s3w9Sjy~lal8d|`7S$Ka^Qj5Vg9#vQaVA81+(Axm7qC~=_m@Fn4kBNXt(Xx zlr=THj%=-#W#qnUEz%e&N|=iN$pjGquF`M7&IB>8M+80b1EjswF^=-u*p$M39N~%U9R7+o&8h8xaO>AgM^JbY!JTAw-b8u%Cd4-M4Fez{T!v|s{wr5y8(+$yiv%bS^ z@(D&8lTGZFg#q69YP-&*9@b(Dj60%z76JP5{ku|KOW^eXa5}%5^7n=-Wyf9dsZ#fN zdFbm45MKH;x**7JJJ(ya!90I5Hk?kH;n8auH#0o4j%k_SUDLNbJK}kwzH9Jm3V@a6 zu%MtI$`p57YimZwh57mUNO^uPCZ>{4J}FLAGur@9@C!Q_9y>yTW$XT$1jr@Rq5mwu zeB+M=fm?X$NO)aJOfeSswA7Yv#oawU@DoO}{ZC}IJKQ7aJD#){%j`b@cM2x>f8}{$ zFjhue=OJPwv59S5R!awBwz+_Mls2nc)YO?$Wrz#gYK|QACCQHX+}OGk{=wr1!0Gkh zy2yBt>HTwC>=*UcrL86F(?wgA297~I#+gYl!fMS(U1QwlBc_M_oD=kj+Wo z0I&wQF6wia&=BStq35=7j4z46q1(>N{JHsk^hwrmuSrA%O~e=!!Vw!yu!L`j%3*H( z#}A*BwdEquWPRBeMtbU@+24A|(H~j!{w2h?f(*A6Ra?t`_>DUL1amDu!ybd<*dUz$ zczRnj;FlmDUtIIo@$<*)>mVyRJ@)?7xmUTx>rH~>J&@m>7v= zmnU^>?!FzGy3b(a{AT2|4-)nh8$l{!AwuYvaDFf81P-tOJK{V?MWZr|v`c&vlE5Y+ z0)w~|J}OnsB`p#nFp`}F_lw1$=5$HE14vm-yGh9se7!$+Rs^=~5a7K`S8Un=%}Nk1 z zukC*f#4LO$=eF%Q*~huYg;x26S2#x@I3y(<4y`-C`B_Hq$p_nq^1-$N$+JafWhQ}u zX?|@;cf1Ou|AP%3+=$`OE8G2`me@N3dXdvOe^37@%DDb#E9lV38)d6M zIpt&(OS`}pyu(NK&O_vyWA!9^rNy#IIG?F}(FHGu>70wt=y;G*gnj39%WI5e zsRCU14IBb6e+X?Fpbk~q4@5+swDZK z3cNB2KV!%Jbf$i@C}V^>M_S|Khbl$Y>sP$lduGSd1n6Qsua*^R{xqD_1oW%F>=(D(1o^oFh=16ytG0|^-!;3Y9?jd>D&*9nAZ8@5tAF(7p% zA^UYr^KBOFOoT0i7z(}u3p=$DfkJ>!8EgYo&b_g-Oe%AO%xT(&?;3ZBlFUL_k^I6Z z$)OwLO*sxpEe0P5P)N5_ueG;^2p#{Wsj$2r1T;y{<_-{0{9##QV~xD*VNupc`^%M( z@d7tox0%mRm{h_(|R_)y4zpNbY=0-%MqLw=CUbi!hu7%TZVzavv4_g1*#LM+yCcX*4 z3Y}-CX7lYV=#btRs#o7c0QcTzPyYo2uiu~yV!GF&}|}P|QVUzsYw7ae6VY&=2AH(St7BlVvM1@nuFgWx^xnBDfjHi)zAx@& zZ)Ky&H!Xz&b z7IJ{Eg_$6v1ZILkp6|A!?<_5pT_0$m2NmXkvZvT97yykWsu6mFRc3ZE)e!x9A4GNUdH!HgoYYzl26TpESTEz(&mx=NBnQs`MLxG*I zh&8k&EgrtyRZeG#sd@%RKytpObdSzAl^G2#sKJqC+H*Dy!kQ}=u1`GEqlhoV#qt$h z_W}RtRLLVV>uBBzduK+^62QrW02~d->hkf>r z)n>4x4JUSnjr%O`Os9b0`!@oRv;0FqP|)4yL0t@{@QM55-fV+rl_eJZ2Ng$R+qmPG z7DIf_j4R6Hb^}b<(!YcTmmUj%qD-ONc@$>@21wK5(QuNV-HOxl z_e@t^ovTj&8jx$#=m0}PP@2qThMs{dI=V2-{$VxOHxaV9_!;KBakojl-{5oam|CVd_!+$$j+KAI+6*Ghb7a( zhdE81v8KB)rMzdWaR=x#Pu2`;cc1%lH9!lJi;;*!|*$SGhae=e9E zqAjeyWed;!I|-~P(k-pBiuh36o>NC_rTd=lz3B17HSPzXhpe;ZbcOZDegx1S8rO;C zr?*D2B@pCVo$c~V;X8mrgvL&!htR2HE%=Z^*%;F&4`3qer+Ilnux)DThH|*n_4PD4 zO11H@Bu4mtl%TrW+nzOC_IZe9Lrdfb;vN5?1aEvw`Vt4SO!q?;C0sl08( zk53=!8gxjw1Nx~o7L)~p7dj|o`110>CF@@il;S$8{Z{=jz}KNh`xr$uj1na0K}H^b zXHN$%z!SAU+Up~K4qn{T-qArrO?~a@wR%-tP|$lMe(JA9s6IUkeBImiLymJ{`e!|x zSNL_-SFqrib?D^C4>RTkRIt{szy8bVkyJcY0`~ppHt%nB@-M;)$@Bi`LKE(t_t|E? zjA3TAqs6a97}BhTgQyk6>UXS#b^^SqzBEdS8bn{XwfWDB}t&1tF0GWbC;|749~D}(Ka$>x+g@tW^in8>L@ zaFCBT!31Fo-hQcp9+xJdb-KwMHiIgKX79hA!(ZDRJJmjHJ8G9ygb)s5U>coLiUwRW z@x=sWR~Qb``9e`$l7OA$mK0qRluq~(J3}fSLcU?y>}Y_0UsHvW5$;;`!!C4ORzlLn zpGD6V)U{c!wVxaEc4$l+oFK`iAELu5z}Qjqup!9ow=^^+YjUiYq*mT{YU*(=V@1m= zMP9dS8S`Ovh;KF@LL_!P5jiB9g`)C_s3=bBzFmT65zKdf1<1~2<`U#c8uGiTWn@gu zfiAB@Ed#>Pjs&pEj8nr_yF3oI*CoXr6bE5<&9SbOmQ@L$C~I(hjjLgX67>dfiw)WX zCO097bpvBgBnDG2o?w77y)YYBj&|@|A*+1n*;1GADgiIwSJlyFnR2yWcyeIY&=v61 zMtrnOZ{9r$`RbQ5AdcAaQI-NP5YUlR0sFuxW1nqm-x&2L%HHb6HyB%Jqdg2CXq>?! zOMA=s1|~5FTH{OpMFY<9ExrV93DpE7o*hyO=LuTQAfbhc6*>#F)Hh&3w^M!TJ+`)4f%?ub+DL)?V!}ixbl3EAckPq{6%JP zT|4@DE53Wj#LrKESHS@TH$wD0FTE8vmCu+Y?nv#o zizITwFq2Ucmu0gznu51UOLA#Pnn&yl_&l|7E?nZTWmz9iOQ%+ZJw-pd8%QZ@&nO?= zy|d3JTUu%h4#PPhQ-0_EQLiKn#n-HyOl-%5Lf=p({76EZUNK=Cj~Mz?0n4{DnfW5? zL%oo}gBKZVrPs`C#6lWfv`@uIDrGL{{1zheM|!FX3IsDz`zrjD-lz80EPo-QD3-1m zF_oI{Y5NLK6urQ4)zV2cA}-DEeu(+|sGgTGF$*f01!UT%Pvt5;%ahe9UU!Sp9>vMI z^ug&bb>t!Kpgp-yv@+28D zEefUi45XZt1NwQib1h^0Om@Wm0(_IC|-ZPJ1+K3 zjz>CWB6PCOGlE=_@#}Ul;{XLAm+;&{&c>@|Mnc=7UjZ0xM#1DZvQNR8G=wQ|Ht=Qo zo+JzL8ANekjfB0T_8L`gtsR&2zf^tIJ>@sSVXFTbGNCr`_4|~O=7h|Ypa7e%$9tYV zY^j1eFS-6&8R>$U)_57(QmsG!vB|=#M@6-JQ7Z~o1_W?_bSKYKjum}c-6mH}7RDl| zG8!PZe1ANqEBa5&1sm#~`;`m5dO}$#a&hr~J;4`4Pj1zqCd(T`)V9WTg^p%Z!h2ss zvl9V(T`RfXLUlnyHWR*53qlmSFd+WRkqAAnGG%wkK14QKO*4TQm7H#~i-^sW=w}1S`PFtYL^qC#ss}r%hIJepHlSA7LSG>m*W(A?{ z8uTec9*HM-yUV1i5^iwMUFlCE)_MZUORr>qAu;PGP!Tt_k=+0L!^EZ#g9Aa%SHIzPWR)Py4$O- zk`04H-1fh|TP`0u=xltaR`DdqPzvzUIJcAzsC+|O=on$jx3wg?$xqY0Dm?7aoBtY9 zY&10LBX^>yt)FX{sk&!EIBT*;r#-z){~3m;k#Vl?DicCe1KV|K3_4M*j#$)$m;jrt zD*wp~-G;YvibE#~)_HEWD!9AWE5QxcjW3fP){g2u`zBb~gd;jSKv!B{-T8Is;e}Ll z&t6fZv!3TcYlfF|vZwRKOq6L@j=ki^BSSBWIjVy!e^A><#G)PVZtM7 zDPPPA{f0O+-O8~DX{_-gLqn9DOB3lqZ1Igm+5WR{>`8)!|CrP22E8V&lljY>e!?t* zCpVw7OeO=>gq2@Ka+UDJXN5S5RlSJ5=<&F8j$Tppc=mFb;=1%|MVvo~x6S71i)U~q7q=Ru zIc&c!<;lBXXHaz*{V~p$tf^g76U|#VT=rIi2X5H)BevKC+;ifgTAl7{L!QIF)`F>{ z?ra@#RJ#Mm#2;Fdc%yfLTdR_JYx~=7*A1*#hhA zRr@3P6n-rK;56M`vh-rLjl^w23r2|;alwcIoA8-Ib0GyMV~fS~tJw3#RU@e5+SEk< zo`z;aZ9u8&!g2vonaLmp)tG(cj(TyriJ_QWZZm3?NXF$ODn zr6(ZA>^lnGbN|t{EVG)!lY>{Wrt$6Hwa_sstdy*_5U~P|ECiPy9C61`3S{L6)?I!q z;HYAQSW$%OG@j|ut#c#kcpMMHt(K2x}hU?B}dyONw?r<(*kg@uSU?&^xzF^hGNeO98Pm?kKKaTy*^Kq>_J@{5+Be z9BU$Ayq+(7>3Tb|MwYgw8x*Zb@s)DMMwk)VP4~vbGS*RV1$+wB)kmx8#l{$hpOjZk^;snhm6HczuXY zTN}I%GsjUqWvcVC6pHF0iRZ~Cr6fFY4&NQQXaez=IQab4t;R;#<0o}3!}Uz{o)Y}o;Y(w(sMBkwvwgI87*@LWI+wi=Q*>4uu9YFyt zu~4yuzAuWNWk%t$^yaP~27iSPyJ|6B1SkTJrQ#NyRt9Iihw5cBV#>r!<~AlDLH^kP zo#O`giEC1(GL(gvUz5D+BMZ$Q0jlaPW8DUIDPgHZgaHrbX=i#?0(^@-t#Z4EtDPzn z8p={{PtzU-BDsVeO17UpoDDBCcCbCeh2dW0sEsTKl%-hP*^r;|$mNW2@cYD&$Fyv* z8p~Bh-KUnQl$lIpxm6KcsydUb84&@t(02)7*@LEx9=5APdAPQS#-4xKn)l87rt8^3 zlP$>0?zI_W?$f}VE<=-BCz4^B&hb%N!trF^KyO5|Fg{A?6Z?$(^s#rErUSW)_=r5} z(>*Fua;>%_gaV#(QoLKe4?WxZLv)`fh_fF06vbd#@s;HU*O>5XwY6EMC4`WB@Dg-0 z$Yx(vSHG=#8X1||Z9A;4F(so{8y39M(-h_y^B{b8O1q)BsQ6FH&I5xBawAj_#zdW?J;o^m4yM(g{<^TA(Td555MCIJHi= zfHp(AKHIM^N@m9@6GJBvYHO}kx2RWP+%BRV-f8IT62C$Qzfa=@h8a*EE zuQ;jd@-ji4^@ap^;2^D85ZDxfVB_(~ofFvzRTfO_#bQjM$LIpUfik=(W{ zDVW^yILjPmDFLnc7^x`tj+ONrBiG#VuQYVutsL-fm3568;YhBS+OlFEIBTDmT`hK>RaMDxl35l@OR{d~Y9UIQ0<}FAES{jQ*2TmvqJ* zA00F285pl~ykl?hYp=_MR$uD1ww7Q@!UN#D*330rNnac?S#h&=SG?}6>j;`3q z?(aBCzKm1|aY~|3JKY3eA$QcKjDw=Da$$sBl5UB#tddtVEd@WkENf{Sse+j*CDGw# zxYZYjy`-|XX+PjYY{QbWya)M$pGB|b2P_G`jy;WM71ZmllKt4W==jBnhzH}>CkN&^ zsH_SF(A+g`WS!O}9D*8&MKP;RcCCvUF8$%$v8@83GsGKlvd44B5oxl5;@lbOLnq9e z8kD~4Hw#S%uU6Hvlb6tq=t-@2ecZZcJi}64<&L_@FH(btmH02 z=AHk4jJdmh3+UMavm!RqURTMk4NHey+zWKbuuDu!x5)ER5~1m5cVW*)Hy9iab|gG3 z>fz%i1s_6MbjNRiZ;I>+v8scw5-#zOt#@7nKNhD~{2eLFi$|6S#uX~xEj>C(jz%RoT)sj`mwvkgOMS*Q}h2Flo zDv)^~56vo1N35#8^RRaRLPbdA%OZ23l;)n0P&2s+obxAtfx3fI*8#S=8hL>LMT_}t zuhm*yi#hw52KH4f->^ zds{0qz?HACEWz+`B!YTCsd-$tl(xDz8NJgWBgQP$)g?Z)e zl_%*=U>xzLwggEmBOL_&&pr-^wkn-KzF_`SeNpw&%9>q`Jn21X`e? z7HjDir6DVSik>r0P#MUrLt0YzoRy*(>s)D4kdT+OXjH2i@V}At6~5xa8}M&KAYbSv z?w=jc{l(yx@;U`%m-JAy8T+cEV`{8goe1+uHp-*&OaLGyr#*QD&%HOhL`7Lo_ym!WtH^W|MS-o2q8ne!cBsb9@I3KmHe%4(A~jKlnv2as_rPw< z^9@C^H=>#L#71XR1~`4hgJK*iRwXZ(GFoy9P*NTelUc=-x+Nw$Xga29F$!uxh;kMf zwmnTR+FmJC>Pqf>0)g5mdUt7YHUBfQA&2%_{xw;=OlTlW@kF%Od_J|mFEuy#;{w{S zzY*{=EO^QZc#>G0DW%=}xP6VNAZJ^aqIqi_HG61O>vW;eoWHeooP8R{(a~5^_tu#m ztwBWA@{9nP`@v?2Bg>iA1W)>;#efub6jp7iFX3x5SCa~{dL@ONP3#BYI4Vu+Oq9H| zRU`=Kk#&J?EU1v4Nm{N|K_OvC8!ARa@yq|nl~s%28+Zx^V@B7dZ`Pnv0uoCXHk+SR zd0w9=zC3gPeZp*-o>s5BJUg7_9secAPy)nt(|S(zN&+aGs>;GKmJ$umo%%^!zZNZq zWYZ&})0x=AtjTU0#Y|3@ye|;HiQ-%(Vum3Uqq6Y`_B?4@w@tcfj9(uza->_Pf2b&N z5`JIR8u5eoRvvn=4?*>+KJ59^Fx;9IeYae|7`)JJRY%In7P$AKiePx4(2{LugN3Y}+GTWnmEfm25x+ylT=JR9KuRK3EqxtR5 zn_5)rPGX2e+PV~#;a~T9DrXLFg>;g2*(UjyvOjI~v~kp|pdgAXIINB!d`j&lZb zrS;v9rDA_3cCog*%pv}n(dY>sJ<54&>%q(7KIhERaW&_4mkq4xA~wWox2pH7GJ)Sk zyQp_ml(8r)lu*=hO{JfzyPIgE`)QAPEgW=saG-FvIX@!$hM6wZVXw^6D+ux+%0JVE z9=$kp53wUJrYHum37(0}2s;sl_EJ5C+d|6C)#Z?Bj#>!*<^)xkzV34XOA7%Hy} zOM#Cz=>7Qm>#KomBDQsg-Dc|dp&CO-V&lzxSHxcaDHw@RarE0Hs3zAJzBy z@u(1_Mv=yz%@+QV9FHH&;XQ@IvfcgBBB@j$ z7DE0@KJ0Alf7cc)KIe%t0y111-pfJS)%M^D#V|;l#qn=@ zdc;#a5cxiFSYEm0%V!kb;xNp*oIbe%`YNY=@m+tJ(fF=URr4uIAwQ;P7{1-+W0y!#=D z1F7e$cTOGOT5`Ld#}4-hgMQr89^<>u=&MEFpEncYdXAnRsie#o!nED_&*779sUrdR z**#Ig4i3TXG6(dtH~7TC?q(xnRp8x;= literal 0 HcmV?d00001 diff --git a/nitrokeys/features/openpgp-card/images/gpa-keygen/5.png b/nitrokeys/features/openpgp-card/images/gpa-keygen/5.png new file mode 100644 index 0000000000000000000000000000000000000000..b14b8705d1ec1d4e90eb00b4647cef8f6ab25bcc GIT binary patch literal 30164 zcmagG1yoegyElxWf`XKEN(e}Imox%`5(5%LcSsIBDBaQx0@5X21Bi5sbW8WpHNebw z_}_cix8A$H^?qlqVb3~qcAUMRetr+(8t)ZfJg0b$hKBY+SxN3A8X9^r8rq{iEOg+` z-8Ttxpn3LLNzWAx4Y&K@^C*c8ml6%_6`Hc#TP@GbgC#G6msUvOV=HvV)#q1lzAK?) z6=S^<@C5w{a2RKGRIgicEM71im~Y|WSO7y(bQQCpzz8sk4A?p6Vijgo}j&W{wcJY3TIY){^zv*+X$lAk9 z0nef*&lZ}vKNVel7*UQv#Z%NL;6>^t5_D++^{$NcbO2F*F&V!fq z-HeTZS?4Ma6D=SVTk<(}=!cIVYgjx^!WO}wKDDrTI4dg;To3YRUN?%P4$NYuPL@^~ zF7jBTWJ*h#UC%?itU3mK+ywGlYDWeJ-mtUVpRDzWHV`?R+IS7fY<99nv5>N^e4n^^ zW;QBU>M$om)#pq{S^cq&5MQ8zjO%@VOqDr9m~fgeQ$mi7{T8JF&7mDdU~hG}Dc>if z8vHTKC@&ScqS!@EN0LaPOBZ01qBPyy&V$!h_+2~b_rWYk4pC8WUki%&cMc8?Nl8gU zj*I<^9Y-Fn_t822S&|8Rypdb~{^665H2B_}-kfc>wzk?iFt7diN&h_bFAaka%MGK| z&*-si(GL^6sW2G&kf4P86E7C8z8G`!-H1Mw?r=5f;PrN*h%mDDqQyHZrUaYxKfp4` z~~ZJP8VRR)7EU(!15o_627|^b{7dw$u`jm;$GepYmx+i-v-k%-hMDg+8gwr);$~ zDE?*1q}<4GmEPA&756vkL(L_+GPrBi*0O9b@S=eJF2W@gvJ?zLJn!DJa&YMt&rQ>k zWOd%ln~3q!>*^U?^rrb<#xRboJF?hkmAwci7+S@d5?$-J@h$I#bD^P$|CnrsuIbU{ zj)(Gmrh>W;?ZI7(Pkj0exvH>maemGXff0A$v1|#S{ppJKcFAUgN-KSX{z5jNO=r4{ z82pbHe@S^?pcF-fx$icAzLpU*yjYPb^hT3zlc9UbgFUrSj1stQw87apFyvk#F@)r0zSBVanp*-(q>e0fN_My$gHfa0rQ&Gn;`Mc?~(!)x>*tY+%?z&^9jAcPLhR~)R}Z)oo{rn zw#`K`TE1`3TTLCaI?~|xPI4FvqUsUN`zlVuCtFKtu&u*7cqu7^_2Feg9IwkKG6`mr z;u7(-f_dwqxXNGnGGUeF*>T-+zMa+*3=H}M={pB9g5cWsaRF7L-oUX{85BdINulPU zE*c>jJrVt6l9tBivkZ8x0ac$O(~~=?I0S>-e1Ufi%|b>A%#Ev2xZ|P1PLL<#Dc398 zzU&EkosZth?!S7&u`-%&%(V~De4Fcbj4BhK2DgB)jC$`!;{#*7j7>%Cd^;E$;qeE# z<9@KeJA($wO~B$ep)>DI#6d0@y!Rv*7t5@H;`fN@iB`$8{Ay37INlPQ9$|m90v6Y! zuoPKEv&7Bbr-ILIKk-N+#=jR3lPdhQPA9gl`&~=!eFZX7RR9_bX(F%(7$s(6(!2> zHR%^cb4Z-YzVJaOfw%=EJS?H)ZpXdnDH@uzkKjtTYezfL^1R5ux^gYf6frR|l#k;4 zxwg6#Ev=oClawFAjg5^hP+oH);zTC#`$6RUf3>#J-Ocnww+KDNU^pSz$B( zJRS>u)`nc<7;we^(=&#>c+6+cs!7^$?Vf_Q-b0yJDHzHlPSta2E=b65h z-g^{k;{=jxn}04DlKJ9OOVhkX(I=G65_qVe_PpV{GHAVwB3joXlP7$f`IJifg*hm=X@g;rJ%^WlO&Nn2A`KCnueLx zBQ`mg7Z>sh3f|t{j@~w{Kler}K_5Yt2D|_MaknGj&_ykFDVyi+g6dny2;u6w)2KIY zKOdnPpGMEGaowq%kM_wgEiJij4WFEyF(eGEKzln|({FEYeSCa4$n)gG>z>xqIwrJq zEV3uNyaFg8pkQZz58~kw6A^KGcBYB5w=g?<=Yn92Q#ydd8?-!=8P~c^$pCRR6V}~j zU2_T9(FqEo+Pco+1eCS0LGRhj4KNDYaR9{vc>6(z{=#@cC{Nmq@`DAnsa#whS~!tpVWUl&)9rHxFBO>?Ufg#Mjd13rl5 zeLg+FM2_=PIg(obf@X=@A*@+Dv0_3=$tmnqZA=r!j6ANV+T@yy{}_ynz9`*C&?xYA znebB+Fbh5+W|br~Nj3h+_weSfsjPSIyJNJ2a91io>L-e9t?0Sml;XTKlP6jej-i$I66u;Y zH(w7{?fLU7^>)vTT?ZEs!PQdq_KC?nlTu?NVnwN@v`Hh zu@la$DRP=dV^jO^!~)iPdglAoRuFS$&*jhdLrus+URzVWkXR9=VS7pa%h{k`;nNH^ za3WFE>oZwWa_H@d84HVV>lIs$?098Y+PU6TQT? zz%Te5QP~OH?M(T=Hu=Ao<0hv2L^jBV{|58A-c0j=n;|^>8hxAv^DRIQQ`#5;9DxID zq`1*Y^&vwcTOWH}YzFe8&vIwKNa>V9QFg2` zW>oT4kDVx)!O8Lasv|Gy>q5(&d^%LC&xJ`s8X=7g&L50iDKR8j#S zd-+1%K2VpzBXC?9Aft+5zs@o41|POdN+d2WHEJ+;Pw(-|XGVIS^N$1#r_yK62<)hZ zF!nPdc(lVF`<`jxqM_l{gunK;{rq^4+y@V}Q&56vmCqcek}ZpU!JuF4c)9;PBRw_h zw5BGc$jbIp^|y-bGAn*tQ(n{8Kfl!ktG|fpH>pm_-<&Iz6NuZPz40O-TWs86j z$@dm8F`b>&4hrPcsvjG~Ag22O%`6dRdCZ_g-H5fR8)4Hy*itqL4&D=d{^2c+dfz{Q z8C9KM+Mn>%1lyZi)BoBDdFpH?LLWpn7d)K#7^mweQDXVj)R>ZK48(<228*sVZ;p0| zU>7GNJ((abA%76Ow=ic@9u~#3f-SA4T4?9y1c+%Y@{B+?n#VmBk@VklZ6YSS&ATeOfgDHub4mBs>`}uHku(MF4i1EC94$TWAXJbqX?*T2=M`a#2Van60pu1x zSWYi%>x!R* ztYKs&!*l)}t+~#U!SmM3r;pJ7bw2s;LI0Ob?)MYwU74Ls zgx<+5<4L^=0&L+8UN3d0s-n+OghV-s$;&^&1`AZpW-<=j1s#Ik#9=JU2Ht z4Gj&kNjWpi(Sl@5?CjWNtO?D?avN*sMhDDl@;!?u7b`?O4wQWF(!c%tL*S(RgOD(e z|IG(A1E-wxq4feQE|AVly~mZZ;Tw+$@ho&d!)eZEhLTVwnVlIn?HuanJ9o=db4Blt zU(R>;SG9wKNDZzuKC8>JDmeGGkm4_lL&=s{sIhUt*$Hz|#QVsewps=m5C<53bhI+F z0`gzqYCh`_5NQ0S%-EYQV8ey#>Fwd=%g>RL^tlODZ1>u~SNH#+!NSD8=qb}V z;^!l^dt__t==l6aj^c}~Gv7fH?7q)sYg?hHdytPEhK%(%!}t}2SW3A;Mq;A*{3n;e zUhd|q6ZoOR>JyN9}p*8ohg&+~bXb1gzY8yP3b%{1Zf?C7-EK0a^9P z@C)Kb$9F$4_Oo@X{P*EY>1NC^oZdk+)NRIu3{*KzO*6}=y_DD3GWox)Jey`0boJfc zt{UCW8|os*!0cC7h20V|OZN`WD*BMkff;u4+0DOTbrPgH{VoVrS5uQtOmQ=ugX9e# zNb0-4^BlF4SUMD@ck@QsjOU3wMi0S{A3DJ%9n7RahSD`>!%jw-J{GhSU@o}8W<;0uI8s?B@dI!-h0 z%9jp=kkws57c^pb;}cM}!J8vn%TI9X4<`pKDk#Hc7k|CE&Dy0YE4{M7yEa+;=esGm z{$RHQM18X>Lq0pXG8CGVm9@0B`6Y4-@yu@iQhWO8lP7w-Xbu<>Bd*)QqOHP^$c3^> z>_c&MLq86pzqdynsMSzfTpXMxpQcuy7U=y5=%W5b73_4dtg78M4Q==>Q-YqJUWGS5 zJT!mBY5u%O23~?dh|#O+!qkm{Uz4bs&S(Nr$KxM?(Gb zT%0&J%TdB0yx~0J_Nm>%(|)!#3=7tOT z?@cTdFf>DR<@3x8^RM4=Ed3UNidT-{+prl48#!ek?p)3JNk$!m;Qmb)^v*$6H0?J219lWv_-B*LqE< z{0iT^b_FrPdnLag;%_w|xBtSqcKK%IQRHi+55(^BaKUcMRcuyX#`zdH8Kg`7cn@^> zG1oONwP>BqM4_|OvL4%xU6soZ`K6Nfv-OhNArNO*Pu|{XGPy~tDkH1e!Ab`zL0!`8 zW;2DFiaLEhosb61kn|4E&*wTpUCP+D|8A${2XmKYFs;a` zpE_9G+FHrXET8@aq^-?q(4?_AK~6$rr19Cs`Gs zjdkNWN^cw_kprt}j!8-)_FEm4>(wj_8%0wF3vtpie$r18#6+>31zuiys| zS5{V%J2|dw=&#JM(NKMx#~-kaE-EUzwY5uvc@l`oh+>0JTFMopI)dOQvR%@-v8k#9 zOdpr}^J7H9KIws)dV&A_5-4+|{N+TUnkG9J8{3e#PuH2g)XBvOPHd{(Zwi5>7O(X) z38#*mb5(Va&&VckGpq>Yz2AEQNMrU-b^WUKYzA+dU#+2*_1xhlEIEIqKe-#ugoZjk z_5K8kXw$256ttT{TzEht9F2^cT{_#+eO7#LIL1S+&(u4_+mSqac6NU5&0|sAXWIA3 z+au`d05dK0&e_z|bYN=ev3_}O<*K>=TOZBV){I+9C)oJn;@!L*$swm;xTe+f-SgS8 z%kBP+KrP#Ed_B9vC45}%zvQr%N=h67$@=U?MP+3RN2x)(eZiBO_7W=8rlnKI`N0hv z+t%3P&nOD=nnY9e%2Ee0-{g+%q2KP$BCXqTe zW^(d<+P5hjv))9d2>f*sX@}5?!N)J;u;2gOiF@@t`0M)V6YMQJPKcXZA`U&dV{Tm7 zSx06DCHdj{zTIav$IkHLog1TNNs_R=RZHQMBJq^d&6L~M_wj?D#+`aP?!B=2#KjFx zlBHi++uOo?3(RlUEIxdA>5xH)6;%1&S=04p(mPkTAHt%-y7~*k!lDs9Yaxgh;OY%g z06{=(Y-P`Me&}dwcHLa%L;W{r59Vqs%FEl4h<&vTK|g?BVx^GRSGQo_kmgXZhX5y> zwy^ZQJ_KZE&!U%gkumR$OL9seBjJaE(a$N&&MPcD>s!wdG@32>!TqK+Rb%^KH#hG% z;<7EKN*!cK>_Kuu;n8-L*U{0TXE#$-)YdtZ@po}D{@!`?P(LZ#C|i!Vx}ys9w?~D8 zqr-8zddOFsZ5|OG9{%LXlaVYn4vrC0=oaQ@;IlRx73EO-nB zLk=)D8^oB9eKDpcA-TMdgITDgpzhApRg&2y{6hBOTRdW>qYOM(LzC~#?mX(fm9_r0 z3&ksS=hE^ES+(A*`unuIihH!P--H)DMpt-c%zLw;YV+G!Pg8TqsRPLwhr6S9csQJr z(%s9aqi+h&-8!f|>k+>|kxq;({Qbj}u-a?x7o>sD(NtE3O^E6ySGv1`FAX8C1K;X< z{bR`0hH8z*X1gZ(T<6DLu^Tm<&tKR<_Ti$4W;w2m4z8oK?b{qZ)z~a07Pb_wm&+u< zL66s6V6|oWwPmvGB#n)Y5O??Rp0#W^jSuFn-OLcJVY4ZHeeu-HOf9P3whQGa;B$G9 zA>@QS?!wb=u)h)CPS|7v(cYamr)r~o&!XMnB@5K z|Jw`BQq)_bYfpi zcpdId<bL)%o}Mn}*`cd!gYT`L0s>e&kCm2|_KUQ!Y~5Qd{bt*qG#S2_e%LL% z6^H}?%9|vz2V#3PjPp#~TXpR*iF3m)&8jTL-tf5!8XAOm>88t#<0zCp;aY$rynqcExb7m~ z*v;4!MW-0lP5I|*SHjC*T6tV2Gt<-XTXr#~@b}R;ba6@*?i|dL5~?)~r7&0hxN#DzIr7zZjM)zZ592^`#P-U(IDwQx`j$A1eTJd(e1q;ED(?x(Wn*(2J zv=~ZGG4kFmDavl~y{Q>^3GF=Tisj0NZ%FSQBxl~V>FhOZWH+hu{!yu^Z@a!d0=l`0 zF4YOx5@J1ehi1+;eH2k|uhnJZ zJzKopcWw}qXP+U+1L^Q0hCw7|U04PXl~{_xU!koC;#Im@N zB)z(?(72n=Un2ohjaX=;DPT&>Y!+sq@6Vw)UPPHCXSVm>UO=27klnEqs!Xb?oHudq zc$HrK+3nVOdV_OwdQ2%&HO59}W@gH}Q=^>KYfs70zev|rcWwrn)XH!r8SrU~&5kT# z(rs*P)HyD-2(9>@jevxZY_8zxQP8p<>fh#23hMp{>e{?W>wirrD0n#q0=GG@_m=C` zs($2>QDPywyu8fhxCZOk?u?Wsqli^>TWMDJv-7*Pf1S$8caUI<5lE#jLHSbz=Hk-Q z8=`lbnh7b5Gp9|PmGDZ70_b%p7a#c0&(9AIha-{5+m5*oQJxq%`g`|2@L*-~;d0M% zD(uAQzOAw{W^Kh2cyKGS)7Rd?fmA|95o^GCaoK5CdZI@cVanO~r_XA>K&4|WCRGyz znpv1p$^WY=TxjWtorC(Jxv2Qcm@K3mO9xBVk8tjPYMMC@j_e>xKhuD7 ze?Mh*_M7+Zrwtbo88V6pEV|49ZgVr)y~89?QQ=RLu%2^ymu3Ubl=UW9ZS6!?*DzE? zw(&(j0iC)E9>1y@f>0{NM3}P*vFRTPPGzjUB*ohT>9x>hQm>G;9U47PmVLVqc3OdXoi(ngYUjV_B=S+8$yG;PMZgQ} za$G(GCMg6U#+BpW*b+-ieOE_9b~yRu2c=m;QXe@}AntC4TpSDu%7=%CAI|dgNEO0c zyR#|`k+s9ZSZmwc5cp#AQY%DpoI$yCD6zXK}mu68kh@yrPpzq+$yJ#B>PT4uMu z(tfm;6_QO{Yi$_(1molGV*i}L)RhOUL4w{iM(gj`Cdtpg4N@%X&NlYM(4-4!{G*%i zs*du%C_c4{+^XMOtjn;WTgsDNMvniX-|_{)&YbMnsdA}OlwV`$=mhzPyTC<5OiC4` z=#9x@xY^jsi&}Hm{+aL2YP|siFX7?g5#Gv96+n1?tpBZ@lE1C3%?3Hya4G0h>U#Zk z4l8$l(5DD+c-Hz)Kq#cG@h{bggo%*t?CbV_tquz)??Z$@!ees_2Q{XItjtUptPRi! zz!(6T`}z51vJg$g2$_*JK#rDsB1xfV7e#E-h0IR6w5^OL_lOIC)!0Cli9?$zDV!JQ z=ZkGVSFK0w`bI{MrQZ7b`p^C*Yj;YhFtnl0Hr+dp6^X9~#hP0rw0g+jpE}CUWOoyrM<%fijkP`cyUoLcHijz}PJG7IX7q{H> zjZhLdTsFKJ-WKB1EUqn~Y)4~8N~wsZVH z7803AMOwW|YJB5XXjU5~;RG1bP7G5gL*-_frQ34-LN#oSM_2!lq z|GRO;oCAq#5esLt|G@&BHM`!rNRAB+-7c&kFV|zGvL*e}158>WNASbL`hDKIS(r%3$zRg}!iS6y69HF0O|Qbvn6EecqRM z*uC5b2F}$L`T31GU^`h^MIWCWEnDCWQ)^k;^GnXo!}+e@)1%?pZM^-@rA^+XXD(p&R;0Q;vb5(tQV`;`mZnJQ(qNtKEA+rSUun8;SKtSojH(t_Ss9l$vbm}g~CbBv6fI7dyLJWIwx zQ)R^{nOs=7MO7njWRZABOsI*zF=piWb$7R1k3QXhE~mEpX~^xFX&%W4-%`FM)?*n6 zq!I94=cY;Me(X59ySfTE^sO&8yQZ+~on9_Df!p17^JAs_*Q14MYH9$fc{yj5Ll>0o z2NwzY6aQKTUj}eD%m5u#vS--zc{NWl?`RTo|MAm0z&B-}X}TaIugxUO@E$k`)cE0tHFFc zFQd_ErL>e+6AjUfDbI-;QO?52F77?;)S_tZ*^eliQD*$B$viep$=~M z6=7gt5EV_A$z3E~y4~698;_N{y1eke=mEvKGUNy>D4OZOG8}%lQgcbtDAmzp?RAIZ zlD0Kl%thHa5;wAnOGq3X9E_s8k!>jdfc0yA6xVuq-;A0E%nhgpqC@p2><^9Vz9yFG&ZA7PJ-pvq17X+l}>Khx?@luy37WNM| z*h|Y}G$dq<*A5O3V`(H>03!#o?6qA#W8`yC-S>_Y?0-`Qoia+0$xXd`guH#fnAXN} zaD8x!-8B~gTcAPE9@b92|$)_(HzX}UoCcu+6X<5B+~HL$w#-&4H^g_^92z=V{9 zZGLPmY9gXKpDQ?5$KC0_&Oku68W|a>si|#`A{Q5CGGKIGL&+QoNXGS(G}4X9KeGYm zk0A4io0;p?32MR0v{?K-ILXU!xu9?L_3mb}UFCWvty2G3lEqo}^m|sQ*FRVxI8y~= zwPrMp7S?yRXtwqw`<^G@4iFLGk=?mQKskyl?>!%f5MUu3iY3R&@^>%vun&ZYVF5G*? z(;QA}HZLy|K5O=NS>xd7VL!$T5CKo6dcb+njaqGF|hZV@HVXSh5)4pvs~q+JI9UuYu^vn0YfB!x_JS-nck|p8O(A+#XK0e;n zwLY#$t9|7u5oSOgPHP`Mcez38CSHz=8O_Y)zV*RMG;|_kXD8jGLJ4eAxSY9sH?N{NjR@l3>m0URUF}X_LrY1S? zB>B&})N)Gr=dLmQ&?X!?I>%(s5$)bM-x`5tt8)fB@z3+&+qT=Q&g&sofeyPJlgKIID*#c=sG{d#nm#< zlgKH?4HQCc-R$i4JF7a7Lql8{m$Arbbuc(*Gbe3geB7ik^vSO8kDFAaXwL8NKh&33 zhU#bLPCxFBtxcCyFzc&2l=iT(3wZm z%_Ef(E^#_Thuy%9yX_1|$qh9%pIXf4{=T;KmHv9;nZwh$x|C1?KP`O*wvR7gS-7e|IV9^1frIQ>UGM$>`Xzlt`gSjsb z?=T1PWumP-92VRQ$AgGJYu3lkZTvxrEHgJ9d7GVSqn7WL_wQ{-v6rh?v}0>7)Jx9V zs&DK>p4#ysB8z7JK$iQDik@}!rnefqrA0&!yE5rTjDy#m;pJ)mwsq|;X2?@Api@W)3X-NR%?$2?FeTVNk ziPzdKG&n3Y9E!Rs)c-sPSW9xbNeuzsR+l}r42LU8jHskkUc^2)*RoInGu1W)_`%+` z)bzwNw!yM5r$*0i6%FU+4XWRjTzy0u%X#G@#t))+;CnP_+U*BgngWk_y%k~kuABY& z@rk5vSlc(gUS#Np4o`*-L)oSJ!K|q%+VA%-CY@_i!x65^n=$QNgJFujC06=V*)AXJ zMNR83JvP4bWPLMRTDqh1cA?j9T_zAKgU-0gvrLL&tB$2|jp@c@7r%<_Q~jI5H6;+^ zQpjK^R=IvY<412zYhu=MoUiD(77@VdO(+#BPl;rc22cpBE#{{#Ar%Atz1V3H?<-EO zm|QghRO8^Xc%sO`2H6RTgQvT<;H1s_!EB-YN?1O{>Wr4hzpMnw|DrGww*oh7ucZNm z7ZA~#J2Q1#8qj1A;tl8D!39Moz4_|Lh|R z$TnF_!`8Nv8XISnv4t~%kN^M%X+;~M4)~zB8yGz6>tv6d2ump7OkmEVX0hpyq5c$o z3;zuh?)mp`H(>)PARoU(VszK=B z*y{`)L_1N@2SpK0g$11(&N6YEYayNPaP6uhVVO^qF11=KG%sT~OWJ#HluIk^?#0R= zGj4LiZrQe(8HLzBlkAeK`9dL*xQBd(+cHZ<9hEQNo?*q_V@ti;D6GP==CO>D%J_m$ z`0U#468EW0grkCHuQXmh9V6lK6tnUJB2M_cJ-ZR7y(|NCx9@WaYi>ZEtu}X5=PpAI z(?uc#2=hXhH8`^PxG1KCq8un*W%<2|jvz8jEX~<7SxPD;22d8NM$H=4ilufY7cxQk z6o>*^eYEr(22*p=yvOX1h)bc`!@#z^E$zMTY9~wYQ;dzIH8QN1=64JKrpd&=RXYtT z`NEa`wdPSg_g+<$$1_WDy+q=1U4md)*~Zc_3vsImq=R;AF0wb``KjkH&d6J{!xuIt z=b4W+8#8w8>0<0~|By+ZD6R-l6WC@Kd4~}85;tVCOP=IgEvjeprV?1Sj0WdtAw}Om zj%E;#;kvVq%Ye~;x2SR2eo4G>LjN^MieXr0N*u4ER&GrH=?Zl)=q|awy#UlV8z96G z7a-MxA#JT-y69`9U63u1n)wtacfw_dKBCOf;Yt7A9-URI&hPyGCd}CnqtC3{Vo{fY zr_1X{8y$eJ?Zf*{Gy%ELoWT8gLqW~ei)mki)n|rYZ4;v#{biKT@MzcRAl$faoLl#rgq$CHgntHrWbx&H2QK~3=~Ns<*`~IiAd+&u{ITdZHV^an2A#w; zbxZB+_%uewKjL|R2xR#4=h)RU2FU}fUMpn!E(61Vp%&fn8O>Xplqe}mQqM_&n|RZg zXL{9_I_h?fE+}YITt4&%z?DMpOy*ywZkqG_mK!Bv7-Ik+6NYwH?hXL?1K>U;d$F>J zkuZ&OB}(X;zTofbG;90GIvmUQUwdDF4eKJm5S89nooUwC-mOB(k&Ti1C-$p>3I24Z z^7!}sz*F#`<70l*#m)ZYwcSNEcYJE^*yYEROmZeIaLEHEMh5}gU}nIIzm8* zUS2GV?4GS1FI;c^fRPy@ZXV>GUwB@gBFFE#9fHj_rOW!-PB4I3e{th`9_6yIlH2yd!qL*GO^YXzxSgSsfZtOko^Z#;#YDqTnX8GdHEyt z#zV@HHJO|#vzyX^nJyrcm&jqOh$&H!o@uf8*{^TPsFFulaRW5#9pI!aQ4wFV2M~xS znXbAA+Eo&uHJ3&7imsvOkv=rVMK=#nb%lURe`A|JQvh;40jmY^e^?H`$fQyq7Zlzx z^aBs}qV@h4tp4$TKh=!@a={7I59ks!_Q(4>JE;f%na!B)KcoG>IQ;)@h;-o{H$$%A zFV)4D#|@m!^WSukziag_zs`9z3PECEn zDDE$mpb` zP#I3`bof|y)8)@_aQLB_4-;@d@(b^%sHi9@8CV{@yqK8)%*&}EA^TZrMnW+3{sNdb zXLNM*zlsSkgWCuEfMCXQn@{6tqfW)AdML_YU0wZ5?qO=Q+CM4RFM(@@iC(o&-@?KI z@O=&s4){R^|CtHH&+r~dx56|H{kA4c*85_bn|)s4th$JVmO5z)d>ZDSCiob6 zy%m%^4c)bSlHzOD&Nfq^If8uF$U)(pZ$C2xu11NS_m8Hcn1cq}PDV#heAq&{I7~&v z_I2%fBTipve>aHKHZKG)R%mELf8(x$8y#s7mv(PD73is7#rN~cbWt8n3k$bitKxNI zrPjZQlVe)=rgTYEw5d!fn{OtQM>1^KvNn_%i)zxb%`0ZT>UA2Hw?13t)3-`5?*CvQ z>itQ53xHq>I9&iU1X%2ntsfCxX)W8;xwusWff2}$>(Nvj2es}^AjD?5{V(%Aw5v*61 zn|Z0JsVXVMv=7iMV*=4ncRJI8jD&iE!Yl~`<@Wadm$-gy5`h?jWFZ9QX^Rvc= z1{*tD*hq(e(Os+}s63O$tXHnca%d;j!n|7%0ki>eGkyg2TE6hdDz+UYL}Q$-}lAn4})4HDNTBP z#(p2(a>`^t$Wj@(T`yY5+}`+&_0Rbv6~!9K@a*f@IT?0G%%^5Y{`O$SXim&%KY3k| z$vRI->s}{rzx|)Vx(x=^Vkwd#FG%wY7!;~IOg0ts*J=l&rI^y=V0ApC-WYvwn@-bD{HW$`>; ztcvAIj@%CZ(;bKCWA{e`^pZ%8L>_kNz7!KhoV}#)rfOyyvocWdmeF8*Xp7$t+ zFerkq`g?}R#vB2$8IMF}S5{JVR;=IF#%}n2M4ZLOx3`ZbTLxiqRyttac|_0)JpdUV5COO6NEs3n?OFaZ zS-i>CWkv#|tk4xcyE(hNKswk6b*~~mfNl?^Dgo{%5)u+q3=Quis68889l_dkoD?85 z)cO|rr{J7r+eC1S-n~-md=}3F$+O{i2uF^$-e|K%MqJkDvg`Qz!fIW$T09gH{iT62 zb&78lxHc{;RG#Jw`Kr1p0^4M4J25`BvM>W$`7_Iwpg0o!{Cn^+u~z@ z^2F5kDSIXFo!#thsOsHP+6bPa5Ukl+UAmWDx@*xQsU|Yp;^E;jF)`VnKGcPp8=@w%x3B#6c#N{Fi39y>yM9^DDVe%Kzit1N5#yw_9~JvjieG`80LY(9CDa1;1Z z*$HZOQQ?CADB&Gq3`hY~tmQ$LQT<&*KBk?+i{4wu9NW>&lkSEmm?KQSFRT?+S!sV3Mjz|CC@+n^?6uNK%AS~ zg~|_%HVllntFHJm+MB+}f))K%1Qw${{hY^V>G_Fq!B=rOxHy+r=WD|0xru@z4&xxlbBFq?nQ(f~vP=S46(2ZTnGFD?R>9%J=yG zvVvzcO-NTsBP>P_qxjpFz1_!CPQ*zw#A;I)`q=?A8jInmS3Wz zf7|!F%o(4xQFwucm{RC)=z`2K0^28m^_JYbpjYbhJM%Td7s&a1>%cr09FX-e#Vrtg zNuS@oi#lVxAiwA;hT*8J0pLIXfqxPKT_0Tt*w`TU0_2=>BD==3_kKz8J|QEox#6h~ zXVdlKwSTkf^y2JKsjH#d?Z|CTBPLoZ*ooL!u=!ceuqrbtNFTHB%a<=cGH(MKF?+_d zrGEkiU-be4#$=tHb3Gw)jy8^aNBexrs(g*vA~13r!P_ZPjM0N^Jq$;!jw?zb{9+ieqA=+yl=uD zeZ&{=LR$HKT(C*3Z`gO|zK0snKLPG;ZY)TU&ymq7g87c#%v7h!{p?btZaYxk_4iAi zzT5X1$)`|gj4q9pEd4Wol*0-f57q{=wY43+KOG`~@4i--+*}o_I5!|T>W83w`PReT z_nF-x5xS$4t{msve(dnvWf5SeXjttd#0qYg$1RChA$?yubYyzEYmwih5XH6(MO#h z0YRjps`SUa4=}#|y)9I|gC5`H_#s8;<3CYSdKSGW@w?Lg-qDd!wmB_@>&BellmWr$iqCcsj$w8awg?KXit)EOVH}py^b?u9fS@!gmv4;4_k;#(S z!}{}Jv8eGRHa}lqqno~cr~y08w{x+%g@U3E8VU;UyV+{oH%MKod<6~X45*=?Z~%Vg z?BgzOO8W8X(QIoKns2zXA6Ta4)_xqwZW>M75V`DId&3J-vp~H(6-P+TZkJKk6{-eK z#<+L#d0)TgH#evJv4%dl3uxTwyeA8DbHSm(Z6^q+mR6t7&BMv6xVX4LcFQG*@ngx) zgHMLq7N3p(6<#O<(8;~%3ap@HM9Ts+QTg_Efr9cWW4!WwdheAK4b$>Htg?6DSF!K#*C*rvFmYuryUAO3S`n+csma{j zylF1pUo34*%)O?nbs^LFL8Sb8j8pgE1fd;sr!9J2KMe4b<^Q{UDeNL_M&4>n{TACurRHN3oey)!j0N_wMfQmY;4Uuec8Z41WM-zx6Y$ z|8cke?*&i)t6IwICt*j}%g8rC0r6HvWQJ{}s6wK6XGBv8SxAA4BG*HO6&de%cdSXO z@*1~lcX*HWCVA7}M_RuGU~wb~ujPjhn@rq9rRdzn6@jh&6=?PKnYBzf_(P-o$M0bY zzav<>YspKWOxE#-w7(c0{3_;{xPc=m^^yW8@;W}w@IiclTWoupWA78M|PTm{ymDP}t=|srF|mw=z0~)!Izu*gLbU)@b4n#bnC;L*v?M zQS66<#=9gf59?YzwewqBTvI2>M4kqsyJrSai0Z zo@#T+1DbdTzOW)_jX z!Uw`wb&->waww>B_fAQidEGrOGSGpNtRi^Qwq-TH6_>_DM6kUm_|;#6Y=YNC)W&Bo zwGMsmTctiRmhzVW4;H}Mtdi(~csAZD-(m680OiFw-_t9SzY;16Dw5C12!6cOG}C1z z1%e^qqC`cO3|JInp|?xUG$Jg{5D2tu5apEDmaWLO@@hGw=WuB8muvH#SOb+i{H2x0 zQPM!UrsLB7>^)EL(}`O^fYJp4%D}pvQ`E=53sKKhRajX$Ix{mv#kR6dQ|Jf0^)cE9 z#_s^9MftdeZ=GTm^*qEE0-go_pZ_i3e@7|)7h9LRbN2jY8`c1&%;~g`NvPfe^5EZ> zFGrInuYj<_Ll8tW3{HYdg$b$Xjx1zA?|cpYAiBk3aqXMw+t@F;NPs8Mn1sf=rDEyf zj_u?-GmYNCX8IZRwS3Ltx+@}{fjj)`Ia3t*?XunP01!I zQmuFD*=!dtRSaZ}u8$o4Yk~JYpVz=!^UEuq`s^h8zE=k)XZ$%HAS-=lMYfpHz!3og^A$#Tjw+eKp4Q5WTXjjt+wJF1tgw?EuH1gQN@FP(xbTMK zlfRcMzR$pZ{UdFku_xA{HJ3Rx$TJ%*!}ml$y;5P5uGav*Q`ktN5>QdNl5>) z0;BLE?ojlwB^c}Ne=0)Z3{Tce``< zH^E}E&YK<54UJ#o)5cgqB)tiVk@Q8;26+a;(IN*0)1v8hAnvAc4-PE4pq-O1*B*E+ zU+y)&6H!zT^^S{2d7IJDI^pGp%M|osmabFXOQ#(_sI5OE(vd3z<6B1e(&JTaWFZg_ zWz47Cq*jDq0`&C;FrSv=%hXy=e|aQF7#@KC9Ou=N!?zZZE77@mt!bP(NaH?-{_j<- zY6^S_$)DFYu`s+0ul$OgLxSF_U%2!^EWu)aa~9g=Pv5OFC8it2@zn)&FVmz>Gj8EJ zD7;ye+xX0?`(n>sA+byw>l8nR-J_dnzMds=Q1`9O$Pxmt(2E5xpWbdQ+kN)!gapga z+_dCn@zsw+m=(AxpeH0EFIN7a;@&%`sqkwTjUq)*KoOBHy-5e@M3G)Zx`eJ$0@6F7 z2!a%)Nbe{}Z%PXgdX+AO4xtz6olrt@HvY~x-z{X0S~^wqAJMygO;W+A08*a^-HV zV(4hrZ2ZfmUmCV~{IJ4Z!yKf-m!y`f{g!zl1G?%X&bkF%7Zs^2;~aVQgJt=X zI3ZJTz0lD24hhy^))F$FpC4)93|?_I11RsiMBmFWv_H&u4y%d34>>F8-a|D4J7t>t!+L>{qCl243<|YQ>aBG+JZDz=Du%d*}Pv;H$;cXWy+!Jcum8 zYJ!IJ>@VIpGEOA{Pen$J$LlXPMDDEA7%9Ik?;Pen9o6yI%WjNe?Nm*<$`#m<6<%c1oDxj<381C&a!RPO7wBv4>*e#a0 zS!b8gMQX^eLqcej+`k;eP0rvUrA5Xkv~K1)<)n*vX?zbD;K` zF@nVNlhwQcv>Rw2p49|!%jJ$W6T+M@|FLIQ-Ph<6NLA4Dw8|$RYW|E_GuZFCOwX>u z_atY_62;)8q<0n=9G;To&|8I0PXoOQQnjB5F61e05wLvgMhM1hxB{DYF%r+~@>cov zyaz{K$dZ)bFjJ0Cg13hDCb1{G9MRWUmM?Vt9KW(WIM1BZRhZY!@e@r0b0?hJQM!@u zwNvvSsR2hKT(9*NF_Mm0obt5~z6a5cfbHWf?c_CfY2CnF1M_tKX?6t?Q%8w8hPI6F zUcryl3@io&OQ)Mqe&9;`E{D=xe=p9G0MI>@Xh-wZCb{P#uTn% zbs^p?!O9}?Z#bhV<-|H9>%~4P-?~fW9cQDQp8I?L?tr1#Z0wzccH>n=Jp=pRSNCjV z_sO}YbRcC7HF3l=)VGn0zjUd;5+Y5f|*o z-F}ChcO{Rtv>rFfo!5IwMT`lnIp1dI2pJ4`iPnO?2g>y=;S zV`uS&tSHnU`xwRb=s$hR9ws;@T^gQ0bfHDyos+I2~x;DvEE` zivQ73Ua5LNG_GzUGuQ6U_Jc>Vg-76JaY5Z!K?&nV0p0XIyLMWx?+@k4obvg{_n4J{ zk}=ARnQDn5jo1e=V{;5rZJp;6U$~UoE`HurqvC+h>xf}rAr2kIcf&YVF$Ir2ocq_S zMxKT&K|7vwKKA)2|93I*UU#I; z3jPx*sSf+{?Ky&6b@8Pcfm~Ol?3a((zPCel`d&m}S6Y@b910Bk$2^h71~)@l)pbsI zzNCBRF$jKj65o9BeUkOT{EyeB32$rZA~#2>6Ez=?rhjx-k-`fpP(^vh3YSpi@+`)% zG;uwc2P`zC?zhF0gJP1eKV?fu<_dj3!wQ%eQwQ(gi3Q#OTCxEe)ZBueo<6nw^I+!u zPk-J-)9+s1CsSXPlepzu$e&M%?QgNQA*L8^1P1CQB*>PP%^{&D)t(J9KtVro;In5$ z67{wH$-;z{m6v}@;nNU=YSMP~KHm-G_XoRf{bCAx7k@Nv5E=gHW&q$uo98G0fR%T% zIcg$QGzZq+3Maq&sOvaW-~8_EWMh|{?(Xg$oc7sR>crK(4EKnGyN!l+cD>9WCYKw3 z`t+mA`AIC$CSCh}szSSt+5`W!;t!S_!&GQQtP83BvpirB)Menka5Hu#@iKol4s9P} ztLm5xM26t6z7ivs{wzAq;^NKCogLaoEkw6iNj~P13!D8DMJ`wRTd>RV(~AK2 zx9;vquYuav49LLkEI zv&*O)(Hi{GKVm3jNTx6@5#6mYh6lu0RzJ0V+~ zYQFM%CI|$_WKxl5%~@D1&>O^W)`YnL>byf419-&MsfWu0E@qONuiP4qc;1%fT2|SY zuh@*;14P{CuX6>)U@ng@&9DYqD`5J!o0m;{m%=(#U3T;6tJP=x;^WmmQ4%`zH$cx& z+m~N(^+!X_D*@Oo#x@QR7|ZT|dC<-na4!JfbVaUy`+XL9u<)((^A9`cp~m6rTWgz> z3O7OfiS$^Pc}KASWjT&c`sSG)X0?1Ci&>oj6O!TkW1kZpv=1#J1HrgMs&fp^kzxyB z_VMGXV~908rzfC~Qm!^}+_l4Y^p4eqiJjE)9s~lzMF2AFBfX887i*$iI!EG2y3mZW zzGut)0rQwl8E(2m+(A}s zXRp)9aJ<_uEWb9uah1eDlygj*IE=CsKT0@ae20Cg7shtpcrJchFcuELNO0Sd48 z&eXj5xFtXf3~1$o{rT~RjunXxAnnmG-ws@K0A{&=2RK9BCnpnT>taGc%=~}V_PoIP z>Z&g_JGU1ht+?G+{V%)C+BOLFeV~U)t`Q`&jp{=V%}4&SCclQe(Bq*kxdqS#u{=P3 zo4~>fb`7V%ev=+gIE-!>oBwQXVW&@!eZ9M%B5C5-u&W(^Sep+LIV#t%O~;+ zL*Bn;W_kjc5v%ts#sRP^EPZ>-SVVpoS+-=AB9v;&jRzf zvyJo$4LI?Z+9MWg_O;dcI;yK`Eb&7vQ{x-EmRxzooV{lJ6X#=Od_?C5iXhrajAOCy z-#JyTGJbG->mpXL|4EGpRhad8x55qz)b|K^zCsOkGA6VQs)$G&4D(<_*vWV{<8w}K zzhbZFDiur*Nj{0e7p`$Mn3z>qg;mf8ZB>b|Twyb3b&->{+HD*23pyg|OhqBeI zG}M1`uOCN9O!>;Y*a;ePRnpW~JgmdvN2uoWZ9hkQQbJoVD&AKvYL4TXANiRuWH~gD zFIYe_Z&Dg2=QWgO?)wc288VbhBg*F`By&R4Ap7nn{=fUSNyUgCn1x9 z&cz++;)6fLnu9!P{bMZCcRr~#mQGfv#)OttK#Z<>E6#qic!oQZTIB$GG^Lbw4f)J z6UmvqI(q`h{d(eUm#WqWObzrQuo7+IB1-oWS0sK2O1sd2(z6c2>rzMd?0ifQs&bH< z07pMU8CAz@X7#s&+X;_vzv8%s6}oVLp`0hgQo7sj!k+yrXWRU$hGz|pcGZHm92{2J zqKw1MJSj+d8`0e`XwbP|!`+ zlPyIN>YXVHCG9t5MyfE;faTMI+_Q@g4Ay^+sJkTBApfF4uTdl+BEJCk?MIC7x-qI_ zJ_Z$%BPlc=JIf(&GQr??bM$s#bG)EQw1POAn{kH*>Fzljw8xZ_rr z@i55&m%gElLG}E6XzDnXiH^2snNjccB0b7;!~AC`qmW@isVkeYjo+~idbL$;{!#Ek z%_)Zb&A?c>!;BoVPZrQ=x#S|2BbTh095f)q|J9Z$L*|xUcVb<_CuKA#%I9fE{ z&I4ZGPOE~33nej^T@u2_O+GsW4WxkE)%j|4^&&y-7QS)udUB->zh-=`&V~5~*`c1& z_1C;kIgcI;)EaZ_27pvW=?|6*f zXROH=p=G(%_A?_w8q<}nJr6r@U{5!!8-Ll7gy*7+QilnhtvNv_l>$H+&Y0O&aCoskJ=X;|Ke(h4!Pn- zc=U8a^o@|y_C5J1zzFWJgR}Gh27sgBsjPPUK2H>{1YF`p#0MG~ zMXkc0u4sCeT6z8cm@HKo7g_ipgP(*a`gR}{2Z=Mjul0V%3IaOLWg|iHUHp1 z9?utsY$89dx<^KFJsmQQS%y)v6KqLny%{d`4oJh-bon_Pj(u4Fxj*7+ZrRt;N*ERL z7M>aRe#9jHt>%jGlH%QQ!WXV5$J%oXCB%|c}Mgxo=L${)j5~c)4 z?>5zkH|N%pa7-n(y2v=#XUgHFl0^*6{m-(H))+H=LF}(!b#gZUl#Y3A+NI`+Dn%L| z%Oifa0`ixX(LjpWGxeJr9lv?)`anc5pk6Q|#QH>G;>lLA#w-7&8)53Z(`pw}f0GZk z%x(32^dOMcuJz@YHDnZ)`a6=MmJ)j4r<+~z0fQmr6|_mHtjj7j*=)iS@Q3!8j6FJI zH6yn{DZ8k+sUrs;55&2MG)Bj%#N{PB3Y?NF1WKozIyVis))Xo~S-k5?g#hD|%hjTD z#snYIi|b3|x8>8*or;4|+w( zf_)2(Y(MFZ%p3B2N_G=#0_5~NXm6?i4S)4 zu9G`cSKgjGn&m-)0SJ@>c>Y{?7}4=(Z)!*F{X^+K9G?Z=c zfTwtGEj=hy@EEX#RD4MHp8*>G83!zBN?%3UK~rn~cI04oM7L*j_nhY*ksb?RF0ns< z*&1)P)zUg>zkDiC%4+3`)Llr02(q9e{V@Tbq=L8hsr_bOTy5R`rByCt`KwL#*Ry)f z4!4T?)Ld(Jr~RQ7s37CwqO?aQoWqQus2$+`A_K+b_#66`=VH0%itrRyit}fmEB?|T z57(C|D^qu4c5B>S^MpXWJ-teKzajQ`B+F&&dmq$a7OqtAd zp2!dr)i81kQnwk%w;rb{l$PZO^Z-SIO{^$k>eYJKJCZ&KT z=6jc#wlY9%dGxIDc}cC)c&tVB66gl}?c&nhrR5W>Xi6uUDwG}&ii{->(&SiO9(YiH zL4I_knrW>PvEC}%N#dA6$xIZ(3_NOC(c!u%IfBWYO zvxOnc?=q%ylSQP(f(aQ<&vQg3R58zZn_2z5FHmP;{d2mly)2dnd1YeGqIHy4IrfFT zby?)S=r#Q*en<{@{zJxvw-N4i8VJ~z{%p2;h@{l28gD?+H;d8@uRO}Q#dg9V70-%#iC8Z zL11GN3x{Z*I)<*#{oMhb@f)5pmvt0-JC3vqQ*n_{2lgJ`Lza&UFgD`Nft6`L@@R*( zv)Z(5-on0~gsjQS!z!UTL#iM2+LIqPueKqL16~>15txUCJEEVORpZ6jC$`%L$%;tF z71f`zH!Aqo*TWQc2Os*ytjxHgvwyZ$$R=fG;(}MEYZ?=0P5Rt}s!TytVTJx^Sz{Yz zz)J*7t85E>ar%0`^=U=k@WRATfCx98J1%_6u$~R`oS-~XDqm5CF?Vf_dBvUhcm#|p zV;=<=y%)Ty|7v)@*~#&z`a;d7aj352GiNa1_MEEyb13rhe!nmLQ6N}nMdj86n7q$6 z?$4JUo~%V@zWco7rZw5v=~=@W?P>*EGkqW?{)>O}XbCx1GZBlhD|)FsPO`8>$Ftwf zvK{;6m;KCKRHxpCk4}ma1x3*Y-ijze@hE_3jsp)r@juOd5w|lxUiIz*Rg#py;{rHn zV>d_ltD3a)_H>z%%1h1mjnaD2aG%ER^P(l@+S|Krf}e3u@|PxjKp@ID*Z&dVi1q>2 zEYUU_7h3S5NbK40(2Re0?|@@rc9mdkTP$29Y=KAV0n^D=*X9OWvx2jau38yv%(Le2 z$10Sm7r*Yn%>5sjg0du3X*AfN|uj zt6cEJ+DgF0utFfiTJvdzbl|~mO&%2XBy}CqxHI1*u*pIB zxhy^Q4$jo$VJAzjZ^6NK&C@!=Zuc%{a2RIh%h3jl3-&Xp?9V9wfO3$oRH$>4(_J*_HC{VGgat&&sEp;_dW>?3nF@IrYZ-s5kmiZ2T;tw zURnF_Jq1I&T)#|dlXK12Ct6eEOdIVL0XiU4)RydWc`|AYHkbb6qDTT7xuJgX!!Xug z?2chLIAr(AhBCS|H76mAaVS4Zoo<}2R6i$gbI)G4eADoSAb?l6Nhk1OIuq2M%GCq~ zml6k^%8%%ghPCIsY?SYf%A`GDj7M-TZWci!hW_kzIOogg)UVqu#Q(Ih^>l^Z@Tg7a z^M!GSAjF%uuuDbCVn})jH2C*PV6*sYv5=I#h{)8Qibu&lbu(I=s>s`RA~FC|?R1D& zA%B6|shKs>*lnANDhWboWQ3%FN0Rf*!uc2?*tf zr~c`4?rDa35`~ZLioY+U1L{+ka+vpmuZ73g;;o1Y;WA5@f*M8U`wP5`y)t}K`0K4A zKbkVOF(tw6MEW-E1V!apd9}!u!*AGJ*n(t^*j-deoWJ-zQne$cL=&y&ja{SBM{~A7 zoCXh(p-lLb?#X7xa|ok2Px#oE(=`nxJZy?7030SHSKr+)S6@Ew_fJX|^9Gtr~B| zaQpm|D|TPPQ3f!F(_rJ1q})x5=jsuM5aDqKy^ zo5Cfbegov#m3zy7$bl!xc1lmH2>F{UHYK+G0m$iqk7XYW8SwVZpxeq9I`#38l7X7C z!EG8`5Zh;QtpB;~l8M}cS)^i0SW3?%4?(+qUZU!vdjRZzemYPa+%iuy)RkuX=2gbf zBw}E=1_`Qjcg9{1{1kHU>Bf`iT-%YISDoF9A=8yX|0iYoE8hAUXj&rP# zd`Z4Xy~lzWRO^*=?@VF;sj0|zlI8Z8BjSyJK(oeZS)wwO+mB=6!GB#vMRE2KlO3s5 zX%8Fu(s*G$>69KD?yNUBYi!xAYNbl51Ca9viQ}7|K%6YG?TG~h-bHIxJYUIy*}V(; z(B2T zYiO-dk!#hLw9QL7P> zYX5bAj~X92%@9-F z6!}MZjg8z`k5;LXV3*i_0%+=o5x}IOGsQOXMtZzYT1U`~@?fdXovEG7;PBR7Mu07rqP#2vk??}XcEmntx?tqqF*r(2saKxEj;)uT&-2{%UMn+otHjH81^ zt^8405LU1e)0E2%(4ImF@MI82iqba3?qC{6WZ;Y*Iwv;(ebH%jq6g!S|3;R0S-m9A z3(R=7QN?Sv)}(WN7%JnpFYwSp75H19{jPX?EXKCt!X94jeHv`n**DHcP@Rb)rC3g6 zZ=?*lZO;~~#NPd9#JEmxmDdCLFaVoM6J6#T<#8ZINUe{sT zU#I9In8z=32zns6`vytx(Ftr2fIH+>wz*jwDdl4S)WjSrE96bLRW)3OyKKUtWid0)y@M9wt{cE8q6n6ipvtRmv%D5~2Q;vVO;(yKYAqcQ5(MvLjUhd1wFx#)|?RtBq zrV0uD&Ao1o_@NFsqdAGOGE&e7iZk0i;db}+=-NjPnX<1hJ`%%B)Y4{4JWZ0}qI2gD zD0AMPKIE4RW~(RZ-d5M+C@8=F(xht<_;u=Ovc(a7ZM{l~!!}=fP6<8{s6}vx@{F-` ztsxDv$(LY1UO5x4vO79j?Q0;JV6QE?=qS#MO9y5X_}QuTmP>l_4V> zkKP3IrAg){&Q`>w-@@f*R?kx&f)~OJ7xkZ4TI=0_JCs&wPuPC)_GIjsRoPL^YodQ( zz>A2(LRs3EWR{!=7d73>`d$LKin?E@Ag2wa3|o zeWt`&Y)<|CP$frQgG`;tYTk!yfa$uBH28 zyZJ*j!=1~S8jgXd#blrEc0+$>{sO2Xz*?M9d&wr)X9B!Rq1R=$-P&oM_FwKIeY01x zGmgW7ovT}LRHBW2GX>q^wKP*H@>bmeH#D_+aDI?pziH4Q0s?VMIzmi`GFRsOq~df8 zt|F2MKrI$8@14mYN}&VZ=ta!d<$qlowGjLt|DWMm1Q<(WhJRUQmywo$OuD9Z@^W~y z$-T$Z@rEpq6YSs%K*z6XUy34T(H1L(1MLdMB4MYl9LA2#K#C-jysf(Jt+7TjG+`}zE>bgAIIWgAP=J#PxWmA7vF zHX6@>Ul`lK!(kRHec53?_gSL-bu$7J;19|Esh4_e$q9m9JWK2&3Wnl1n%S^ z*;c9YR__{&HrGQX8a*W2*6(llco+fa=`+J?FAp%HB-$E&xzq||Pxqe8?ZP5KA3Rr! z<0hO$Uk_$h<+(TdRS%`-njIl%H7{yB+1S%|UmSb}eL55XI1PCvQ~%q3KaUABQR7t! z5=Z$47R)9rL@2oqL0{^zA~P}l&s0pu-7|45i zpBMT5_C0lW@u)R;f5z z9z_Wyvh7?FJdCHw;fd6P0yxD9GuUGzZ zCno4~A8@^ zI}M+nRF~O_w$Ij)z1dx{)lSUI?ypLNyXKi(dn6R$yk&MSPHj~fa}!9LcN1Yk@Mbvo z>}B=JV)B|ISE2#jR4O35_3?WOSV0S70hx&;9&EeI@Ta>p{^5Q4itRAqm=2}KF3&~lFTyj|Y^rHQy?-%+oTNje|M^{?@Zn= z1jiiJuWTfZfCckAR4xuAmvu9zBPK-pD7#F~=7%w!`Yv31RfvXVTaQ_ZvN58w0s}>vjl$H5)YlW$^#^ z+|~c)i~ql^xA|=_QhGg;AY}#s6@$<2pI!f(71jd)zrtrgTF4F#yq$jgx=85%MHSG> zJWvjhnrGHa=m= ziv9b>YIZXYYhFP7lQ>37raxD1+!NtSNu@o#9svVvLEcWEUzb}V$yM1Hov0O11cJplh%^C!gmyX%fO;8Fc}1jqSD+T zPy1hmz@5hc*A*IWXor@q|M6|Kzi#7O8ftZF$14sjD#Y8*$iKr}2&CR9-1=?Zvcmk% zU%rlHUt)6qv2_1_cX{_4SOAb;yAGk)&}tBu;X2dSkav?>i<{*(Dg025N^<{d?3O+(*tuqSl29P(Pt^26K`HUr z+s${Aw5A^J)3ZvotCy9Ai1E!|)$E^r0BY&^5in>y8yUTym_;3hI&6pA#P42iId8>q z>&sP*XmRTl{uf9}6Hr$;{!aiVSZq9NKE_vQ5)Dq|J^?5|nL(L%j;jP}4#c1ZR-xwQ z2|}`E4St%at%%l_B)6AiKP zJy~B$SXWqu>d8!5^8Eae0{gDgL>-XCPqWq>Tfp#L(^E~7JqHzhl9KLOpT{tQUJxAc z;Ctp9b)nlRhQzI^APTtH>Rn7K9%!y;_NMH`f`!y0u{r*sR9kFzY-dQbc15 zunyu1!N}UW#WZKC-7T;vM9Z)JC%HY7`d16L{$%AV03qd#o`@m;>Fabt5e4yd%BZdMNjpjAs?zGFE7=rnoEzk{%Q{p%BalFs))!t z?ue>zc{y=7Xl!Tz001W`A)*KX0GIwWS4iL=3GUUgG5|o@?6Xl?cknkw7sIpNzTF`b1(uev(~TSUawf&vuxN|6+wkSP zOZzBd!FJcp;`?d8PgTfXMh-ibg5TzC@BpoFw0Ej8-A%n8L1f3X&9m>k%2g-s^+R+d zC*SS7-u-Ii_rdjh@RY(SSBZYS=QHU_MKM+gbIJD|J@VcZP4Vf_^B3E-#pjcFIGi!# zCZigD?fR{@A?b5fbKj)Xj?bu=QO=UR$v=95uvRxiM*3Kw3@YoCEV?a><1iyK{;W8! zG2d9Alz6=J{ z`{=Du0)v4#F?^GSS+ShN=_r;-p7F|t$*vFR$R|Ayw1zXw3cD7nB0RS>j}#rZ^-p;# zicI&p(UMHhwbN@2FO$dN$~J_wcbBCN8mlq&&TE?O`l0cnPMtm|xp+shA#Z2nPD&8e zMztwx7bZ^=InIX3dDPJawv@!o!$c-#%$EDp*5?hM@ePK1Q^k*p&es}dv&8mq@uMik z=dq1xk9Sh53Oz9>cEK~D!G#cz+N=%q81z;%?5vK^IR7jT08Ilq zmRc65Lt_8GV4BfH=w9Sr&w8z3LZxdKAZd%6R6dOL5|}rEjL_d&lZqXZ-maVxcl4;!Y?8^xYrAC*yRXQz*~P!3L76+ zjh&+9D*Jih^&ip>vIQlMObgB4vfbY_K8d>zT>c7X!0EM@&JQd#JR4bWC40mx`;Y>6 z+>6YD$p`K#?dEYAUhYlMEOJ$hlltE4KL;HD+9l2Qbztd!URzhd=OiQKAO1%P!gn%y zyQSZf6GfPPg7)3x6eB#jCNr6VcCPKcua=WwFrf_XZr3tNHh{F0Cf|c)K!b{p3VuPU z*q3J>?5oHS&2^U$RfM9NSLI4{4C|(p`N}4uTZRu0`&zh&Ma3kS=rnc`v(`+|6^AJt ztJECHT;woXJ0IlP;`or&C&w#jnhpNwBm)(T{G^$Y*P@Fd>t7y#5YL9VUOFu4Vkk2!&3?l>-N`;qqJmtH0+KfOI|5LU;C*Gac`hnGV+cajzmg4nUUI9@vUgd63UQ-mNiqnPwI1sd z_mXEGfOh5^_q3Fd*)*Fgwm&rXuTaoF$aw64)zunvx3quR zb2}3iWeQX!IG#!E)J;kZP9}kC;}cjsbc|OaA4<+2BW&z8La^j#^ULa<<0>9UEQEEp zNnP4J5P{-Ylpa}9Ot{Nx=3_*RkohaI$08q%8kD*-RLX}f4qEuG2>WGE5&|c}*T4MH zFKBh`j?Q{8>DJAUfUF7hkuqhRH=rH_ipMeOW0NLGg|9FI9+ifZ`4&YO#QZieffFBZ;+P#TeQCU$*ThdW8H%@B+wIwX?(Rz!)WP`c*@N zURy3gu^;3h>a54s&ittHzX%PfvcPhKNQ@r@;4QQvX|jrKS!obM#r8}oA7)^0H+lN} z_j{OjBDcWVt@B9V)j=Zg@wC&6xbh)^7iACew%0X*ITCB2myKU>y}0dTK+^(Qf`&sZ zasMIXtnPzHQ8(AA#vM4ZDDC2yuBv%j7J?5@xxzN_S-=)%Mkm8tbG91#sO$S(kqW*A zhU5-eUvV$;u~cfGsjj4#Ef%OfrE+H4a!WCtd<3m+V_x22Muc5;Yd|cYSr)mj zQJ9ke(qL(m&qy?vYJ`1cu?aao#V1fB!SMK-I#dc{Iy!#bj+Y2Z<`2ebU7y#(JV27h z7gQee%N*zE2;_>C*V4$k2giI?0e_^>nu6MtVJ+IyfB8O;%6tmoCX*n4P9k9X3yd-a z;$a6&UB%nc9agPuT7n5UZHvSu7D|GsPUq0GG&r3?nDL*#^T1>t8BgrkahntvRy;&_ z7|83M1GEXO=JWx0rAjW0F-B%yl%UNLtfo0T8M2gVqp-Zrp0+nOFfd~2&ZfR6w!6~9 z04}tZy^{>q$kSMXR&kGg&)|+BYLCALbRdjfd@ND(sE8efr8AntJn6IQR6>azy`5Ci zuW3u&Rb^oC}bHud2ie+GQ!S&(XckiMXg@_Pglyg`a$pd3-pm~V(s%(xL zwZDbHNoNi6_>W7AEF;0X@ z_Z^RzBFM;g<_K`KsG2ME?WZq{OhrSYIk=t1Ayg)lk=;jN#|ATKRszg~AcMpSPl6Q$ zSEbDBK^yxpGA7*8GZAMSSV_Af7WxJM4#8Vb_N?O)aR3Ni4%R(rI#IFk=y8%9?B8#Y zsfrsAa6tnh7{hB9LVN^T0xr`H{n5$JD{tQ)L2oY=_7Kb7KVHutaIx{5ZAatN+Bd`m zJtBj{cGe7P^|9jh-q5hX*h%z*s$SqXpsGv*h(o}w2&F*2axVm0-?2uBoqw@V-yqsfAHI zT_s=|i~Nz$I@<0)6%pH|muijd2)p6@vkL^I;3vf+JaJkOV8IA&qwbvO4E`cH@dAzp zc`hG+KqL}F1}G$rv3Hn@tJr!9mk=M~hILe95P%M)&R47lDf9Ok7(HcGBLE^Ez_tsN z(=Z61vm8M|1o2>GJx803g&PD4*l#urAjv$(J7$Rkj=qbZDwfFT3)!&5wEshMBS3JQ znKY}AO{l|^$lEhk)5iYrcYy*eapi!))_@T0DNchJos!U*vOWO4I(>l*@v0}Aj=W#q z0nOhx0{`9L+iC81GBJsnGVv9GreNnm2tEv^M<*tnro?zw4zc>CZGshskH<`;^>DDf z3)bqP08obqL^hNfCa_I}1w~b9y!WD4!F#R;AxeI+1=%x;Y#mYlh#E)DoDM0{E<|Ch zN`+A9Gg}J)=4Qg5WVZi9;C9v!Rc3G$i1Jgt&M_83xBwcc+UIz9OX2jzv=;%iz{}r( zhi1~vC)8yatpU4;>lAo|KYX-Gzjj`916D06zqZUK zEENKjX$owVT$rp|O5I^L8kj-dBOv-Hp+w(rTOAb$RF84=nF-Ev=Irmu@*mV=AT6=Q zoj{Ls^V#_j_-zc8iJ3K&IUF~BAc?DFwn4L2Sr^pH*$V_>Kn0p&5qHA?3_`leLYo!h zOd#?KR34}%+{mE$jtpT*6hi_#$*fzD{4pf)2F1iZ*XJ{hiwSS5eKARxC0V1U~RA!KzB9aHa)QW|<4_o*-) zO*kV05LGnagZDThAJ2!Z$3VQE z8^1!=`Pr9Ma_SH9+>YX4Q!@eyQ2KuF&U5e>xOdPze7ouurg?0>86o@T1R(@4vLow} zzS=qJcSZCqkA5?K&2>k#*0r2>OZOnmelx-6nC(yj?nRNiY$ICc|u?~`ZzMkfqj<#giU@Lx4|Aq73QL&VVQ=paX_QS-z7veG~2 zi=;+`A-m=wK9%c|>qLybE@MeVIZ!0!sw&9D8M%rA!w?{o6@cHC+}n~R{eR_UUf%LF zD!rvvV|8^TQ4~(-kONF((y2m2!r3gwAtvzCtpj4*9Y5-pET!g96-eOJJsR)gqw(BC zDa=b7XWs=Dm$1t{2+rRnEHM5)!mF4kF_D-j3Oi{m-plvqqEKxHMw#Gl8bt4EB{I4y zp>T!u8jK>6MZr;@*z?4YBb2F!7KYE2nuwQsvhl@`Sk*5m^Q2a_u?=vw)F_LnMskL3 z^*nE1^+i`-(pw80!OB#Pr{=CWGg2$jtwm`wUAqdxIuuCGvkifT6! z7Ez&UV6Zx`op{n2<1_s$Yx2O3=Nh&J;t5V=>)d{|r3{R>3v$Sb#tZE9@WV3F+=zSH zQ1gRxn$>93E6@^<-k62PaF0BiX$_&sidxL@RZGW>crX`4!3mCBtb85f-JQasi)Z|D z^*%DPXMit)B}Fg7A(c)iC&tyb!siY##fh_1Hxj|fhMA8jUlLKSYw?^pOs`XLemOmF zhdyp-W*R6_YzfnA$I+kC#1YVKX>y}^DX>IJdH;1)13mDeOtfK-L=zD=y@h)6`q3AR zQqRC(<*VerM?De{dKA!#%D)fsn#O7=D3vgm53u9=taX39FBw??{2f}4P&Mj;TVz~{ z55*5|ReZWZH>$;iiMd?TB*}&3Q-&1@v{5`gZJ5RR+cO-Sg-&PK9@$IAjuUsDo1;xq zorM}eVABc!2jxZj2;_rL7azh~GM68sF?%Zq%)FQjYzFh0*XO#hLncUvnP-{q>ScOM zI^9$hgrjPXDTt?!T^KlP=Op+426MjD;nn5fA1~8N2QClJ)wPGJu33N8R}5i4-Sb2&2#E z%?g(fADBJjUkLNqKFu_Id%aS&RMLby~ip3|Fvl+oC`(}2-25LnpC;YlBc#YKo zoO*mb%k1+ojbqIn@2T8^q*FR-&okH`I&_qkDP0r- zqbo{~il#@QT7;bC$@J&`d0Lm)}HwlHCmb+USIw_n#|FQ=#OA3 zq66Sf`)iwfz<~#U6j>!Z01B2{LRmtxHew(F2 zcxpckbl@Y=g(d-`WZ;{k0r~o7P*x9b=Ysiip&g?{d3zn{d6sH2;Oxh0OcN_splhV& z9mZx3RGNq?Y2Bi>AhqF167pd|Y8CwF2DK*f*%gts_f|-ySW*ff_h9L2?x2Nrl1((v zOO&8*geC1{zzUnR;b3t`-HzX@rS7(|GP0v%tn!>(rRL^v?>y<*b|zYl z;OheQom=6e%-8+`zAMBej~b9SqT6Gb;;izKy^|Hc1kf;(q+2>_+y>b`ily9mhp;&N8;@mvBin${;+DjSc!&A`=xVY8YsT*`7)^bPe2n>q5iPkeaDC$>D@{VV=^*8eFomKV!hPab z`rBo(uu*{K4Jh8-#wu}?`1dO82?DgymWUU1qU%S4=&}8Zy_d)}M!&nE3&2V#gp_a` zW8VM&>O{@qNC(Q+01!4l-!`)^I}7nx}?uB(iN<$@d4zD5C#XLc)ZdF zxm)8|3N!-N*Mutt3|L2kFajk#doFjr+G9)URB21V`8k9Kvuk_N0(ScPahO&*=9w4S zr5fNSO?Q5cYP_Z{7&`=o52wFNG1UWO;**I#HKKckJRi1ZlJ%;F2|TncJ=qgcshN|g zSLLcO&ocE!E0L!n?=1Yj5ml8+Q^?mXYN&#o{Xz*NrRS;EzQFKZa_+5_TEftURb2W5 zVhaY{HO-j-6%x}X!{q$o8J3&-=6l_TX|`6jH}b*)QCUUIak6V} z;pJp(Wn+<8ml(ZlaqHKW-bjJi?Y6xMCzryhhC;J2$b z^K_e}#$_SG5+MUo=y=E&$bg4UrrV63XFWFf zEh-98zv7~TLfbUv0uSLwjB0#BN7VHTC8$eF-l;jQR&8v6wO}j}d`s6ZYd{F;3BzOS zzT~u$!qgba4*WOyH5JT{ZTaVZ&2W;{jxv%g)IZPbxSu!cw0YTuV%lx_ZrhF8OR5)#Wwi^T6W$dZ&*Z1lra|D&p)R6&AU^AIC7<%}~Yby(-p` zsy&Tzi!k2I5=*>u*0kZ3eRmNbStHJGo9l#aMhX`2apo4E4P!hRWH}P~$$V zuVJ70r7h56S?+3Cj=q^<+Gtu$E4DY?2W0-9`2<6JLnS7eGAer-8*U3cn>GK1z)C+v z`}>54#D`T7xiS1z7k%2@F7T6HiCdTFuYrR-ymYv28)N0GdHdaoLsMDs?=t}iKHGFj zgkI4nXPel$A!XU`FK-v$;m07=re(9`U+HU~Uw3y28#}*izI|O9zU)uBJL+HO^S*5l zjxNDzZkWEKOj%_rne%x)LG)$7=x4neI;+bxzW3G~Y@oBh#U7H-%# z97HJxnwSO0y-W9Expch*XVd3w7-3N(T%)6woC0i-4?%JuY*e{V!YfegTA$?ndn{qM ztm5V{V(!gWAUHLQ?Fr3f(MTuTZIn!(euH}Z_&s{WrL;fT$irkVHaYAmvMVz$>CEsf zTH1Xi_&ReI%+h8DYXi$y%PvV*e4VatX`Bl8pgbU6{?nb`I!XAa%})h6WO2AF$Inv} zz{K6D%X2PgPc|v;jf+qXef&4cHU7mZHSn%BC?uRCk__3Yv?=^g&N2N(u>xyR@NQVW z;Xs@jzgxtfha`sEB2Nwc4cuRPZ_pATDH~4yQ6n{^h7t_Qr4}Y@2(lB45-_`L?{17_ zbamF@T&PIaMl`E4M3kacR+CVuh~JY6LIh)+Ryl!7zG^OWu|@4G*@|0qmK06Up0pSS z$dk+omJk|{HmabBef~R`&!vp@uKQZZwttiVFtHRs*dQ!VwN+voSi|%=U&Z=_uAFVo zhcQ{Ktuctr-mxQl3Q(y){LXA{zDEs?o21){M}z|QmC6H*6lR<=#9j%YD0Mgn{#rnc zT?pN#v9#P^bjGxEx1mEm=DSQ4DUy7T$p{T?MxB4soZqaCf9WslRQo0|h z!LmZn3C%p`QkuLN0F%CLwObr;rc4c00`iLE@B}G!DO0l+hS!g3Vr3ZPeQu2?1im6R zqin<1v;Nf4$=~#kc*{nN$d!&BED9i_du1Ut$?{e{kL65Y_%keUM-p>z_(-yo7$FmsRv>!jui%C zYBCQ5hvR0@2?K9#rVb7|KF*d`d$!rQ4{i~bwyee-S)A@XH;*BVZR9wcQOV4L1qq=L z48y|KyDE=uMv!YWFbrj06xGw=%_UJx;1_^@&0Z-mC3sXzDeu5fDvfR=$=7@q7u5`8 zE&bO`K-1Kt7jmOH1q`^DS+p~w5$sUD&#fj{d&Y6T9HT{zskt&-Z#15$fO-5=)gpLe z9{7B68v<7fNOfg7+CVES(?ZM8l5_j8sqyJ%nhYKhulEo?stwzaCZx?BZ-kR75Pf9xF%R2PW1)gJ%sDhjcn6YpYYY?FK2V*?1%1`z^)HKIjoJJm+TgM=5PCy6jcbp~5 zo-+wytp%(N0)NZ1JV|%}(+zzQ4MLskd~_0=swK`&ncF{AE8o~bi^(mL-{niiY0bDM zKuryD+<8qEx*1j@Aw~2}pI|`)CE{`$KK_XL=r#Qan(7b0DmD$`om(1cW~@;23Z)VX z57?&Ob`CR98FvLt0XQD(re4jOZkxQ@`%&(iHnjyQSJl#xj)WhjOPh^K$nH?0?f8A9 zcRNZ$DPbek<^4D(xj^0xpF<3)QHC=i6!gxOV{a$=jCg3-C@j0r37Pd_*<$l$=u$+O z*}s|?o3ymol>%BNLFLy41eYrDZ5@cdmw!7X_(6Kf%8U80I( z!j^`|FRD&K-lW&N3z0y~g}y~&s2+E6^CM(?+Q|J%;>KBXQB9ECHkHHXh3IDfngc=v zO!9VYq4j1+RVsz!yOiJ>DWI&}pj8t<*O;<*h?#|ydPVe^if>CBQ0(Y+Hdh-70Ujpc zhr(rCNJ8s3>QNA>_`OEUyX0(Jhh8&^w^sVq5V87m>6#1i_p_s%Jei9}K{}vtWolkeS5hLviPey1`J_eJzAt7VW2Hn+R^eAdxRbEo+1FO z(LtC-=&RyF>rr`xShVzzIcHX`$%=l+^f$a4LCjP&LDq;)tTLWSse!X4!MWdA@xAf# zpd2zBI2-G+92PliyX9rZc?seU)$Zi{Dg2M8#$mIV)w5k^G^+AZ8k5Ih zA-DzeP>8FCKTlX=(O9L{W`7i5IM=E47c8m%s#{7hnM#h($Z9G{KgbF|%q6l>xZk}d zU7hx_@!4Jy$^6&MSsRM7n1~eugaer30XXX#{{}La7B|P4(DH0WRbwCfbp1?GbnUB6 zb{Sl3%*;ZM$q=92`*#K>-XV;@`@qgjQP^0O21enpHF|mSyf^!nxGk2XRP6RVA}^K} zA*{tn3a@q5GBmsl`RF(@uJROfeN=wl8d=_3LW;d~u89;`(FDc~Lc?7w5=6%1kbUXE zoW}`drIQdAi;yxWT~asmCe-`cur(3W5EIHTIzEnNQ^DqG{%(bQa<xf%J~7|<~+R-p3@w{MyS7)>WWv@ zD!0MvbeeBip9uGKS2O9I`Z4mh(%ljh1Fp!3O9i6hqzezIIVuWcTF1@o+R=6W#dmVw zvVz09sQ((un~H;4&_AP|Lo`$XXc*WOwrcgDxQJgLy(O}K@E{uM*(wsw2SQ4yOES#a zo^PbJ5)#EHbwe)!x2~cV=Rp@@FZrquEq|F`4C_uD*s9ewZv7$ANr8JMveYos zi!7+vjTYA@wWp^NIBf_te1Y{*a#MYes8QrFz0E|Yxh5v0IJ~pPzu@|MdG2F*iOeWl zi{}$Gv`Aj?4=9h!>A{R`KY!{D=6D4_R+5==J%k8{CC(u(xOlVv3dLW+VM68ht-{Q; zs-c`iD{MBC`kAc7@RdOPjtxoh7C<=B*%KP;#PS zr1timlYxlbjQAuf7yyc>fRt!yZzl-SELy>#v*^n$Si%xt=c1`u+&u+bC1*iX2Sa8< z*W8?CSg`_Krf8)F(+o+Esvrp}vieL)3q|_;EDj6`iAd;wa_{>Z+BVKP?Qzxi?38_+ z=|v)~JU!kx2 zvy1}Y`(&3P2Dd6X8A--dba2vW8<+Fbqda+i{qN)m77=eg0y~i(6H(25 z-Bx^!^mShkx;)cqyvgt-5{p+M!Q(IqucXzkv*hWM|L{Cr8ial8?adcM@ z8o|Qp02KgE{KP~QP1a{<)O2cXqfUz!a%xiMC3M*35!mJ9ql8pv*lz~6@JacLTT1Ws zQ5y53p#}Bxa!;LD5ws0hZd>pZ4rLhGK**qSD{-htDT*)%9X?xO4apq+{7<;^&G69;d)gdJSA=#x6MEP-lSLYxv%EqpI5>p5%2B$t~rQR z`nhJh-B984kH>;alqUP_{B*vgMz4Eob~bO;JcKhPk<`gW!$UEC0?a>~)(741;QNFe z;_dsQMKpfm^3@K#+YLDP*`Jp0ronUi^!3_b=wS@g`6RdDL91}N8E6=eXVRZnnAOIg zK)}r#UGLg2=r>jbt&KLHNWUa=$J)!Kl z@k3hl$X@-Z&TK|C_Oj{d@zW$?UiUH$&)dSf189z)-JR(>54n+A`n77U%c_@{2ZzfN z5&wMiU^Fcerz=M+$PZ_GQwem-2LNzWgF7cX0k`Ilbjf@4On1Q!Bd+(x8mtM%H+$-` z5=2N93YXkLkTJbUjY!eY)hKByF6{FXD<*2uVs-uFO1YSo9SchU4S@PQhK*wN%3YU^ z@QgMbCc6o(pWHDKMLe)IQzwanPA07L>pGKnvG4!#od1A`ArpFbP0*XmP-_JiTVw^-iL zHRMA){5(4S`6X*O9zP)q1OPplnga0fiqGpl!$htY9ue#9K&szKFLh z;t!meFD~0+bw43c?EbCNX{Lc;#fFOG)DLUrzD-pi z18ocj&0!#9!GHaf$Rgqe0l(Y&5g?9f(HzkKNA`CyER=sj(XD5xt%#z~Kf^}`0 z;&*CB1`TRNhZ0CXWMBfm6Xn&Gx)h(v<)s%Ik>bGgSa^T%{}zREVCW_c_%Ezt-je(m z9s~Pg{_8gha$DVqA3}YT@VIL#04CUh0+?N^80}a0_ zkGox}JhW$0bX)S)d{G}G2wNJuL!~d=CtlGedjxvgz_d{pEy_iiLW>WkolJ1SPwcrG z3d_l$C2Bets0;XsUFlELCC^DYV>o-UT~fpE_87yCb4H}X%f{I5v)&3~F@{po5rpi# zN^9?tI6Y|q_H_6%Mq1?h#uO1`dEz0Q9~3&+LjLN2sLGcO*>VJK6(!RwOEE2mAg2(n zD?G*+5UIO1XP1m{Y6Hs5CQ`#iu=}}$STD^NxWNrYgH$M%e%_*BDCsvf>S!`z(O8BqJNl9|&s{>|$lX1J3sbalryeI@spgbuR>SBtxP= z8@-b&g*XRx^>TSV9HBl`M=E2Y)8N0W?26tyfoVZ#?*{~j8->@dtS|;b!m#YL7(~ag z9db;>wr_Y2TKM4!jN&oG5}i?X+}N18=dP#t@Tld44v1dwF< z(SXP7M?P{{^M?7B{(3}#WISoZOIu)JUe-)YTp}rkXb4o1rxWyE6mj*JdJu>adv=PH zl;Iqwr`pC2*%Tc#he$jpXVB-bjoUJ#OMFdYQL)E%Z9!sO;{PZ}&=BK~kA>AaeS|y; z|G@UUb2RGVnd92fyp}KZZ!K(g4+I2&KVC`?y9Q3%s0LRZ?%ahhb$VwgL=V(X1o1FB z^BFXXSs1X-Dj*XeF`alu{sOUHY{STqjvz`lN0doOM-`Z@0K!clkfTL=nxTYfhB`=U z-T=$n0JYDk+fg3)-whzw?d8!ksj-_et=RPw@DE+(kww}m*X)xML>QfOL;uiFCe4?> z0Xd8B#&Z9Zj{k5vaB2hqNBgcB`mc8Kj*5m0l_{sH7cNq|YQsz72UZ!S_3wb%M@kKl ziE37viVq4n6rWPOxcsN1{8UO^Wmr^cPc@{d;TQZz{=|vP@T1VSfuN6Hk~)2<)P-cC z?m<7sOjUhZ?Ft~2VpZWvy2M#YxK4&f5iPc%WKfyIdBS1N!22I`|2$yDOCgcG(y3sl zmP8kU7QonT@BtA84zLaMlabSZ2N#NgmJSZj??MuNQ?1&oFEET?j*ob(B8a>-G`Oya zNjq)Z08E9Yv<}+^w6~$oyN1_2v}Z3<7XF+7Cs+INb@`WJni9r2A^*J7i~%?lDWLxk zDqeHaRy=@4TGjAK>zZ7VErGMI+`KwG1nbpEab=hEDIY{_J32H|0nN>wV1?XAJ)@S zOS!#tJKgpM0kC4r7A!S3wQzHD+D1i3yYKj7m>q|gKD<4i*L>gK9xPaMb9a>4_&PY$ z$&hQ+8;>eu5ynYi4>Td&f)>b8ty2Yfi@UGx_m^Giqd^5q7Tj#yPKWt9fu=2O2wva1xwt@W`&_?YBshA!cM5z%s8-$G+?tN!zOxL4cqzJ?%A;AD%?a(oO*eC9H7 zd3<#Fa>A(pJmzn5c_&@B|6E&a`F^iC8o~ysd+Lo`t}Pu}Es2YZXEdWL>{6mXFK)Ff z&~P5_T#eRd9q#-ZA8CNLlx;58BaX}DZ~z7@)#y#{+FwPReQJ$L;t*`PU%sgnm0R`q z<9NAkwyQXNbQnor?}z-M&33(f)Al}{{OzaPwZiXyWlh0NlaAFSI=ebEw>3k{|E^UR zO2hKO_w>c!h@FmFM4_81(?5mr;YfV$CuLIdM3E$wwNLQylJmtJyq8Y%b)q#3V-sPD zOj%X!r`hhz7c2zu7Zc9rRx{VS=Lcp@{`C}du|a_SMLKry5A*i;;E2&C_5Nrw!(3_0 z{rnPnwCQGXJV|OXDSz+#$}0%;Z$(8$WaRzc&TCuu;dC}z!;7WD+}Ape^iMZBe)`K|Rx{lj<8Pg%S2bapGo*6;6w?%JY?#^gq zVM9az+??Y&bxjeBsT6fOA7$0U?QPoLuD;f1VDJ|$ce2oywyTEW>4C{LpCtLe*P{%( z?oU@WwUmN{f`W#9vm8H79gX`9r)l2rkNf%O5VeX$W$MR(_x^6qr^jSEzcFM#Jsq9H zqa%30pjwS~t9tEeT&kY$Yq+H;dZYd>tL5@6K_nlq1C>H;oJs%5*^+bVLJRiVA>L+^ ztPZSG1qFLeyRx?L%X=RMzJ|+A0ZM}P`l!Wk{P@dvvOK5Fj^@5gOcZbz2NDK<-6y&y7 z-}iRQ(_{vF%ZKSo&^bY-yb^O4cO4a1{HSsIym_;X)^plb(_#}_Qexc;DFLvAIFFQe~mg{hO++_1>RZ5GW_k)_;F~R$|H$IPxYFf?KSofz@No07F zCciRwG7j1OUcMg6*=Qu&8arDJTzh;_E@Oir5W1eXyr%iyE1Ukh=qTwN2%jrcFRJO` zdR%`#UtC`1_`X@ptFp_9V|gXf*!jI**1^rjfKH@&J)A7t;MshA`8G8*Y3?%6(CE|~ zhj&)7>0fP3OrSLIn60j^{%({cw|GgyX{zzHf9nl<_vO)3RoZs0sFz!;dU9^aIo#!% zb~~yXn#!#ByJc(3w}r0?%i=gUsoFSNMO$U3qN{Ax4(OTmfDg{ab-z~mG%8i5b{kEn z+$u=0Z=m5uEi7K&h|-k5eyod*o&y=#p>(k;7~3*9r-%-GEp}*7p-i1bUYTfN_3dz%EN;aAey6nitJjUi zbYjMqftFUr(`8JPtb+oFvisPR&z`JAb z={U#RK#t}6bU24#?IpLpuCBdv#m2Sg&(PcTzvr!v>nl_1KA8C{+wU)B^c0+@UBNib`AO6F+SKNfF8;@fd2c|ghJvo1-tqCZ zp02K|ux7jEVY;NekJ9bswAwniO3AdY`o9scc`4V}ZRldOg39{Sk<)yT9Ald>?J`rG_wZVatVd`oCgu0J^FqrVIiKNw^>CS4I@@Q#&dkQsR?<@AfNrC8e)5 zR{~BLC6%1q8;pEtSzlS9>=2Zdo0Az>&6%c!gm!RpBe<1tICASHiqzKLly9TZere%r zdrbHZPtBcFlr*R3P7g@wzrwUQ{5H==py^5|myYj`Nc z;wObN6>Dg&`zbB3Evo!{ezxRO^wW>iEB~!2Ek*o#|KjI&^ZrTGe-Nl)ns2?{WSk<$ z`))=U!N=z&ZTJ-;0-7Nt^xJ5!vnG};R9(5L;7o{YUp} zo}!zE``e_Hf1I7#-@w*&-*w!KVw_$|v%$&g>ECTsXy`Di>typ0wws!%kB;zJM?TK7 zbe2x$B-T+DUY1AqAsg#Qz0Gu2c!eg;xwxpPiK*#Q%Mu&w!uQkpH3C1T&&3K;n#|Dg z{qyBIJ6>>32kAvh1HX+osb<0K4~@u61q1zg8-Ug4FhYg@^I`w)kVY;WnVXAa5+>76 z?|zW0;t>n(QQ5)WJDY*q-}-^M2(-`=l9?zhhrK)H>LiM{%*ILmC} zgKjzGU!SvtfD>hxZ^t~vm%(f1CL3|_b6-n1qTl*yU2PRns`xk5OneDkkdIiInhv2<)zI7!q^Zh z`I6WISeR?NzuJZJQrYdYwduPxJm%M@&sXALy^=ozKp-Y2CkZ@H@{~&Cs8A!8b-gYR zQ}nWR-QID({kQL@4iB?R5C^Iv)@@lf3fvW#(=HxPFVJYz!n>z6(VGoDWiPGLuFtWb z)l<99p5Y;`z-;6TeQi)Qht$Dq_JT)6&7BMQn+$)w!wR)n*P+k6G%SZXc6|G zqQF_#8V6AAvjI4OS8{c4&|nYh;O?KwXApvta6#JzAwO5vmipq&=DYZb>B3wFyHr=} z?amXNQx^Ig*eeSyrr(ESIP(=+`FE6`!=&a`iXNU;JL|%B%KpwyPrZo(Wny)8b#d|1 z+1lGWM&#Ps8lU^KPD0~GCiwLCaY;x>2n+^2E{}Wc^zr?--S~J-XWe^EhOYPF=ic7l zvl8D*m(P1N9yh+v!|YE%BSZUzrJMI|re33Y=|MI4Zs9tKI`pvRFnFxmwLN&yuKQb8 zTYKWrk>aW^B{5O?^LF!yt=;9W3i>c^p3Dionzo|!j$uSfiXfBHf!Y1yoQ!@oym zk&pD~Xm}^5bnUHD)rzKNV1Gi%Kp`MtNMwJZyz~r~iPMC*GXln!S+S2bs?Z{7Aq9+U zi(NZw>rU7Gx6g}_52fx&_=j74FTU6BmsbkE@y|oIHX(%@rR=7v$wQ@AOVQ`{cam1= z;R;1sbm^+ujTU!l0!o%GJ^eip8_J_bR zbbs89PuqQ|?LkO-<#>Hg_WzWfzMs3l>Chv)e`sE9ZS8T6-`7|Y&5s(HlIDLxw3pZV z>BKkL;F}(u)r(&ASs7jpD{GVH3ghu)4uhSAgR=vt+wI;T=ktO$ip52YAOS{p{;NdiJw7%G4QlFfu z=kznMcpuKrz@YAdj~-wyF=u%cQQf}X*E&A1N6X%V<>Api4U?&-qO!O(J7wS`!%^~U zme%9!pQ;B$un;1sJe4wGu5g(q>dvdi9{OJ~;S-T$LdcmiW9oH1GRlhZIXz?4K#|=}Swh6cj0Ctx*|0;5{Bxgi16YKbc`+ z@kI;{nn%$j9UZ>)Z|oq`<6ZOXot4=wsv7Hu49*G}$M?ZwJ=R_2#*B){9D?Dgsjl|& zvzUBh@F1cj3G<_)AF^g^OOHCw8}-ANG-#LdghQ9AwA@ZUv!;38hrF&kzvRZ^ehl_{ z?f3nzrsvb-us`JU{&cxgNAl~}(~lX+l|NrzURGHyc{Ix7Gi3F$%hs`6?iE#s)w=zcyfL;bsPm7y_v@2dEIXB&)ojL}?QUFYWdKa9O~R8(L5E<6YV z(nyJ`#B5XP-GiA$zZz9ln6od4H_DY<2hkR}>sLW0pMS9kOkK-b)#7W@opyvZ7<4+U#qxE_U} z-+Ffe+18oFYgf4CXsVN-|7y}N-IHvi=Blwwn9H$QZuTX)12(wj#sf``M<8j^u7Ij z(}^%1VZ_Q+z7$HBs*Vw38I^68&a$$zi|sX2cOiS-A^rpJ$}hLDkhR-?abm%=(|k~0 zgb?&f-XRTf{?|jM1$=ij?Ct5rZD+?XdVM^dV0bu(oR)`jCj6x@NTBp@E32w+AYs;|SHG{Lg`~**?l7~`_kiyTvUzL` zH{Fx0(`-d-)u(B5T}yqb9qukJXZXv%8z#4gH!A$KMh{*b$EMEAXy?#lUk(+_#++hN~xEUcZLC$s30ZUb}f!?aiOXcAvc>OIb{_SQo4ET`3Q!z@i?> z--R&_ykg5w@R|P*{=#+^{4`u{GDpR&%FV4NU&Br=_I-}px&5zY4N#=L-~-d?$~l82jH-PcHfpMM$# zyIb^td2((XD_act(BH6#iXws3YMxLW;dr_(i}P-Osimc<37MDXE97;){Xo6{Sg1t# zYvh`bLm>+MYRtZOU?^Aj6RgHMwmd6q|Hdu)%{RKi%e-o0a zajB@L6S%2ttUo0t32PL*-1&6|m9CtqN<|z_9O%ZLNo*GX&~CCddon+qm(kp2Hsv!< zNphR(4+OBOqTV<-fSPow%5pme!uJz=AJ2@89Pd{QE1ly~kh}|0Ytq$V>U$OG{Z}~s zZ?(<;#sZA=U&=}C6^A4VR~Ox!rFrPJ7>q3}oFjXSv``l)gD)p^E{H9klZ_Rt37%+- z@W2Vn9^H!rV%AMaoaYH$?<#_|hDvv?|5Z{1Qu}=M+mV(SqmW14=i{$N&J4bUgpnnO zN-2M`-4*?$B?@HKilpX9b`93<@5KJY8FmfyV=;tOMt4zUTGF)1-45S4`|4fr@82v39OCz{7A*ttM!)|~Mw>iE;-NY>DUMWz zib}plV8BC=<#;gx!DX(Z2#0o=(e>#@Y4gqQbz`Fk41ARXHIS2&t9RWQ3!?MI1}TeN zGlAF)o2fy*@RgwYdLi}62Gic?oU4F^qBx|U%F5%iyYVePP%BXC&??o4qoBAQNV-~I zi?lE`-(26chphg1RKKh6g4=Ng43*;;G!eGuS&uEx_3Zag)cthIp_h(UMok^Zsqb~s z6~1R?ratzP2J9DijiKM)+b87iwaLbes`I6yn@`s$Xcl)eZ#&(VccD>Ex6YHg@*mJLk)ARI^m{IxC8EWhIDDAuBhZcRd7@ccW>hDiz8d^9QL+ zNUGn0ERBSeudfflSSWlRTo7~#DUFppVE|!+#yU*Q0ei$YtYdd@z@{5lSt(MsMe<;+ zyRUB-Ff~+swqFjarVYNV1YptmaG?;_7N{F7|2I~rgmB35;-IH|R;t(O@LZa{zCMkj zA^=29X+k3ETq4s1R1H*LXHfWdN2EA3H~fO_B&YF;uYr6f?Ua);GCV-6nzxEK{jza(LdP}V@{nzBaE~1A z>-%T?{QOuTZtjY?#6&@t2bV3+C+rhAH2C{kL{j@N-3>)7sw)eMYs&|_+FrN9oWx>P z+-x*nDOM;rZJg4fV8mk67Ufzcs=rCO+f%J}FhC^)9j-=dv$J+K!k$Zt<=H-6r!@C;Aj})PupZ{nxE2l2p zOsEeZ&8nYw(>0`d+dC&83Ulrsakk{NY_xtu2RZJ;PYOFbD?~+L3JM}u^A03-U1y~< zH_QHna>M!rdN)y#k;CYOB4uEJY#$vxEQa!#jehPTkQ}zwohNruHIhK!5+_;fJs^gX zcbDl8$MR?vvif)nhcmr+!J%J&e!eq)adE-N$ET#EbhQM5ICR+veReRpn;II?MPQ1$LM_sG59p9o zR5Ua+F{r_0AeDJ^qaD?zoEW)VdS24`xwprbkYTn*5#4o5YRC80cP-Klje(sG9 zpjP(ihJ{;K2{B(yuPvDu>GtD7=s$b$B6`1{&&a&5in$Vm_C=<=#1$9hg>++r?$RBS>T-ECzj<6rQ^FFFrpfRr_^wCX}%PG-rcJ4fl9seVh z_WTmO%fV*pu1ype$=Dk16G(N9ce9fE5CvnnZ%Y54t>yn$r&@tzg`)d0_-_c-(S555 z=r$ifq~Enf2Z`3@k;kZiv4loQ1b|e$t(Qu`dDe>B-vr#thI0c~O4n%o;BH!4lkqn1QNtf!k}wW+@3FrNvL1T;v?eCZ z+p65Z`@`$c!ZOt_k0_+YGMO`1vR=8AZK(TB9$x&{ug*RV6!`uh*h4RFy#xKjA*ib9i$*#?VjM6pJ8wfUI+HLqi>9aG4 ze4H4061UOTeyu;RVB`?(=aJ)h%QXtqyB`AMZjHve)6-jd82Thkz4SBI17t+q(jjo2 zb&W*ZvA`Gr(6Fwebx2@qyR--;=}wIrVk8SBPF}^(XJ3ETL%Jlm=tdpKsLq6l0dane z9w0MQ*xe{8E^+o4&u^5M{Ohxi?(w(+JgcIiDpqe%2)%OM{_-LK=*|u+4)a*=cj7NE zNQr)@7!1mMywfzQZSvQpke*B4L18!|bS+~e_)$O$Gb_mpwjDYupq>4J7(fAK4Zi?7 zeO`2}V4bvgIp_1dzw3>as0R=M&ptAX?LcQaMJAGVOGT?3rc3l2+z*7^3M@=ko*i&5 zUaBfS3O4z{m7#56P*giSmKt2Xga$UwHF!{zCksHe*!VOXJd0pc%7~rzIaxjVV6x@r&D=Fv&z2kXoT{xXk?92>WA z-d}`I7SQn**hu2N-jWdj(SO zT3m`3zal1hB*^737azvN6jDWA-8WPbmZ`6K37qn%Y-_*GFCB+-&2)6R!!y|VouqnL z0>rgicTl9u*bgcyUnaPYeue)SShb1yWHS6B)I@OSb-gVu(`ADo=Kkt=seL>NJ}YVp zofFIOOR+^D-Ay>iKzQYH0H{V0*aqP~1kV>LX>f|%%ag_X0wo_qfqM51oX0Cs98$8j z0TOerW+n8pBFkT!_wCXOWo4aJO^=ZAx}=UDpoi1}H5a9f!W_)3Dp5?BPPR;@J8EA^ z?7pfRc-cJq(-W(G{scS5tA8NYnP6i&J8K{U|uds)W8s*HLA{tvy7tjIPn*tff^UIyI!+Jm&?B$iHy@Q3#e!IANKkOVudKYOt znetAalJHj|WxhD4B^lzla9s=APMx?o4yUQM!erZTP`)@+98VC<4vC!i&gyZ(YaW+z zx}~ZoJ{J|aArSw*kz0yQ8Gd{Z;{JavhPyjUfE-Sw!Oz9hd{_Z?8XVUU?zrVg;)7+Mlqk5nGRD! zTD!q}@Y)q(WFaf(&r5t_$$-bbf885>(LSt4DJQf&S6Cj*EDUA@u#idh2X!1Kb?SlQ zHF=axqMC^bsr||$X*{$(49s6yLwMX41{C9>vhOekd-(506uFHu?!ZC=8tw5%&CfJ^ z5HRk;pB8W>y2%5FW$BT#<0nE0mAIrv22;KKyGIGzy$Zwl=aZt+a2?S-5zNKs9s5t6 zj-qy3z)jw5o$bP#pFYTk96F(c%w+;N``B4&HnE$_0tcq=UuDK*R+~V~a4`~!u@>8vD=K3ja zrmoRIwYBvZ*{3$jW@HLu&$o55CWUu8FY&)O?`%nq9=m+Wy7FW){i!oj!{Zf=|0M2o zU>}h|u{U^W=D%(7(=}R%7W5&+rRtHamAMzklX-OJb@SJUFKEtEKCgrSMue;oSQllG z%sL51o0dE>*-HIP@}P>+YRv)BTQ$N29k86AaeCyVnhhg*_lh(m+;`#$X`J}MPOI`^t>O5lN9=FCN@{I2b z)Yq*e*)sULWU|zXVz(tc@bwe{H=A^LMX?+OL#jwRf+*+NcPoo~oE6rRu@3pa8ZqIjbl z{@yR%t}&xsOYj)m6*$MNrQKRibdv|`J0jg@Ar^?NuI+iqcPe8A8d&-Ui7N3MY(FO1 zb3Zg|N4|^7)bdQ2A99bS=3jEX)xds6f|&g7_i1@8G!fewOVm1QhxlY^ zoYWVRiQ)lJbl83i`0*LInBT9N3o22Bo||tm{$b9Xq2Ka-P0QOf003GKso(zrlvuaN z*nXMa{Tbwfc--4Hv<3$0^l$(GIMesHUS?5psU#b zfiwPJ(DHZx;V(?RxK6Qr?3d~y;pxQ+uGTU{XkK^lnB$EjGR0-JG-*FIui?ko)DQneXUmj>5YEQ-`}qcMj>muBZUQo(9p7_ zC5SKv7Z5(a?=B<7U&W^I%az2%>789($ovPdKPSJ_Oi+O3S^`<;@Lnl85$LT7%alTH zKx|b&?1gR1*Mc`Yv)r@x5$^wi2HzY6h#wqp$+RG+x_Sra!P4qr8Z@qc2PN%w37P{t zQk>4Qxy^NGnx?G0+^d4o|Ly@h7lIZdFW=uym%C|D>spvg09p{SU^RV1p*$QFYqQJh z0M)A>c>$d*+qZW3SUY^_?%|TM(K>hccMY!epD?UE(O%Fp)Ji(*r##75H{0Of!Nc96 zpcuy{ zE@hsL)9-!!=)evhX1G$#=ed#)*goCkU5dspZ6T9s!7${S+P5D?uM~gGBx9Bx^yH_& zNapVvO_+mJ@Ae0H_WyAi7QcTJywmj5-8uMF5Ka>-S5_u9DBk){wqYs40s0 zpfZDlYs2dI{wFVgtUhbp%eneVYxRe>8Qz=;R&fepo z4y{*eD$5+5UH7AE+zWpd3`I_jkxH=6J*@J_Pc7lmap_i$qj^)0<9zwx$Rs0i<^@dc3M~h@; zJrTcr1G7z`1Vx%r_$rAE!P~;Qt{MU7v>Aq9GcfTtNJffNj2@L|@aPh~&e(f?ZyBuE z5$^8p&D8E5GD*1&g;jqt)<1tEi<#9>2Mb<7LoFco(0%}&42oi!%~6BF*G@0aS`rF{ z?h>NPzBq0FeR!MmlDI8t98`TE>b%|qv&)F87Sv`oTTz|IQ<$=_$VIcA=Wb^}JF233 z|BUmlwRO@vhdFZN-F9FVEU@cE(%Lw^QRz@rV%B! z&tPX9{*tz>Q-07BpuPf|nZCC}9mFklb%HTgg)iE=V6QD_C-p!7V&Z!W-{Zruq)EzQaSl0e9a*B!J2WspB>Vm!4P?+XrwT9T^2Z7qL z%=W`4k*P7aisx6^*Z8S4&D?cqG%y?f?+-}jZ?Wc(>iEDar7ykipioPU<`K{(PW3UJ zxAYmakbP4ic5mauj?upYjR33I2CqN4XNC zgx~ZGDG_61_yq@Jld}r=Ix>KbCdGU+vRKx;E*go8>1LS&+5e#m?eMa1fL=?1jrIIw z;_}0`RBDv&^J$(wB~~h`qq?)E%>ksSZll#2CU=2OpGBI(LS5mZdw^PgQE9Q0qid#0 z{@Uy3BG>J()nz!`2yK2O)F;C`a^ILxtiQWKt8s13yBsMxTK1FoO8M$4=NjLp`K_=8 z?bD}EiHORKJ5uqdV^+tdr!`_o-()HS8bkE=$qH&?e-?R^%l7Gt-utforl8Md31XwH zK3nhYeT@aje3&NsbF^5k+M_zokTX{WJGT66AX405xYze!&?8w-uiGN*YDitCq=GNc zF5xh6|I%NvQGS6R!^WaG`$v$y)ZtXWf&Hbg zYq>+n`>>No_ht+4@7n^y{9Ws#-O~hNI#6FoXvnFr!!I|LZSqaL&_j-oy7KB!wb{kV z#n~yP=w+JPR#=Cwny>EUq8*NRdkp73en2DK2wA#*0}mibtmpfUn6rhro6j95+!zlH ziFvX)#G8KOd$a^OMRr}NmL$;qA)*sUFT@0jvMmKmENS-vMGtm6M66|bE?lit(B(i+ zkG0>PC26nYJw@S5SHG^2-wk^XT9!hj-=*;}Kws+%=fQE%LW%};iDy+wU6EHqgqMMr zX$R9BVEK8G<(TW7moI0LN(&YErx7U%l>UcT$uup3Vh(>jK)15a)$}jz*aoRfh!!*b zeUGkU&FQvl;#vj%8-_}IscPY#jSWFA*!jkG$j^+GcX3h6cepBR{4OTm(#FEU*lv7s z(oI)wb!Yc)<)2KI-=wdq@=F5gS*F;8pQene7*5ZQ8Z+#OyO~mL2O*pM(KNr)KYuQ) zdwY_!4BtZ^d#E~JS&9_~ziDnW?I>x=0CjK%jdLVL5=Ibh7a7@c5X|uP4O4{a1z!z` zHU(vyTI6M8Gx+g$RNG-z!19&OZg)GCnvyJaT{IngACX= zerz@}NKXnqQ_icfB9A+8);TCnDh>x~beJF!QBlVBj>%U!jdefljaSIHlx5XES`U)e znExt0QRH46RzSzTIBQc11%xw97mi|ib#t5**_sT~){VJE{@CXfzc@X1EURhJj^gy$ z!%xh~Y0RlBKbLMOik;Y=Xlf|jyTrFrl&Z_sJrEg>k+vYhFq50lL@vXALoXBwD-F*Y zbajJ(b1RV7U%`(IE4l^;59%O|@NNe|{XQjK)_ypg0*OSni2624Nr^of0xYS) z1Mb&}RG_U66gk_+`WE~~b9T#3-wX~6=6xV}$lP{x^9NqpIMPJn4#V$@XE%CI=72l1 zOwnoX&%=GD{pk}e-bE1Jy#X?WpA(Fh>Hg#7b~as zCBL9(V!Gd^zsu6w`xX|HPbw$jHW@CC^D!kwv5Hq;ZiBQcQ^4RhXrF^=>3RD$Nfm!O zT>F#Hr^HJS%k64Lx@G=*V0o0&cunmvz30|29fIk=+Uj~gfje_b>aXqGL_=X+-8BHt zV{P`7&)7ZGe8qWpGd?dX8!2|fazpyhYHLf!#}eu{3asQng>;j$rY_aNpt6bz`41l) z%hFL^42)N|Bs4e=y-4mqo$K-UA8@=!l=T0Ldb98>9v_|pzF`x3`0pA|+m8&zl8@0_ zbHn#W75}9f6vr2%Bwo`7MDu#7tiWgi2Z%; zKPh$5&G`10)0C*}N+}PwD3orHo4O6a`|U(8g4NOLLE6;v+jan%_9sIRnWNVwp-{7j ze0-Vd7?oI0;y0=reoZ#+GbJ;ALFLR(z5yhoUJcqO z0tVFm#2DsQ7LUiIVip{oqD$wo<<0uF$+2c;l}s$D(#7QULL+-jcmWPwue$z`LnnG$UNp2T1< ze-$=D5O4Qm8g*|(tv{P7fSS_fcmhP0n?i)N{awl$$-T}+$8(gP{Q*Xj`Qg3cK)^@<3IE1Y>OAe4$N>Kq&Q|oN{_kP9d2hUus=|6*UUTrnh(j+$=`fP4d_e z`0*BDP=e6Lp9+Eg6(+n+6kl#;n?$OA!jPm!T z79TI^|EO+ZRR4>9{(o>Y{x5}t0xs^_*x(jEG`HRt`^&=Al$YH1XFYv(Rd4d2c0W0Z zjO5?^(B}dG%0+cQ7GocK@NC()tRr~5$p7i{`xV2UU#z>OUW5DE4Rg8qy|6Lh) zgp#}69GatYu3K1!jW4Bc)bh?(u-V%E264^%`+S`THx*q@m-~F3-8KZqijknyKAi4a zT2_2mbX#2FP1oo7zp(%nUCU?*dE8ou?$yj&yau%|vt_h%ZOlVbeQVwb9Od z`}4-`J0w&-L+|F`)RUKc5s$8H#djEFSRc;&5ac_kPTg; zU-7pWP7h_!n7tpqzxgI1a63E8n!<*1h!rz-`N!PdU50&aSDb)sHC}yv4N!c?>$6jy zyz!Ty8FoOX#Z0kR*hB7;ah#Z*dlmog4R<<`V>BL{d+SSon^CgZ zvP6Q5ko;OdA%5$RF|H*H1WAVy-*_*Q;WtjuOt(*D#GK=Ff}LGjA;)(>MW=3@;ZCZp z0@5;av9hum*Sl%<{}D&U$y=B?n z#{@4z&Yyy!%=9vD2{<4s&lawy9CI@uf6za=8?o0rPN5C)$mPM+`WOPj$LjbHP85G3 z?Z1rq`P)SceuoJZDZmbt4=LKQ35Pfud4ht|hBk7e@UREJFjW zcRcLlEg$eI-KHnf9}|E0*HAyS5koqbgvWp3GvnRvCsRdbHPcdwA7u(E+~(>#ufG*! z*TgPhm;TOtv-&F<^&R4x@|c4cds^W1-HS0{DX(1B%&ke)Ipurl*vj^3{Ps9r$D2m3 zSxwT;$p}5Tr9N(ZKei&V#G*y*xLU-f6tYVe^Frx9#Q1sa@o5mP|CNnmXjWliXoIi{ z3jl}EPf6kB<>eL;MO#J;*VzBE8L(PpdokJjZFBu?Oz))PV2b9HLNzprJ!f6sk>(|X z>+&S)W1Fy_vK~VTZ-~D-sqe_OQQ*iXL#V&P3vIegV_o(%_Sqv4>YwT|C4M@+UNxCY zFq}Xa2yeU1?D*7iKiFt}K+Zww-Gcm&PhyF9{3j?o20|)^NDW9PKp2Bjk|R=izZl5| z20~n-eB8pb#>Gq56W_cWEZeX&JC!3NHndVx-)T;l!@_nA9H9FJQqjl@!vv|2PbXm2 zKA1R9=mV4sjfFB4dA`0_|E;r(76kHIcq*lhs9H#;TqlPB<7P0(w-5*QFszvYmtWX} z@h`uP`uX7uMU%n>o^?MEBfS%Ac1Zp6ccINBFg7MB=?ZbJl$x4iXLmtHrW78IrpE#L zrPnL|>dwT|WUKGFW(0vbNJVe#r%Q8xZ)YqI|FED3fruvF^8_cSJE!_>yX{AJcgpTV zJ&AdFrjcz^aGN?1f*Db<46J_3m(j09h6Q*omwmH)X*hBxWLfX+?7w?!sFLMj8rgb= z-;bHXD4q?0DuUYC18G;r^+ENkwyGhCMw&5{|cDGUmO`D&T} ziV?|Q66jKS#0yF%^;JzPte9=gR+$~XgN<(GV6Hq(s%7VfLmi(z_{=ssI=cOR=YzB~ zrZfUsn_qdk$0W$1AWt6JZsh9j_EJd55dMQ|EO@s_LxCy&v$D-u&hRg`tLTrqN~lL zo!*AUAW;qb2{nQH$-T0wRqct|2qv%@JZ4V8qv3W}PvDvkBrJ!)#f+=)C(uCL1xg%G z+&p5H5z%iCetlD8X_TH=W+Vophp3+@HU~vTMT&s;Z=QUNjkQop7Vtc`1WWkiyvOb zpLx4=4;v3XqVC@4s0+VrC9HhSCGaFSDxETaDEtRwo~PN*lWFV&apSDY=24bO!txa> zEt>koioK6gLT$904_KZXRamTRT~ziS$f*v$9DOG=2;^e#q@>>AnT&fsY_OqfhEsR@vOeu4k<+&2Uqjz)XKhTv+sTuc=Jdvf+ zaXL#7Xxrm3+Ru+qqzPn!TBytrWfigohf zpoDA{OF>H#n7>i(bl2w-GZQ*?mS#^T_~wT&%?QtW8~Mpl`Pou z;RVz$4Tt`2H*v+HlEdK$1aiy?c_JdC!d**bK4svM%2CcEPkoBZU#-!ygDyPq*)E)|$ub)u7I4%ajftkTo-V&`J z23lHKjiP{rYad9ke!y+!(kRkCV3)I^ck~~_y6WLG-qX(JQ zUCSCZisv~aqlvCDy~^*muhIP;V4%HS;4Nmnx`BYtCE>_^8R8Rk(1*gdfQRmLDtP<* z`|l;*FDxvu4Gw6s>0YMw4-jD~O31st)t+G^zyb|eR@#SeI{S((F8Baj@H~9FuQeV= zPi4^bYLxW(MI$ND3Ul7d_>J`xeW3VT7ijemHSa8q-SP>YY4%p$WXQH6X}s0wrS|s) z`yn^{m9}Fwt=QhVdExqcY@CM^yPG#Rx@!51p}Y<-k=ih@_0vr6lne{a2k)Xr8JnK% z?C!p)4Fzy>j%hzQ>eVfqACa?_p*5wWXesVyhm2qz+EsHentHnx%%}1zkryH?lTo-X zBJ1Kv#G(guD1|#~6!dm>HeZe9!K|&avNGwN)ekGNsZjbWp2fvQ+)XSi9`x~43^XaN zkP&eY&A)^oJl*udqkzq)&k&k;NW+xuS-V)?-=MFm<9MJEY`zR`3tf-6={RWrx-+J~ zaX&CFH@7na_+d5gB?}M9pI!YkFDGzH{%Mo{P6yKYZ9w12t7*VfI%Rp$$Qbm|7q^#qS{@nVlWVvb}p638U>h{AONI3F@43J@&`cum6cH+4vfWgpH?3{ zqI*Ml1{`NJUl zhAd^ket4-CPG$#UfL_H~8yk-bKQ;QJ&6q~LyJcczbKiYf{?MQAcz{jMAeFb}c_K^2 zQCax~nk$KM^g+kldMnkg26vZek43TGu{o;DKVlOGCY6r5OJWh2EY5TuEip!D~`9=kakgBxAlKpR;% zDJdy<8(=H}UFM&N!TGVVsj165EIP#HxmCyeS$n8x`uR*DgDJP962q#Oe@1HX$h(ZN zLb^pTb+t=a>y4Cwr`$2Ncy9FUTxa2mH>@NU zvXS@0zZ?!KxObxv9idw(&A*zaR<4sep+%CqXuyai)1W-uSU0gV{qyz!+lI_HLSjj?vj1E%38XO$7(JVHou)f&6 zyv%*kZyK@+4jbquA^u6^v`+Cs8A}Z<=`{aFA{mpO0q+9X5Tg~CIs6BpXLWk^jdgXq zv`|1e4@!6dWMY8SYqmwucZQ~9k6KQn@E@|zB_f|>wX299RdniGz3zQ{A|@lbd<+7O ztN{!BSIaJDBP5o!RNM3V)C`&|ye*1J zR8Er(2zCMt| zp{A9aZ4e6n@FXk`CsfDb4Nav*c_-4hdR%T)1>*?g!M$8}G@G)!9wO=lT{bH#E7|la zEe{v!N}ChC)^=K8j-$dPFC+Hw)mpo_6o#Wd?w+u6-p)SIY=J&sO-@DhgY^X1OCzRl z=?OWn&_EMXF7kU{hRQ29;H;cXmz>S*pZ@@}Lt3NmB4G;^=7+!Gy~%p&F6tG%P%aAc zD*v-0{+C{%oZ1uX$q zXQF?$!h*2n>=2i;8NLA9+8TC98lUr8{o6~uL0tp$TCA!D_PYZ1(vV>Nrxgm0oBOkA zE$~%taqrEZpM+2jorOP}eVw74LY}7+y1`Z)Q8srgZ`qi2^A{>H!Q0KJW% z6|J|qI*f%H-qcZ*7*@OXvX&xFnZ=PitfkH6pRYToedfGoPje6z!(r5d)_Px~eS?gj z1Ukh(pIrlQra}3yAA>}FL0@MN_GgvF5ZfJlB~3Tcp`1FC&AT^y5DyJfpzfosybEX=L1+F4b3MMN>~S@7?1bvMW&Us>buVAP9Yz)*X?3t z#1A?e;mgC@BRm@TMd>AKw~8MofEe<2XgP!Jezf5*sIMGbow3&vJH;gqLSVFNd9kXT z6Car@sLDOG?F)H9MJ|o)szuH~Fv)is^X;^=jr4m4Fv%N?yXONIw$SBURF2pVMB&7LT*&9Qgvy_^a8~lFE3~A79cK85|9=B88$qhv7&d z=kRp~_5G7RXZBcW+wk+zF8$+jN;xSzg}0wJoeCb*oXFgy zkw3iq5*e;%B^Y6&btxoj|MK(e&ub@yjFqEleKqH( z(FLAGC@$oEStRhPx~fX2AmpaqNW|=-Lh=EzXNcjMdSpeCPc~A6UCLA$AHVPrQ%>s; zKhTTeJyyV*65qIBZ3ne;9Ad1FY!Q+#M?@S%B7jBuy#=*Z2VUbdGuPK=TkOC-nJbwA zXPd)GOH)$|V|t3O8;8luy4tCU|DmfiQ7V{ z?g3zH&rkJ!v!)!WxvaQG{UQu8EFAa!D=2ymy;b02vpou#eI;1?1BC5c@DCnCZ{JM1BY=<^*!;4&sR`WX z_Ym+D+&im2r}_E|>}jm^be)htAds8$^#*ha8Dt1Pn{FZZJxc<&%-sS`ie0a^%-<|! z+Q32|mEX_NG-0Y6XzU7wo=-iM3;zD5?T$-n|2**C409@y_nSctyk>KtzAKwag^QQ( zF~2OvAC)~+yEGE|@fwWb3j)QT+%H%rrFj>UB@wVn|Fg3VP7OlU!b^ghP`_G~o0Q`}=4La|J7KA^Y*o}q9-83YQ{BE_=f`YSd{{oD1 z-_jQ~r=nZDMRxC$w0OZi=0906C5TK+)!*cnI(V?@O?Vyt?X6fN`5j?4lo{ZXq;z-- zZJrhbFG&nVc&_EiD5rH;y^jPYZ%uLmIVWryLY=1o_OpJY|J!1N2d*EH&j`N-?U{cN zcyUOar2-iwBhAs|^N}irmWC$919_np!CUn>JWW(k=+AFX;ZwvFU0%bTsf)~B9ZB%b zHemeU4vO5Ki+kuHCj)Rd(}ck0Mn=o>hBsrE4xT9SqnbN}GHNgF?z$!th!YX;la3%l z07)qexxJt&@kN|Ko-Q0$E$J&r@&F+*Jn0Wssy^)YA}NlT2AFcQg>R~6W zp9VshMt&RVsz3zszYzR6^$-d%JM3GXU&s3d59V_=2ySceMMa3invw7BEJ}S4C*9qV zbS*c#g+K}rj;np-d#ucV*S)l0crIY@v;@LEbu|!DDstY`+$^35omEzJA!kpXmy~22 z_CX{B(R$S$MV8QbZgwsWuwMtFjIK(~rMovHrd*iUo9~kT{I@tudwYAgSyNkvsgOPP z>3!5iMztnGCcohlq{_r)%i&HDrf#@Ihdf-Z)=bvEm;4bIAVL9neGa~7%JwbD%M|gM zOT*^owM9UwPa@Zp#gUcWYqL$>SB7^RhRx?=^0{VQX&3g8?Uu#Ml{G>Ux3^XBo}WL- z7L!WT_WnSQx27jbt-<(gCY+j$k#?;%btuC3jC zk}B3I+A_X?*hz8#i=QlXufi;3#K40aiWWm${9y2{1gdUFhH%;AUp!;9nxB{YsqxFn za4NVO^+(kEa^Dlaa&(8xioEL(M|31lO#wR>_j9)RXfgcsT*L1;SXxLzUFe&mZlN3v z*?^C^v%EefqZ3K-2@l@hhFM%`eJoZ6*VWu2AvbNDk_?}!eI6co3tb=XsCMqS^cPV% zm!1wc8P|EOktuEsh4)|4!fuQhLy`bD4pl>H>~WI(z`y1MQCJ-a58ED zJl%ywdwa$+8lvma6!_-j#Y)^FyxWk{b9to)4u(-JG%Z4=uclFU&`M|nt!rtX89&(g z8a~s~cZCH{bu(eZ?AEoBac(2IHn5q>H(!L*ogPB9*#mxwbH@UAvqg;Q)bR z=KC456ch|9y405&S zryG{2c;791z_I{zQy`%RdW;T0dR=Dp4xptf)C;8fSW|fPZ~aRrzHjtHk34U7x@o;_ zAE=5i%@2DYw_*JlN}>G-D;4(ea{UEE?37$_AXjmo($VE*Du>=p={O&rZ~s1@hR?=i z73_SEJOsP1PnFuI1Di@&X|lhRxy1rNJ%B%O;{h_?Qt*Kd$qaB#I=#j(PQC4_f)6Ns z!OE@|bYhJgr+>JatyOgLXUJ+`S9w}IDQ&oj`)`h@WOdTm#hQ(+Hx;1WB!-o5h0+MS ztTLreGXl<|bwc&cTk+1&fR`BJTYyu#4|PDGd;R&J-?DVwK1qm7gI9+!GVuIP44-5C z=Yj;@|NWQiWU}NolsBplOyZUUIi-c4m8Xf;g68yxfq)#EP7zb6d*XRHNj;<$AN@WS zE#ejVRqo;T0a9VWsWr$h!Ls{f!=H2SfKV+xQYPkKxH{1(D4PFPS(ZXOSOCW#b)Trd zBr78m$05R8dl{(?&T4gU*iR^W+sN6HS>VksNiAkz0CblkCMgb7VIx~E8pr4FnsV#; z(@?tlm2H3S-EZsu4}|gSgOGU*Ww>V=`(ZTZu?cC2>-V#)y_Hq8ZwQrl@2oB31@f2^ zquM!r;ZN$GRFuyN1tcU5fWG>WA&`z|?q!Q=+YlWP5rQHfyit>-K}| ziL#Ec4#R!S_wJjrsotVqO=w`?q?4iHL+|9j`ikNgTu&Bd?w53xQO-geNG136X@G*x z%crlFq|AY;)IDZ zuCuWx55$PsBkp$6dGJ(SkNdnqbK?IdExjrfl>OShi@Z$kX!|~LT>t5jpEMvS>c#oj z$@sOjy{9ODCr(SLNrV2cXcN)-gFZ>_TqO8_mU*t>$~#jn;PHAdmdD01!eHuHJAH~R zlZAZIO!T&$re-P79S!t*VJJno#(puxJw5^x6BF1^XbJ{v_C?-YUS2-LCFkMiAI?Vq zUxA@Ir&XH{7ARi!N#N_7-`ROs6(sko9_F`Auz4H?#3TQ6==MJz&27HlQ@|U%q==I7 zdaujsGP|c7Q_56K%s^1F&%68nT$8mzP_c6J`c1(9Q`c7qRP}9JBL<>`NVkBrbV;jp zH%N58u=!XW}#FtPt(k_Pbr z<8%|AbCzXtKRyHJ#{rXFAgCcTZBQ@=5A&e-l{ugKGN*s8eIb$|AB-3oO#%LD)GGk(mw zzH{dr-X833RzHKWdnQa%-7Dd*8Nw$`L*3`0&6U?&UJ3p^^%#6qS6=hTF1J#J@7RC! zj!>#(*~2XMGZ@JsRISyP=$AKKk==rzqFU*kq2~5L68)Ld`LeO;(f1Oc6KKiEJ%J0= z_w+=x+|Yvcm4~S|Wq&TbsbWNxaL(z;n6#oEf}g$M%(rDNW)^*=1S`#&Pg5Eb-dk@@AHwTi~3z=?w;?L-m25SmWcMyE{>a;^U6CY@$q-|rUY8=N#VeXw8sqq@MF*3sdvRC}?V+vh3D z9o5KUC!r$JlEoE%m%~PlMGw}nP4?|7A{HN@1mKqqM)vJh4il}y6K|y3U;0}hyz#yN-x(UaD(_lWw=T*)X?4<4@exAoxzTBDJSdxC4mmk$E!zKjzN^?Z zJMvN#l&x7BgdqVvY29GwHcXXNHIzyy2axZFpH+C@7*w?BR_WCh&FWw{etDYymD(x@ zK!1eT>LZ zDv0XFyruXTj~XeSxr;B~okmT}Rnn9# zuvupA@RfdEeJ4^?HZr5)jv4fkW18``)Rbq z$7jE_WrhNoU>@#%I|d1XOb$P}s~?%`9du=pG>=8%G#$s01TM=yJulZ3C%XybI11n{ zUU2zbH~A=3TD{~SZkcYpoT?FhX!v7qf+%$Zr62eMn#mc3oB@oZ3fr{hT?5XWxEZ~+ z9e&xW|CJQpRq6>db|KjMH>6Av16p-%{q*I@P}?W7z>v);(}@PsUg#sNpG1Vb0`z!g zBv7oUgLcEAmjtb+p9B2dEP%l#W^(HN)|SieG^?2f(g!W4llP>gG>moU+b~~WUzY3h z#*8BAq~Z)J=j%%|6sRE0)^wip@Vjom-dAY6d^3m3h*!^d>TH`A+y0#L<6+e!yJ1i7 z573v;Fc1>{Jo+$O+E1C*HUR(e?l>E`IP}}^0ROk$Zjk)anQeu_os}sBj>LkC z3&1jXUxNUgB_y37L(#9!OM&y-wDi+-vc|aO^XL@wuG^5kPGlpd2eR;csnS(U`vkAg zY#Y}cJR`fUPkT(aK?+Np(l<8ilA&|!_>C5+TFtw#X~4`No>*cYyK7Ru1z7}0mw*H9 zSd13xV|hwh3ag!9KM%>X#mP*M=ErpAY~RtdiFpv2x>4&tlbR663mF-GlrFnLZc zmJKj6qPF$U7pg;9VDzJAol)oSt4m>W5)YoF%R@Dd5gXfA+#Kude081iTyIpuC)}5| z>pXUT9^K>k7W72)72&$jM?m}hNONNyzOm>jUB?l%_Rrqzsohuu#2>3GEiVt;PndN| zjrIn!b}%s0guSnpI-}I^I?tzZunm{`P$pD86rWH&hEmEXs<-?_nPKe@zbLA%UupzB z#81Wi4uNeU?gv&?p$nd#cFN)8-)D{Z%=(S)j`Sn{<08W<-_18W65A4bnI2Y|_Fu2~ zs-&F_pV4~nM`4qDRf9Jzg)YHQxhOO`p1!ML-|s&qlrXaWHQ#r~op-_Qp~$||h9c%) z;(rbY!i3v_OO@$VRqZMaBBxTv(@H=5cHPzKywsgC44V|){ z&E(=?Wqk+6e1XL4Xk)CZs)_|*h&45?G`hJ8LKUH~<@a#vQ&PZ9)a#VHNS&xFoT&G& zt*wEfuv1f0!MQM4Qc!Wt8Qem~kU;!WK`Bi4gUDmbZ?fNo!`}0Mxal)Nz3jJI%PkGfZZUxUz1hIs!P zNd@zN`1}aY678{zE!zxII0Nu|HJ>rcZ+tM${fh#1t|=?Cz%z?!TPg^M{`yh=I(Y^* zuv4O;FN`PR+(@>o4!qb?zRLpjPes}%lLHx~JhQJi7W6Ndj%i_(6PcUlg=i{3;+NJeLSch%BdHfWKTAp|hbd9;?yxE`48`Dy zsh4FpIUe6FMA%2~ixijBL51PT-fW}}EbqmW<>26aET2er`t=i5RG}Wb!QS9@meM+f zGW-`1a>xMEBjD}IC9v&RH9Jh`aKE#mwXklRS(v?s1q-l$)h)~DCUe9GQ?6gqkC3e% zD$+2T9g{sY8P+!IUP>mbvAOX%lC~^2;Y610_;|_?1w#i4+Gr{pr6<=0W#h;D2Xb*m z-utQ7M`t|V!-wZ_1Lr8$*Cxffm$7pPC0zyeMUzX`gPI3hNBwAMLBa@c{c4x$t;Xw9 zKnQKv=FXl6ZZsY@^&ji43O$R-D04nbJE=PahjK`6a9#}%UiY|iO^>XXUFz5~(bv_K zj^sP&Z+O?fRrO65Tp%jKaQ$#x|KhGzMy379oB}ZqH_Zhm8X5_|Qy~DoFVBwtviN2; zHmOpd5KAhsYHguFC^%-`zV^ADW;OBADOV;=RoV_G^xK?1rb`EE`!_&z!1mUx~6 zG9-iWrmPTkCa1bUUpvtb2pqtG!q7kL8g5g!ClV4DO?~udr`(PP&;0_A8|N(dzh?@1 z=T?FoXX<(Nf@8CvbNW8{jow4b)pRCDEYglUkdoG%??~`N;a9e7TS)wrc6z5>8|%N$ z#_GN+WKx>9m$Lh_~1YyKt* ztDhW&N<%CaHWFg~#d-r&wjfy$B3j-~;#TD$7YT6R#K#Dd6%`+f91u@?q8=P}Is>=L zMH7-fuCSLY-wBKrzE{A1PE8#J)Dbk%^)!Ej=+Y}O0g@YnsP;eVezYuP?f`?E%3msB z11c`aD89<7L+q0=;l`1>Lr4XR;mkQaW z7bvl}%85z;R_bX}Ih2of2IASU85eVMpY!>Vv#C-wk+w@aVcX8#XOrO!Q{j};gczaL|7L{VEJT^6B8<9YBmHY$TLl=e z&3no=PkhxtB&K@LE;#WtNTK{6wSCm-e_Q?wQjpQ+>AsrvuoW)JOjCD$^)wpwIFNV{ zMbIPuc&i0>m;kyJTp@Z>Rb#9Q3K{>F;al}w2*u7DbRTb3``v5{{hUTAX?Fhlp~D}u znQPXv9l{>t>;hriHvyr1>kxb3@5o}-{pI!9r4CSJ?rnNIa0)8Mtf3o5Fw^|%l{dH8D_vO3u@W#s8N%S1^ zKWWF<6tY!K*Wk|F0HgdjaUo6lY8tcs9;~?0RZvEBHFY<9EZoVI?mlV*=4}A8>6G44LhTFP{Q|QH1|UympT#eGYOqSts7_g56;zvqdKcL+bVeHVj_Y1EF=jCk*W;z_b^~97Y!fE2|lGnKOz7$9If_gCHE_n*rx@ zsC<*XYgN^qN<_r$un5JDBy`+I69vIbueg2H#UUb>{?%U`OteL0@H!GeXv;gOOE0}0 zHD*WB!oFw|Qm?Ib&E4A#&V^q+5u#fPL{CoUOnqXVd3oC;XfWvF zq%sgV4Ut9top;7(-*lK5A{(8!ERhLs$br4#DtH8GEK(fD<6S_N;&w^a)+-v^vACDJ zjaeunh!z#ez4Uvw%vTJjHL|G@5T$u4jbL&U@P|z}Aj$gfxG}n}ZmD;ae_bf#3@U=z zLbn2MBH2GfA70*{)&{jJ$QGRpq%_dqnB2Q^lUSxdbpX{W8<~kMbd`L6nq3No8Rv`s z(@;N{qeE4t#n)|DHzXpm(-W&QD_2!Sd-m>6{GE;D4vez!>F>wE{Fn_c`apjdYpYGG zg$AL-`&3s^vheow}XYX;1888w&EQ=4UaP<;Pa?+^9(SOQ986S-@b{2eU*SjyETC zm;<>Jx`u2st?|5x5}prPT9B^ZH3m%WIotRa$d6Mmkc=xKjqm7yWT-XaBue2KdG#yGc1{e%qQx#D|qfn$9b!~u8OZ1l?%72F;Ff+>mt z&{h%tHK%@k{)*{2xV_x?mjmXn-?akG;M#Yo&H|uUQ$BboG`evDg(Xq4aFiTUBqS3? z8L6(-FJHcZ{UeuhM*95So7NCq$C=iS4#|3Fpv_|ydm;ttiXdO{?@YWbCX-5I2rzAq zH~8Qke9_K_n<|343VCS+;7?f=6buqN&5uCeg7iUCw6R^7k1r$}94>wok43LgHwffp zNKMZ^0!Zb5(=DkG>=;Tvr$oluiMpx^d7H20&0r~SLz9n?e6Bw(G(!my0r-@}NzU0;UEADqw!Jzd z`oXyBlw}nI-{YB-7**dBw$JxjSfVg1dVK!E83i$_d4~j_s*d*ZM@YX|`P2UJD6mMH zuwoGlEZG#(m0CC2&_`;G8AyK8f?W(7%AZV-V%)In~z|7hdLcx_~B754Sl>%kndMA>xjT2Gq{ga1~ z+=rSfZgM7%Ohi-!%O_|DKpunXtfq=n5QL8PGQX(Q4Zt7#l*ssf!UGXiV-x0j>$4B_ zzfW4=bOqNYkiqeLG5vz*V%Fg-ZXJ(Tg8YK0<}B>z+ol3|N7#;41T5?yKkQYmRI4y` zrF2(PQ*MUqfeWJNeYrBGeK*i#yl=&n7ni_3Buk?~^C5vAL%=7)GyUX=L_Q74-l;oC zKHj6HDChOhu($A_H&9kurHLQ_};oPg+2emQWB&aT%zZ11Nv&q{z5+F zEg+Cg45MCgtAySj*%mBGw@_7A)vX$_jt$WoS$d{XiSL>C@ax5ZnlkpHh^6d-x|Za! z#>!I3yi_?V*k8HGdLRX*X!$7(D-b56%G$}TVxQVdchT2RW`Ms#!^{F~ls!uh-DbA0 zliY~_E;-J=E+s9k#*=RXdJqy1HuVzO-=#Bz#*U^BJe-1=7*vowH+ z|GNFdf9PdoyWWvIOy@b^0smdlq(6WeRjucGo=QYo@w8Hyf*fL|z`fjHft3NTE~1<*})pbl9*?8l%9{Tz5Y z8kc%Kl-`^cY9AB(2J*C9F5C+K{6?FqX;x9uMfR-(&f%yKSsf1YrQ8#Gye-F%CQ+8P&l1~<$Xr~ zbVr#^b0}YW*z+g0J5K|$n|riYnE@`Kyd1lD%*WvV*vv&_Ty-Bt;s@il{rTP@eT|)P z9oKn{(~_BRX-EKmEAv$lKRkHE-Hmc2;cdOtK*3B!>AU8vk-j@!g%VuZho77Ur^tZ< zH;^xiMm)_Lb`Ma^X@mh(7}+jsS`l#s{oB3g`{Z~<&j4&{?GT_L6Ur>$8^N;(6?c1V zVS8q7xVY+LPp+#>thZKPdEsmJ`oJJZ7H$7mnb47|BYE z+tl(jTPe~SS5zZPP;HPs-`G^jk(GFw{%n{jisw?bDmikaO3D`sr5#`7(CbOKEN= zO2CoIGcb#iAS%SD+dm(c#OFkOdImWWF}1;hcYKmQWW4s#dGDk)w}Cgy=QHD3_2hPq z@d}X$2-ib~o=pj{m9E$hL{ekALgZfHxmor5gUBVB2kR=ObC2TJ>B=P4LE0;tX zhL;oC#XKm}Yoz7k)M;qWf}q^0e3je@oeq;|hVOcf?U{5SnV>GSXb=(=JsynyHEB3j zQdys_)5hteUX;F{y;U+60B1i+DxT(LLX>aP=Ps49vHbda$>qPsWqZZBuD_KiQ@*l= z33h44$`|+di5R3xAsu=b#_FZ)W5hjvlpldWzv~{G@#YJhp_lFzF*v0O(hP+^-J(F1 zE||YJV!>^z$gj|xsa3(wXFdLci@&L}su3|#+#q@jcrlag+_t zEt513YE~@9bkd`&ujvo8MZx|g40)L2`!w7K?z~q0ZW1?cmTgG;ueef;Lr5Cp#TXdR zT_}q+W~)s*w9LnPp)Lu6fFE}Y*_MMV4g4XJ)R6W{=RxR($whQk4(m_HZHcwz{`tI@ZBf_H5ey^(fJGq1e`6g6DHZD!M3#Xa zsFAs(Avd($UcpuPPAPG2vg*~Aa$LTN2u~iJ7cDxJdKr)V?q4jkSvILJBBp?7Gx-8D z-7m=Z2Rh;)sx0`5V#+_>3ks8AMlf4NK|Ts zeQ{?9@S<2~B1HxL6sQ+5IofL8H5;pQ!~Hz@Mu=$axkTEmqBqmElZDyFG!a1BaNN9< zktmyi8{KkF5FqvZp#GwnO}0G0`OP%^q}2WtU#yYKc*`hw1Ks4YNsV(sabxEMOJ9YB z(_>BB!Gvm7?77>}70xIzC9T99?w3c}T*+N}WJs?}=O(Rx^ZHTythP4g@IhIkx^}5e zw$hM&CPDl=qGhQBGqu3L+yY-S7s*u7`V5)G>6oo@>9X#P6|17ktJ+Q{bo-*j6w&1u zSeJmad-;b29KPepOupWg+>A$te@{)m$5(MphnjbY)kRzrt|H2rqWXfCCqudByx_UT z%sE;YSZoU*lWMes$<@NJd<2BGO8~;QT(!4Eh_4Db?-X*Bt2Yw4WLJlee~Bk z@fsG2Qmo{L>f~AH%wk{#Z&_kuo}sm=AWpS(d39cMcJJ^d_53XOwZFhSf_4-Y;I8j<8W*1r%hMZC`&9a z!X*jftR`LQcrs*$um_KuXk~QReL-zGIn|7g@?Cv#^(TXPKb0;&6XJatB{d#X%d8`f z#PKH+Hb*r!{y`!S5R%)-NUZ+I-b$1T&NOtigU`}dD)vcbpU7E@!49OjVkMFo`z$Pg z2RiHZs~toz=i6itJRla`!D@Y)-{o&O`k|L?JSF;UeQ-wX8%I%6S;gep2JKXl&=|vp z9OV+|QMkJTPs6i_9g923o5R@s#TtTv#QJ`{ZzO!vV~BE_HvPDGRx286T?xB)7b(7; z)u(@$rhXyTn*l0Tc-Qt6tpD=SAYwyB1~3tbl`gv7Nb}HoYrjq1!ruKEn7_mx>M@UE zF-gDPoio>4qO@LFBd()es!t9RklgoJ5W;eLTyWD+}pr% z>v4W=pIgj8UZv8a#%sdfm6hHC!7_2$;a$;<71`fKsWwTL+&neuVc}V)g)y8T=WFhL zNElq~H~oeirB^BLYFMCT5^l_X&>{RbE+?XD%C|oGur=n1fL?{-Q*MV)63<= z_Xe*G>bb{eblm;pbF7(0Jn8# z%@U2PO2))~Ad!kHs2T%us&74sUmo4=5fk> zmGV{9yS3D8B@fTCEM*=$F0*=3e*{rgl@)ZuO*%;uZ1RMZ7_9B=MyP1 z>Amz0AAH7@_o2u|>@tLw-55sWzcU(HBBpjWque6mzkcTb6X^XlE2q@Zkp)0%Im7T2l%`9CrNsZfjX&*B{ zFYB2Yo%D$MRcXrT@bB+V!JR7sy_R0!u4Xpdx4bt{uYZ+9oYvK;!yx`ivC~@xi52~} zcb7|_=FGDnwe2(a-w90S>6rs%!P1jD&hLk={d$>k*{xgHujOtv z9im?(wim#|%QfE~sWc?!Y^bqU;pMz9;!LwmmD18PV71|UO7E@DhutPfZJi6!TbkjR zz8wzoldKN?j_3My;6?_+7}ByOCQ9aCR3G12CZBflcfe?0Qt4ZllHz&BhpyZyS?9{X z%CR4m&hf1-M7=b#hm9f7OpνI&&~e&)>d_gjqoW#T-FSqj?wt8ZUf7tc-~3LBKk zv}R&;UGv;U8sga<6ZN0a^|#7qhLv#AGU0z-7cw7}YGe$2Hljf>hcCH&u3q^fWIud0 zbX2v-OyjZ@84}*@ zFw^WhoJy00Hey!88B(kZtWfW^`a6?P`_GA=X|N0y=p}IT^b_drWu?#E$L={mL*iiC zCC>5S>Xk2WkfS+%3fpb9JPZS=VARBOuKrc;iuFrIoj8ETg2YhanJA@kMkWAQ2{C_L3gc2ztnY%y8u=jF+_Z8iamP=3 z*&`9V{Ghsic0ZSTO-Cz{mI2l#V*al_IB zRIEU`go++)?14`p>#1fX5`xkmBy=|FfHM#W{vf}CWSlSl*peKTZ2AWoB6kY7>LX+` z?oEw6Nualn2g8hzukYC2va-{toz&b5O<3t+n$YfzOrQ*;zsZ}Vf}YFfSmebjdEV14N6vkBu+8Ou`pHB3GOw13Bpywedy^NhqiD@;uwwJX}Im9qjpwpJTV0c6q z98XQ?-nqeIWRXW#CvUR$4Q`a(VekNI(Np_=!)A@-jhbvSEtwVM`&#Y5S>?J5uuo_s zdT@AU!8Q0aGW9;Xf}MF5{Aj+?iyC zth{ahTSt;6Atc!l!luuw4nO9n{AkmrH@ZtW*CWUjuOM!n58`q8S~#t|&E{gj4@q1Kjws45(@P zMz@dj?%VA~yF@MQSHF}d98Nh%Cc(wP3(5LV0RkCger$35DDA{NyFKOJE;~51Y}HMa z?wM^WA*zeb>05>>$Zk#N7`v^D^4c45B?f~2rINi~igyA3X+EY4AmF93;RqLB&Ia(d zC}qP!-XVhwijG$30v|r9o01Z`8Cc+lHk7N2x*8$9)WE86+F6ZwVjkT4N{w_O>rZe8 zXYjcD9gYAp&M4Q%_-GFQds_&{VrTXDWZ^N0Z()AcCZIehQ09823>eOGC5GR$fxG+b zAGj(Q^2^|D>6y6!~-!*v4a!hHg=J(84@o0n-xOrwSe@c=gdgDtJlau5A zN_36>*rC3SkBD|UPDy?pq-y*{qP&@E>e9Z|)~V(Bd3 za%c!=IslWAy39SaX4er9-J#nf%QGav!~(682m+6ro(-NtI0};49Y|Jz)Z=u+bl<!a!Zm+oEIIwfC) zQIy2~?R2S>Z71uuqL+=DnkqAaqrEZOQd+b786^IXrOEEl)i^9$!CKqRVxPoEC<25# z+bujzGVxwx5RF|*N~ZZL$Raum;^f>cqkoSEttW~lSTKUe+njlaI?kpC)R=<9`W|5` zs2?4*!6M#B-}SO?e!Z^uHA6-ktA&=GxiJ*X20-<-Q;r;0i#Uvxr2SU3haNPMNRwcJ zKC~|%7AX@4s!z2pa;gNH`=hpC3w_ALJ_Vx;bhpPD2P|1rOPxyXXKVk5j(s`7qCnL# zdlE?Dr6enzBmMcvs)`Z2H~#p9QPxcR<<9I*ur#i81TFbYDEmmPLU%#&Cw^?%xZ_6J z=-FPOk2Rus7TqeEyK!2d+mH9F( z_vt~2d9B`J_Lu9Tx#uyYzyx2AmdjE;p8}%m*DamzDxfYz^<8?vAL*`J(5_UV3{@m| zgF8DNY(QBfDui|PyaijB51fns_hOER>73jTBi)Rv@}YsO#2KKZwq(bD0@ipJ^8!*v zsBwnX;=v7Tb^KoiFc6JV4(#_~ZSIRpTTvS%wH> zpXJw(b8NwzGhm&n_`Dci)NnqQDea9M+v#-nMEJQGgK6Ols+ISYCTLb?wsKs`*Qgxf z+9i9%M;Mv#&i9%_`{1D`)4!OROPd}5W}x$@$riKiBcbC19qUTXzC1q(p)X%l&gcxZ zcBrCMD-pVM=3W5hFjVHZMg*9<0-t;2x-W~tl=eNs&q};&L}eobY(C&?XyHI9J^Ddz zMuEAL`)_ms^1#G8!Nl;coYJC@&SJ~vau3kln}7I=O9;AxHWaVO{T})muX;d({uTGJ z-~S9Gegy)uHmP0ev)Pcb>?uD*7n3VcuicPN+aoqPXHsccY5Bmfcv?6r0sJzUizST3 z=y*%88EWaxwm(fC5fCa#aoagVCL;nS;7^nks}bbKxzoS}I4sXw znCM^!+Qa`Vf_X2lp5&brv;6r6?&t6e(!jqdgT>}e%c-p3KYpoVAfBY*Q$(6=BP-R1 z(p;m@AJTPT_cnk{_Uw{13M6@t2!BW->Rk7i9HsBCvPC}>y+gU+x$ohDptkovN6ve- zJd^N73kIBQQy9j@kWe7Y#!;8^Gg95brvm;@1$1m97JLx~pB~+fNpSVI5>M?2eD4;` zdkd_|#N|(#3&xy1!YS)|{s7hbZv8&^MR^eTb`c~9zFbpMPWeoJ&49IaJ_sNY`@Xwk%SmD1p?-mMf|XMt zUfSZw?0&j0%scOi`=_Zy-4=?|F*R))8Ep&++T_@J_QCTiqufgBO1c!l4h>j0?=%ij8 zEJsNT-Vlgk%g+64+#|(b<6Pj!!q~-s&tjQ76+`NC-~xcCJv>ey@O2@26bo`|2c2{KI6GD(uQ2N@3E}h}gle^OPdr+g!d|(4oO>O;t z%Pl1UmBIw$<=txJ3zT^mum>*q!4pB^sBJIt8ySCO_+F839X-bvBWaK~mTwivN{xXk zR%TIX^{{$|o90b*;tbz#3oCuzQ~8>1I)*vTV*5cEzx~N)O17* zhcU6V(JEVa>p{%ZRi+7<2DvZ4p}?l|2cHt7jeAMMv?J2anW$6OCq2fn& ztg;^k;BUK)CP#26I}VVDY}02#b)p$sKwNK9MZI{HN&7~v|BJTdTYi7FXmcoSVJl2T z$_1y9qX4a1OZrdnsCSw2r91VOOw^1|K@J_y;3F)oQLLAy-RWK+6{DSark>&xM_Ye% zAOkdL+kI#X-g0fC3~<__+=vG|*~5fh;KH(H!_zw65xG(C6zSzpFAP_~(dv@* zEOcj0qu#FqZZdx&%G}&UmSYQ!j-#4j9tUg%*|W|*RMl>rrE?dAEmlY5MuT>Ba9+6> znc6&CHPY3{BY&$l=5|w%wh=fXj-)wcyR~VCim&jf6PzljuoLTZd?LvuD`rsXwjtGWRi1URpIq&%XnzyD$Zpcaj}>5k3^0!WkK0%Lv|6dDt{r_nRVkraNBi{|+NM%bz3G%i zcjci8s)#7&3jC)&Gl|Umif!D0gPgxi+Uq$Tp2#@t{*g%|fN z;XH^PTqRw_ROpoD7&RQDAmmnJ$bmJmdO6=rGa+#m+dMb<^m>t}#J09~LP|7k&TXe4 z!S`m_=w-BsT$}(N{%y~7@99fPDF<)Hy*o4OIz#JqpHfdXN54nU8R@~b#-t{0izF3l zbUEMMsMYJb5GNw2=0EsE+IO+ljK7_!8~hAQkY{&ISDObCV|BX5^AKXI_aaeVQ_<|T~1&-B$cU<79H7;Rl4e7+D;W-&ufQI*Kf#Qud2z6PFEdN z(vB8az7{Cwr?d8lk}O4_iNGZ5BE1;RmWXm6ra-ic)cDT1d4`glmj&xOtm1=Hj6UCa zs=vmYQtj0Ox79vraG4{TnK2?qtYABPoixZFrMKHuCpoQv8y;AR(ZS!`;|WaTXw0?0 zZ+FXCcz@KyaeTYZ)YN5c(r4AlDm!9lByNo+l;v8}zW;N-Epy1(TxLq3p6Y_zYHe}c zJui{+07;@_eQo9DNn*2;6xdqdj4IR=m}7lr9rJh7KX&UWH)6#PZKrj@vJEiuZkq;nD#4?w>7}Vho_h^k?)S*% zo`xUDfO}GRJmAx8=6&4sND$uHkMgdC%2sJrkYziY32z;7sUmiA$2G|pWoNo#v~=>V zX1#yc z=&Ao!1QS9+@tCw~?3W{{W%|;D=i*bCb*kTip4&*pgg)dL=6bi}>4_v@U%IU2x_ z)8;YaU({OjU}e<0Q_YoOSMU7b6k-GNfK;gvGY_mWQ=7RT zNl}}`h1q&NDzw#ZoUo0&$-DZcLOX^eLTMs;6Net=(%ciHOE0=AYdU#>dAQy2qGTo+ z^7H!lPAC2_A*ibO&I+2nfIy1vff(OEoH-fqN^|;Q02eI8YrY7 z-wRhcqlB8PL0eRaPz8!R?{Z5sP2Pu3&^#!KP#(I&LBclD6rK7T4J#80>Xtlj&SL~Z zRJ=Hoy>iccipOxq&)^9f%=V9I5Ces=(JpZ&nk?ZsNAt(m1ZQ^$OP|CV_4NG-zUAVJ zMo2}WBrHPqO=KZr{Ik!iFVfexOWV5$o9Atjqm#~C=1qhO~x zs5cctNj*<158qZ{=(1YVE2}`*UK5$ z`c~5BU^hGFgrJ0x-*=lBWsIX01FTk1y(-1g2Xjot8NbRd%Cm25;U4(pe63r|tC1W+ zK0ZrTKWQMM3=SsnZ5P`#)~{8xa$9oc zZDz((1NS3>4~R}L5u{%iB&hVtwU z1ztsSdxc3qLn}`tnO<(N3D7QMUL*k@q?fs?k=1D4RK?Rn&Q=S&KS|niVY{ zOkOT4DcCkL36!hd*%EP`2eC(SznM@~ZR_lQ!=_h@?9()4%(6vNCI;nHG>Ch;kDBLA zsmq>&vrl*}b}8VYw2J7?5u|JXxI1s(gZe&v=&YHzp0R3bmdYC6fy*raTOxE98(XzC zV@uqsT0YveUwde7e*Ze~q+Nd>_=7{o3l`rXD&r#HRFGcGd-o<@zg&+vM_(aCmSaARvg+QsT-WAYi56XFLqpcMFqqO(+Nm6{44_ri-$XJBfpn zy}8wIGZGh12Qv~g4=ZyJ5RdhvEG;*Jwj^<2T~rIic`aV}KDid` z=B{jASS;wTJiXZQ)c{Aly8h%a=laKm4rxZdL)w2JF=>8HdHphk$P1fZ8SY^cuhC%J zc~5xZ4taZ8Pq*Lk)9y?*PyjZ%HTP_z3NeM&*<&9n*gSe|71gXE2uAO{$NV}1T=GTzn$xv<=G zH?ALwD+D}wx6cTdF;FO|qP9oEUh`UUTfE ziD|5xXy;0kA))L$B)_48fj|aBdAX2nIWfsJ|;5uX3 z7llYn;&a+UOXXj@sj4b6g5ddy+Vgg^7~5u8nil*X#$f>@#c^zZ;l)`pG^t^oJ_j*UvX> zb*)CS-L}nEw%mkY)?ul0T<&R0a@^jyE4nJ*=B%%ikG|Hdugy5M7`6eaH|hsR%G-8( z5Y*CK1I9vp4Em;^1nU##&Fwf{4Ahxx$FNa{br~{j(@ym`STP%~E}PsNzAc-=>r;g< zl5P*e4Oxk2U)&59rtN7*evKR0>N=n1DGrE*G>aMQ4l!bljKx?U=0w53PpMvcf`Gpp z>3{KfFYBWC6CLgR@24x|u^bNv8bayEQho)QL0+6u8tr4W`%BB&eZOufy}*o>Ub!!*1NIrm*-2e+jZ-H=3T8Vk{s;sO4bWoT)n1V5&MYw3c_9*-~+}N?xU| zu_^P>?P8McF((YY1B}^sO&KLb&nOMbg{7qAUPuj}ENdllXs)K**7~v;##f2)^A82H za{Dzp5a*mKBX|~NpX0jK1QTodWi4MG3EqsnJ~y-PZV-+b9sZ>S=ziYG5{6GTbKaxd zC2TBS4p^lYkzq+jO|hhRNBk)}B#>D%rQIIr-5~pw);|+e{({z7x%Wqo)tp^kt8F97 zwEq0ho$t_`<8Kh`lUsC!RR@Bbb0orYr#PRY*P+$RRW|Q!QzgpnP)8@Kn`fi@v%<|` zFm$!S>|hp9WC{w%k;?bW;oUocY`vL)&k2%M%R62q4OPZW+*V2s+csp8GwZwh$)G=u zDWlD0$_8mW?$@+7usL0F17Zu#+c9`P;*X!EtnxE~Hxr_-EcjjanWIOA13zMzHn4;dh6C179%Vzy!hvGSOh&B8%=EHjU$F3V4Br z6Ap8JamHtmMKCOj>7~IfP*XAXN#$GfO++$oz%Xv@(&JzS8jMjFc(p;~(yr*=*p86J zwsCo|WgeEq3lrB8woj6oT4&TKM6N_pq#)lu^64>7){!i0aBwA}U>g~uZCn->LrEUB z0TQjBhFH`*L`lP!dBQ(|sAwK1VXm^*114g*A(m4=1LiPD=TfA41K6CAjmxY(Kc&AK z#f&eV`Jial+X5vO;Z}M_uqrnBZ*+s|I`{q#+p4!-$6&zX%WgI2gd#f1f?2vDa8j~J@OTW$SJDvYsckjFHEK8(~iz*n;&U zHw;e}2vSHq&xJeXQNyt1k^BL<9Af0?LNis~l(x>!2cb<#Wfc0pD@NCmEEX|(H5?Us zm^iiJPELg*Q5$`-i@nn=4VJ&-vGs8V3FPL!7ZF$^nQWGWVnV8;DpF`nFvLay4JFl} zGvdyQ-HcKPhYsV{L#cDZXBn&;L&+|M1jJ16G=Vq2u zFSxKd?G&EM82vBQDrW8x(!~J& z!PBWEluReM;$M(=AX=|UWHd*HT(D=bPr6GF)HOuhFRj4yP{R#GvA_vUmVO;5kQNq} zcuk0xgm{Lu2Q$=R@INUQXeVNNk-fE12|-6j_|W5sBWAHUZ~?HP7f>ioNXNBDHe4xz z)`H~lx+d!){too~`H`HIaLMz`46x#mk=$h*f$Irq!NtwCeYpg4l6>_#9Az~^_?Eq= zQqE*GBEorfbthyl)Cv+Y6s$HnbygvDT45}EgtJ~aHxR!>{^?%?5=e|zESTO1YJ^qS zvK;zjwSzJ0?vjpzrVl|xd{&^Lgzoy)?}-wqX=+8Es8=+OGo(-MU{cC#K5V*+Ymc{Dywa!zn#$osR1AXqGOO-% zxKiCoh%l-&-Z7)&MdOIUe+z7(#Nn zbQ*gB`(zYu<&RMj+j4qBHxJ{##{7lLqS_GH%dcxHbp7*4mv)D5Bd>_My**f!EV-dZ z$cJs#q$)_PD1s4%yS2n1U52aAFbp{-2u9BeMB>Gl)rP;nh8AUnSQ+tdk7+PTW>+s3K zcMm)zW71gy@P zSxQEo*vDo$10a<2iGpAT1{k%cmnNxxyPwYPLQEHG-Dk~|N@$MS-FC#5l3C=3t*2ffmqs)AP7jw8m^M5Qu0DaI%6^krI6e2icx9TdRD^aDLIk93Q?aHx}^|+ zCXPt^mB>DXyb_6rb9+aFRJ0VOOZ7M@pC*h(hST-+6`EVa?(e;KaxuB1|MJTB(1PvP zJ^iuK4yrXEE z1$*#4?G&&Zweq>M?)l0n|Au&E^uClk=r4N&l`X!3vKp^lhcX+b##z66wDr!g)dPdC=8kv7*=Wxy!`HS;(cON@Wr#=)CSNM#a=eK?$LW91|W6nWrV- zK#dY4{s+Rhi3tsnj?0+y5K3k+v-08>jq<|nRAQd{s8yLJqtsAR`M^^{gf?8cYZRm$Vw*$8BO+Hm)dXaoJ$sAuuy4vMsBOjK?~`h`N#=dkx?S;E8S|_q7!5ONke80 zDTF@ZC`)7;zj6MRG8^ywY9`!-97yyWOOR*d?oqw=cYX6kt^IfDu7=S4D<%~cCsLcAYo}9 z&qATVn5vQ`|FO%*!gd|-q)S3eWQsyS9Jwf-z`E04k<`ach^8D*Hhwo8Ta$Mh?&h>m zb+}bC3qu31kJbq8fbnAbdlt$o`$PZqixES2#Da#mGC7pr1f2a3N*vD#&p}kBib&n9 z8#d!p$GhpnreyTzm%P{&@pTd1=)3o44*}|4j7N<-at_T;rM&?VaUaQAsKL< z+H@NlwDU=049Sf_$S2^+Cq;;gIJG0OYH%}M3h2f^^KwK-L4G;jO5u^d+d9u; z(?N)?=bbWNgVV2R{i5@GT`vI3^xrh!)R-(u(`@hQ$i_7g++()0*haqD*_{61+4ydH zUEBXWyP6c<*az5K_>DC7IP*We=iJYLEu@ z6P{Y3a)~_t;-gV~`D$om*2Fl5Q46t;!ZVv=rIBbhmW0=`C2qBC))OFvuJ7Q^Dn>O# z4>R9AC5gdS73SDY0wIBnP?Y-xn|#)xVTOPp(jebtn)f>C4r5D)vTj(j+Mc(v0A zTQr0s6PP&qb`qd|^X3;U5$;6(Z%4|CF3Z(BbwxNzawyAQLn(iqdH<+#sE54k5Q*M{ z9Hn$KDJ?=c_=3#Jw`Ly)Zl-YvrrtD(_6; z>o4}sS#b%a$dNQ>7(`pmT9R~af0oi6L|S8jeN#Q|CV&iwF<9qi1U++fKO{qTXo z>n%B{Sh;yX@oU2~U=DkISbFhdoy@HnUWqpP^5N{(M|e1?xO+1GD{K%;j6G1)C>LYd zDhpFS1#am5viD=Na86>oE?_XCjYP4&oT2)1fg8lzB_>db1b6r--Fo7$t>!6de{p~j zG^@hmldd}bS+m+7(=I#~U%UqL=U{EEX;q8tC@XR_e>uw3-UCCP0dNhK513V6p+byB z4rPKEB)DQdsH;5|=>)!MQ|(;B>UCus(%0QZi@f~sb+RaJchwfmuq!e}S4fPmP`Mf* z)mjtwvu;I6x&v(}P&q;Us-Jp{=)E;uVWLdx?ExY`eN_smzMh%H;}Lh^c$dJ48K*fg zxt#1KD5HlGfH8WZ(5~s`Sn5x?)84b*ioJEDvDAN9HCE9_<5;@Y#aPj=jvDZ?Q{WB% zS>N=Udgj3W+9R!1lRX%VQK?dAHy41i$XE~V>Cj?GBCjC~As<(e?r)pgB>?C)kiF4Q z*L+QQ>Ttigte43oi07h-QhMJ#Quy=o4worjD@M9seM%t`EZkwegJKl&I68}z+B!}* zDs8ZFZzK5|euNJcHXMzVNKx`d!8HWqb<3(oVJXxZ6;|p391e=jqpkE3ZnNW}6QgG)+< zKpmVhAPKr7+PCj4li4f_Tk{V3@xZ_B_YIZB3qgY@Xb+U}te5JlATO{UKq0fDYhgY4&> zZS;aFA!!XR_SgLD8>^GKuQgug>h`{(6IE{r>DB?sC6-YtM-P04#Mjlg4c#?MLkVNg z?^rbV7@!1C#v=TFJ|kca2E%?jf>4hLcbvWM1Kx=8M_(2m>w-s5EO$)K!;vd3Tc!Gf zQdVKqBh4exd|zM~eddn3n49-16@g9LkV=OfK+E+Wr{N7}SNqT?Pw`lPzazi%Ae=c$ zN*uWl%Se6rCx&D!ShPIS4@|HwMpV=hvUEuf!HJMC`g59(Of|L{m@o6x{E5=4>y`!+ zK1;bBeo)&Sj^ui_z4cBvDBO=_(_-&oZWZ(6R9OxQ5p0(6zwym%CfD0B+rs+>OI#M? z>zmb6752_U=m&uVF_8Tya;B`ji9}a)fpT=^>Go=zBswi5@7b^}tmda!7*33-8FaW) zZ>b}1ql?Gid2k`}gRrN7jRKf6)y^Kdb*Vae0P*|e5jsX>*&Shv;DE)UgVI{ItP8)F zqy~1yTZheV9^JD+SVW)pFjYX!uc-8pmPL?pGK>n@mF9{B0d=rq4GC&XQrfv(E)q-7 zB`D;O_gDyi?H_`NGe}n?)V!`+MSmAfc1S`~L()HVR!aBqQLNcnI2n*#b&@FapAS{d z!xfKV&M2C1+EB03Ao|qPUo)udBj{T2He)t3;Z~^8+S-S_^sTO^WbtsJJ%*2Y<)C=@ zdjCc`&vz^E=e8euBauDQiC2BV!MucCApfe!`?`DY#z3`nz8VNTbB_9l0QiUI#}<-6 zfmG{uDT2`le6HyAo^Or&%ownN+JCz#7O`7KG9#hR6vWg&H&fyGWHBZ^BD`+t>qdN9 z5Sa>3?2dgfU%CNbx+~#V4IMAZ>t^JR{yfkGg^GO+@8d%j4D;rCWv8KBs#PIQplVVp zD6jRibL@xNqd1>)1J6iH&4Hn?M6RvrszZNM%??xToVTTD<9~fI;8>!UhHer&lZyTe ztsMF<7{_s?T!+OIiwWC9W&2!K5e99dN^hn-VE?MT#>CP}rKe-yf$8enT9+6$0sVq( z2I|T^A9@jt)6u;K!KP`A&*gVNh}LOGlc0nL2&TT-O;p47TAYt=^{vSU|0tRm6D^BhflUr&J5iS zf<*U+IWC)lI}G@fBP;;E#=--4!Ai6uJwj-gvt{m!c+Snde1ckkR{ zu4yx*CUXl;4=3ai9wDsPW(sc1h+J%PZd~8MI;8il=b;2 zQ}BB^aA3*%5*9&O#hH!o66~MnF2k8ap(^s4L(yiKf(FKgZv>odrmMMAQPW}$Se;^K z*2~K8t=&16m=K-nvl;;$=<|hQzr47BNtYw-+o)pY$o)x)m5XNHin)Kfh}PoisxfpO zJ6y9~fOfUWu&0rzVL7WuEms2(ry-rRbN2`Tav#2>;8n^MgP|&Ce2^cD1M*gbZVqjd zSn_o3q$!aDXuA|QH6T+L6~{fUNFe^*3Lrtab*6@yl4eG&3o$Cxnd1#=ZkcPWW?_N) zg(QICj4Caq5K%&JK#WR9K{@@j)<)@)v;mSP&9AWvH|_(dJV)khsCSdif$OuDx)z8( zu7@R0#!J#&<}>1YP4laO)fjEm2TUuwH%}jYK7ooq-4dHQF>lo3yGB3X%d*eXyveLB zIEQD7{osc8JP-?&$`txfxmw45?C}nqbAXY?6PF3MM$AwsQ}p!}!D2_LH6ic2rk+zE zd#MxJx#>_em6vM>S?Xv~;$ZqB7qa)VuK>C}Yr5Nck~D#yK^zwz8`WAF4ctwqdO9%A zM6=$aIr73QPbP9~{_7Ec3|sa?0WjdTG7OZpLlw1J_42f3&uN)x=#gMMdX$zOV17wO zI#mgl13`QFd;lIqhQf=FQNgi;JP?MM9)MQPraS}svTUr2l3@j3(}D}j#759%t~GTa z4Yv!>l9#S&$X2wn*q6F`aZU7t){@XjemuI69@IsN@p120A$$<5n2=!;U!>NBynqRa zD8J^@-=oT}iPnEpFRBiR5Rj^Yag1Aj@h?k|J&}|Ht$_k}wExR3EFG0qj#;n4}nUl>Ko|MX4%3dO`=g_bOX#7l)lMm+ zgqq=^OQ4+iC!E1{Xkoeuto2=V7D@Tw=XjO!f1iV;Z>u1y^Yf`oB`T{RpcVPK>-^tO z1M6)wnzeo^)=NdTL$FS_2R*%31Jq3D`s7bF)%l&2uMmNk>gNpf3f2!I;d6sThK@Jg z@YXp28CLkW6&nZ4qp>gT(L&pM8t!)ia+JCQ^JmNFX=%n+r2R`M%9QF0U|TYM7Lw1dDmROj5>4#4%vg>@(Q=OZV%?v-%(C85{&)Af8b;R3lG4nH z9ln47evD3SeLNrLwI7TyyGV*i44ncpEY1%PWrFe=Ys*D6oJ8M)G!b<9oTn&md3R^M zAN*y`Gm|p-&f{vH;^}@Q1L2vFj{sfKQkpsw?i@;2n+1kdq5McHAR-EnAq}+6q=_s78f|?Gp*_h5syth1LYz>_ zRrtwiMsL@NIEB&Gmq{u91^QjwnUV62z923`N5jHdV7}}tgPbD-|SLF2oxmOx+%o6!VvPv;PgQlPj~Hj9YkTxUEe1`W?P`~n&q>3t|ypX#EIp&N<<4Fd$ovT z`l}e|gvOpS!HvNWKS(y7_FxMRv@#3kl`{o zL*gyP%YgN}E{3hT^w%&wvbThF*O)yz^781TnR)!OCmYZ!p%g_PMTH9(OIX*YmOc1% zNyKeHH&QKlzLJ6)aZxkp?=%wO8|#mT*-Q;d%Izl9*a2y!ldTY|L!NJzuOgSbBQprg zHJ7P^B)n=1caic4$rCr$ZeddBRpmStpe~g6NP8Y03qF+9fsPu7pnoXYy6J zk)X`}V};Gk8Z^khQYh6jomIYq8VOD>70_KII;s*vFi9^>J~{k?^)W@}dvz4vhT?>W z!9H?d8Xl{(wj1K7t0h*Vn5X!H6_Oi4K_n8B-`;#HM0n3S0Kdkrn}zQQc)1|RjAmtn zB;dvL{gRgEtCKXQ?XNYTCG{;YyYMTNC!I;g`R6B^2-yqe5hFzZVvmVS(rN)otgTmEa?(`lBfin1bXUx#q=}U-{MCef&Hw27uW0@8t_Q-IjCfz z>_Kdf?i3!H*aY=8cXNLW=t2bb-ZK?S#ePBu_dz_`ACfeBJss?Fxuq zQVh|F!$EVHHL)nYEspX8%f?s3y>$cz2-&ak=koXJoAKkaXO2)SL|6*lLGFF`Gap>V zBOw#w%3Kcg;~~UXYvIqaN*C)Qk%wY2iPrvCb|)M{06Z9p<1W=)YM{Z6b{DP{8E;!l zpN)IK>R~dOKc;i)v3}5Mhe)65 z*sc2!o639kFVb#)aE-9gzASN+?!@`MC|RxQv5Fh53o$YC;IlK#TV9&Dn(d8ao`P?n z5J^MRQHj@3@D)5wCx|G!UkqcW+9}A%u{*usN(V89#v5yVQ#QH4i|-oV|GnY0h1=u( zRYBr0Wi(;FLd)h0x{RBlJ67tY;`{qBC}SB(aS-5t$G@(UPPy0tkn4$>`#AJR|K=MWCE(7)Z< z#Dh=;{r(Li{x&Ed-zH!e`rASXf16G5K4A`)R;C;FQt|H#nZhr*Z@<3+-H{Q>vnAt+ zu5NB5)xJNG+k9EY{D|v0jHK@Q^8cbDB_$Qj{-<0f|8@QZiBIHv+XtW~8C<=j&+}{X>#vRgvl(%17Z< z9aU8EdNZz%fBH0P1AI-RqBy_wxwo$gxlZ{sP(Wmfh(|cE4|e;4k&mj7#=gEC6ijJ( z`~JT|_X7N|@qcbB5d!)QY&SF)FbM7qMjpiW*m+!OcndWY-)b5tNJxa~*BEqpxgH)k zF6SgMDVT9uxVw3Fk4{}_;(L2RO>nw9PJ5=M%i<5j6}Lx$e~5%$<55jE$IZ{j+13#a zk1)<)n)Xpp*DW2^RZdrJ>$zfcHtBx8og9Z%d&@MHUGV`g8kc@=s?0Yv%&JJ+@K5IG zRaclQEMrjG6?WNuZ1I~O_Gjx+dUKJzf$qX>y6^bj5P49uydN$41A6%ZTkbnea9=q& zL>*gScO%61@2_#!(H6pfpH*hsTQU6g$|@>PUY{oMg3Z=TlE8*fqLsTZt?#%)f-yAq-BHw+00+_ ze<~Apy!8hX=XmV)g?FobJ>DNpXjE#>Z8*QiDF`PeCDr@9-fwPhzF&9PZ+CjqrPAHs zwN|-oc^DP`@Gi7#f|FAVT$F0k1eI*9LFDnnY*FKo!(FDJ4UmtDsK5e z>Mn1|)xD>jAP^AUpU(!q=L#qvI$!&dJ-)_3?(5QSU|d_SuZydfFJKnzGYAs?x(E2R zRH4DF(=1!1E}7|GEku7Oja z+ZfHdV;5w%*Ft|=lAWLbp3u*Wu3xs@W_saT;9AFAG$8gw-GhwlT=}`x^+R&GYV;Ws z0%X|zU{lQ}(b2+(b{Dbz(%nZUkWsD4EoNe_)3K(fN$>lNgtjg%=?%YT% z&YUln-;iHPiNW!GP{UOUgHTbAys!*ft5b&U>B6`)$&d69ChnX6#=Cf6S5&O>=|lVN zVa=Fj{IOPX8*NjHp+{>cC1YH1D;(&kT3hG4Sr4&2ja*rGXG*ZyR?B-}D5z?%+59P9 z{wn3Y)!N}csD~lv7x4GC)NalC?&&sM_a^sk7brRvzlG$)yD+2YMyYx!qYg)Vy*H7@ zOf2lTdF7_SVzL$WJL6PJqjiYDCC%WE5I4(GoQtA}$uu^F9;)`@!BBFQxlVW%W^+bo z(;~x;ODg_@s;KQVm;J9=1{M6V5}5x+=O#Zk=MwStv?kUuY(%^Ej;?JVBwiK2JwHj; z;A9Ack>26Bv81fXT<5>1V$T)F{gvqp+%!2mfibYrS;%R=)f;syG^vk<*|^BR+D3Js z+s%Om2^cH+@&#;R`_=4VKm%KPUSs3iQ+f_|_}Kgx+JJO~wv}JMfF0r#Fm)d=wGPqg zvRZRBQWtb?>HN!YcoFTGYqs6jz(3Xth1K~IQ6=Z+g4+^S8Wx$G&kdYcRu3oQql{tO zWi$)`z|w2nNzUxOMNIX+NZQ)YKloQ1oCVadaO~f3r*zGKma7ok)ANeW^3BfFO})Ka zY&kd1^QQzh8kaG&C0VPbLJ(1{+P=F}#U4QX7szPkSq1L5nr21@9E$|#EAAY8eOUPOuGFz!2n143zR2z@Hd z_NIIF;xfSfWz#da+U7POnQt^%nfB@2>^WXQ_m>f!a{J2FD*A7ZlN$Y&kvgtyUo7?Ja3dHXij>?s1Vd^u$2|&RFfDdtM1QdOla#cz8U%NrhRz zlZTb{ZYX#0_A9!epkQENfZOr*H+)AGa`8=N#rh)G8k3{mP<4`^mKpbT&7sbCeZO5W z1W2o0icv0req&8yLTDBXSG=ZT}xd z^uHT>8F4-s%_f;^h9#Oa1pa84B=;l%Tk%96kiE0p-BG_n^$~UC^mj94o3oNLi;EZ> zT!X07dNK!p$w{jj9KA`<4m@IicT;T?ExfWhWCl&=Qdq&$i>xYpG;#jJ=Hp9y+lvbJt(cGYgJZnVpF$89DjTx>2GJAO~8m}!UNgarX%f$Z}~uU-1h zVa5%erFlw62Ul~)*6`RyD0x`g!g)2um08v>@gDgr3gzWn-x2o_mrY&Wh%;vfg*Cd{ zeKS`O_PX-$^0HDUtxeKI-FGa~>uKP4ngzjcf79JJQwrpgr%;%;=c6Uzzcv>O7BXum zUY&uS{s---i{5kp!---wV&b}9y-#p$qo6AoU|g|PR5g`m<=m4YnH@zjM@x+_QL)?p zAOWoiUtB8ckGGbz6YDBu?kn62&Ctv|FKTG#PAD%c$6d-B`5bOv~U;_qygU9)RT_@r<;xiHma+uvUFm#gPzq0D!$T0cRLI< zscrGJtCQ%u?9#zXus_KSn|tL{MIEHBisjl$BECm;;!nn2 znO68$`&sVkV~wbD$RH^3eZq5`9vg{B22zz(HV-bA3S`M$-}6H=!?@B}ln^2HO|35F z>W-bpo*5rD;7)=o3&{RUly~Az-yU3I^5ruKURl+9GTnx21a%hnyA~}v4suP;+e-3{ zdN2R0Sk+!%UOVb3o~^GbFs;~}*zL+lD4MC#@h)Pt2f6{W@P``PoTobITmpx{K>|GB zzcf?0-ocD5_7GeA{)2H~wi{>(1E;4=nU#(vOWTb+B-@+R`4z*^r_%BD@T}_(kpSOpJ$NApqiuRcdv?#!;`)-aErukZ|nxyHJy^n@ZdRacRRNei5ap?cQODdh@EVVbDVZS#ka<5KI^!3 z00RlY&vx2m2OAa(lf9ztZ^{9B$h5glWH{t4G(6g9cw~`-fox9p`B%l?FC>$#P*&{o zktAM!=Q!LhPv79NDR%27^qn#3MAUb5;5U7vi9@uA#&=59%Lt+O`Txb4fQz4=sSC*Q zJbrigc`Ms3#Qe^l4uh=hf}V4mF-Pzg0*w8UIP^|KHfGP$m3^*| z-ObBDUi4?djKBkDk+Ns>2l#Fla2I-s*!NL#C!yn}`{D-ZHxa_D3j)%L84T25B>vh> zvlsFKUMU>aWU!O}EK-dKE=U{Plj#BnJ~wdttu5vN1Fj{3-n+^(hMS>%IoR&PpRXlA zmzU&e1-=#kFRL95YK0t+GwxVq!36IeU%<%0bGOUes=#}9lk@9>PS1O~q(%ksrC)`e z;vgD&$LpaFcLX4uvB%_H_ZbLHw0QBP(mD%3?t1$5a9vlY^jaX6*Lv{m-QB)dQ*F}P z-1PBy)NYTA`0RxCc5Lr)n%4mth?+=o=f3lKY7eg(Q+U{zZa@P}Bn9FUP<`XRf_Nj~ zDbAq#evfNmA)`^eL4YVz#xk^L)BoV~59Lpva$A5V8aA&SLi{-Y@Ie)1-`h3%T0sHakXc zqRn*E>m(I|6X&Y7hDj@)yR>f~)Uf3*E~=*f;%t)H+I7~nTN48FYo+CE7^d7rUfcTt_Rp0xwq^&O~gjT`3vmvbW}q)#RFc{8uM+ne6N)4Xsy3vp@udh8n^4~IOLYn8I=Q1=;L z3)_#55+|I*0YRXqFz_C^qJ-roQffa*$LUv6X2f9k0_Bjwk?ww$Gn3=Dk=}3OpM1^r z)E0~dC?Lctd3o`j%zpxE;0SX5{NXw#;~p{d`_?VqT@QVA;m&_F&Gu&3>Anlp#;YP2sCjQPDFI zy9)Vr0=CWA*X18@r72)kHruA!-upvkZaSZ~{|?}qHTrKquOOdbVpONc>4<{wDBnE? za_#I?I1~3ff_~SY@~-t+d-mx)1IupsNlSrKdCWCH4%7~t^stD{Bn-(K(DnnjPw!>- zs$~G=uzU_rli^%{et-Vg*Vl@EgTVc%31bac&9pa#Jo6PY@-yugxqa?F{xu3jel8&a z50e!U&C8=6a@E&b&(}e&Kfv32+vjfEjN|zD1FzAAa%{`>@RZ$OUC3hkqqIO;xcqhH z4E9R|`Q*rJ28yCh=ex|+M_hPrpSznyG0jW;Jtg~tkfJX)VLJfixQ~z5PhB$ZG@g?r zac7I-VHsDJVXhRPr-67OMH-Ay$lUj*?yzBBZ*+8YV!y*g4SmnoI!WUAg+=Q8f^dFF z`3L0)R91-x<!>=6mc6DIxpE8tf;AM4p9eozgnz|q)D8wVR(zIp`|6jR5RU0Zo1 z&WS8a1nPl!&_Bfr^d;DZxg}yJCc2iFBN-%QLCfC%8Bn5+b^j;C7#J{<7>uAGoY)v% z^|LggmMfVg3f38=Y*vY!o&!l`<@q1ThiHj|p5yzHS=fHLX&voFMV@^@Kh-b1-OYA< zk0;aj689MN{)pv86g-U^4unI$j;H6u))_Z@ZFja2>+BE`o%R6PA*<`^B$H=i+wGm( zJ!fdVX_)QDbw0=oOz715Z$~MmlMYqjZ;-?WA&m=_DG`wQ=amuC(3oH;xz^|BP0L@*39=V? z&@CR}*pDfq#Rqx2++POChlY=HKUZRSopoC5b%5D7?$JpuDY*jPW!!=nlE?m8`@1K0 zBY#!$P$Wj6e6s1cC4^yP9F5^1@$m@c6sG2^8T2yr*Z!Cr&oGj%0zbgPLRt z1URQMatpHFw;e~9!oJ6kMKajDC;#L9d|p;Eg`@O7H8T>nfD^!(xy$+7$6xwOZvuPj zk{Ivv_BI{BC;xf<@3Wrg@yXTkA)zCY72xjfJMZdMyAQvPTUH*g@R%*&_yJ6hc`&E+ zzaakFzU}?Ag!Fr& z=$A9#T!X*|2>3AuU#)j6z1d|thE`&;*l^=Owm&Givc9#+h)jrcxnL?g5l;cGzIf#( zleDI*YItI|*r_r^N;`Cr>iP^O2JXcJ>uG`0ldWxP z=i8Gp&L=a8-e-3?b8*Q0*SdeSKL+W@@CXPLE0)9yRq1AO`Q1kd--thJC5X_%Uv>nW zd0d|ks1=BAtn517(=%AT9&;{tTE6&>h^~f+9LLkBX&@*w({lvEBaUaZF^UXL3aVpb z&b%3v>!SdV&y$%g4%?lf^y-^)E7VR*sX*7Yl|S8b;&5R?{{KBf>FaC7&ic!!{m#YL z&_j*y`E_OCpg5%lJX{eEi&LA$ZvSgEHnZN#^YF;Bu%88i+Q=lw6Y>ONCh%aTg?a3> znb`L;Z6`6@V#jmErbfr_L3u$C;CBu!{MHBj^n0pIZ`gOQpr$U5nESvj%hX^#b!H)J z2W~4I@d(#Gp`CCX)f{{CwCs-XH>2jhBqG6MGmMQd8eA+XNc}Pka^?$wfNj~Jbf8AI$Req{4cRS&0%g$eLbx$5OifXJ3h}ki7!@#0urL%zC@RE0QOkHhRNB{)V zz`tX@-F1)+b!weXsJLy*4=*dreXp9hP(Aw(%hB92Bx)piB_}btLF^JCAeoEDWQ_ki zjMyt*Yv8kuc5&7@S^;9(h?WVlF&iju8Fct`5r%uwSpG3$ zgbP!tU6i)ef&b=G2642XUPCrdm&H>AqrqvJ(f_eA&`fFFi?U)9?Ij}!tFQxRI$#*i zUT2$LUoklmHUtb@O&N_9tu0Hwj$={(_~ zM%+hlsB}+{H+nI*PVm9|TJbS5w71=B<4xSaEnydv-Fm=DEPC&$1kR9$*Kig>r?+&T zSw8XrC23T)<(Xwid#QIbx0&|d0M_6)fB-calJEh7s&(yZuCZ>U{76Pn zhD6vjQMlg5+D@Bwrnyv13Re%D?D=5A-t#$;ULb4G!{IBdrOAjeucSWlM z#X;~If#lN0Q#^RZ1!C5`-66AO6LUcP zEA4wG)!%G$Y$<%%^B&Ks_&w!G^5&yxuDqEw-ruW~JFgtcz`^x$xw>360YJOcA*#w>ngk=mET(L-y@^u66zepGX_av*407ml2!LO=!QS2llzM6quEvQlWgJhgSjKyws5N8jyPftezfRkN1y6{truR zBMGK>{q`;KHXOdUmln&%fESv=X+~9;SFFY`$qKMOK;*F`ot^}q(ki?WalBZFA5zX& zVb-oQ?jN@h+)({*FTgxkYKotjF9QnD9$&x5{T*DXm-8y)Ds7+d^6697mj5hUC4MTL z$e%JDfd~<*V*rgsME2<=6(C^MtcO z!wO2^0knHTCBSiubqK;|HI~z@$}Lr^m0oK|Z6xNS|42n!JI`F;=l4uL>sj2!4dk^s z*K2vvGNB)p<+9I#F({|Iy7zG)q@UtX`(ziq@u z^mC@#&B8@jC%5kk09+KK%DAOf=AA!wTl)B7Dw=FV~?o5Vd2QJeAsb_D|Ce z6L2*I#Y4yRTuzcc=g?sD@NKlQLhlcQZM^cunW`4l;_97|CwC;pw~JcPMHQQoD4oq+ zcMc+qPmBm4om?Z}j)pPmsoIM>#x{;(W?TG0+PK~+#*G)*acM_dnU6ZRDzlb#&hd%k zb+5I*1hU-hbiDVP@hw{Gk`06HP|VXedO{$*A*6+~z4R7#sdeTG`3d2ehIahS#i6F^8TZD=z9%f z3fIfQ;ro)|k8w)i;wIk_ z#1&*st7v06k*ak0`u4tsv3ZnTCX?xZI9e!Kzy8W@5xUo}m9lobo&HB89X{aSokw3( zb}mO+_va6C;HzK`o1?5!7Iird{IBvJMS0SNjOcO?i5!5i@!}3(?*FZlmpR`7V}zSd zZz+<$zdxW9=~!7=Ew@ikPj6*-*x1?G-7Rb2Fq47FDJTfXG;^|d=xi>(Fve7xul}u1 zb_iwMlhIe7`twK0gzNJjV;E1MwXF6*!K%B}l`)Euy12M_LTfd9VOAsO^t&qVJxt@W z1)JxOTjtcAH{5fKEXJY=Mun{<+1Uf;Y`~v8`ne2*nBfe9XRTg1gzkleXF!#_>=pjD zl77+!+4*k>E8CsmYBH8u1kr^asH^P=a7nx&S}FR|(5j2~Q5kQe=TocZ!=%B_it^g6 zv~Cni;*z-*{o7Z32{$OpcpocUN~#;$+x~QZJekZ!1rNHwkxn2?G_Y8bBL1^)1Sjg! ze1+v|xLZ$838G)7nGH@t(d>ArwI@j63Q8=C@7vP7XStJ>N=53ec~ry zy?h9mJu4=SJ|wJJCagIkbedq9cj6 zj@E#Oa3%4PL;%N4xyk_?n59iY6LC! ze3{j=IN!{sDI9-2{p?tRw42MWdH*LfT>%QT|7-I2s@0(OM|)Ij^z8s1cXv=%^be1- ziUKLXMN>8$Pks509MqhAg0Y3OZS4{fmu0&1i;bW?89tPZJif2J6%q1*;+L)ui z?P9bT!xoCF&l!BpAy%`PXY;_wM5Vk5?xZpW0#!40x8L>UfvS!oIW4({CJz9Q z9omYQl%@{D#4B3{mSw%+=~5T>5uacptHFq!QKlW2jIN}018>WLA1b?x)$+H%n>+Qi zbxHSP#I={^^h~yEW;ggGTGjdQN{<}$Op0lmdtg-+EI=fBH4Z@?P5`GvOT<;8m-7nl z?kD5h5o`dp>^7G@?xo)=t7O`IPrK#NkTl1Zid0qgr73J^sH(1xJG(ho$5fZ>bc$zd zXcE!ldBnqaD4CvAn!@Tx2**|tgjGj%hzEX_4SO1 z`IUm|ga2uym_a>$;qvU%Zd0^K`?uoFib-i9qrY_R_}O6}TLVrloK3c^vfFrpOG9)tdLX&6Jr8&9Lt4|6a-q9MDrd`gcor{*K!n+jaN*`*FI#VXVp|Em+Tq6*k6uAZvsk@ z^NGoVA(fSheGL$7%MI$is^jzdkdTf8N0ZSJU9Oe@h;Owl`ol>@ z&kgNXVOB*AtIEmgRCI^Xe)Hzvkl~ zYyEgUka|9UAn(&OLvdFs#M zy|q*;w57wG%*xBe-rnA%ur<5I`E=m#Lrl%!XnQdeOZnHlbIgOy9LC+`&(%v<`Du?O z=zOy&T~#V`C({=wFzN1ubBUfGE}Vy}sGx@0N>$pZOhJ1wypN(va{X`k>d0rg2TBOWxlkeB^&So0|H1Z?83&XO$%dES0xu%D+A9!duRu-l=Hj~es`emu0{x;=r>o({;z0A?g&)v zg@7VDe7!_I=fJ6V`SQtSP%NT%5run~Sl~_pRPmU&B|UAd@kdsDTsk^BG$J%cWKumSa9LlUP5Xf%7^XzzYG}0IqM?oou^Y^5`9WFz2~+p4*q8l5+HCFXH^Z z8^--Q;;9hu`g#^Dr@bFY_Dz3&lJe1B=sght&8Om2VM+Jw$Zame?uaq9_HAB}5fHTF zaHZ{)!MKr@+-rFSYV}%Fh$hh1cJ+MkD;RF=RqcjA2?qAwuwc=k9fZFSUH>L=h|n=9w(A55CdlSAV(^(*nG1J=W8Qc}rfSu?3K33z(2zs6DcMlrnfi-_Qjs4_$ zy$k(zc(>7tKyI|s?8d2zH*OBwkR|l^A)O#>^~v2KXW1qE>^xLFx1@&H!a` z?DE1vJ%^v(disu7CLB;j4E@N^zzMO~mjo&7KYSbjdjam<#hjm^C04g5Mb*r-7M+Ou z2~haE9n_9%?OShS*={3;h^aC}CKxXS6i9{kCYf|RwO)NN+_@SNCjlT}Vl zy0e#mpU|E9qeIV-X0=KjKB8Hak3#`0dvYixP1r~h1yld7Q&jua%#c2ZPlq3LcV!~; z4L?Ubo7F=Vbr|8WDkfz2=4$oBs^R?s5%TnT!LJI?#{&1n?*j#qI3Eg}-wD96I~q?j~#r=ihAI z2KOb4O5}}EMd}JW$fR)C&i*_zP6FpU=?c3{7eks1cYgDMYeSpdN6-1`jIMJ&hT-5& zL0(;AL_$@QhBDiDMbqh`n|z$UeP}TN_}k~Zc(tJsyr`_FDb=P!N_48Rli(zequ=IY z?v_oYG~P_ueN7VdAl-0%LVDWD)J=0{ zm{on}L%OqOw?MaK&e%w0dZ55VN-Ue_oD^XLD5lGxL0`ejKg zGs;Yf2=cFgk_885$;c>`-k>gcMM@-z(dXyWP|-$)pFG4M6-JZgQiTk|+N$|gAC`=Z1tU;ZSi5m~ z+E)0M2#r}B=s?9WS`o=$Oaqj}d!@avK3i?9P`EK!ZMewR#D0F-vk0~s4%5tGzfW)t zxL`Pely+%NUaiQe7OtD3b7OBwfJKQM!)3&tJx8ZdVMGpc9O}T=QNl8^%wKllOK0gx zX-~=egf?_Q^v=QF8OO{IOpeAi%^F!bskXKK=g;!;QF}h;mSh4kr~0}bf4a@g_2J>E z(C=`!)A86vFT{|}q>)+S=Hvzgo6uCr-uT!-cD7|>hWz%vVdT}=d1mYzfCgFRxsqwM zVXf0}Ca?l#5=hxU6Zl?7Nag~Y|96Kp6i?}X4(-6rEzg{jN6mWV(urBAaQL0`(Ay2I z(d4CWWciJ^qQIubTxdZ^S^0F>P-pQ)A79e9cGQuO^`7_G?1qqF$B{AT8s0i>t09AsSLvMSQYSPMpAi6xl>3O8w>$#>B4aETH*;Jp`ljE71RdnnUkr|6?o_C3Zt*i*6 z(-;OD|F)~JGHzcKpy12LtK}FI>Ut|=B;>Uo9~(k@#9m9)*rjJ-&O5fDU>8Y$9liWo zmLfGJnM;;A@43-)nPOQp>d`cIBW3qFhy*yLR=VwLPxI_);!uVVk7kOXRezP5$=r}z z7$=9y6uPsDWaxx*!P?gozpv@-NTU6a!x)4lv2;k+x(#yd!pXfCKyIxi4~<@*I0pd* zyy94=oO(QUz7*ZTfh%FjcQY8*ro3dNe@rd5!yKX$rVm6_5&iTeZp@fDq$>dBentLu zggQ&S=RH|LPEXj`kieFc_uX-?5QF-O+yMm1RV?-9_fF*HNVv(6zOVqLh3St0A*T~X zAKryH&-rJ=`{B@3r~Gdvw^y^m2^1eWU6+2=IBopxu0|9R7Zhs;Pc%4yiq0tC#PyiV-qn|UI8tVr(6b~fLp<%kxC;Cy)N#Nv!$5B z?$<}Ne13BJWh<4^Df%6R%mj32vE}^~G9+CJu_Z)M*QOg|8%mF3!@%m7t#x;YI|1qTYpxw8QN6*UwZtHzn=;)s`nj!3U zb7nuNSn8v8xp!aDHs0_kuDmaFaZD;8%;&xPbE8*%6Xv;2w7qk1K=S7GPK#ZunVp0~ zlMYML`~i?^7n>e78TB8=RTYJ5H$!|p<-H9vH`0JKlp^BO@p`lX-OI|)2ae{EB;H3* z7tl6DzUz9_g~MazHsu!>C>$(0|yKM7PA8=DuAlv{bn?@`lqTjein6T(Tc)t>)i z3-!(6Qltn()xtJYi2vKlP@wnu?|G+7!IO2N9WwzvxSd17gbjYJVv_fl^TkFFxJu|^ z;82ch$(0wTO6sWE@fZB7I8Cc`JG0#&7z7#GTwc~t4}{n|q+*A@$F@>!ejP6luF z?`KBYBro1t4bF}#W(c|-Cb@oFO8Zk5=bC*{GGfTLb5M)?S{|3Ua|EwmLkm$6qeNq% zLOYtLv3uQ(!q~snLA6ZRJF7;@BcVg7cJ`}{KCIz6V7j$4>9DO>R4cYc`?kQWH{#L4 z^jX`k;%?^W`q*G@2;dBnlao_JhuD|9Ex*ve-QB91w2YcKChqUIq;?ID z;0?eV{u#cWJ+ajrYf8(vD3@M@leYpK43Nen$Q$3@{_{O_ME^}*-kC(LO1|0<*Mbj; zMiGu0LwC2r{LyL-t+RjT-HM->fenvFk&5cnGy9R?7zyAm6~Ti#lZW0D(%R;s$A^jy zGdkdIk^M70M(@nBUf$Z#`Ks6(D&f z+Kwq64bTE->mGTbaIZV-V@&zr^sG%v@g#T1Zr(al;DIq~W(;4{=}&6<++Nttfu?8*aK~pnBt9#r@&T9h zt-S?2qiuOfZl)Jb>dL#Ar$j@CTniSBO>+!MZjYRgO26;sj1r7bYO*Ozm-ZGJJkPQRfU|mKygw z*2=o$Rf}z-D=@gGQRNGnVTNa|`$0_d=RM3DbKCII+OL;GjAudu5Bb3d>gnCBU!(5T z+w6B*-rkOsf4fu7P+Z{NR{>7@VPW$Hp`i3q^~9qivs2KZg-aWt`(jhNta!5K57W@F zQS=_Q&x*I*_&7f{l|JqI-Qu!pI(+db|uUD}5$^5@_{26m$#G#hoJ_twy3nS)u4hifw*X|NLY#lwz76}fE+ z*Jga8kW*0UxrQ}EtroA|y>eb_~m0K$ulFJSYF!IE|F7-m0s4`Ir>Kt*lm(x zC{UzLC%&|Fc=XILgywvnJ=Xvm+O8=t_Pw zrezMG{1fB}9KF4_MYX*5Y=i+~|Gj(_2%zptc&6q!iyIy9U&1Tr{$fqy)F548*Mx2W z$upwoHODyf=3myqNB?{AgErPU5pX0nsw`Mml}&L1#>dN6Agwe=>k>{?u0&1qt(AJD z2L<)b!f8J@-9>3Uchj?Jsrx zylxQ}(07@7fLG8CKkr7+*f^-IO$=FTES=hEN#DPi+r5!4#GP#LYO07J=q&aAhePOy z;4M>7Tna-0{+li-(l*lSuHx}5kdJ!wn@Xl*QkYsBPtyJ3A+AK%qD@FVm&46TG?mY= zOg0u0Ji$dFoH>Q^t$@4A!~UBCM+cf{iLeY$x)oOu@0ED)^A!#iJ1EWQH7~x3?2?v*;G8yR9@xUNTWxuE$$)f3Ol(_~3e4alf^_2^N)UJH z?pG-~iQ}yLN6n!FL;awP$5p?5>`(-=`FMIQ>akR-?311A4WZ@Z)*j38-&swC`gv+7 zRe|Bi$`ZQ*L>7V@BY`fuVtvRdDNEXDbtD4guUsjW4ar-1C)Fq>iW3ukJL%Q*U^@S} zelJ+pZ?QafzkJ;&4Vc%)>EmghUjnb=0|317^5#=j5Z|>YLm#F zq~#!P;!d|p`2(A0klrB4qu62UmIRX>mQlE4NE{g(JnW20#<17tI_Xgoc3*4{HDl;! zjuBgdBg9hS*!K~D*IW0^?9D_xFsAoJ z{eY0Oll(F*s->>|vPy3Z0w)#O4Re2{k16<2>b>T=H*3YCu9EP$Sc|Q}S>!HMN&>Z| z?$IC#((n$@U_%`R2;NoRD|#Qt1VGwi^AT?rR60VL z{7GA;2Ht!rhDL(9DrY8H4+?D2j;DLxv(r#yb850&6Yf>|_KEy80zaHE-wdn{EZaPU zERF6ZLC2S^UudQ7cDB9Bi~{IU@p#vB1+LC*pdt-g-6bBZRFZa*M0iCUqg7}`-cR+c zja-#%0jwmC@e%Gn0?2vGmTh^?z?%rk>YZOpZ1zV_h5}q-$`L^)VSu$qX(=SsR`_{G zkqdvQ3Ne+w-gFsdvW;vSVWNQ_I0NcVR248G)NOjulIp(#2Q*r7@M7xGc1X|pfil0O z-xh(+Xyq_4faR~669M9s>|wdK8F)M!`~NsI{_{qI|K$<+fAgXLX%YE{PyNn|?(Jdi zOY=dr%9NgIyQn|j(8&AKQwFATB`3;k_vvadmYNvZv_}MdOD4XUBmsfZq<_p^|aZjPl4WlXT$)4 zNtB&CIEOCO@D`l5flfepUqiO6ZS4k}4lM6R0ot7m{{IMHDn&NR1mN#%b_smEW5%?g z^bH-t-Y_47HNA&vTy*yLv|(9Z%Z&g z!?TH0;MuBqcw@^pt)Up-cx_tQA^oGoMVV_WNS@@T>=B8gP=!_Bz`SCY>B6L`_QWnm zu(sBr30WJsoWr2RKXcs*Zs?(IR>^ZKG<>mo!}$3d(*%I~jhO~6nLNYB+#9qXek;}T z!6sgbroR_ZZY6dFuy1?BPHvQNsQq#T!CeMuN!g^xwhC$Ca7NE0d0npDR0|lAD|TMq zs|Cl=+PXTFmtU=|y$+#UD5$8m%ggnX?oG2#LG&XbWhWmVd3=mxklR8>`h zmmQsXI}&4CI9NQ%Q?eP`JnS3zifP&du|K?VsnfuW=tTABKPv51#JSw zljN70qlbE-VCGX2+VtEP?cm)iLIM=Efrq{18;P#}Qf`#-D%DqmH)`v>qV_ic9H0cG z0-n?skINr|P+L2@BM;c^JM52g_x`A_zX=}alcQxJc*7=GB(1|iIod28PZwtq8P1w=Q%*9JrCfGeIwn@jxx5|iH}P58s{ z{F$-=;U-D1p7;pT zQe;4{6ovgBfDUpOjjaaJqkAJ8h0`O^u=Nm;5WO)BNAksH2hQ246cZVpNR2?r(8901 z(Uzfd?ZLs=Te0m(6g?rhTR4{x?7rfI9oc1xE^37nH&6`gGNJ%}bN0JCA7HeWgXr6n zf6+X$^XUc!NkJ57vF%r5(*z(2{RcF*9*fK}IKdF{d4qJ9f%o{9~oq~`kb+Xsz& zm1~<@SLh-*@OM(DO})SoA;OZ(`qitwtXCoMKU`)AFtU9>HTu1L+2!?ND5*YlgB`-6 zR?*epQEPD==c%s;f+t*kAB~|Q=c4*DwB)xEq6JpE$*(U~+50=Ni3axza2 zLO-phtygiyA9C3>`vA9JObXM<6at`GN*YxKD15exm5MVXe|0XuLpr>gqQCspD-Ma7 z`IiLGrRfXv0@($RvZY4>Z~gVb`YV~WVcLEBHeRWxh()dZw236;*shVz=o*~E2dipP zfsus*DRJ}8v-+RkCF)7Xf2Cj>O`r4{gm%h$W?lg0$ zBdUMZ7B`BL)@xkY{OYTQ9{6?s+p(RfrQ4&p)7E{LNC=;$z?i`1^}Y*ch>%w&3rui9 zA*d7I4!nF_-1^8wc5~_##F8Q4<2HF|zx;dFQOKw@Dsm+|Te;pxFPjq;Sme*W#SLC5IknnW`^E=H*cjl)z^SG0_V|qI)6G&pDilt{WaJe*O!SUoREBF3(}NTEnfu*Vn)~pJcj&=| zo&71*ZLn+w8F{Kg?R~y27k(7hbW#e7EZF_ytib6Ne<&j?vt;+Mi8YpKP(U))nkk$e zow5!Kjm(!_hOP2*T-Mhf@VCz?;c;W2I35J4=ib2O{&L3BViKP|V7w2r|0RtkLlz!O z_mYU%4LeL@R_kWByhUy5HW%K~SVgt=R#q4mC9>+`tnTc5zVWaN;h)-oaUblj_DkMY z_*|QY?%hVD%)nF~v;SO@vLz2B?;dXj>a;_dfwz~*!qdPbL-Pyw3KPN2*3i?h%c&#E za!?*VT5gRgYA!|C9qe2=sv4>4ti56+nV$&!Ew%rJNXq~FgDy52a0!p+wchsPRNSw{ zC8g}q4VvGtw~4n8xIJ-4leMreJS?gz>S--GpydBg~fD;GPG8-^B26lS$RDSIUlx}+$orMb$#agFSilEK- zwz`>SJMH}T))1p|XSkjfTJ$@G7Y?5(D{nh|see_eDGK5}io$&Sd%z;}c(?QMqI{&K z(IV`d4rA*3j){qDmjL|D+n-b~HgB&EBg-VWhgL%@Rg?xiT$>lm@a5BlI~Y?WBU<22 zXN{o+Lv$EQ^+7M4TBcGk6j}Qwbjp8I*q$wpEK+UD_oys!ZW2yhzPE*I1TR5rS)C4h zO|Q_O-TE{g%L~`<#!=(aB6*3ng-bGVM{l_nhyKPxfe0KUAn8+lCqr|y)G ze^#vc(nuq(s^;@WR4I>%MfLq)Vd@~<@j1g+fiLu;goOdvV%+jHPJiw&h9sUf?3(r? z>>RUWAM7a8D5M;68v0!o2hy?u>LVeVtlK&GNT&?Yz-Ggti`d&Mfh` zv@{uIY7rd}2Y-zC7V0-WVYDYn@h)O+{9vj*@-R$V-ggG_!(5jxCl^R9Q>vKAjFXg8qrwITRnJI{;RqC`e1b6mK(JlJ7^IN(1$-os0 zaIPJNKM^Gh=6?fhd8A)wSr(Q@FQGcWrHdAVX;tg;kOG#;%o)aJ(!vQh8L=17P|Q6) z)GsVO545CuS&kKT=|bzZYqCYks^vB%{w#v7K_ zQsN3LUvxXAmAZWU&2|sf!?eoaH(@Ff(wF&yFXrumO6q|h-0{Cl0B_<&hK4TU(DnXt z!OHf;y=8=qY~c9|JoyaaVzTu_l>kKCu#^1PEObn0mOtr4@GzaExb)fZatzXrle2sM z;?!;18AHV&h}_SF6&4Vpj^ti2yvyV={Grssz?gzRDX7PQA&cahT}DB#^^sJ7` zJX=wY`+~u19VO%|B(dU>?+LWQIXLuaN&|TqSOa)waUx=9#{qQ1`zx|&W6iV79thv* zijL6${o<~VeeTvl>Gt_|TxQe}JP@(Y8~903kqPc^G;$Tc)r%Yar~>wZdHjsC3t?0QEBuHM$0a;GH7VzzHBIdvRUE0@H<+vKqN5zcch(3jL1XT6lYkj{J%Ye zU^T&>M~}`XMXhgUF|}mBA`jr`p(-4)azx7x%|TZpLIw?dR{|6B(x#lY7z`EvDA2!* zcH2WFX%W3r1HvDOE?lx}(5$@sy1~y(tXQm+(l&9ubb)nUw*ZyC2>f<@7oabNhuLt&(R_{`qp7fEfLlEkVgC^?}eNS?waY|jid z>qfVxxB{`zW9>S)<&~441)y~VMxz_Wrn7e!~Gl8#nE zr_ZadE{_&N)0U=3BGj=X4_FpM8?nw1mMcUf58&j$Rw-z~^+yQd?fL*bdqwIcDcBcF z?0G&O8g+3VdA=IHB$^Bj<^%_Rff6_mi9Dc$AzUR(0==KlOfEYB?KueYq8}}R*lSCS zm*fFm>MxWm0ECwIg8l;<0$G6FBq>DsJLNt_3vGqd=39=&$eYN2BZxFE^I_up#T$zV zi5!+BntUfJz7#nJZDap^`9afoWfaiz=filV0W|4YuMh3{U3vA{fayj%XU>|bB(qV|7wX*H`Ldt5 zog-A#t#lhoin(?5b@vRWW+}wW6Y0mC`32ugR{hRYKih}x^O9Nhlkzubtb@$QDAD|~ zj!69mBz0$;b#03+^rj|}|1>tX{_K{q{Q2|iq_$;NPPXn031d*ARViF&J>IHRf05r% zU7=3>SC35TOICkw@vs`;Y^CnPA)cRlVc@D6wc8&N)-N*xwk=TSy=maGN!P8B$jHmf z!}+HA!otG(de&GuY7EK*aDhs(F^9$HI)4+*0*g7w3-WF<|FGkAG|E8V76Dgh+UlUO z46nt;7@-=K{ycg|Ns^I41RxTk?P>0a1zH+s`Iu5v$8@}iKDmDE)CDM+gfPo2Baazr zb-vl@NrJ*^b*9$FZ_+X42X7+<$ltuw;Hh^${5~Lge}+a&WEdtZ7P6Z8-UGPfAn={# z#lAw3cl}JEuZhIP<&Ha(#pn0+5o#RoB4}`AI%}-w>xR@Uv+65YEqTQeCTem4vPqef z6Jt3f_+5zhto?WEJe2~__tv-C{ICd_`OP;VvZa{`P6HEdBkja)69uAYK+@;%4rnVa zE_toxq&qWD0(dyH8eDSAD|}5>{F`s3l&8KZ$GNa>cc!DS>0ebhohXT+NrUY0k<`Z9 zT=jj1etj@nI9zNgY@$u%ux9z5CYi^I6Y@HdI&V4AqQ@x2cmPKSO#gLWj#{;#KOOok z&2f-RUZCl+0xQwt_)NuzEY@*eq3u{v8bqFtgrM*Z!BQAl2K0lK$d?D(UrUo!pMi8) z%dGvoQ`T4KA`X;lzj_d=y|Ype%4w*<*wx@(R8QePQB31TGVaqpMpKHF$&ObdlQ>4g zw`!}&L3KIcXo(B`twvO74zJ^>&!-s?^tkByK7euo-<@lGMI#56L%&AM=o`6oIo!`( zxx35afrnE#nrUck*>r9k(`k(%ide0HgsT%A%{M znvwHe@VEKb zd0(9;#m6u6KUB(W9`I`hwVACBiPeLG)8HQ|vYWHClM6QOH}K`|i7N7u#JxPFdVYU)HLWXPyyufEslKg+!Zkf8!Ool8gZ)IEj- zdWky7=w*xV*F3@uD{knO{mS`tdY^Dyln$R#E2f^rk>n|`t=?~mn^qqmg5 zD;0d(_`X38QQLN;58ZS?wwN^5)9))Q4lSS;Hnk_qVhH_BM;%)22y&M5c+Mq+&whm} ziiO0d{vpgK9KCI5TaX;&_o6rVu(>V@q)v;6jH5glO1m0+jrcA?Mtn@|WnF?Cb-a1k zGh#Gk_x+3|AvpDF2$_82GlXM3jjg3aS436QbxpVHmA5|L=g{E;7WjHK7+4QyuJtuF z$;B^df_~n6;E!HBUOFwq+DQDeENSHuE-#2PLRbj#$?`$u)>#bXAA*s{$m~JDCgcg^ z35{&>@67B>6q^mt_<2(VARXc3DHyiYiE;aQ`^LZHG$Fwn7(G=^Qyor>3qfc#pv#g@ zD|wHfifm)sUg)Q!CIAzWQIbFZrh})Zt{{^8CON0bCP@r0|L*XyIg%}qzGPseFkTNT ztpWfG`jijBoGFSE5BCsmFW!#-f|*T6j(tPNac6p7nqm5R-Zfz`Vz$63WCz;n)<^xeV%RiAyya zDq!RTZl5;!})$# zpxE{wE4C!w@tD5e_OfAVzO%dX~kwmfZ zyw?NJ+K4cAXm_k#s(pe=Ds~-;nGSFa7cV?7H;C<@1%O;>b$tDLKJ z3It&fh-gaWMC-xSHRP1?lNAE6#%6Ogl@(TffD9^v!0(5kdtyx{Cw{b#NhpJ*b zSowv}*CMg38S9ZaPnGW&v+<^vs&3iG^8izl-U!T)z#%_Kdc+B)&#kk7F0drYQU>6F z8;0?_pN~?iJllfcfW#2;@M2%Yq?aa%*|AW4$Ai3}4+LOh%yq>nDNCT8Lg;>-mkPSs z2zhm%U4W1m(9owIZm%rNV!fjJt0PUGZ;={+C0T4S`+n<(1vXjycN0f56_~OSITAT2 z0PP8#jb;!3Hpvj4@r6UUCvGzfT_F{=hOj8{0%b-rl|&f zC0o*Ia!0B3Qagp4Rr?v8iXQkrnq_ghKd1C6OI`NA269~(z zovN^Lo@{Pz{rPdm*$eZhwQv=>6w|zxMyrc`QyliEbji?6?1v$a<}acy6$`F|Rhex` z$1m*C9Lax_S9Nl`0zIO;>$N%2*y?lp-`I)p!^}mboR9 zM^v@8E{hQw2GSKuo zt5xvLOV&Lmfp}lN*}p0iI&c3ES8o{>M-#M-E|%azse=?6A|*T~%Fm*Iixc;eDf~PRd^d)Y_=B35+rJe`7I` z)Yw{>`@G-!&e1)Sgf=>1%-Ocz0l0+Esb9Smnh+>M+OMuvh5hEhYX_bs11=VSUwv6%-Asv!zj~CsMIClMj$3a?t z!&K45mp?OpM7saW1)y!}+XAz)BY+ki!y9WWw^TH{+*~-h!&d*(2S-uRj`Vg5F`P~XT z&m>NHvLulF6Iw47T`zo9539*xtd}0?+qrRGR@ry{0W21(7z&n?J{|URZwBwWpi{O~ z!ro9xNR7{{F-l~A>Te*9e-97U9m%0%@!jq(iZ=$#ZBt*YVqGMJD9`?*H+PN@pD8~j zu*iV`z{Nk!zC*n~IhtxI3^QtyI9lWI-|slQ>h*s+)2lQ9=*a5_Kq~&b`19<)FP#@n zwV=8?`Yjk(70l zS>legF}1ryELu7c!ryPLZknwJ)RnZTceyq>cA~MJm3O=%qm_yHI)$k8>sQs&8KEl{ zQO(y;2!7~YYv_Qpeh2hc5PwxdK=46;4l)s)l#dn0soO^76d?b0#g44ZZ)~%~_xk{|+}b<-_yC{J@ApAfQ*{ zyv#%}KkF;2yxnZ<%xPVDtE}IA705>pPhFY%`;oH*9@J{A4|x-f!Nm1sYh&a&mv!Ux z`6@A6XgH3vh0*ePiE*qbME;AK9ybGmp=uXrRPpu`nCCH}w2@N>xW2OUjq zuRUb?HyDD>|4su`%PVTgfdx`=`K%b-{B*IL^#6feH8nJxKkeNa=q!{xpAD&}KmM}9 zxq$7)o#1iHw5Yk|b}T?!MPu&e8mmiFSLP5mz6gA4SovkmK2lo~<;9$a;Qt^b~juYRc+ z0UY(f>{s{i=l>`OqW;rX9AI(6UoUb^2q3K*;sTlw7c)p6Kq3Sqh}QCa15uTX?rLB& zT*-PdoN_EBJvBJ&t=J{WqD(|o*50wfCojMI%1ffI=@M;;;o<;et)Jxw7k{pg=)C0g ze7#^!Pf>z*IA2A~f9qW6@`Q(W3~0zPnp#(7+2OxxJ;OG2D55r>ABwl4vWuG$vw!xh z4$njuxL)HgRF{^STx;kY6Eyx{#-HmhKQ>Z}3=<6|5gb4Lx`;GnB{8nI>)D!Z9)I9a zg`#6&3tgTB31yV`Za50?TX{BCyB0fo;vTj&u=&`_tpbafMI{OL^+YpSGpxBg*u-d~ z|4%PAPObHM%dLy8DohY;L_dH0IhuY9pdbs``!^eefC>pN=%C4-VJAgb5ANV%UkTYOmIq&GzAp--NRXJ_x;UUlo`oC3O!d zW)_Tk5lfM6+(6%S3?JNwj6R&y+1cAI<5xyrA)ng*y7mEs0_ zaaeB9q6WM0>BEN6kp(t;RSd+|Mvu?DZLKY@J2Be`L%`ufTv!_u#^pOEq9wPEjyx(M zYXTLEtwnO2ZH3Wl?97)GE38Ulf2D$xnaSJD+x8l! z)zJsn(ELM^Nf1y{*@29zo(2Av4&Db9I!L1(GXp~!pIt^iLky?HkkzMijFQhP(gQyo zjMlQKAvPulBN^AxGCYIPU}M9ncI(;UtEhe(zD993@5T-Qoj{*3^u7M1+va_(Pr!Gm zW~e`(l5O_Y$VjXmslS1FL?-haLA1*ggse3LQ-Y+xwvTjsNp|D9RWD@ONp@l{#>89F ze)pSQ%kg1uhR3r6!G>dD?Yie~c2YPOUhEI<1^2P64s*%IU|W@v55!@Oz7aKk!yisg zdiZRg)p7^J*QQL-Ch)>cPS=fz=6_|;#ix0m(aP8!{~L!m4px@f`}%tAGhCBDbeh(G z*%R*hX77Dv>9o9fHygUzI@UEn??IxCrqkYf=s0oWd0nyEN^UDfD;d|jsY-)wzOpIi zzQJB?q&{PKJeDD;9A}&A#x^>J%=0nsqr17H-jbh~v!jWH`Qv88&PI7LTdA$BL!i>G z>&fO4p2hgM1+^0X_HOmb*RSMxNXZ^(VdV7|%w(DBe&B@_jCe&x6T=7Zm2$LSXIS@} z8qLj4nMv`&KQ6sCzK;QW_sNY}{x36aqw0K8SAq7UFrhDV<38#NjO5`ZWTBGVBrQF_ zUT+^hxMRBY)(&FEI*HX`r=h@T67rZGG%;jHkbu!qP)T5n!me;XB(eC5$>`Bk61|)T z@=IyJE;bX~vHkO9Sf0c^62q^yWgPPIhxRtr&V^1=rYbyJU-l-h%1T>JV1T z12ggUNJ8TEz}4OWr64h}EK81os{IBQH~xbCtj)%Hd`rx(Dgoo|cY~o_g88rnhb!FO zO_{+51J7rT=72+YU0rX2bj8%Qx_bK+zQEA?dY1&h6po)rvN1cx6NG?+=PKz|7_A%Hv&ZuA_t8W*zc z)3x2t3l@xjBrjnx4fEOVi>M?lzYyjKJYk1Je<{E;y0wd*K1@p**1P^LX@BBv@!ftQ zS@r1?@@oHcxs4a!+d7cx=wP!Q;q>WYpnjX2JsL_~RADuT6>?2U%`o?Y5o4w6en7gY zfP}2|Xv1V@Q7?n9dnbYDXSkOv7|!s?d$93Jeg9&i(3ix1Qg=AKbQ>{?N0QA+YNh!s zfx6|e-~?K5vb{A}9Zozm0TmK5-O|K2hQ4pFahIQ0?An?G7ni)rd2lHnns7}>phq!o zyL?G?Xr^D7CwGn{1^e@sl#8wD-Oh#koO!?k{5K=O%$6gEk1ntof7|eqWf4@ZT0;l@ z@_W_HLO=Ml%yxIuM`#--r0VIjV;JuIWz=y8qyhm~osR?s5lu2CnY!QsGH}&z$ zVR{yNW-Gr=ruw?5L4nZ@zE2JKW)UWxuJ<+&BKFmGw@10;&lxcB)sXLmrotKfxf_wx zhMx-O7Q`zZmIyew?E9ey!g)LM+^(I6f8(M?M25;LIUNJI`Z>a5LCx7i(O_7D9S%$#kbnFIOpP;Q zdL{MEDq^agQC11RZ&0+}JNNxT%gAewrh69;y?H*$oI!!e{2i@IDU#izTyg(OI8z6iB0N0hciitpl5oIw@m5hjXWYg=S{>^g88K> zp?2WKF8*A{Yn)-O{oGJ>)NS}{Nbls)$2JC6?R1v4rOxr!60kx# zzFUu7p3Z|(cP}{={yd%I&-nAcr>z!H_kq8ATMi8RPeWG1fu5`jL4JQW!t2bmR}S%0 z$BDT4@31~PM>$)I^jOuEbej{)8Z7YJZFud)_}^d}UY&`o{qvknZztc!#$juLG4?<6 zVDIxvjkyGMSJ@F8>t2e~KdRqhZOaj6z3;r4Dq@c_QU6WvIbGIzzW;W;$7MSDG2j>0 zPwUl9TSt>&3*ZPIS{HW?s#A_M$C=ZV6#v5)u;?;(FDNu)q(LNw&D`spN{T>|JsW zsQhjKK$p-FW_FR^rvWz{|9`CaKcDhPUv)Tt+~F_L`bVr+R}wQEFa~o5P21_0oi0mN zo07+3Ro$ik*A*R1{xRyG)O_UHaSzPXAK>vX=U)a-L>@g(R>jPE;ZsMI_jMbx)b9pq zl68!uvIBj!Dh-;@h0F{u=5uqz_O@~*j>%&M>!M3kvfo=yWR+=_cz3Mg@C?TH#sjGh zg>gMP_uj=Kv%)q1)Z(Y2hMk$*`=flHF29$1@;+lCFyKV%n$OVHy3o4=em{M%+7NU$ zvFq-{Pwei{1RBgn!kMw5P+n1es3=Hh<>f(^z9-Z`QOv0 zIMUBMBRD!@05(@Rr3&*|J~B&`R0vKGZ?VmT9T-EfOU^S%e2K3pKgiJaoc_E9-ST34 zn0{uSUdTO5&4oNPpppn^4dJn-{Enr2Ra`}M&wf>@Z(}*BY?0AC_KT23=Mxtwjq&nU z(Vn$sZ%u)X1*&3edQeiGt(Opaba?bTZsew~C6j-0|M>dqHk=CUHUw$R?^FH*zuo)1 zMp0yF^Y;LF!TluIZb=L?u^1~hI1X^f{JpOr$oG~EXMGEFHes+RSm1v=h$8TcB)o>t z|4;PY8=nOW1a@AxD~lMw^@#RIdp&30#weK$u~72MtNp+YpVy!V#G>oi{?R$_EcZet zKoMo>`Smv%s@A5R+sFKXMb}*WmpW4d)E@IZCuoL~20UmE4~oS-2WHuuJZd?BEqg=$ zT*V9P+?cMt&BpAf0Xz-}Y2aF`Qy?YKG?LWiJlV^zNEm+l?L@z-X!t4;vWaNYL+` zAOJ+oYQ&V75CXS1To+YlV$_c| zYS&oXJfWQKJITpa><)(Y|5|gO+wY@B!C(EKYAPzKDMN5^aeY1S@8bj1fSBm)G||7gy{Gd^iVjIq3n3pZ%Ck|61MzV+gvG2CPp48L{Z@h+k77a zo|~_0pl(}Y(Ct{u6Y#?Y6mp*0FlW+Yxn;gq`m&en@OTLZcOBO3K@XWXBDpcN`Twnwx`uylXqV>k0!KVrH114P|A8jg8HB|6Ls)A6J`lbo2iB zvsQfpUvLzJ1q|2rX_(*sety#UZe!Xe_2sOEe15*#mo4wKW0x7D<8G)nR58Q998C|Mr)y*v<)DwS zCHGj{x}gE~fByn~d&VO6!&6@Hc(3Qi0o2W{$a`zRy_5+IMi&Y;p88{q64%t#$!d3M zx$rDRI6u4DC;q)=6d(FrHu$nthmtD#v>o8TF}mhOw|={`lYIQR<)X8^dRK9}=KE|E zZ})tOb9s8V8m>bVqx)MxU`j#CIX~v4<979E59qRqAw>Qm4)FpwW^CE_a=f)VH)#|| zY$PwhRbR_~=NxNwJFEsAj`&8jyg%#yVhM8agq1X zxF?^+9r!#uR>`4vvJ)n`lee>)sz;Ef)0VyY>+5Sj-Ice-egbv!lYL;a?oOHi9<8Dr z4ISr)a{AmHRT(q^xr)bR9sk=<_T`sBvFCFXljdiPfTzCcqS2SDrCibLvdK!l%RUU8 z=eb9);eGeF3LUU<#{=_8wTICiO6Y&Ec$R)Idyy;4%m4h`p^oa)!41U5|1xuJ+4+){ zn6LfcQ^$3Rfr-~nvVncev05#3dsMnff6wPMm`i0BwQM7=!=>8JBu}B{R(k()2 zZkr|e#4X$J=IN%(PF))qK^wT-@TYzl<(U=bYeqw$Zkp>YW#M|3OG4=0cTwCd2;ZKe zLb~9t1Y$`$<^(z8OaXj2K}$ z&AXQ)OR=_-R#lOknL+!uYnOtL`nv8Dh02+$WM1Jeu!O3C@I7^qpO;#_n2x4UQF^D7 z9i3w%s6yAvfkWG*pa-&Y5zA9K5TJ@Vzt`QB#4}Q0Y_@|eH?qz&3hph}vO>53Ue*W) zY9EjCC>L5EhY~eFP|yssN-ws`C{9qIO=Rr*#ggd);X<2HA`COrZ(LvIW1Zna?NcJx zPq8y7wh|0qZWL^?8?Civ6WCjR*V||Z*_9l4w;v=~-0&6+Pi0O;bZG9hzSUfDa4emB z?Ntm`e{KJ@%5B?j}4=I{x)WlX?B3sUEcUXS zXi(SqQUSJyVaU>j&*bY!SGhmVyqru=y}@{TCSL*VuLs^=X7}_7-#5+ctkPZLD;1=K z?urJ-44FBMLiF*g?caa`Gv0O7)B=<&-{Z}j*oOX+UZeW?P@Qo>ZK7{kQnBPu@!zpS zlH&BShgm1=M&F4O6eR_I@8waZL_z=!5F{_BfG9#S;kBfTa6{}28bOR@`3yvfDOUO* zQ#f@kW!hlK4-G397$t26IeBe576Z9*4yqvFjw~1S7;O2{e9m=4M+$hFyr^=_;n1z& z;te`>$FIZ1)(>cutsKxYM zJf1~>61O8uQJ}9kAhvb6Mi=C3&uh#&e8La^s2fH*-Aldq*ji3AH8Wo>SADYk@+(eS zM|VECRGhXxgjaOkgH@(498xM$5`Z%Z5^r9P3_MO@0`Hqd9LefXQGTA)GSjU-GT-z= zvyeZ+x&iiH`VL52mgh+?0Q+D?Ss5M^vkm`21H|*HH^yl$JAeb1 zZ_Snr(`5Sr5o8vXkBKQEuthY&fZ*5~3Idp<-NVELF`h8-gD&oW|AKyPhaFhv+@I1a zmgfe%v=H0h9kKhLM?>tNmkY$auWCox)*5W~D)s8nwcY-A8?R&+BZ6aix?A{YoG!mz z_I1o@L$&iu|DHX9wgt$Pmg?iKV%_@krB;IYitKlDoEOq;J3JSKtjYd{(wP!OyMX({ zl(;6BfQan17eUMMXWe_RIBq?}4~)k?*EM^qMfOd=aYT>4qCSu>TZs!}OD}DyjfBSF zw|Cpo_78WzZvk((?o^>4PvA1YTs3Fd`~BMTG<*Ge(q9+Lw_83Bi77~9Vpao%Kbdei z6Tg-lTt0MAz5l)m%b;o4+5R(=7_K#EJA|>E`FrXfU0A~AkK+8+eqpj?4b|=vI*g+O zd8`3MO1AjPJ60adjF}uVG{3!Xh@^^@c!k|$IzJ6~ zww8n z){e$iLQgyOu&slo%$<}LnfbEYcVY)Y11})--lzyt=UyNGmA$x34$46s%_aC88PuGC z|K%YlP3T{;aJn304~X=iVkolYG+#^_r8eO)|0P{$p#=)D_{J~+1}=Pr9ZtFWNNmy> zf_y#uFl^$b-w&5R%L73oQ}7;dI~wg2Cky3sfO49>71F9~zhZrXoiT*u%WumOc2@WC zE9R~6z5mMvzyZgW*n(xm5u+g?ZAm1eC{3}J_5CUQ%A{seZn6Lt}xy$lSRx!tx#on(*dp(LkrlPNvX zffY1^_p2`t3tc%j3_@a^V$b`k?5$_8d*3nh43xA^}AVp%9sr`3^9?*X;!l%ZZp+K3l+fM*|=#Q zZuZ|emN#EW!sKIGqvUbfQRG~l=ZManUSn!!48w)x4S7yCVq-z@#zsBhg0xIL0?M0w zx(L&}cata@G|xL%+R%T0E;Uuii^pcJmc8j}<0s3~crPLjv-$R><8mH=LT>&h&V^Jn zmdCi?(q2g5pcyPG6_l;Kho4|U^jb+$Q~d26itSpqoI;kH5k&`Yk&(_r%b{I|GYn5l zMaD0(;rPd{#FmkT+a82j*7E!zcBwd7X(@%$C`cF_zIdV=AQf+5oGWV)HMwW@87j^* zfh=L1{2;<+Z{RIlteHEAGlcTCsH2S@J8!z6wJ+2x-ejdiY&bRvHm4oQe;kcw1Qw=A zk-NPLvc?_<2BIkPf-=v$MyP_Gp)2Y%zA}BcgLOj?HUbttXiI-A+G1M8L1@jr1L6R}$dCu_U1haEtAr;t68<+c&p ztv~eU6t^+DU+O=882AJL2j#`pBj0F+JR~-Mj{S0yR`&F>F}I)v)mJ-I>*e7~u6TNX z$6J`|I$u_hy+fir_nba-vwRERIIcbCHE#s*_Or|(k2qN_3$fgd?tuQW%<}Nhc{wpI z`YI!OEYv+AQ1SUEKpEz-D6XZ?S4tx}dj1)%oWb4S#hwrUlo3HVOU^W=Sk!&|?su(i zziJOI9b(R`W{4Hpa1kr3+yJ(GEQ3A&`Q0~vqSHf8LngCwJAG?$92uSz$8YsGaL}RF6Q0UbHjyi4SkuLmETo?sg zJkC28C;fn+CT}}hA2NW06!9&)9)Z$uF>KgEgMiZjGgR@{hv~0l97PmS%8@i$G@G0s z;MG|av_XWiv|8~4wiCFFMI;eKK}cR<+eu|f5;P+y#VXrUOfg@Xu4qg*XQ_JAMzop? zI87PeI0LHvN``4D0-Im%LAKM4ZObTMw~z=( z=rLA}a;m-DM#G;>F=_12!^4gIP>He0haYzYa_b<42jWyAUYA*toNl49s!oSaet6*w zWybcSiDd1Uz|3q}*u9+q_t@ulRbS1yV@wEj>Eny_`ss04TExfe}bK zPr@=murTF_10k~1;@v=1^;p7rVXnvgQ+KR{1*dF9d z1^`T!j=+-98##E)nl0V3*c>T5)hAGCAWqK`@qyFr7@OLWBsjoECINZx#iO3Q} z1b(fee^wUQmnq|WV?9;Z#5cQxPMWofvSa!&{&CiMKs!q*HHN*}hSlWSF#)f6|$(Y^y*DZzUp0S1>HBQ#Qgeb$=s(XB8X zdn<(4I@kE(8k)m-Y0mHeoX!sRoUgYP!G3F+@U^^4j4gymnK+OjELq{$=Ms)vSP))Z zxZL`HG+@;{G-@^p0S1HnL5QC=VuAg~8_#q>%>9$%7^W-~329;bLKX#qJa|yV_76E2 zjjtJ_hv#p;!SJUoW0&V!+c!=2dDhd@mKLXXGthpavbKH^UwoTIk7kxBuc-&En|r94DMn%X;;EWWsO5H18Fv&^CSh2@Jt&n<}-oitMl4{Ktx zUr^ve(V6bD60I_E`-YnFka9BxAAX7}0&GyAETs~bhAy8r-ntAGRx}za4O*fmtc2WL z6=T$TN>5NrhbUOltXoi>XME@StshyeBXhD6@&VeLC(&G4?KHW5R0FriZ(fvOiEf@P zK8x8M41^UeUGG9MGa_|OBv0OvSh%;|s8-Tw`*Yp38Y?S)h8swuu%FU3Zm!Vf(3BE5 z#yo#8K0gGirJ1Jm+abbxG39K&v($hs2>O|Ea2ihszX2PeWu)MGIw9gG&uyllJwp(A z;^nXxK zTyAMb^$cL+41}IF@c|U&xyPc0Z%)90BmG4duec|vg^3%3rYJGx;`Q`W<3@?%?&r`p zw`aubS5o0+xss5KBWmT}Mc6rQm9PXZe3K4>`D){ichju^`MH{?p|wWBmEz(KgDGIi zaV{qth~HO}V{eV^X|^`Lt0FW1^9b!TW)v)vQphVGOI|E#`;rv;K|ww$s$^Ki$jHe- zX)mgmE>$VPXYF~g4es&Az`p5S&N`R3d)H-7HHM?=pS`@umlL>W?-8EngO5d6v9g;V zr#BlvhbRaoZ^GI_;I-Wtkr5ba)D(DA2e-~!@!n9`2Opq$wX?-y*=Hg-;w$ACV_sPO zo`1X+xPGUUf$Lb-tAKX3FMn_o21|rE%7asrme;yM1|BU6PM-Eb|JS?Y($a3+6uop_ znm}dW^$zjPvT>|FNW<-M*&l2$XUK*u+#kuq3Td>3q?9FD8BAkqX&SOg7X^RQV!RCR z`;e<>PDCrEF5(}+k(Eo19%g8|)Tp++DsH?Q5{ZLyNuY}MTglM}?jDB@R~c2UpajhR zskEmzGO=Vb?I-FH1n}_`z9p7SWNGq=e7z<6w+2q^E-d4o6zr;up!+oZIR*ilemqTw zGk{B3CSOKjls!Yh>&D9>QO=MYvscXQ6Nj+Hd^(OU3m1h|DaG~;LNxL>n!G`pb1y$O z{A*7U)J-}I`}j%npBbCyUg-z7_dLa4wSaI>$K}zFEE)4n5_f-<*ONb30)*H=%Q08f zqFvlfK$(J;QJhu=@A9b4JijvdB}oaRRrtfd<5fu8W5>$l-(^+5n+Mv|+@kh|lfR8Y zGJ(7{G9!7fiQdwF^LXDYrB;%3J2@7h%gzD3zIN1i z3nb+~{x4};(clRv_k{Z*I>5kOI>;|HzcuS}XoY|>`fX)?G? zgT!a|JWWi>6jImlPi9@JE{s$uKwm_Z`zNv{$eyNM^}{9L$wPLgg~{+r>C^T;GH5b5 z*=S|_Xhm$=3^NO?ul%f_kf$ck;O2t|8V-83uX`A~;ZMfNn9Ap#e)c95>|*Rk3x?&z zj7f|@WgGb!!Ua%$L@-RFrtN0a*&h5PJgy+MmGU!c6a7te)N+|FO#&B95u55)jXWa2 zIS=F+$bs~$nG?(0cP>Tijt#z+V?Po z4ElBLvfi{}E@oQX_=N(ijC>}xCJ9>!?eRl*P6{@#0S<{)(?W&1RfRD)9%icDpC7L= z&r?`5mJ`tDA1Udd*ir|pG@91>QJ=+CS(4?D=pv$vKdnHTj+fT(<&hP+qK97M8oS)w zNI66hM9mnZk}XfY_F}sf`ip{pYH3(O!YH9)J`QAT3vPIK)goDbyLn*-9!b@%v<5X? z>xfj?ut?w!H*jyUVbCX};F0cajX8F&_b@+Xz7?qV#4;%;2^-q*Sy9iRES@t>G{rWM z|6078N29Pw(`ccnvz6_jon8L^@^9Z`!AWwp%;!OY#@5VRx{(gaR&MTYC&p@3KL8WNRBq7HWQ= zt#-bshPZbpKlqnjTD}!!*g;q;w#$6het!P$n1o%FV!8C2Oa~OmnUdc?f>nTy$!;;i zQ(xFm$c=R{Q8eOu)SgV3Vt(Ki&pjfCy>~4$&Vkj-2V3~vh`iP|no{DI1T2m7twS>sR$7+m)i?uM2{N4YX<wb6P2%^{`z+ z0=@8x30$KEqFlo`IG6LVenc=RxE4cjGq24gr)U^Kj!c}_vcyylvU1cb?gLkOVLHXp zg4}r>!r+$JjE}{v`?~FQJgUnZ-I#g?`(a0HJSe*u>faH**2n0t1h;lheEo==6rL^R zg{DZ4=|U4-pSu5HoQHu)voMM$CQ|zxXo-Ld!=91%GewUZYaq^MQ~=Ap;Xnbom{^N2 z11;19eB&*QmmHgE#G1a-KE@e^?8n(aKOc*QN%CR1MlH=6J_z(vfl(Ze7#aw}&fgQ@ zhaU9Y7H_*&w=ex@T!L}r_h}OD(O8sxRoTGg{*NTaHG<$kbC(S{rE6cT!8FgY&69>xu_y-?fZVMCWytLr#Be!WgnO@v-Oqc3F#*6YF*G zQW|s0?w(|Ks8U6rq+9Im(s(sZZFlD(0oQ?h2B%su9)+3}IQ3@QkU_OH__8*_BB4aS z94nuOLK-(nSOGc2g0bie)|Yi-`sgi{6#OxoF;2BQrM{hes=oK1KFlT8{$pcL5n+Qd zz-yvOqwf&L!fu;;Pf_?m54k^W3q$>rdZraBR;-35|F~9KYq4e+5}(q{1WLCOH6rG` zoenpQrb04HvzlC!2!x05onDeNLIh#!vB3M0YZ`f%GR%3mK}W;ky2>OCMkO?J0mNF4 zu@EhB-a&GrzWpad<~^^mGHpU9wJGa{y4rv4iXFzc4CiuX)2qD_29j;prneSd4ymNK|n0wav1Yq3=8E%+fIn8y;;(eU7e+_L?iD8NX+d z4m;pYO>Eux9le)9NKh*xHc9Vr6}^)_Q^xbz=L?cu^VCQtip%1KoJXEA9bJ{HU}OtC zBchwpQdYW6CI{bRw*oX-YvNSL7uRD;8a`xmBqgmvM?= z%CxI(RJ5V`y09wp7eZVY6}0ltQ;NUJG-*CGF$7a7L`)#2MCrXBu*kqF#;Q#E@|B=0 zUnbH;Ll0$!o#>}*IV;NoM*uYIlM5srb+ zXN#m~8rvJ;^VW1XiS?@8BgfO$Y8QJYbXQ}bI6Dz zMo{XXlaQGk#FVJP8IVGa~MLohLe&kp?l#pB=ht3%iO zsa}Ng%Bo`mG2!>%u5j{=czFNB&Yd$AB^_U#cFdS4co+{h!cd=ylwnd5*b-BM*0hl^ z2jpN(;d2T=j$IKyP1?_L>@K|refp1l)tj&Q10IN@>2tGA&*Pq#s=%E{lr%-&7m-`! z(5laZ&vPyqH{&ro>NQe5@?bgl>u z@G(EaFL3M>a?PSGmJ5RRct%rAaV9+`_aBuWRnG-E}mjt5OQa~Z51Yc$D@-Kg9=au&{ zU97~v71B;o@`Q>pmYrY3*MuBJ-wpLAf19-G4y@qdxW>3^8a-HQ9EBYNSIhicfbIQy z%n04>Kutw_xx9Ttxn%N8S#)sIs=-u5LpiD6mL~e^cKs$>wgkjBe$=p4jq|AE9DLm( zFtyN?G-%TeOh%8`x&`wz*h=46vx4nCDhT-+gDUVcJ?^`d%@SqIoI*A%!msk_9B`=3 zY;`tw)|%m&##U7HBPNIn7xN7$X6pA{a}w8Noqbb9)rzDuYuwT5yQ4RtMK=aRye0hk zC%ZK`P-dg8nCBy_&eee`c>ru2iQzts>4F^yc(iGE^6trk#}a}M1jSk^Q`B+PCB6h& z8__Se{$A<{uen`fWR74!V#pt`5%7Ci(b~=H?b{NFMTOW|E)%1*+Y$+p_ESCRkY6jXee-w`x=-G@KE>mQuG1<|w=gl+r|BW$j%(j?dB;ANW_O+JMYh?Z ztJ+DNyL|KaN}=2(ZLsGwW__ACcq#R%`5LqvpUl7zj?cv%9Qc?XsVG(NkM_NY@Fj|@ z;x)VM6Y_^zw4~FS$Iso8`}N9jQ?aewP4k3R6cMD=8OEyxXeI?DzL!K6HkwPQf6}Da zBT}^emxOOvhx((WhN4kEx|XIjFIkVOv`A7vNp6PM82L9Uleat-$4uexu~~JjBBwG$ zM`<)gS!oSi1;!k>I#h-_Sas4%9_`|SXdY(X!KtYFRBB1)Ev*bmv{d?R6((&WixI+H z+x7Mtky{ha6`8$%29Ok;BDI%nn|#WI`0UM#)c>(I8D!@O3V$-+ zZuVYA?o%m5(8hsxiK$#UyrLpP)n*u^J7jHab5i)WL5br!d61oH6sLGFA8t5aw&>MH zjHgg1y!I)@oS|n_!)%~*JIzWCsr!w&)HybyO!<&PuWR&&GLAP4wIqxbxXH+vQ)QbJ zKWK1@w8U8x<$y%dJK!%n15HHy<05;uBC3=E>Q6PRWr>P}_=~?vsd92j9=|M_9-HS$ z!7f|B%x>Kuu0Fvfa|hf<1}tCgl2a+v>QkFi#kOn+gjM5bjdE!SvW{rX@JK{#3B=TZ zeRqbML~o~by!JYI9*?>d zCy<)ce>nz?RZ9;h^-fZN6b&Q4^xeYyG#&kI^||edu7bg*x;uHj(djP7l>I39+gr28 z8)}17qi5Rcuh*HkZ+)6bmhS%?x5ZbwI)B=+?6^=2Ls^1m`~lLC|0-fPF7j6Wf35B2 zPp$YprPvL!5l(juHg>qWBar(X3}g7N!|h$K^C&CNXeo$1{42=WL!x}(TTD+URGxX4 z<1Jjzx7s|>LtxV^d_704=(vwUPV@go+)p&z)U0J=8TnQ5xommg(`zO=Y{PgJ7CH~W@JlFIT;PCz87 z`@Xd3rrArg<>4=)M7<_1Otjsz^OIr3oYzsvZ#1yG0iKj2;-F?&NoO0?A{PY3axuoayMZ zNGx@~BTQ)p=|B2a@@YjFj?_osSS%EmqeTkpgbv}DAtW9y!%~-<5z@16qGIqe6^wB( z{678?$^2nmRq0JJ+xxn@j#(}v2VZk>i&|HAHb%d$`Nbz>`qQwg`!B|C<^~ok2D4YE zoo9!m#+-wPi3h*cL$*TUgQUx}%S9Q=qBP1sl@VgkXdzp%lrH5r)a!nY8~zRtY4UWj z|Dc;Q%%flj!OXr7Mf`O#?>kdi+fhHu9Em+!<=L6%T@^|*Sr9TWdk_?wZ_GcDKcQhA z7ZZo3=k+n7enEK7?U2|Z1Cd6D!6El?m;12m@Y*2!;vBt-H|8we1?<;XjP|kC)^APK zKBKhk;kV3Wo^Uix+8b)E8D&Y?*;0aoLs?PiZ=3>9RO-$`*Lm!&W-jEXM{h8r5=YAb z++LJk9UJ$9vQY;6QNEN39PvgV%z}A++X;7kC0&cish&{n|XRf;dp)Pl8rF$kJA8*oEsWP7m6? zHu~S?*tIp?ta!-Y3OhY|?LF_9H-~7`Z*-FG;Xj9&5s(FUyj`zm#@MGFetUASibxs5 zNhvi`|M#ynr16m{bxWZ5FKsd!P#z%w`kFykTi4RD-)6u1)27vKsn(-blFry`rrE+P z$Rcv$ui8g`<$0DijT+aR3pDHh+>C^Zfe9CM_xU%b)`YMO((fyEG1o_vl1L`B=hPG#Q8 zK(!Fun)dD)9va#n4f*j3ZDAugN-QR?58q_wETtR^6WZmzFO+)YD$2X+U3~5h?2eAKZ!rGB zz;)IUL3fC*Z$vy!L7+t^2-~8MFOhq90S4(`w^Q>}xyfT8hirYpW1u(gDWnDtUF_m_ zPTOsj`$e~r=AZb#HIE56I(p$keosh?Zl~4?J za_lvR9oFO6ZY`TMz!@lVWa$@EfgtQ+}+)^rMMH^t+=}r zXp2)QUc5+<;O_34;%>!?26vL1{?~o)T6f)>4_PO+&)Fw?&pb2p%*=R_{y39*Q-H*n zT@Lzw#`f}I>oSAx>3vMw`{mrcjGWV-jZq$x7@u3jrMgoxKN_PQwRDgPt|oq#YsOis z^RHf1=95)S@pM`eSJj%r)p4JyJshWKCD2y^yuUr0}p}3kS4didI@6MzcEiyn1sY}vGB*-X=SN2Ov zQ5bU}P%Lyvrj5ZcDyYCOt}vaJO;QY3AZcp*Txvr=0?}rcb*!rV{@uVjH@YS~aD6#V zkY_B0ougluY^C1Wxg)IK<&5OihBr{O;Udb=soWyxI_-e)YK=HNoREU5cpT$ueWc<) z_U6y?ku9CtmRzM^mpEfGzZta^)5Wxm5e}?;_L%eoBNepo?U=K?lZIF05kpR!*2F{| z+BuYhSi_CPkbuxyjTpOPdjO@a{;aoB=t|eP43|w+$#Ic(+YUFuSC@wr9L1mZhr z7IghRQAfr37JbA@wHCZ!lD45zxfy_`I126%zpnXThNVk{?F=H7cc?AQPSh;mE>77B zD(kPzx4;a=MUq}uS&+L9$wktLVf&5y#;s$80}At|LBju%_fqi9l}>#L0q;$zwcwuS z!|Q>!8~)}2_y{-C0gB#QEK0LPHzIAd=4GU|u|8V)C1jC&M)|AR{XB#i^Qkcl2HAXE zEA~#k>%8)YWb3a5^_N4k9Th=C5hkDyG&%#}o!b$k4s$s$-FkYG{Q{m{ZMn&lH9%E4 z=&)+XV&C86L8U_DI4gF5zQVBg!csS8f3bT&V6wtBlX+E^C9O+9i*~Zgg?Mt6p{BK@ zJA{;fm8xlsc0hm%)_NRuY;N zcJY|?%&(%c$^;+KoT%F^-&ck+WKmlmbMgjvHVe0JX~dPwgGyAsz(m+QcqqsI?_bE2dbWG$IExt{#C3@ilCfcyIam{xtEomqX=NP-%!_wpS z4eeMgKSv>&NFm*gMMf-t%vjvK!E@O0^5T;&)wdq&^W)_ABX?50nMCmyN zL-*`a@OKh~M_kT2<1IkoKbFK{`?s%tPL{rU#jD!d_v1Zzi!{M|1I0LAE_6eMzM8Eh zjobtG>ZmKclzhIytBTba!*$cQT?bKWxLi5M961u5Bg4(#FP9610y}0UujXp)cHl6> zhMz-MOoZy?iObDhXxLDxNQ+#EaIqRH0i=iJXIz z90~{+#E47c8zWD)pQ~zTl)=T>Z;iKpDAbAcr5jianD<>j(qB(jjH%qNwSY7}*V0g3 zN_!43d~ZqH7CfSKs|wuN>95MqXpE^w;kNz!QZtBiBfd%dp)&u1=BvW4aPB8uo-c{u zu-8o#5M)Ju+YwuRUIdqVl!u2+@Kaxnm)tlW{_LH}*Vh6GWiAOQS6~4M87bIq&x7yJ zMAck*s+@%R;0$0wfUoooOhJJ9aK__Jrb~NBjZ0}kd6JgHQG|uCj=Vg&W3hc!9A5u` zK{XlC7rV9yq{6yIV~1ged`x<21=(?gfDRMDQvC1=R2e>~8yyw#$~@*utv*>}_QreE zlk>7Pi-oTg%byu~o5at-@9MWcM8-(5j4oy${d}RSCDifQE~x#-M<~5Qvemyo0va-& z0B^tPPtIyyYsd$mI2aU+3eykS1nmI#g3&D7~zQ%0bfWX_w{zk}+ zN!yc-1x_}k{Blb~f5nPL)TWr`IkF>7DE^K}Y~4jD**-J2A+ErtdEUjAIHut5zWYq< zYNbz==HQiSZmRvpv6s?1bzR(L2m2WFs8T;Qph(srO`N6WHx|}t#jf-@fO!h@i_Bp*aQn4R=Jvcn%U;^ny&GKd-S?I@f(J%{V_vei5A0o(*ZTL~qkFXq(#D6N0kaKE3+zKFO2P7h|%T4n&_0 zC==hCdy7NOkc!L@{z_&+ICsu->R!maCzL3w3^)u@wzqKj&KER1SiP9*AD-HlZg*^S z7IKnQwdmuX|L}g{_^f4&m{X*#cu$A$#gup^K0PS`=-iMl0pFG|NV}n1MEYP=8X)O~ zHS{x1=daK{?Vd229wJ1To~<|R&|ZqIKu<6xO_)gU*%$rx#{uyy}?+Y z5;A2K2{_m{X$0r}^$GDB=Daz++7f%Bz)kPVkRapUSvdb%oaA(ml zi)LDIWW2MK_(&Pm(dkH*Rvv8N`1Pa@UNj{0okMjAtU32Poo$fV5e2=`=c_V1!a2LaC#MDt+IpAMW{ zx4fM^k}BVjKC$OG5)M!}Ea|_MwysVlT;j(>u~K5*HYg_e2xfmR=#(7F?`0`c{DbiF z%LhoTG>yCv#%j62`@D~1T3Clm-ih1#+6K?WB@$XEI`5lWMw(8R1zD z*4G7wvY&X-`F=Z_riH2^(>gHr$hH0mWns=344>g=_(+3^1Q^kY2427sPPz`vSMaL= zgyvB{@i*U$J$%!F7U{L#@#j4vb$vEZ4h>ftjphZ%3oZYTHln5Vvy(Dg86k$M{)zk# zDX|A?Ug}(_Arjn?N3X)KN;1{+ThHNBAj{0T)&Rx_{wb_+n>@48G(NkxQNuO8t`z6FEd<&KuCLY zWGc4BLk9`Loz$85ehRb3Mhyq*pm2WU5*fqB_~g>}vYNOv;`^`wc{+RD2#ihf`NQ|U zbKldx`%UM-j-q{pis`aShg6b<@*WJ?-eClGx*9gpbb9U^#cC2K;~Mxr=YQ~-ni|Ye zc-8-Yy$rP>@Jwal`2DR$KVPsJr_|N%vhcpHcgxw6PnX*tC$TtOfwh3ti$Olyma%X- zf3+Y~dM+M91^H>qD6i@fOqH^!ojuT?f{4PWFIwva>w7jyVJ%PP!HtvhMM?{Bb zD;0v@*E6l2x*Q6KFIHCb&Hu>&?b*0s9r}Rks#tCFL^^+GIxa4Jf0!%R-dk=BXM$YI zIIoLBDqG$iHL3%TmCeQ%P`{fm2_#O4)nmj?a$AV_CIadvE(-`^Fh-F+u;dp3?0#Ki z6Q5h6O5AUK^<8rx?uI3;z}`J7H@yk6^|Uv0SKzXkk_Vs0K8N7wBlQrE>-;m|br?HS z*g)LYU5-T4eE@7SOe+Un6fvxWEFNAgxs0}-30J#ajyYYne(Zadq zs6Q%k${3(i{|rUeDYj2cC&!uRkF(CTu{Kozaq}T`J?H09T!IYqiC?d1;-VtzUDWaV z`ALRkX5BW9Q(_JU>3$w!rgy3_*4mJe3V22M%_)i$7f!ZX03JXR21}84D7TzK zbO`!?AASP9q;3Jw^MCBzllCgbz}AMjRix1X=-i>w0gY$WaY#75Xf%`Mq@g&{KXKwh z4LMPQx}va>nR|k9sE2+SnpB{MqJ4DSpl(~4vqgkjxI*601fpWztEtWDmaw96X3*oD z78JOfcF{HnDxNE4emO|`tKNQ(zFSZefM$}dc1No8`~WUsu450ppUtDBqIlU+4?gOI zhTH*RUlTgv2O&N#Ar=R#8wl!#edbq4a8D>y*v}0E5tJ%ZA=E_vT;2A|x#|M~)d zI8uTqN1i>+4(nm`O9kDbZi;)|@OA%gk$d@nMus)oH?O+-y&S{Ops<7X&6`|0`S_q+ zIx7F?i)!F5EFtKT57_#o=L0-~z^>P!eg~}?8IHF+mxbL;KsfB>>8>02=jsXibX8In z!f07lxWhK}HU#dP{w8k-agu+5rO<VhKs;zwT z?Hf$un!cX7f5Y3d7;>2ces2n}e!HKhdPszbU+PKS;7j@c1(HA3Ha{;7!_UK3L#{cf z)}N;HLY~xt*S>dWu=B`PoW;QJ`5e{c{?~t#p=;s>Y0AK-rzfdyB&739Uqsa$RY&#q z(j%SC4yZa6s^4=n@Bxv-o^uDEQ+4|uf$|2EA9lQZE}<7U5O_)mkw1AlL}?ap4$1ZG zKX5-s=)j8CK&s8VLgA49yDnG)>~DhUokaE1*M#5`RjKoRc!TTa>c(SJXZKS(v}1>Y zNj(E;*@7rkhX|8(@zQ}@M@+2dd6>1H?lWd;6xVD}w&D+%lk?SM;Eha={-0(*fX z^npb1&HsHZgav_lON|(}2w$lCWRws@Pd``SMZBHk4$`_ko}v6_f*JG;rv`6B-U8V_ zDb3hiIz@V-NS551L|(yNmP7AAL@%37lQ72c-42KrN#VT+Q(Kv0G#b)>rV2%e+UPRe z1qy`7nlT{hS9CEtETK5;3^-rj0;DUyZT1pdRisFVeo*|z)2F~9+-=zjTo`K-h{H9+ zdRLBgPOUqEQO#-WbR-3zU*Q&cC_|+RdRpCtEklBDhc_e)5#IS1ZyVDRRagv1_+orANdZwC&El-!i^xpKS~s`RPz^G_w9W{9dF+QaZnpAWF+ zM5Wpc{SP92t}gY6a}u=W(sDH=UjhyAA7~4Vz5;Op_YSSpEfB1ol$j1@e*^P4Aw(?A z`&d<0lR%c{o4HE0HZsjOzUV03xm~8KmOTu1|@k>EEH=Uin@^IdN{TBX!zc$VtcpMW~yz1?W_WF(9SZVaU z=&Lz3T6Xi%xRDwrGN&%>%dde&+k9~`!hfviwu^1;^}*uGwQ>YJ0`wmceJA->KcfvQ zj*TZN>pH(GW<5AK*r^~`BFP|kFA;CD(YyTj+4EH9Kn& zzc!6qAF8BkCLCC7G-K|hAB(XbhET#$v-xG;brD4tBa|mixf+FBNEneCoN}@ZOdTA_ zOj|kK$h8`#a%JRCDZ^%%e0CNKsM9*tY@D{@YPr?=8zcl@NFI7GJ`ej9Wz+CB4L|OTi zN4*}itc2NtHdE)|Aa^?83OU6Qt3B}2i7z#&EjMnt_^t5M#I=gH`7CR|;{u0Ib^Z0+ z4ioM7A?I7Lo{sWH$aA@W@b11|SDzDRpbC?Lw8`RKkg8DE&2BBU>tSD>D)8C_8nj3S zAEkmnKS`cP0{ym#r0!!;C1JJLus--j<1p1`hyT@0NNalT{ZQX|WxsSba%dLN1rAvc z>HS$fT2Iv{L`dSLDX{5mBN#_lP0U^0O;gH|(<^+and;j-uW{pcxDOlF zHu_>tTg=<-+pjNzL?+K?JIzjFKCUfEZ0FBde))Yk|Ke|A(2lE)u2gFSVD+4>)YGzI zCF8f>{8&hc+Dq1%#Yd`Cc^qFkT)ni}(1PYdp7XkG78bh$f`40>PO?tr>a(vY^`~ln zc71|z@I(BH0{|#h>n*3=O-gCDZJ-|OZ^JHr;blqTTBm9jMHD>zlEq1-ShiV!gY~}3 z2Zh3dDBeOF)*^cuYDj)(!wQ-gz(z6O2|u7t*Ow*5{^v|4Q+t^Kj~D$PpNXR?%)pF; zr}rh8t0Y7AYg1V3-P=QQ3uk-wGno>{`e)y(Nx6vjjVfJi{c}Y>33bDU{>;tR=ad%t z%r8HqH0#FTZwhx2lNA=~_#O{cessUQC^^V%@!7EpKGIpu`7@C`OqAZcEG!zdy&UYcZSI_RLx zOWsZJR_T>9qS%PMam{t68J=T#T>t`&u9{feDeSppz9ti#kXqV2zESnBU|jtyO_lm*|l zf=yh4=08s+)^dYCRoQWI@GrOqe~srKuU@h|JggRPeW>DT{+XT4pAkbi#XdgS^}6c- z57Vfa5w;2h?&i3{qq%}EuB2XW^I!u^u+6-{O$hKZIj`jk#W(m*GAi_`(X9PU_>(&2 z3jAT)H~6|yX8&f0I|$~PFu8W$sn!Z;Z`1hYe#44H+}7cP08vPgK16|xze-b&|8qem zn9g5yTABIT5jkyo@*Af{%KJdWQTw>X8;(cLULv3HJXSx6B_M)t5s~K57^0VvGppus zBDMC8JRM*^#{pUO+{w}+7sZOV8#L^&TtGYs(zI@b9gg_^{|VwTEOsVE?xd}5Yjig& z%f0hmZ$I9mWBdLNQDt+{m$M!EbOu|$;zRoO`;gD`z>Ezfx}Gs>i*Mz3{D_WJO6!_u zG9xdz-jE;hBMD$_u`Rgp9s7wG^mdq7ldbffjx&8=G_}es<~aCXuuzeaV1b$M=kd=t zkci#~fpG!n*||nzG*Hz3>xe0p*)%2AF)yy)X!ELM1dvh-ogis6KBq})k?EWsoo@~i z&MghE)^AlnG%_3|XC4D5;MkudDU=ni=Dz|4ndC@P1FUCTIA67N8PFLhv5^g9<&GXH zc+YVHPO8Xw{AfG!SK3I~62(M6pX>kp=v{P%$3gtgD_3b9>p7-6W4^8OlALe6(L}yE zf;3(Qqkw1CO=8wQZi$tRWR_#S!Ml9JjhZWCN@WPs;gvu-awEsAWeV>4g@lpsQ5e+V zjn>k&!;KP%hnH8BS35t`fP#{Y5-b=Y&om@Yo^yW_ZLwK--?+VPv5B;fW*p;PA(jh0 zj3H72k#N=S=`(WvVID7Z$yV&=<__Ur?+=Q+4qzt6*N%T_wLsfa(n_`R1{0Xl> zZOQ>Zpo}|T|Kr?v4T%N|gEZPNaiQk>Pg2jt|MK~zoiXUC=Ona0LA>_hEVxE6`Mg^Y zjiyX@X7Sq0Y~*cy4Dt^^*_1T5HYJMWX1)mSZ_=(s z;{E_>)yl+g&D@3n9(1|mw&A$Ck)%O2^~W0|BT~mS>!!KbZ)UYM@%ESnPK|tfEp5L; zzy0!C(pnN!e20gFJg3Y%#UE#vPryh&dYKJ~y9OXJ@^i&vvixRaKBHAaH~p-kv@UB{ z@L@oaOSPZ)@Eb$YaO}7>O8^B3m+|wos8I6TG+%n;FFMnr63K5#8__{ZG=-qq42|EX zp9|Q(fg1N`XxUbjou@Dk@mF{K0bWKXEboQD#}Y$Vya|QkaRCvV=52T%KBv)l^o(2w zfAxBgXKl*p|7Jl$!;1lwqA>!nSOCk4fzq4}(*6oY?;UE=d#~PT;K?Or&_}1*`xh5q zs#Res?~?F7gVi!~T8aqc)2u)wlA~9`vTshOzKP6WQS7;o@z(_f)XH~|zM-^5wvR0# zq|P})y1PhJub~m$vH69)&{@~;dZ|*u zRhu{AV$d6i>lVI2b^V`2sz;dF{VA1)@z)B&6W4CIKpJ*|Z#WpEGez;BZbgk(1BQy( zV%iJzgP+mKZ*>fygmyIqPF1X|=sf|?Bq~{V#mo`3Nngp$y92bITe@N0eKb8%k+n`+ zXbx(zQ11qlE~6Y5zwaq5ZpzKt?wAYqNM|HC7jhd9^}jrP82xUPCt3Re%|uG`)GPVd zSejw@>WOHTCPBEOBF$S4r8r#b=sLCPb2fMMS2zsx=wcaDZPLgZvot^UUh9Ci&@{Vk zwrIJOM?7Rh-*{`KGNki!g@(?EV<3IQ1I?&%oX{JGMPLDTo0N&-!%4^->~c*BC;HWa z!IHI15jUX&CWJK^OzMnhk2DfE>%~Tmwh4LL{aNJ`XHz~MnfSS)$!cqVc@`va+dt`e zyA%sZ@(hgh)m912Q7gyh1gsZ;g9|G4) z<@}NzTWgrnl@W1r}RkwYmz>ljBJh#sUjaWE919B@k80pSN?CH z4CZszngrtG0pcgu+QDGUbX)>O`hwDNwk)BH3u!}w45fP0L$#{rfY@~at%8yBwu?S= zU{VH$el|Q@CXYPKl-OTT`fyDJzxs+uE%z6l4$1)rA4c8B`^(w4`5X5NwpH_Lm-X!N zcxP%Z%;NHF(0QD4^wu^kX`DY+~Y%Mhb!Hs&byvu-I}HnGd!BoYbEyH&3)Kb5<_ z3B`UH0zM>A1w>jKARP^JSC+mbZ*(%gFLK)oAC|c(eneeNRDLJ4ARg?Jp-g$7e6U zP8Zx?5lVm5#87|}wSHj;LJ^U%aB8S!S!vZVd0ML$)mtx{zi|%6pThUwVe4UiB=+-faTAp-*}hM-_=X2*1w#Z7U}g9MO@} zWz+w7Zt&0D7G30%+|}3Sf1Se;da6=a5LiI8E^t-A=NY=>>xGS=T3@$5+Up(J{x4o? z;v5LE2&M3?zV<$-tz501b{p<049xwD?fnk}pS6d04#o$|`${%&AeQd+dwEIk#ZDt^ z%C*NFcW8LKNw{ zlOTpyNO8ouy~#eFwXcys%z9BoPVVi2d@=|`)G=r>D{C6p*mh_q13ODG#oUEA6|Gd< zDQ_-a0M|C@?X6lj)Uh!N;On&$X=4)C-=A9-IsF4}=SHoATRsNb+DuvhTJfCq1Os}v zqj#9JEO)mLGy2}edF@YBT$8b9Wk4`Dw=rz@m)o);8W%jO#Bv>`8rL~CJ2#^GlMFb~ z(`U_(Z?WVO(Nvq=mL?pl1J*@N2$LKb&zi=L(y}5+{v>Ij3|kz!t{F1$z9+`rFpO~v zE{u)wsn%u|@%50rDsiaL*H`*>q(&vS?p-XmX6e&4Y%Lso;#68q=7R{b_gUNS&lwZx zv2n(TlHhDOHU&xxc_EWq#as!;^F`O@TP5Ru8)HB8E}U`0j76il;y>i%U=KSDP;tvG zF(Buh0I{Pv4UDsM{c+ni=Iht)r-dZ3e@{C=5QUj>4G2K8gq+QWJSA}{?nxM?*P`Q- zQN*G}tsg>TKKs|IIuoT!#KVoGaPs@1IC+7^ z8Y?_Bk<|LDX_&jH^P6E9>uXEVUgl%#rOS^jABaChOH=oK_$XynofK>j44K{Yo^D0| zI(&_AWO4oNMWyQ4i5KhRCSQv^nAi^dBJYB6cj}j4{lo;kWO5BYHsT_dN-pXK!x5!( zFS9nTi^U-Vs#;1pV!kdO9)Jm{-~tTY;QFuaA8|&Kflq^cQv+B+a|$-E1OhLB!R{+0 z26_TB?|kK%;xb%wP-2Rd+Fn0@VYX1fk0C>!MF{R<^&}MX&;a=7wvn#4K9BTgh#q#U;}O z-%I)b@bBhM93?eSq{t*I$NVI0rLEMjBTzPsA=pGZ*`R92U^jiM6omiq5+~1ix3_GY zuK#>{Ck{E&Wh6|uk<8FKx;@cMcQoCd8yt-ErQ$SnEGHyvS$sFoNN965e#N5f;1lBO z==oJvQ9L)Wqk(-hqs-Y^Lc_6^o`{M|s_Ugbfq2!{Ft56nT_RJtIE06jqw9JZ($NxY z;3q7fMxq$d0iUhzY>B0m@|)0|RPBIowJu8DDFt8l<}AlZjOKL%yJ1>+j$pGEU&p4S z@VQ8-Hlx+YaP?E8uDfmH`Q8CkATaRGvHN-@WbbTJ{U_1i{^@qCTL|z7>BaKM#UpRe z^!cNS)$I6F`92h8*(LZex+~q^ivp3-%gbz)a?R-W-nsDP5|V@)t6t`JXter04ebO^ za-Ht5rcsF-Rw-^|Wo|yrV6=m^uCR$Ju}&s(!XHrrS?%mY@yr% zGk3Ga+kY9Bm$OAzx|ABX0ioLkja6M;X_}>(CYk={cC8URN5?-w%YzT$pwBUtJ3dfw zJ*Q*~+>Nu$kk!}oCUs%1?`uYQ5m+C5d$P@%gbm%uDa>?GR;t{Xoaenf6}!?2BxOxc z$4djZje$__lH1>%0M4W`3t6jjO|or|?iSfqfPPG^$DpD0v?7p?>s}$Y%i_6v*<(Xh`bH`V2M!d@u9Qg-m>eP~$#3@)635!BBLaIt=bwLxs!-*meT zRKE!0R*${g)79_azx%Xz*4EZGH7!`yI=Q5hl9Jlk*dU%QYxN%-8ygz75XY?w6maIP~=KJe9qx`PbWTW`WP6@@bDp*l9`LT$1o< zRH^6Q1gP$5`IF+8b>ESI;}`goFLYCrjg7-Q(9FK9>#BDX{uhswnI7lY=v3;?3C$&f7NkdyjvNL7n%yN;jP{L1gvqQN zTpWv?HQi0UO40Jou2TAj=4MOX)uS64Ws*NByBqbN?t88R--+BV8c2n}<(mOdgxLIZ z2zJA~$pW?&+)FD*nY^@o>s?pf>g99-sB9QJol2)xpgmWQN<~#|O-+y;vK}B#r+20p zBwYt+Hfr^R2Mg2!6H@)-E5YUY56e%AYfk2}6Ql?3&18;4^gg(bWsgre%K&k>eSMs1kCADR_K0~UZsV@8bd7X*^LlS{h zC3=DdLlb9Bf;7!kZQA^r_w(}=1>8l<4!mXhtgLJXIu;5#+OjkY4wdGL3;;yK_^3vG zc9qB81kC=Cx(-`N?zKfmPO!FFx7dp#Z$^V*<^I=*QtXlY#0yt4KkD;$?J73Jyz3mJ zb!in>C2bRIk=N>AFgP%m?@c!gi>xNtk#xk+!XipLl?K!%s`y^#Jv(lhj00;1ts^Lv z2CNm$oT`%8*f*xVFgK6K0sWMeM^IAh^{0)y)aG0GfN8)1&G9ccjN{^ zreWD;o_C$UU5NQEmXZ7-sLxTH&Qm`vs26AVD#_?9vuW=ctL#oxO~4upDi(ipGe`%( zszKFex{VN|&>n0gNWpUt{O>fKjt+wDp(Bu}U9aytq8z6_Tdx!0w2_;S*b?3Yv<|mNDd>O zm&{l)ZQ!b(NCudh#ZrHNMF@U*3!p`8a-~gpefRxzIm{Kl2ZuR0pUm8yiNgkiz>lGo zH}k>s<9TaF#-<9IgH@e@cMFDqt1CrWYkg&FZyiv$W)e%P1+gV@`CwlX7|hzwJHX98 z&Rvw0*&0q^c82yGPA7pZ)zgIbd?>Vqn>cywz0=}Mo8_yY_UZI<$MZJ}1B~&tAfY1I zg6pXgGiyJ0v*h#E23Plm18DFP1cCbB*A|tk+?&L@vk}BY7$m+?HZGJZD1v*uoh$Q$5Ycv|P|io(HiyGGo4#>+bN+czXznb)jts zi@YD_TGcL}bR^YCS9LxW+I)Gz?t(EnE79iT;dbsmPV`AV|Fuf9=z?S8KT&k+8Xy*p z1+h&?2H5u$u?&!=nBzFL3+NF9vO3o_kh-{qO32nKMa<{tzdNW) z@nLyuG$IQ;TkHfLvU#)6sF6DMyXnv$8I(5(&Es|K^7p0i4!aau$K-G3`W}(HXzEoT zR5%|j+wImin8s;@q9qSL$g8l0eleKVMGu_0YUtx_OtK2|(>vVC)|$_bdB5h;rfU>- zeRc?a-X{_IgqT2SQ88e01Hg((3q-rZ!=*uyrA(o)E0@cDWH)grSkJlv_1Y`FCv9Ym*R?|={EK`c- zDc|al12Le4+n(4aWy__W9_;ZlCjpv5Nr;3*R`#su`}%Qh z1y7{a z17ZBQOkKmOhYnb3HiVE(nJ}=;`_y_9t;#hT|N5`pb9aqUa`@Fpvgwpe1!izT>1<#3 z%TA0G?6&di+Z!ls75aQQ0~dZNPZNzVSJt$&u<_}tDo!c`S24<}BJeVvPO5I5zCNw4 zB8Z^Q0b+`fggP`sE&MWl*s{DKl{|JK79sZbhh{J1&Fq92JcgeVr3VIvEUALHyIQ#6 zGs@N4DR&wcNK5D>K*qQWMn@la|Q3MJAMLsALw;2m2zW#>b_M*h1r~w_8S_c>LZkTje|$Deka$a zgN1<-Za*((KlebL%07qF0JqA*FiIko(yI`F4y`3e+QVS@a%-!+XMKW=E!E@{v(k}g z-pezWSE^K@nr>{O{z0JMNO@}$a_nM6!fn!aub`ZD5_2jnsiY~7MTFT z%;%?Pyn>qdh9&nt%>&Kfo*-xIPk#%|#D7q&J!VyRKVMS8%i+3MPwIuGT$Uk?#!_d&(7>RV*ut1bw>{mg-8F%jF=x3@k1B>`X-<8G%r6@DG=B%* zX)XX>S58YkF8obkq}pf=wB^4|n4Q(Ks-0eLUFO9@*;&XJKs%FFQ)3~Iy9yGILc&IS zX859f+@jTv=le*Jc(QuGmXF5e*Vy!id5 zgBy?24b1`$8{sLB2;R|I`FnN{Ui4?)e0^3&2Ud=X+jsim#If^zM-Q3cB*8xH2Z@xF zL}?h3Di>27;?A63x&{NrU;S-a^~xdZ3C&JDL_t02_rCe^S#AnLk+c0c!1!G3}E<`3>9%)~!JV^A#({KFB0 zy=cT=!YV&8xa^MRrFuH5Ut~oT<^OjiY(rN^@o5TMY<5 z9ZZ5o|0iUWsgFEf5to^VlXOmXwu<^SVInN#C#s$ zF4=hO1KuAUuK>;9&P+VkpPwI^-=(%CGP&x)DkZ|3d6`>~Yp>T^Jx-!s)!!_Ql1L%Y zitY2Gt=aRox+HC?Hb9^owoIg__OM>LLp}^j_OJdvLKyQ}T#ZibfX;)t-fM%s*;kl% z>QL)Girk}p^`VNB=|D&TE9&c)aypywF4J@D7`u~53TsvQ8?%^Lx1wtv2& z-oZE3L!QZ8DHkarCE-CktRGbwlcC>@pXSPMgJlt4ce+Vh35dAiaXro#aXcIyyQEH76YkhLev3nah9NLJbvo``p+Kb2MA|lPVL6N{xxA%8c}3 z3l#|o=@r7Y{r@=(o&37`fV5@5-s*{p`d?G|S5$1;a}*?}D_6NtXG~Q@<0vFCg|IlO z$Am(uShy$bdXYTO{blUfAi1b!_%NXu=>6KV-!w}yHDQFNx%R`O07*f@F`ma}<6Fcp zvk32jgm7EvVpp1!#Pb0#m+XG>!t~nRB&4KT=UwA27wxNl+ci_Ncp)UDo?^rHVi;k2 z`M_E!T--DO3klK14;jAemoj4Q$}&gabH$0*7KHZig0jlbOJU3MeDFu?`o3%Uqn2;9 z)5hpSbkzMw&7vIr9*2e0EK!u$OYeCGCAkM8t*DalUN7pp^=+qMaW#EbbL5@x0|fh0 zcpovA5&Jm=!d3B*wq}dW*~^9Yzc;gNP@p@_h=s;U?vBJPbM1aCgsE`tZX9v}Sn7Ar ztvn7`4||sA)n4hiK)Eb z9y53aV@`BT-Ro)k{!+&dUF(59rY>S^R+}*=VUKSBv^g!Z;mI&v;D6@jpp#s;rD1pSbo(fx;A|%L2#E)LhFQa;Tf5(-n+Cru zHbaVs6a90e2;L2$*sk!^GjzJeUqx$|W{+l9X6f-bt158`YS!2-{i&rw0C)2p*_WNu zI`(ngjqAVFrBVvP2t13tE2UEeU86{%6K_T4Y5lF$yMEfiUHYC0u~&zAwCcMdBENBy z5paZ#0JC{F)yhdii(&fUT8tJkjt4sqbfyZG7yrrb!|!oPSN2HxR9Ekj`~Q#x!`a-1 zD&-ww)D?yXB&)wS)JjiZj54t-1~cMdM=)>@-u-NYf}&f}Ha*D~83xUl+&vYd~aLrkmzV~h+Sv!viM0=Ac-u6)RUaZnA>8u;ZuRQVFPa5Rgt#%rjW5k zah_)XNbA-Fwfr(F&3_a96*L`26CI^MN*d)*<`cVaO@Hv`mxc|_nfrbFv%%!E%x6dM zA2`N302fDZjkX3Z6=( zGYy&Q8J45p<@84=?{k*dF_5ytTfGivqVbu0R&L%QiPy5}Rdw7f7?HKBuIXTB!E3w! z-_jhRu(OOn5fKp?85xLYeRf@#A;P_*`z-RGd7#k+CC6vUn!Uu?y9cA4bFbR@)zm0N$#UOi#99KtK03E{JU_s z7d!|~F$=q7>#nT0k1EL_x&I!i>e?fJZ4YU?5w^Ybl|b}_fAlbGZTtiw53TgVy6`&q zH7UkkeYFz?s)_WBzaxgCoD|ZyTispQv(?l#%AS~M?Md|vzhA0BwO;M$uk+=Qba1?J za}C}E)eQTy2C+9Qq_b`8;V<5+=I#jxT-%AnnzZ|1l<>%9d#%ff5c;+h@EtSUXrt6?*QqAr|$Rad*4F%A5g^eOMx9GY1Sfr$F9vpkS7Y< zN>$NaM%w8E^1o3CTXP(jx2mnsJupu&nn{nEF?}69y}7lby7)S6CQI-L4`ZM`jtk$) zk_rp$usReumA~bL<8`$(Izg`4Ctqe?s>WdK*4VTkC2p^yn2)dlX1CJ_k@M1ne)yu` z$^&$n`Z!+Z9NleVH%m1h7bgXs-I|D>l%24*qd-C;K2enUs4e+xXtR3jt=2C8h(tL? z_M76_vh(Q7m+f&W9&~8Rp%Y6;j7=BHmoMcz`uT5oe3_G|9)+e6ZG<)uJ)H9MX$Elo z-n1gyHZ-p`UlHW}h%!9k>?If|iuQXXD^re&S9frHFDa5|?zx=dp3sVGoEepz$cEVT zL0&;g3Yk%4)=P-vGNt0~K#veEQ@=w}()M4_z-he8?&p|E_t%ddP1(+e{yOPDx(ANhNWX`k+FvIteKHUJMI8h+l7mWp)|x zOdw$MZ%|UIix!mIdlJLB0LiuM_KmAQ9lZ{Ux z-kBLwCP0Al?DHKvle?>W1qSC~QRBWX#wN#VFfw3iRu-3I)U(p#4EzqG0Jebfd>lZ! zn>Sy6O;6QzDHVGdo0~)hxXbv^;W#T+Hlry;jJYs3NBz0SCk9p<$|gyJ5JMmPScm5k zV1L@HJlk)>tRO**>4S~)$ifjd-DjokUp>w3H+7KMA^zDUSyub2+jD6>-8?^ic7SlD z2iG`jzQSwtO!5SW7v!1W9~$ER-J0r%UXBHfwpr7)=b|v+V1iyEe(}Jjn5V979=Nq+ z7C(r;Z19YC#?M_tzZz07xk?n}OQQOYY-U)BpZ|J4%XOp88$*+-iO&ixVHW!LVkK%V zUq7@ikZN*q>oh2=H+bK>?N6A#L2L1(7`Zz!*=2M9&jn|tAPPkQ%bCVEqBi099W_l< zGxM+hsa}!0ULyYt0IM_0aH1(b^s^mSC1&F=T9)rkWFnbZNXM_PUe)Lfu_(2v9aaWMzDJ4WjMcZm>ehr44 za%CnT)1CM8;oi?SYo0d9>3!JRyzhZetPOJ^aBb`cu&!`^Ztm6B-n2BrhV%YglF4 zpQA+ZdJu}Ct=(e}{T(tALW!QBiQHWxI?V+?UkoQFC;K7-CV6>!1g|5}nm`CCtD~o9 zRH^%q`1lW9=449fS2i{_2Hu@9AUL87Iy&wu=0*rF(MG#3^#AJY%)_DF|2{rQws1(u z8WM_8XzWzhB9bE8AeG8KVzSLp$xe>4?_;U#Bs4V2v1KVswqY!jWo%;|V(9sf^Zd?r z&iOrmJ@dz0xXj}Ie7)bV&-?S8`?jckN;6wnLi6o6Wo4l87_D+PRY>`RE@UYv#>U>h zOmdHzx*|KAh@l7Px{Jgu-eW|S?0Ii3j~Q+`3Oez(Jgl~s<-J2)F&??MMHd?zJLU0# zH2z%oStBQY7n8Y8rf^VGYUb|XewW(IO@%s6^Wh=gkFjUL2$Jo{7u4 z?Vx!>BuWSFxO=1@IGsb$Ayh^ezR7^;`5OHl1Je^Cx}%3c&jSy^z2^0Z!(6iomdT?0 z)DW6I8ezy9pb}%+zsr@2DugLEl|nfVwUQ?d9+#ZC zC@PsPr>Zg9#P(DlBFeKZvYt#Qvv@fvw?t|u9c7?9pmuV~F8`@_zcv919yf{EUl*^d zT6kfuBZJ)sFNN1$G1xPSC8`vTbIGXP|0*1*LY(w2Vj#=Q&B_`-4J*p9m zw-<_L>Q2@vRZ{w`tByN4{OEY8oD-0UP*#}RCHd~LZu3C#S?(N9_P%P?_B2)3b7dJ$ zZpNEP7)fonFg#qJ+G4uk@yB@o%PPNIE_4F=q^9NWxhm@O@9YqVu*0Yz&v90nvR&is zVlz~IVoKSK%w6LX0C=yf@XL>WDMx)No@_~TUAkQJu-I%aYo6??h9GXdTNd{BxI^4p zSgBj+1GmAiX5?XNGHQE8g)I7sg$+{f6@oK{dDx#Iy!yCRHX&ZZ!Tm*u`M&zVMTXh0 zoY&k(YlIg(@ABOS(AJ}P0vz-4g2yMQ}F6o+3ju|&jt-XDfz&kEmH zJf(z0*0_x^qUL6Ds~|BLi-P$?zuWKcwcHTd+X8RA|{>N1q!(1pe(52e*BtMSBRCG*R6eVh92K+TAZgEf6d499mfd*NG^{skd1~F;!pl$Z zu7%9wv#=Kj(ZCn~+r53N)cKsxiY@-~LO5{ZK#eJnsc~Tv$2+cS#)3iy>w4U`U%oa- zMXs1lf{Lc5aCYZyiG7I%U&kGU;MGl}h?rWTow!h)KXqqg`W~pY^RJih5%Arn(5SFD zd-=0rBlMp=`-bG(E4MPfRGaM0s5k4Z{w8!Hm}vhZgNF-)E#>9}#>j=CTByNi#*vK*YG z7@ZE~JTMON+VpH#iC+Bni=rC6#sC>A2(j;QU2Xj3ntMN54;@c}_DPsDnyj^ zK??J{69-nhQr}X~Erhf%+v4ZcPq6aGlsx`?wZR}YHMN^iE(*2E^;{D#JLXHh<39yH zt0*N%aAw^LTfGQ@JXYw;H%c-|R}t$_h;8onS{kX236LY-K+nbt78)r}Xjk|20OyID zl4pac8|dgXb#@x-=;+Au+UTtf^*)If9T;rGHaO{#1%RH%+-nvK_PMeiuz3+875ZQl z%|sj5;H|v3rb+HXhe6xRbkM&uQ^D#g7tVQu4igX-ZU%4T!bF%b9r7a`WbxMhc@Pa; zXyL>UR=W(oUnS(60~Qh@if|is+J*5RhJtnZy0ZY))0&@e&v<6163&*k|6RilsARX) z)CHQ|=!9g2+lByvL&#p(H=q8<2;ZOubBH!OiUk6C3f64#8vI)0DW?Bu@R#tY>qAw( zsp=Eeyj2)_@I>Ls^EjBtd!}`B1UX$X`Rm9Ck2(sQC6vICM9d9&aJ;?w(1b?0wx03<-KNB1#dM3c~1a~;{ zm{FLWaI34XE=`LQ|I*_1&)JEdoS-f5Tw(?w_L6*V5K!&k^w{#|nLqWo@N=k3a_LP& z!n4fi`k9#XXTOgR=PfK|iHi%Y3Tl_&xX|Y2-81W_Uw}#ky~S0%Y1e+z#}9GPq{nI1 znsy)g?oxq8+|I+C7d~uL-^3L*UU%DdN}@8SpZ@~jOb!0TJkTl|jIo>FV^{9H;}TcQ zUKNcj(fg-99~CD}dJh(YTUi!{P&Ezrh~AE~)kFoUeS7}ri=nk_iX>7+CTWZkql9N3 z$hj5q&i+jBGY7whA0U!e^4zCFrdxvW6&#knVj!I+Eis$~Vr@~vi|uF|YQC65wUae# z>LL-5*fG+F61^d9ybGUkPgNZ@U|sxy_ZBI^$#OjHbRi)_gCz-@=EVVWsaq3Lw6+=} zrXkWM`o+1gcR#nM$2NEXvE)8`m0_W>W8RDT2}Y{S&2BvW&87`@Y69rBg2a)(v>H)k z?9)~@nJC7=s%mL%%Dpv?RrBpN2N!bb4}f$ok<}VPf`H!*kCVSXC@@6|KcZ|oThA!& zv6zmj{mT5+_MJEwzrX+~hNnE;9Tlr{2(JK9gGYPln3xsR>;{}}`GsuQM%KEr^~v58 z%hOh6#yvk@wNuk?+QQ9JZbk~f@;ODL)|cCDBabwNP@C5#k2^K+#oA|Ox{ItTuaaXQ zF^zVUc9G~z!kZbe5HjU)Nj-t+ z?Q~D~^zrfvFzIEcroEU#qQF+vH#3T|qz^y!#BbH8#zQ;g^%Qx7LtH-CQ^W?~R3O@je5saPc z(5t}JA0|-R!w`?B2k;TI-txMkYD2%`oVS|?SnCoXXLa@%;!Kh?Q}K%*WK~D?^1Qz6 zu^{jAILnU_MYY|(_VJ$F5_z#Tj2bpK<@uBOWGzxFMpxhelTpL&_6C7igckiuKO~9}YQ)Yyq=RG|7rD&y1p(TP`YKD7s{mpgxz!%21(j<^oa#mQvp*lNJZO5`rC$HRatTC&R*BQMf~kdT%FBpmY$QD9rH^9; ziI27R79Fr0zU_S4aKO6&Byun*{bA6uziVt!_op{SpQooaAz6G|al@{yl@d4}%3R6H zQLCRtuT8fiNP4|iZfc*7flyP3GX0KNW*t@2YW7;L@rG#DR}7LR&!y?7E)e0Q3uZX; zv=n$RaWz@(H`bFstn%-e8kXIMm;3>p?H9wjn(yg}YE=Tm6AQ7A+tsy-x8DFweK@cu z5R0VbWA;yMwgaRNg)Z}eFAnCsf$)Stpz`oQcaw5<*3wv~&>iN{9K$!?OnYh@OcQn7 zxr6=-;l+Ny{z35GgU@&46WL4gt^fMt5DyvH)3NQ~&`_~iP*mR$4 zwt=&DMb|ztyyFFGk@hHK&s~D#O~MA#L2#Fbcp!JZ1yR6rWY3xYZp<1{0t~op|3&&&20bgQrN-Ws z>*t_>Cz0A>`uaW~=NjT;e$9z!A%pz={daa$=QYzr`#42KX7?miJ^@)eMdV`&eYEoZ zcB~OUPlRg;2POp0$`pE)z?W7d{~LM!^i6h~qNmRknCM4heZDpRTqh-RtRFeB6N8=W zhOA7Ca=RWC*yw0GA=#~om!&y#5(r=>l7rHVSxePyeIYQXOWsH%zF_ZI8rC#R2)hG^ z|IkM5jBYcY{0Ro*+}q8c(m(nDi;`Qz>Ttp5rc`3p^@OPfOJ}TbDRczy8P24Pj)p1F^Zi z37!Q!K!7rrpI-y668dp}ZcbWc7@+8t0~C#>kVl-U>MwaXW{xc21vbonqcOiG#d)!% z>$4(9RzM*zs}T*U2h^FDs?)RbseA$0n9iuHV?xRWw7%<&z2oS=pr5hyl9C(UC&DiD z!wwxJQ-~g2k(YXa{cwC@2}YgAYLXJNriAmNt~5_7JSE*gOPN0TyOTWB`c^7Z%9j~0 zyfdy9W`?3!(L%xvPLJkt`AGd59H7BPIaB-FG@9V^GcVh{fks!f`LDMOObEolE6+@4BcK<_>pCNMCIYFlA1q#A<4ZF{g8i@38Kz^ zcb>be@8!m|lSNG0y?^>j0?FZQ26o>dx2>{CKSJ zzye&q4rPfRj3glMofqZ#H(7$H>I0x=AlPYy9c2wg?XKN8)`s&)eh!^2X{lU#kzTKPjdjkZ8T||Xb1%FO`RzfROrvq zfddmG=m?H$I6jbr-8p@(&`@TvJ;OY3^89Q42zsNhc2a4TX0$Ft*&w&{@rhGlJ55JL zEZwX?vt*LRJzAHbA8~z%C^Yx2M$$ltm>|hZFfL;M$~+5BT;X~MB?Dj_4Dt&092K^O(?zyEU6A;AilFh|q?mt6a0cV*BoSJ%jJKhyO_i|LQbnja>S0#{ee&@Xl>Qz!K7Ka^-)x~SP{@V`Sdt<*tlTKZ5# zOqO%8xlWkY4GC2ggY{`qymaUfN45X_o#01bt*c!R1#x8J2-?R%+w7%dz zd)Yvk71(%N{2dL>tuNs3-&7Azc(RKDRv`wl5i~it~{8C-GQ=M zSl1qsStR9#!+5_{TNo5Vk<}MbP&%zY<#+J#}f}Wfk9ihWiTv+Id~kSp+_4m#^;P;ctBVeK5{{rr@AwElES`Jc5dPP(aCWWV8c u5u7+SdI-=F=$2k`c=A8EeM_SN literal 0 HcmV?d00001 diff --git a/nitrokeys/features/openpgp-card/images/gpa/1.png b/nitrokeys/features/openpgp-card/images/gpa/1.png index 1f1dab3712f1c2881023c4c219c1e5dd623f7bf7..278a944ff9448173b18c2b64c94b1cfab5de8b9e 100644 GIT binary patch literal 40125 zcmYg%1ym%-J@+T&S2_)pbM+gXZo}ZAETfO~okduQU;`Qf1?Dcx;8kXeyoSbK&oohDq0NG2q} zwkXhQl+->t5tLM`4Q?V!IGoYSrb6T5lS!*Id7at|*kI^(KwI_AVzmq>qspqGJn`r>)VbDMrm4w`nA>IRtX&s4}y z?{8(kGfD)o)zH``Z^Ywld8X(f^eAuZbM}$~_g9+YMEXj8z)y5to>o=`lH)xhu*E5nc zCFm-PC9G7jn>Jy|F03>%hUj6u%V@fy%jtZR>=$QjUKtV~G`E{nL}}Zv(1?bqaZ2^C zw}q3q6zjC0snXpL+jR2)Dbw?T(6f8Vgj?(_SM=lgC{|UG?_q>{+WrGw>0@%?A8OJJ zA7tx_Dv0(l?BPx%&(Q zcV$}++lpqQRP`r8*X5c(Sh1go7WkJg#@#3izKP2+?kDe?7lLzgqoy82@7JFbIM~&} zMq<2VsA1VURaM>u9FOI9)|-3DGS|-UKcM6^GffOwo#CSj^{c8$|Lh6J8V@x3GIv2D z=zneTzTfVHxn69B=`6>SLMM#{FIo;QFSjlx{RR(o6^uBn?x;#xglX}P!j&MzVZk*;V3gvuRG-rJo%2$cdSw<~tlN+#QLpI4ieI-nehz*vPE zW`6Z{!p!^m0|J4YH<2m_)BbW%+hbT^&q%1g^1#?et2b(fu6RP{>gFmz_0Law`wJ33 z1w;QoR2gObok^dKF=%l*Gj}*~w*2=odHu&o{>by=LdW>1<13PzFV0uC=OF44vfY_k zrqM-yDugi9ErBwRwV4xD1hpj+R>ayTLov-0hwHR|hUc@BMmWEGVxovQZY94F7+>=E z`*iwlGAHZVtL-0{TpZMtRom(A9L?UP^R=@VOgpPi`b4n%GXK8z6PNTmZ z?RdEGAbR3)q3S}lzsMNqA^6JlNm+Ek9^SdDJBXwTiim>}`6*?zp4irTcffV4EtvhN zPjlAnyRDd*?&}He=baW(v7V8QqQ>7ID@P$`Rf)$2sO2XpmV&Y2!V`cw9T9Ea9RFo7 z7vB{T;*^T)wB8kc6Bcx(J(B~AP{axldoboIl<#gL5I?h0B1B>lN=mAQ8|bx8tZ;5; zfTL^z?3p$1q5R2c&Gk;b@An?Zbyd+3Rz#&mhvnnrOP?~8AvZ8U!_`YJU*Kf!`*3@? zqQB0YQKEcek@T{l^HTd7+&Ud?rY#c_M1P!S%=UcnaMt_sz&oo7P@EapT<_Q9eiExT z7w`BC=U}BUqHl}CnXLz?D3&VM*}2;3?Z@T!+fCSQ-_3T zNzavFwv#^){qYFr)snW?EIMA`4wy^hmr*-myL^5pl;cd_ZS5W|LJ8U&TZb824vfI! z3AbM`v(9WyyiGuX#&t&+;I7$O7J@qEPuOBo=nl%O133{!!F4cE?iSPdEH zb~R8C70nbMg>|f`LQ740Y`7h@4T26qy2UFV2&dUX!(nZG`-)pqz}|FsH~45|gp-LW z;e0~+ZV^TqaV!SquP7wf0>7CnSaB$=t$YBW=}CvZI`piG$Hf^HbcpVFk(+npbGyIS zvH8WeWXr8+cDJ*z8KESw$(-iL|H|rRgKwgaVEEUj?$+KBNkMe_)A`-Y)of4{ai0AZ z>+`A&U~OyDwUpS`@Fsuj8CUw&W`@+dBOO>OPY6fRk#;ao(WWKqJ=S{Sx}wr%`+}i& z#72Ur%wfiJjjDEkCj%CXJ52V4?<<1Cn5ig6CVMY=GmMg5-T8Le0iWBm8;YZuqx#VN z;KweKgsuv3Dd1$aPH`0wdTdCvp&{|wW{ZrHp6#FPJM5wEeqppUJVcgt+ItVH+l zimqC;b}GdSTQ$c6Yc=C{JNNFl1kLvN)5N6~MW?nTdS&T)ui8vKv#dy+l%>Ki-F=(PTjQ|zoIprI0g3nX1{^UD zO|12=a`-b-%6WQITVGMNsoxifn@@cR)24`mHsT~(PUI$keX&0A0{7EFwQ~RSMH%(0 z+;JFKa;@fIZe-D0v=pchr{D|l{yMwj&X}$BO20+hz_dP88sdbkm#B^hxKn(72xrc);5Km z^ADOY2i_w-Zr-DEckZ8eV>$Opdze48CV9oBdx(s`HxcjaU@E9NRCo@ID_pev-Oi!( zAK<^9CDE&|DlA2x+?+mW|4W#kJcOt{W2Hr{xJS1i!%j!xdB2#A)|A>-Q?sneWd1_) zTx!kX7MnfzQse}Ug$8mU{mfPZi%9Aw+%LfH?5wtMQ9tH*u{)uLC0mxX@IXs%GTMJnU%?< zUpnfyt}9-wzZhsRCY8Aseie7CFIURo>O+jHbK0SZx^hdv+$`80qA?6uAXqRv5kFKQA8K+R^!j zEJ!kK{F^@C<{%8fsghj%cLc9>zO09zWac==iFP1}{C4mN#R09X$?A;D z_wCRL9k9xn3AG$eGEv%CVa2ff2dBJ)d}1P2r)KQxnjmU5Q!iqHB8V2}9u}lW&Q$v` zGIYTXWZNL_Zpg{#T25o?HT|siE%;X`ejR*s$+bf^?>!A0{dC^}m79~ho_r1j^TA17 zhSE_W)T=Y-TdwMo)lV!qHPEUaEupc|CeDx8EYQ)98)>$b&pe98*a_Pa+b6p+M^-31 zV!R?Jd9H8ud3nBDa)KdpeS03(Js#jBQ~Kqu=dO^xQ&dIwVz0#l_K8j}2WiVMyl$5p zT%JbK^BLT3wnY}pBPY%?4hkTyS6i}@k`e6Jh00YNN6AvRj!GxR52W+dcRJ5l)#p6n zv+|dNDv7bH){mMh-vd$L?^;}ponRc&B{0`AZtI>DOpR}@zxSXx4YksGlp|ug!Z
~6!myX!AnzR>QSm`V5xzxkz3y{f0)Gn zfK8l8&O|9`691i2dsKYlDG31G{f%HZ0cUvrI|g@;N6O67;V%25Eq*#SXrq{e9D185 zLR{fhF)2k>^#)1EM9v+kmMPzKKE4@~uLyOJkAL=ycRN!`brI+7m;oH85hgmw0^#S! zgWY?FYW++&)!=IPLE5DJ?-K$}ZHJfDXsk?;D_sXTT#S)k#v4@m?#Q}UmLIvB0;|TX zE-?h6i;mndV`Jlmfrlw-sk%ve9;Vn>8XD!@yUD*TClprnU*UHN)Bwv$WhqV^+)>q` zhsBGw(i!}>MvI);X_%8IPhCPDpFNksE2umI#9Fp4!lCG+vXQzOQ zbvLE7&LOj~>BCf8kadr%0e(s8&ZR6h;LD2Y5ZIn!Ojc|;IQCH@P&;N1omfRwb!gt$n6oe*dX7wJSJzrCd(YI zK8zZ`JotSFYNbH1zVJUbh4_|^0nll8HBMHIaG z`!|EA%-ecy=cFK!Mp&O@dkIF<+4Fp2Cb<}0ICHQ_Qi{auV-1Io8It{LMbf_dxZ}2` zQx?eWPt!Xz%0Np+#0E7PS$}NlZ^`N!?UXxP2|4PUy~|GhtUH`nc!f98VvQp5d7UkL zO~2)O%Unp8TDrSsUB21n`*u9ZN$)+aY$jT$ui#-%l5x2~_3+@=n>kB+Qc6rfl z)(1+1*x)qP>cn?s4zdti^g&|zx6BMwKM->tsns(4O^c2Af5qT}yfWAb!I`ec4K~pm zndg+QyffYE&Q0=BA>q=e{?uC9ap<&=2t6Ek8N?Z6fQzKguNEq;?ho_fgz(y@8{V#- zZR5xb?6T_W_U`Ye<}grPNcUPUg3G((KMAY;Ue?_&v1VJ zdfijqWz1HlZrHY$bD*ur&2fjKtE=nn{l1!A@&2sC#XcQ5aQZENtkc7bmn4-7ts-mG z07g)$EJjjeY8^uh-*U__=#la!1#{y}xZ4^x5t(bcClr>)elX zN++r^&=&Mx-L^j&D=wZ*ic+c%L#k|h-&eh~=STu8=>1|Vb^8aT`40H`r*`~~g6%J} zq$SomLwGm?pZRW_Tda3K8TlI)On(*X;v@&2*VXMNi>gLfGL5@Hm7{ERx~{NHNslx< z!EUX(|BOQfU_KrjE^XKB@B0NCV&mOYSjMQgh7sXflxTVBjz z#a`9zk-=T(9{rG#`@BWB`(lIIbbjz8S+l9db8^bL?Qr(p?QZLK^KWuH$x8xe;k8G6ZRz={bqvd zE^1x8kP{WhZ^KF*rkwcesk)%d6u{^DT<4do$<_fmh$_~Z19AAm%x~QXN5ZFbSHckn z<0U~G4y`k0E(N+Mr5N?50qdxAh+WAJ^4~DrSRms5f;bY-6 zUf#e*h2W4aF!Fq}kHaIE{44hH%^cDn6${HkL{!wnM}0~OEn*Jg(KLgq3F{bQlpIAz zJV#d27NX>>l~`K8S(7mX8*3dIC=t<@Vw!s2;Kac(tZ;e3r1_*qsB?Xg?i5!6=lV)* z`rSO0Ynz`N_7^SeHb)$i>Z zt}jX;xZQ9IH_C8?AqMq9sZ%>gN4$a?sgd3R96|=0@i1tv{LVU}il|qXAnm7v#!3tt z-imnQI-&}MNZEfVMPj(Z6h8zf^k%%CzT#@w7(ox}X2vw@u!q*a2upToArScCnE|Ny zYm=vT+dGT$s*cZfbqTQGemJrA&QK@m&WnDs|LSo9vjw<| zWCDq#GUO=aNhje3eocl#3oLMLeT((~s}{P7gT|`oo|>mBOD4vftafyy{O{e05{W9y z{cD*&TmH9p>_6%w4;Iha_y3U}!6~Tvu>k*77wv`iU7%OGZO(3zh5r>C%Ln|61N`gj zVgB2MoPBUV^?$`kj)I$ZaLmwjFS36NZjjJb|J5I%V-(c?_bDtF`^fpGw|!Ve&-$-d z?|d|%P9NJBL>69(4bfGQo6%ooRGo~C&x0v#L zR!=0otne=;``D8rj{OjEDlMl|=z9X5!zG5h zee+9Y?zOu)C^9dXX-leou|DDL4?d@9*kuhAyis?5Bsib3XFAz=W~7KxXvVYzhOYet zVN=~omKe;?i+4lbDE+6ypPDS&{g#-R5|m|=hgqv6*LT^ev^ggy3(!4Ydd4y?JOjNT zPrEN2!W@w@g!=?|Q56N9F`4{u6(~lhW3n|p>!fZqXYd2P3U})7v;4mgqZlqfeG$H} z(S!dam@L2$%i{?T?oX&^oEWRiGw%?(oT%O_5Fq?qmAUzP$d7_czA~PZJAQNKe?Lnz zuwts!p`dvE%fHO`={9u0qvi6WY1=bWxkxq{e{F1>tb;?l!oWFEGd(|ag3N%ewXD4k zv~)>FvuAS&-2ICkE{MG9M4k8BKO^9}HGjxXQdt7*8w7%J{1N5~1vWo#5+eB!V`&Ro zEuSU+gl_iOvmkGHc(mCyR_jgQVWVpU(^8tnY%l2jxwRnJ{cTOB+dlZKYfQ;&6zsJg6lC>?LPhRd?*)J_5e|SOY=)sLQ!= z5wefXu|Wi%=%0_7#?gs-8LL$o%d~WTy?uRl1p2S_;Kam5;o;K6FT-)GSJqwWd^aeV zr)k4>S&4Xcr(8GR9Thn%oggDjhc0rI&U5(GVFh18kvyJ5KUqkjc9zyI3ItC-;%dPoXm&i_IZ%X8s;>bfR9 z8gcLb!nQhFJhjH(=X^} z0h!Ml$^P#nzWt1e5$0d=JP~EulS$IIr+>QsGhN^vqQx9&R-gZ}m`)?^uYG+Cp7QsY zJf2wau1B4tzUMhk^nz@#{T?0{A%EP+fTPMDF?Fm5mz5r>m&;K24$)`t+hw#)O88oL?fzqT_JV&y2tx^+`ZV^H4j@V zwAj*3G|y>!XhJDPEy&n>z_Vp7-CJOE=y`=zp7rQo)atyu`eAfudyrk>AyHTTV*%_k zQ94jeh*&+-S?0z==l-q<4Yr9^x$HIJGfW80zB(S>k)1UUc}Gz{8W7$~k6d2>^qjUI5?3)3VEL9SWygGYlZ2|0_mcMf%ONI zw-3I{BKD{EN518Un}^aWc13ctT;_-~IiGY$zRf}50kI$XM@@eR7N2wOI0wMswZjk+ z%f#)s(uqh#Xprzk<3Md!wRkJ(Tnvu~FIV_9#sexBPTG#xA6>Br1{%7;k9GQ`&u;A> zo{T2y-Wm|P<3y?g3Ro3FA%e3%2%CmQ4MCA-dLkO+KcdJW&t)QPI^}+Kigxno?RO&T z?Yu4s#~+Uj)Ri?jZ)kOPJXq#lvS&B!HodqwF|v!B+`T>O({;KaNu$@1EH6SXpDv<4 zrH_I5*_*fuV119>k2s?Hd&^B{(93ObkL`eMM4mnLJuP>no=$4v!LyY6%6|;eaVDAL zoiu-$Q+w$Rh;TOXFY)4o7by)cve7V&K1Zko^AB2irc^srahv5mF!$s-Br~Qhf9pKU zb>{iSz>0&m=RDb6dU~PO`7|bF;mca)bp8_=pSAK?@JiT_$46JanZ16G=&20TQzL{7 z#ONN3Z;4nA5vj_Y_MJWSBR^t*)TpTABtyqf1`oaMt#!o6Ag8a^tyMyQ`Xru|&{_-o z{!EH_zJVLp8TX=}JR-2ulR}K*F0NowJjjjiu*E&K$!qMkMlDODKP-aJN&mbidtCk=BOnq?$s z;yx;UF4JlNcOrL-1e^EO9(G&Mp#hkS^P0{QISu1)thv|5m1ctC_u8YC( zLZ!xNIuCh&3s*88e7bZ^O4y<$0^$`FVD0G%@s!r)$GYl!V?(GDl1_BPdNGVDwf!mh z*KP*nf3QYi(SlG2noQ2#3BNsIK(jm>W1-nGbvsqWSGCsY;#^HO+`Li-2)DoSuwkV~ zlr%Z4X`9a0=~REFJ8-Sa1BP9$E6Ji&OXGR_E&`CLMov_wJAu03;@!!WcNxZKYV}8y zXM3gy;`M$v)sEe1I1l#4;>M2Fdrv6W$Af&E&NFeYucn88dvFY{(RXN17V<{RH9gqM zYd;M7?wT>U^Oa`ZRlL5on&u00t8LDLx3L0-rGH3V>eYpx90F@oYk>FNBI&+W!r;`CDX3`+;pdm%JL?p>#TPYv$D$7mVE{K z_sl9>l!z?HOYXhSUAkAD5F1vVUX<}iI!HF8ypn86`dHS76MV+SJSdpmQJ2U~l$dcO z76n|)UC13R5NaNlZ2tjd?>5)3_1Iem9byP>gGIr@Q*e9jJyUbS5ou42`l9%jPPZ0g zbKx>le?bg6MaGFbp0atJNGzs{Mq{9(40o#S^INm5kv}C{8IH2J!(UHSOSe8yIBQK) zC3}%-`DWr$uBLZ`;-2PxhQHslEW@OI3n%bmY%=W`2+YefP#Avl?k;MyVS0Nyir&K3 z>d6~<4^oUKzzj6TRNs>`%WqHhxI<6E;z?ZS$cWQ?%0&mzXPYiYa8gIq&V#1f(BCZu zFgwBHNC}@196^SPjP~9P9@6bK&A86J+zST3I-5))1p%B6>({oj#=3mCTcS@1QYDc4 zdlgNEEycRBmxp2mXRMYR^r5N8IwWFqK$i>XCCJhfO8&q zf4npFo2{a!yH9-a1!$H4RY!k3t=7gxFKZ(=S2Cq%RNEYtz6}a~gRrUI@{IvAc^@GN z@rK%rz=){k_?tIJSK}jPbwjHrYg^;M(9JQ7yltUTc6R$uVQES@8@Y^Urkz_@sE<33 zE!m5q6y**t4E(#do2Ka2Dt57lTtR!y~7veDaUA?1>bib!A?|Mg!H@4}cF%5dB`mZT% z_Ffwuwvp()KfNE`tx6`xKt^^`vOEaxi2fmEd+rY5mdITl{p-9go%2F0_tPD8g5BC| zq!i8jVUjj?<#giM;v1B;jTXBo(@i5OOt*XZNLogQ`zk{qk09QrpQf;tiBc=ijL#LV z*>b?e`};dyr(-_-vd-!irW75JOa%52|8#{m$NPly(dXNC^+;Z&*PVFFI7kmPl$7cY z_Tp+@6zvtzd15%q(|EEzj`pbba{yP?{fzFo>Wq?x=n3ZJNw`_wmcDJrh)q-lDcf@5 zSGIMJZ3^XwAi_v!x=UdjSBsGuEq{Blj7>U8(;N7{G?V_MzhGi`;qoJm>^<%)SbK_7 z$Es5L@uAH5Wn$yr5}S-JBmc7K_un2nC)uYK)ryec3*t!cmRx{uI1@34g8zXz8~t3+)FesD@NMNC9!;kBeZ0!6BAPqwLeMo5b2DFN_hxEWbye1dhn&) zOkv^GRkM*f3FFQ%@!@BW+SKxz+u}S|ZI}I*9cdZx{?JpPD3n?JrNOqIx8b{X@Q&^c zv&{D;5Ank4BdNuiFmWfcYfN91^zr#0>ajd{h8*8$@B!@hzwGpy$@&>;C*5Z1UrLJf zEB4Ut|ITnBgG2s5cH3NEiYLRH>-cZ-4LJNBKwUgemM_-u|BChj>NGU#RyhAA(gfsx zAmL0yfx|0UG#S)Y3N8FH%B&kR?myiR%Io1z{Im99_Z>`7+J5EYceb3f4u9#(cw_Xc zVV`Al;PDlhU{N>#Ob!{r7_Gr|od`zS=J>UtLRupg3ik0Rx!87aBp5%5C+>U6(2%jI zX}!-n+wC19L6f(M203jtv*b6(xiUR|V~xoOR4A@YsjQguYMBYDXG5A@ySf*>VhG~ekpGJT0BjiBzxaXDK;!bFvL!oL~W=%+z?&#~viH8wGA zG#KzCmr0k50s!V05E`vdkeziX8r1A)RnLHhgwHg@s7p!yF5FC*yuT%P=53u7w~Fy@O~64sN=bEueaKfP*Fki`|-;}I?DXa2{;4^MI@L$1^6Y- zGAmM6g9$?JIdZKw_~4+B%MtSx95GI5DWW2Kk`s?1SE*JLl9P-5Q;FmcWpzK<4!yKs zM9k={0EbvD$U_7id~yDutI{tb*#$~kN`3u#fyu}~4Mq|Ik|=3b)u@!fckfojGf9O~ zu)c`M+Oy>3WTfS;5r?D#tyT_SIvxLs1LO}KLi1p3f~9?`kbK$W_5f1pogro?l;*fcl_=?oZf3hMS+0%msqPz6-x_F5xMiWz1V!egjUHagJE(tU7^?$(7eyDx;X5%ZBn z^+O-#G?R%`(ChKDs}_OqM>}Dy7VC;Tui1P-8+oTYF*!We)JpOtd^QeH)TJJQ9&1~V zCE%Lao;{bAc6X=&Oa0%pfZ*swOW>0FFUqc^@om!3$iLLW^BX7F!T6z1|T ztcxM1)k11`67ApMFd9jTq^To~2{~aIElkSkFfu_g^%-dd$TIQ2i@iNJaOcRWEFL6C z8qMtu6_=C{C|-pcFqrQM3`b)f@Rm^?qPGU1g!TydVL-)VP~=Ga*Pe0Y$US|Vv62lr zpE}oyJ}-Zt7^c>! z58P9g35Y_2sO9lTo)bg1Zh7J?&~>*Dn3PWq$Kb?CxCoC!fJjM6o&2dl5e`GJae2jC zJzTa~8yzL8Nvp|h8F$}wSzdnm_8E8KnMV!MW@LxvcRsaEVQ7`ELBvhTxfGjQ;o^~rREiX?m^ksBm4+M zxe}$T0pmZ$j>+}ZAC47;&WS%jQJCZCyrB95Kafvogp>1)g*Gxkaz0^-Z*&QX6m>SI zeA+Q`V!Q!dYwW-zGKvhmQ!PE08CKaeqLQ2s79SQE19$wS!9|?EaQ<& z5>AlQqBE;jp-Cp%bL6BOLu(WcTy7RpQZ`0|gFnCRT^&WORy#}hLe#J~_`Z$d&}uzX zEhKu~P3N#9Bdb4|Mkw@*GPmy zM6}b&jnTIH;|OV9@%?&eS=Zn+M0t#E%49AsD#ODAocgJZMeQsk{8i)=|@AueDM*zgl&HB%@N(F7BE6jqX? zpdu=%Bm|tXhFGeJw@-~N2Ek$otu!iXvJwCwsjp9nc5v|g%QXCV&4rpf#O$_B~%2>5|wH3M_5(1HRB>d*pD@j6XuQ4h{D-!Js2zl0XY?#`QpJ>}8I z=_^GOH7Ath5u?|A=9$B>09cLN0d2$f;UBo()@pJV%zigd^#ZdAzbvgS_lILf8)YOU zpf)?)?9380!v=QqtE=Hip@9lCf+J(QKFo# zu5Hn>sQ3sn9$rjkCGPcI86kgKp|BDg;OZ47)2Z2H%E~yGprQ&O zl4dfE!qPH93xkb}xLCSeZC2OQxf`*gecg4s%$Q3XD`V>_mIm6WkPDJEQ{HO@LP=R! zQeK{dnkn&evt#${EUJ)l%afXxdN`i6pM-dg4}48so#tn?p3m3MBOQ0$9H+Sk#pJY< z2AeCn#wN$~M4kd2ZTMwJ#gB&62{h^AgvsKIQ7GE_hS=!$iUx#!uMVHMddAX&$* zsMZs>Gx%B zT&88lsdfNuR%g@urWLvLWrU&F`na*vICkn!y}3}-(?lLy+MuwUHFI18Jv69TIiS%3 z!2&5q=}Eb`u*){bT58rMq_Agy+_J*TE{sl3i@CJ*+G~ARSqwH*+Jt4KfkAJ=N*cRB zRQm{2k>NrJ!;=N9`)DMUhua%Vl9P}uC)EWT^v)6qV0J3IlgCR-0^H@MH-Eca-{%JF8M&_aMGf18Lf-woFwiiClrX}Oh_}8X z<&{ytehEt?il`Wazr2V70l_>cZS}=~*#*ygi`5KY`{S{cy4llUQez_%pXZU$Qnlv9 zKobF}#W6@bg{#?T;ddGCyA9VAhqe2=e{6gEcdYa2l6&inuKivJXxYGt17i9o2D_d| zw(l<~!8Svsgdv4*#iMXxbKdgNhV+ep3NMZGeEvq3^2b^{6k5ARa4hRS)|oK} zeA=Y+U~41_Br-Uo=`h8Uq8xLD78h|(03i^ItZ={mc7E+rHQ`Rf?-ubq7UyrmkV%GM z-?C-ZCtc(>wP?|woU|)dt+ZAV$`w_=T#k5a+PjH#Jx)CQhf`E{kqMD-Q&fHCDahb= zcKTSDn3%(%5Fz#7fNm^NrpMQ39ngCS%nA$u1x-#%+dn&#PNUO_H^B;9h?qF&ucqA6 zC;|WgE7oj4AJyI6{rvnKXvX%Oz#OMF67cN}8XD%Wf~j0n^-LDK9Xa**MO;Rf+H7Tn z$WM>yi|yuIKb=1vtK*iw4rFI;#;w$Kr7JBqIOtK|tA>QEt!416+#arbtd;EBvaPq< zvaYY~!D8of*To)sOt-Et|7>dWIYI2GsM1Ce-$BOGF!lb@K3!(Txhx0yDjsP%VkT5h=Aw$ zzEVXN)?2SKg~H(tm&Q_Wc>w2wZ{S{J-9Oy-{OBan4`uh4XLj`SZ@wfy$Fny7;=S5PUtws_Xl-<#)kKP2R1Vac|fL`QC& zejx@(kwAG4`p#F=s9VeEi*+|7R7?qb`+PGdZCO0vRPOBbrnY7qpP>2AsxUM(G!ajy zbjROq%*D@yDL^&f#~yQN4i}vNULo?K4{sd(k#ES5H4zti0KQbSBHd>k%MNiJtz`0>Vk zWA4U6BV4I~0URQ>mlf!3kWkVBE9y}~NtndiKvQuiKwC|DXsDNmSF5!DI$m#0{kZ2_ zbxoOwL4nT7SN+p{ybPa1KveX*Tw2o34w6b*R1hR$ zV){ywTn<-*(UIJh_4_kE@96Yc!LRD*%5f=N1js(3J`pi-MHThIVc9Iqc?7=tM6-VX znnq+VRq{kq;D`u|i=!t`I&Yo_W{m?Q@vi-jBWK00)$6-EtF&ger}I@&cXzXSL=z_O zXDGYOb+>chcLQ9e*DJNpdE#ecn*93zV#IP11`7`jrB4caKY#X{9xNcYwc2cp`S%d){$L$9 zd*Gw5JSBb*z?Lh6l}rqejUew9M^vrRm3=L6CMMRb`qQegrI`iEB096hi^a6D8H@2* zAK$9$m-UQ)<9sq7^6TT|ukjI+<+%mO--E*j>l3EK$G5}@x~|`{Ok4K*vOwSFdcLAa zQ9Cr#Kgdjey$1U=WTN(R#BbK1-vIyZ$fXU^|@cC&A+fFKp%at6uc}dF4+qE?s)HfWHMM*_P z!om{F=i})y!`?c*M%n{OWrh|y5Nkc(#}5~}{a5u=+tog~XkEHb7v}q00!&Lm@MEAH zZvrZFXcyc!=Ekvr+BG6CG_lFw=o7Q(FK0zKOqsQ9{Gi5oEEMfc{WZy!)MCv_mgc}< zVTli0RbXY4+Q%TUyzyYhG-fW#v%H~d@KlK$ITkGTGo-m|NnuM%8dMiyW7a`W#4rgt zVCVSPN_D#D4hYcci;Rdcn_ufAdk&-I?f5bh@T7-M926^?Q^3H$P}0(pn(T`)F*7HS zLRT$HeSv`iY&|YuK=NbQM-e>A#Cd*QidL>(or#y1)Fp)aviw zzXg@7si6-zZ1L&o;k9SQWo1n!6X>p&E0-C(*7aU9zAAt+z7;CBt*hNP0`!y-&{xYjnW?Pn~NKtx7d%k)Fjj`+!O5QC7ttf4i1d;Ja_6H3S zWzJ;ZaJrlhBn*s^c9%2t4%eR(skFk&8yCb4YV!Dghl~gqxVBDP+-{eoq@=-r{~BMl zv2XcCIhExFRaOGIZra3&K`BoYWhSQ4F1dw!*6&LX(8&WK^de3^WnkuBh%kTU`1NuQ8N5<n#a`n;qH#)cNmY=a8m)aK>=bgrVmR*wO-h__MJeFpw_S>gq0WOqEp# z&T1uQE8AVv{%=JBchv|xv07bw!e08v?dxHS#=r=#Ub9q$zvx@F=!8<~qrRT97PqtH zCl6Gk+2)DU{D0j$Q(L0}Uv%e8jhV-+B|RcKRw$8_si_eP7It7}CN44(2B>69oTr4Z z8VaV8qB_Z@a&or)`dS#;zgy~kiS;deIMZ_5TfOD~%y+xm0%{hKQBhR%^b`!eX>vJ2 zE6rX6oR;|ixQdYxBepDH5GSIci2@p2SxITW5JSM}@}gUd?r&R`T%D8cYN+#J9oM8y zQxDlgtX4S#Fqhv5@-rY{kd(CEXn`DN*Guy{aBPCd^Ztd^CShztW86&@bm zJ2C>Pr>A#|NC0HV1i;OG9v&XtlJgvwK3%+00F zC(i8@%!|~udwYhrcd+rrYpK7C*l}r3=-|9EwCG5SBdy`YIn#Zv>8467FtvJyo!xmI z-_2Xy+Yeh5GQTk-3&5E*ymhSVLbSumj5wr`l@6EYFhnanOPY#_fXD48pwP_nt?qFpISXHP}-iRHpdFDlR8_HDcoN(s#@j0cvI;%eiB}QnYIwIXlQU0d-1GZ z6YPc{xZwPFDJv>es4PKINK67G800`%m?gP>R-v-8QoY@oYA07=Df`x;4Lj~`U0(0U zo?WSzGXn_OfopDFQwDAp{}cbq54tod5f#)kWhG39*AtQ9;oA#Hf>~C++&&cY>!aJD zXxznTN13SvW|uEMg@S_{1di~HP9CstVD;*> z=NoNFx?O9JhvqW6I?J;v49-P!ivD_OKa0fcI7~O~ary-Ng2BV;O{cI;C)4|;bGW;b zK>Xfs#A~}eN}t;Q_*8&Hg0r`onmdiNu(PL0({)1u03O$KVQtoja96GaB;xR9f6I5v zE61g0I%SNFQT6;D$o3OQoW>5)W}D=B>^eWmBMb8@Ewf$?rE4E-F9SMaC`j)~DJa7B z_VzThL@ zRi2Z@Zl@)&po3E*3oUIA`{<(K{{6GM{m>P1mIqyRY_Z+3F0ZGw;J}U1 z-FIy3Ofr`xPjU;)tz^~1pDK!HA9b`$UUIFkXIna2FG2w3#ipQZsOtb#(b`?-c8+Yf z^u#?wpkoQY!n%st-#01&?#b4{nRh`~W!T|d<;C0hKAGo&R-$EoHLfyhq&*hY!zo3i8B^)L}rA>F(K;d|tq}ipJHIZVzUXOa=9< zpn+YUQ`#?}?^BVb7(ESIv?OEs)5Vhvj4oEowa>4w$e5_XrIolm?)6iREMhs(YT{HI zZv5}zL?nA(qtF zGw6P8`n8{QpGX}dhI!eKLoQys||e!B6`Hkru-Rr1)E ziN>|%S>wdbT7rWEjvT;od+b=TLRYS-tu0+>0Rdx1si&ifqGEzsS{2AuqT&eHfH7zu zU2e_&q-~UyD4miqKb%_1TQ)6;=)EYrhJv!6=#65Z_4mpA(H#r~GIY{0=x&`gyXC6X zttf-vt<9=A$K*iPN>tG9W95R;UfY(Ib$fZZB6P6oIH(y(3yg@91nuj(MuS=cW$ ziO!6Sj8GPopHKMucoMX5@^`iXuEln9yf@(6`USZhYGvAVrK&R!g<2{?A>1DI2CxJQ z1NX6_OPQNf0=E?d01j>1K!nTx($aVQ!)nRrdXMT5__Aqf^t( zJzW2R(wya{Q!|^*T5x=P=iX9NA^+ho&7VN%b-vkwfrtnzXEsORis2CayKo3=1>s`O zPLb79frWB4qMVbe-Ub@HMZ|`2G-n2aWvHax-dZnkIsuFe8X-PtELWsuE<-n=^ z?|SZRb1PN@K-AHMYqBS@a^{|MU?J+)jb4)mSS6o8)$x(noWPc48W7JSu`1PQfK8gh zN=ll+_;H#8NfcG~*6BH)WQ1ffY1uqb!~kKl-3XpD-@88{6%q=Jh_#h;bYxm@u>pcN zeHQG9XlrfPfJOV38KM;1%a0iw(W)2%VhxQ|cMlJPR_@u8dv{MyAfKK|D59XGtT$-l z9-C-t*V5FXyS=>~9Um7eTQFeCPynPvN5ipT!;>drWlgER4|FIUM3>quPloN{;ru`1 z-ZCnVs976@5Fo*WJ4px<+#xVPNRSXbFt`SHcXx*n++BhV?yf-xLU4DN!3O7R@}9fy z{c+a)cfRvuSWHj%?!9+c)qbk#+0`~1abeMkp(Lyjn$LK>iuRPk$4R4t?m1>$cPE>P z2aA>d8UCo88%_Hsu=6|#_|ay9LS7Z0^I;gPrv2UBG&z=l+HB)< za(;)Tygbe;)aN!^(j34et7UuJn6o~aqa9+nwd;;`Cu7nr59p$JY)q)4)%HE_^7gSO z>h;C6&hDQwP5=s#3wb2fQOx1fmAJ3LtArmARH7Pi6LZ%j(&PJI#L~$b9n4hTolnRy zsaE)?WOzpUtmH3%^vK7VHC7fo1R;g8g}KKoOXn0GR#ZmV*w_)`)X2!l(ixy@zr7m% z{^Gq^LgjQ>2@?}GZS4%=$bzo6kRxankd&U7*l%%F1yA1h%cb(Li;8k}S?~~L#D?=r z`EWL%v-neyPKFf|%R>)D2KfBm=o6I>-}7;)|24Xo$H)AtYyWqpjy|~UlfIlp?PkuL z-T00sAD36r8!Z;~`}sqsKNAxJ!^1shwN2ZlqagA1osam{s8OZ zfD7C_;w4KhF0k+0VsM2vv~h+3g+`deP!`mcs6 z=lVx=C5vUV60(LrWAwL02d$2p9PzEaT#oopg?xRlf&*;0-uQ+T$f#Yz`b`}9ff!WT zT9dZTZE<2E(T7>X<>RaUEZq zGOOhy$EvETuG~_q6gZ%-^QhUvQEEjAUKE@`Q{qB1!N=65q>VtKxJJJ05-y-Hjs*w1 zM@^|K@`2;qYy!JZFDnV~emBlDEbn�_NGKjA>z9j* z3l4>+)0q6XpYCDQu>+$1UCQi~wc{-%x+BVlZ}WdW?v?3*S7?{nucY)}asf1Vhml!`AKbtvt?NUP9X1OTCK>4>#s? zA|fL1(m(i*oAgW!p_fdC4OsLUaM80RfEftgHr))^=E|y@Y@>s9cXL{#8{_t`* z94GJra22Ai^PFnahIftGA{r|z+}&e>Diy}&hD%APS<+s^V?Fm}n?>t-BUWyv#gw`o zvfL3xA;4$9g#i(Q^QSjC8}$5MHKc6TpT~MjO+DLUs-Fy*CUBNjtNG|-HyRtgM?cq2 zuh6;^+h^{;_ucAqYz>LO8)@%BwAuOdbduf`-z5vt54Du;ee4d6{bR{8D+o$se4OKa zvA?G!R?Y0mOw3xMq%OLrOinH?Xx{Gvl&yyDs3j|VR*My-%K1|fM`-`vA9{K;7gu6- zvI_%)%~iWb8~$`YbU-$`LnpxQFH61==T7XtD@+rf;|}|jF&P#dj9RAA|05;s_ueBj zV7mOWMJ~`v#mz0o8~m)>u2Iru`(x#VLV4h zojUXNNGsdh!Q&=*G8Pt%+h)XsU)|hDQSq>Famhcas~5YE`^;S-5YZ8VXZdbxzXpa% zIwnbr11R&$7rrn3Q53LCC%O!EOFjU^7#JJtbC86Fh4nzE;b|QHQgy_HUhR@f??@xR z<m4Zp(JV~?+}NBEs-IcWmdZ{c`T z4eS{i84G+)Oga#4nSCsZEAxJ=Ip;k!Nt}3qiNQYrt=_F_X0oB*Lzt2*IP-c>c2V^T{TDc;i3IxsY_1-BNaS$BA*ZmGAX z8kxDD-~9aia3VZW+oQZ|Q_cJSLZ!+17}(lvG*znR;_j}JRMU38W)GZFvK9dTsrF{j zu@2iD6U$1a4-FijPDe`{6!7__fq~JVa;;|d)a42Al?cSBNxkN`?uCjxJ;2D19NWDB zGTs#>74AO38gY$`{G{s9(b)88Kxzrxb_DQFR7{t{E@xYA@t3XmI)BD{!$wk=w-4K$ z4%JEPtYp4_dWPcf8!Hi2VSVdF*xHyxHC4X35ksBEKwrcaRopXMC`Sc^+N4}uKA*ce zo11A{v8bnGiRFqQPg&3S0Cz&>A)~D(X&wn0F=EUhWfq`AEtz!dJWfY*uPCP3(qj(p z%`23VmI9Cm34jtq3thj@1zK>y)uXIIUf0{6&JrBZz^6ZHe%uqeQeRE zzSW&z>ZmnEEZ7*?xr-H+~XAAtd;vaF6pi8{$x z+ER`BC`v)M3iEBOoAaZo6cJkzqw2|>vE zwc@gpD0nftR#TQv>Ev@|F`%vCDw-cWZ@8Y)GhAG8Jw2j+{{HNwk}t&nHzK_I zhZGpZAV0`-i^`T)x`6YRi3dm}lDP9vz7&b)yyabs1qlOy!4ZEC4*aU6DliI1?T^lU z$HasmJFuZG%iEsSFv-op5C*jT>>1LB*th`ij|jjT=dd^Cn+}5kFbD|Akt8QyaTRUl zw(rS@KPqMu%21n*bN!6fYOb=MmKB=2U|)21+zt~GMBuZ%d)IzfkIsjn}`J{tQ1b zE$unJn7z}fvzX$-r_yngFyU#eV5Gu{&`w=?>5K(Nrbf-ImA8U|u|>a|4j8@(aj&6~ zV=ldRhJSOAP|23lj-0ai#NJ?BBadFnS9(43qGQ|zWR^;nC6X(J%jh#}K??$<>Gwy+ z#-{rBcK0nyDs%CftlDMgtT2pEesc5`&;2}3Di4;ieFPUu^|FGn9z!mP$YVQAM9taO z?PeA;Am9p6~ zzX!rw!IZA}g%gq`%4JU>bfB_ZzI$}W0{?>%NKkM{MxEvjLC%)hUz#i-hLnIM)B0S} zi0wAjE0Zq@lWTgEQ!OCbbdY2lH&v_hXI)+0vU6{Av=<*C6RQq^Mx>3cFgY@MI z9MbH@V%?@3Z9~|0=@fX&^ssZb2JyZ=`Fq24J!r-NL zcDHmyOD`e*^rN)AmcC+=_Gh92!Lff@kiGA&QIW5CT54QP(i&$dWZ_ge{DN++B(1$v zt?jIOMr6v-N;R}(z;;^ML_ZZ14G&WI$MF=FE5XSu5v1<|a2l^O{v~%umMjs4L7~El z)pyhv7}p=((}xlE?s{?LjHj9|XY;lRwSl7w`KzDDX=clmOyUBG6Civ_!exRZo*ScK zb&U-y;@EcefyUc38SI@GgL=a=5D7Ch^{P5uxrqb|@ zjQfiZw~JQC9POe(<*wz@?FORvR8&-J>+7)7)2{ArByaCW{<8H`uSKZ#iBlsaesh*c zTVnrr=dUv+p`&!T@UM!9x09`HLY_DH-s#E7yBTlG{t7)jJe(iQo~50^cgAzYH{+G{ z5)r;aN|YQe^)+54;r|BK4%frkX&4-Cyb!6+x~IQ4t?ijFJF20v{ddnnl*>xmL{+t{ zOhm`-*>$+uG)p3SaJNXt2l3-qQOH>NWfnDVmr!eiN!p zgn$fHsxoaezy5~D9ja3}J;77XY!n`t8+`e_s&G~RclXZZvs@K6H|XmcTB;g1bb57+ z&TA7;l*pEL8Vea^wk12N^Ru#F%1er2Ib*rUy6QDi>nE$9-_g*n73=Z~Lb8hNaX*XY zzTw~qOPb;7)ru%Ca67B;yZx0hu`60QF`h3)q+F)n8}f=8&}B{UdsPq!RGeP(FyW1j zu8_!*N~j!}v!Yk2%RyQ>Yq7Dt-AuO$9io(vTD8PF>{Dv(wKxR%x_#Cl~Dj(J!(ek{VFmiYkK#jMwN{$@`}r3<;YCw z%Ak7F*b`#u^ zm@sHk(`NuTbhMBlY)Zc5STS8(>dP16H*fT~-53Sr-&*r7s7_po*1k2q^Hkmcsa(=)!808m|HEgkztU0GYjl#M zwpdG*5g&IaxFlgqli(sThrV|}N}>JO8&^!>-4OA)#UczKD?CLW32F*RCkejdLCcj5Uew}j6G$5j?t-X6sQ1l2qcs0 z`uaMtG=6E-21wmTPwciZJ>96(x1P69E&BHr(na?NIx{W5x zWk8C?%!slX4|n&~{7Fun+B6U+tgN)0se#F<*O~>+8uX}jW<}32Yxpl78NiPg&#Bmc z_<8JpeJ!f>4L=aTa>J>(wd-06Vj%2>)~OF zTFsONbmnanjrP*gU85e7sp+p;p0HL9(nu6xVecDk;x9@Q1qOx&nsIgjszHwq>Bw)I z0eJgr`&A70EkyVYsPcrh%=lOme z=hKTfdx9mCXdOUcP_86l9D|IXSVIKyEYmaNmtvva<30QgP`1YciSesmkJp} z@9P<5RW)j(fEpn$-UQ%WXj`quCN8zQa~>6>hJ>0%YFq10I+wT})=npJn-d<+)vj;+ zn&2`&`UIZz-U5}@;eqB2(R7xsdD@pL?w~H@snwBWDMI1>+u^PdmHVXd`)|!@b^^Qd z)B!l3lw!nl^|ppdq?^_OJEni~R2Yx_Y#EhuC6Gv4_hhB>V5v2AY)pP|NYS#ej^j~y z!i4ApE;f|C=0GSFHG!OV`y2Ofeq7hGA$tCHJJMSkG?9?OJL(4$+^3Nv`FD0`IWGn( z=XL@?NbJ15Klz;2t=A~~Q}=^lm8dL@`lGypdk^jX;=>i*hyxfQ5cM5cP_fR{uZV2- zen{v)Y73^SAK9!YnqOsc) zxet-z)BwOTyg4`3^t_l973UF$u*S=OP`tWpKRz>`i7dT-u%gu>km_flXjsjbxN?+K z`MK;GxLvo|Ox0gcCb?bcwE`QD4YlG*8JkfX)=m$~-O;?{ni_TwE0=+EcI$JExVQe! zDQj%Vy1HUH^WN-DJVGk{jnoGlJ>X*4dv$i?dd>+2r7I zKR%Z_a{IC4!w6&aj0*csA1)Y~Ni>`Fwy4OwS*@R>_|Npx}Vo)R8nQj?pPO)4=VW zn=aa=G`4sn#9WiPZLy_Am5&dd+zSF5PJXTB*^`r*RYI*M1tAQ5U@JitJJ8DD0+ex` zmPn`jfYp1eX@#uep4WWx*gn*)F-@|I;h&J?(3@~=L)7!>(Zq9K0mK0SudoqgY#-(p z92&u(PHrGBzZv@`RkIhAUPzBGW!BE1QR}i`@&nfg##1_BnLAj%h0Abow6%vHFBZR# z2M;uPG%}NSWfZQn0iif^ty_M-6#-P!7!Vuy;lGHU82jOYeNE1@?D@^$z z?c%ix^YHhv3Aw6G2=Db#yss!3SV`%WqBA1-k&n!&t(!^;Li7D%D8lnnUQY{O8+xYm z!)Yk@0CbPszP#U?(oCh-w?$8>bAe*Md?0q(BIc2)I9_9bwMNv|PjzTzv?~{Vwwxsc z;xj_5mz@>e@Z`K&ofp_8eSC$NDc8|zAw{sxP@lp0VJUuq*I8&Vw^@VZ_?A}=8qRQ%EmvBtg0xV?@ajU+$x>lyF(Ur{18kUW38G zN17f)csHWsrLO4ZuIEBW@a4hOc0od}re%@kS zY7$>5O<8Ktt9j$+tf1+r4G51-QI;rEci-7gh&;%FUwT%yY^fm?rV=obbE})- zUMb+U9k03P<|enY=`JwwOH07Y+kq`RxGqL`*NT$(m5e6DcQ|Dsq=(yG(hdO}QF7;2 ze&w>g8`*N+>Z_sM?r*zDI^H5BoZ;3+)EPJ}KgrLc#+q1drn5N3tl{bnyWLPPi)gha zPZx0PQsZM^41=`m?bjW)!1_`n$ei&oNx6zHd;)Pkg$!jT1f`R%sr~&@azR@ViE8YW z_U5by5o_yRW!)`zi|Ss{7Ai+&E&_ko+;d$9q4YrA@c3Myj6hEob&ENlb|5>wI2Eb; zhCS0nXxSg)7WTL+?aojnatEHZn9(J}nz&zi)^{n%*v!Vg2^-b^P>{?!0R&GyPlp%1 zxom{ENk!!`Pj zZrzlfUH>M+{wLVS96~XYwBPq5CT2iCT5z;a__1_S_ur@(dU=C1Zue%{ya`}aKOqfY zZmixvI`ac32k5ihEmdBiN-~?_)Y4SznPZ6@`klPAmb5=)Pk>0}@*n1Jq89WPsZ?&x zF}h}XB~+%c6O+|uC0{;YwjAZRmQOeo1!;&jq;Y{^93qy{A_rNSnc#3V4A# zYjgKq?2(A+Yv;(WW8*3#pfXX{J_h6q8Qk2QF3 zUHUzxk8Lht75ej!>=%=k2SQ05({ijEv;GPTp6>4wvRFW_^;G7Cqnp{$PPpDD@0xk; zI>|V7wnthg_jA#Fru>Uu2ugU*^p)e0TZ){#yPcF$gw#_*xJO@AxAzo=+dp6pNLBUbI{L#g#_d`Zq0p6ha<+-4Ym( z6Qjd90;op#(pyf>vrqbX0Fq!~>?6#*GU{KKw!Gqn$an>4-*0iay9#wLxkL(&Ci{aW z4$cL3Dt85goKpsSppgr;2et)V6NpCq!q?B1g-N^m8s#RKt#Ab)o~e)Nm-)$=btnpI z4c{-zBECEZERC<5ENsc}Y=NDmx%K6T9a3+f=`5PBHYZo_%v`brEkEL+T9DR=2)Z2B zYQJkMTfX^!xB#P#(I+9WbB~o5-CLKmSvgYUE}VB|g-M&YNGd#y8H9q`di`UMY-81z zxXLmzYsI6m6co+c9n%b}*2HB051tRkil07xQu0}ZH5WT{ z7!N)4?MoZ-}! zulGS@bF#WJh(1vdnMd2zB1=T{7!c<4<=PLz58c zSRHjhJ!mpnHcR4{R|tr|##RL7(PWAsl1kLCg{`XSj|_?Bj_bnCzh4we@j0F#phnS5 zDeP>@mmO$;d|z>Tz4iZC?&U~ey+|AgTN78H5lAdu*|CKGQPQ~~AQ~`V($^AElXwaA zV$Ci~J-Yh5{n+Mlz~khE&T5C5NoOW_%zGK{@hkYf-pKFYx-j?S3cXvFQ?vusmR8v1 znMCdc9{DSgexZ9wAy+>nfx4K~^uWYu)~N+eb?4*2#fe0fCDop?b*rLVSG7sawdJPx zSJl%opNaLCwFicByP?VGQTdA-#cohxvjJ`k08u_@6FpxueIOfxx_L? zexy8aS?S2yvtH-SJHF%K4^ouCsawU6nlcilVr8&%;JAU)IYQ;p&v?P1hJ2DceTa0jf|JRzD7PD=)DHuDR1nl?(XqWd z|M{FAcz`bytd&wKC>Pojp+fh>seK=PN1{4S-c}i6NcKms?ygIjtkdI1`pH^%m~dqC zlEO}`J}xWho6J_Ck5lmDO*d0fwcXOf1nQh6bCvE}X z;ckKcmwV4kSLQ9Bb(40$ph8B|AGYi5U9NGR^s?Xqh|d!*R6mZ;tQPiyJfXxl4knT= z@~3+&{0YM&SO6{cpF&>dZ&a5U) zpuzxChIT}Q;j?>4t8a!%R1UOg|Ahr{RHyF8LSEgI6WaIvA{k{Z8(Yu#CRBxw)yp+2 z0-wn+(t5Z3boKWi+}Y3iS$`|or(=s8tF1lSq)+;`2{X&NCI*iz;q0J+1taak9`+Lb+5NRGiM8c#kT-{+3d8=AstBoi)1o7Vf}vqQfqaXA?LPS7M@<@yz}Gy>x^}h8 zaYQz_@pr1nDr@=9N|j$G=rR$n#T|DyTU{c{}lX20_=>Yhebc&Uwond@a$Q z1NylrHjjI8cC;epOM?9Mzt=rHG^ni9E7Dp=gK8{^Wa6SD$_SoT4b=Dt@o6(h;z(LF za;!92I`vk{*kHP;7EOTB43J01&0wdnd@V?u=(d4A?6mJ-*EeVUM|?)#s;4`UFzH<_ zJq+LukF=M7Jsbzy?ykA43_)G;f~}J!Gg4}OKk$Njcnc#P(qS*dsdi*4C_mCXp4d^6 zyV6M!$$S@I9%&KyO(Zt`BLo~sA+k+Dh1JnTgr}i#a>*~HTgrG4-=+ZJ@yQhLHYWqXJ6ons7V&GRi%0A4?UyaN-NXvrK zN-<=q1pUS>Xp0n{cdowLCQo&u4Gp+z=W8-1y1%`o$+0zH4z@O&J`P3 zi&bRISnZzBJvaj$3(Yk5>kv6-RORaN>EIrG_Qz6icAN5p`YCeZ$$B3w z9j070C?robOhD}qy{-Fh(K9v+Ww)CpRxZ7YXpMHxuWmfo#%$P%59}Ra@X20fqkOPt z8lsFco|vP?$GFUQ$*C|)G~E9E=eqRwGyO+n7b{J@Dzq%jEa-4zqp_H$alSo7Op4zN5SG0~rZE5R3RC){?jR7Ff1?nTa3N zskYwSO(FnIl|`Y`Qc6BOW0A3=lnqD zC#OBvnIng7H#D4ZB%*oUtXAbB3|M<-hmPukRkGa1hd$bt(*x3_NAAeZd-zEw?*Ia>Qw4_1yLzh;W9ij&8cUS`HIOFt)8^mt&5~{3bVj zm*x;1HfN(^{_MDTC2m&IfCwJL_2*RB84v!a`>xi2-FvawXO!^w(m7UU#`8JpHDP8J zgCG?_8Ax-WGE``^3GTJwvy0j$6D%IvKi-G2>2Uu1^!oOZ64*&%c<|o&xpIi1SB$dZbpq=(+*-kX@ebi6|n@m+BP`v`=!nXRouAy42U*l^nEW zUNEMop+7;ADtXhc;%Tyz%S(Vx3Ohy5lDsVl5aZT6RLRsI8R_4(u{r4QYV-1b^(KWI*JPPu^U0>_g5M~BX$7p#{GSzi`(P{x6hlOsf1;Dx_9yg z_YKL7D$5b8w{pq2`nGgs{K7eYwKij+#>WF7ewMsF$yC}OzVN87w0A|25A;Gl;=wj3B-V70d0`tf{3bGkHVR{w1F@fs}(DP89(#FaOpDZx+F zX?kw$J2$=5wnVkK_)L0VXOBmg1D(2n@q>`PmjaPp^b;tuRV(45t57d{N1Ofz`s)u< zInt{Ujh_iFq$(mpl-k-{p{7#sH`FFGdGDtqNhNQMWM)nld7lSx_w+AQrIz_@a7yx} zZwf7!Qxt41Tt0l=x~%hYM2e1Vh=gBiEUx#&qd1V0pmtnhx4q6j|0@%JvS&xfE8%lE zt>OZ^o}S71bduEE*j30wDPsPT1QhxP5#{^_^GW*<(VWX3C-md!frRmG! z3443|?M_>h*|&tyB1#!Vy3~ZbPv3S!-=JZgY!YopHZ-lczk7lwLn`?%_aW_&?HIbu zf{C#blc_qvfkN5Sez?whVf{E8Q&Levndx{rQk~zk10FIpQ&aNUcGO7mPURoaIjT1O z(cxct`2~Nkd+E277p}dR*$Pu%*?H-0g-Cih6d{bg@;c02zwEJF0=yG4oS{t`_m~w3AN4r(l66n>pdn?c@(yn|D-)0+MUH{vMn{IX{i8 z(O+49_O+O5Iiu(g_jin`wP%MfH>X9Yhm{x^?uNF&^vW-T{4#+6U;k|-p(Bw^!Rfx= zuNGzTHn&drm#4UUVi~Z$r7lKI9%Y$IYan19hthdXh<~dtHHk37pykABj$DY~BCmS} zu!pZ3U5gmFLL<9bbKZMXeF$CjvP~fW2AZ>5rqf}s_NU}%+kRMeK5N%^ibD}hzMVab zh*J7;)$YEt2ns6qFJJ9T?c>PNasHl@GG;i8)N*dF7CW~eN-P-ICMLHhAiWlZMm0Z8 zLtREUlGjecp|U8`+<+KC$r}}O&;O_R@w3J8hjds>VjWZDGD3zXTMFAZwd;>^-YwLf(K(9l;vP(+&eVBLY zGbdA~3#`dw(7WNW6#8%A_1mb~cWi!qPrkQNBk;nUT%BZAsS*uW<8CLRRC_#sew6PrGacB%cU@6G@7E4(>o|aSJzqvSY~1-N3v68558ps4;U#A?}b~Pm|qcb*ou_J z<*aIN3;tk}At3qLmaN1P~t+B~@BYMkVDsmLib&8{^!{f=Uud|?*3uV21| zpj8NXsla&CW$8?Ry$1=wNw8@0**6L_O#bGPFbaDlzOY7jmTidK?_ZRT#nLiesN$X- zkR)HcLWeJK#-AUMXK0>)@U}rRN+qgJ4=^%eX4k~T46Tn2Lxf4v+am^#(YnG_A)V=z zhK0w(Z3{R2o-KxG`J}e_CnMhccJpQpduNLtWA%O2Gk_C^v&KP$H;+PJ7|6}c9XQKb zQ02Iu2`K!#99J$_>chsBuP6S7QSP(iAxYhCn_z)^1VyOMbM0pZ$cYPEdIh32Z+ zvjORXvQhsKnDimTK=IS$FsN+#Tc(bTW*`Nd{>f&fxIL%iWsGGuSDvVMCknzO4-wDp z9O}mwQ}{jlg^rpg)Ca*EsCz&m;P`zjV%MYgMgjoTzIvFZq|+IgI$mGhjJA5)+R%Tt zyT6KVX$e)7;5l8d!#``F5dwzine@G^ynP?3M;zVKedeEwPjrZt$hm7DONU zcPiV*;XWr|iau!?Y}Zy$esGJkZo5w)Pep&MumLzx8eR`Ef7c~Ui10pt`GT|W zrRLvh@rG3(Ja1iMKw74E(=K`^>IJs(m=7YKC9*+bp&nOisM%uBGjRB#ExUV_HsAa& zZjZao>AMEz^sI(`*Q4-lV%*o&{>rl9*3&R)(s9x#OXHC+R@Jr}XQzDB39l;y?Q0kj zAr@0BsPt*VL}y3M^&+E}M+A;rqrbDoq{RK+)t8uQwneh7WCymbz^3b%TbfRgKYbU7 zNsk##j-~rOG{_{Yib(DxK!=O<=Va#9lP3;9Vz=CvT#uy^yG#BFF-q`iTdg4cmbs zU2LGdsQ=Jzmj%aoj+nhPEgl0JKnV0cUg-SQ9c=Q7U?53>8mQ(Yunkfdd$W1|9@pux zCm~Z#{o7j}jn3XCmVZs!Cez!G#RIg+lMX~fN*n@`-XFe5vt;eDzs0jLsJKF2bqA+c zM+4+s>Y!*{XeD0h;}ID-GIAar-D<^vTk4Y)!pU(f7Cg$g-)Pu-`!Wqn0IZbj65FgxaP95WzU(O2J_}YYfzK#<5L5lLZr&N0+Ie54JcxL zr}yOh0eRDuccuTifp%;F_}__t%?)ME!3LXQn?#IQ{{{eKb=v%GKImE26+p0(@Y4CO z8QZ^WJ`LaAeS}S8R!@N&tn*(ozGhT^9M*u3;z%4@9TF zpnGcarr@i8`QPvgEfX~YN=O0h`Zeoa--D>~I6UqB-MPGR%e@QT5;#}bZ4FX#-h9wXA8Wk*Qer`j7RQC$Fb?$?U($J$3bnzo4LX4d~A+9Fk423whIbZ z_CE9RiL=-0{^nFAP?Ny5u2ono^E$w|&nZ_;{`F$Ua`0gbU#$yvOKh9zG287K9v?LH z(SrPzaIyDC!wV0=))TC7!xQhsD&gr(uhxoED^`zw4LrAT5Sx#YCoODg33Q6>HSGC$ z4rh%*bU)^7_J{IXn-YHee?6T6<<_z~yr~@Jt}q@Y7o#Q6meAR-D@5>Y7?j~^M9BcW z*)X!o%mMVV^Hsvq2cOh-t5Ltq1X~>eYY|(S@$F50clLmQyCd9F;(E*bjsB(P$54#YJJPo&}4a!y~voYNyrL z&D)7DqQ55hCxS+8*Sr^Op>}>$cRwxNFDupy;VxOuY;FuC`o^n`76)FdhJPN;*ac+M z)~4N4a~N~Axe-6R9<=q9dfy=P7$t(+SxTc`^bKqD9ShV|Kdk@a()PsG&s>z$wq4*^ z({YQ#w2eO5#mkPR;=}i@#TR8qRY*0V@re08*Jfo9N;6Lzg>KUthDO_789fK9zg>XWVsV+_}RW5imh~X_n>BFuKzr1pc_&F-}h>{cIT%qr|e1>G~)1tDQ6rk z;K@ysczM8`LFL-AM6B^=VN4+F#+T-yS{EW^p(1Mi zy)T=YxqU@dUQD0weyI*}Ga(j_$2Rr^RoZim2}S{cWgt>dQOguQzyJ<^d==B*)jx3yuo%Z-k}#_^r`qx zMc)OhxHG?ftaK^BLKpq4LD{zN*yIgEm9(GxL*Ke~1tH&584-9&F@+Qtf9o=hU?j_g(wu(w zRf&QREUzUC5R5PXJPOh2qOu?q-uppXNB5Q$h;xU0yRC%hnU1U0l@^!lftS6!g&2AS zi-G?BV$Q@S>-&+dVt@FXl8c8iej28WoLEfF#6s?$8^IsA=GME}u{#+~0)>`# zHK8&=1T*cax3%;7k3)Hh3rNxld&x$@)`~p%Tx{8S zbUj+tw4ep>J7HPVN1**xcJ)`X&g*(jNUImTBsy?3c; z4VFvXwm&RtZv11i(M%+Pvrs`TQ!90KQ!i@OCRBPbev?5#;$4fXPsqHw*mEx$r6FqX zNwSDI`X1sS9Qo~K31hk=I+5*IA*);sJ>7MguR6qA3!&^SM%rv$BS|aqO&n2v-G7a#yWXSYK48bgd>j1|-aabm{3{vt9PAqX1R8Q= z|IXGZPZS8M=IZa4W1Fu&f{`In*i{GK*AY!t&s4~SzfZP^47UjeWKZ;S&U2^QYJHNA z#jeoXRF6x|H27ZgitUyAS?v|3YRB8}u4V@7)spIgo9QxPX=?p^72Z?@ElRTFOWhEv z*5Uc~=7!UBx}D>azh;bDhg0oDi-k+lGm~<*{rZGPQBl2g$FECtT$89URH_VA*+{{? zP5Uxi4>%oJz7!^;2>r^C^(0!q@i%U9K4145B!BS()d+C$2#bnLUQ%(UrfQQ8Mgyo749y#_BC3@rS!Z&pqGKlgh_B*vB-x>kd=U;Pfxq3 z$$JD;x=qWEhS?+xyux6f*mZ(Ag2QWYI@+uIwBrK^w&1cP7!x?v{L1oXsRM&b2KE7y zxsRiK)_mC7hD?R$PXd+s?kO6o=Leo)T@zL~+!6C_$RSS{vd&_6gO$jU#2%5uW^HbZ z`RNWQ6(VHOae$1TbYk_kvF~GwGiCQaqY>M0Xu1WX5ju&vj=@@2x4{gzi-dM3CWQIB zM;;-#cFaq8(@|5oJ`}ezUD#zL7fI3ha%CNrXNBpm4VNvAC_@KIQH?r&3j6pr_mfBMne_)(7p$Iinry|y?^uO4MWG#mDYA^gI%wkRk97L@lV`+(2sWP zgIoaGQEJy-?U_U9Jjiw@RvwVwBLf zUlMvsvU*FQ?+1RPFeoH9o=1(YUf_yi4SGIxG^lzJQiJ~ldUD!g0%{rTytbFhd0~qF z<6#F}THxs`EFoi?mTq!RU zc#GrywVY%3$KG&xND{kBOBU-Es_8~U_&ENY5dlFAuM`0R zU#8+2f;?B}|LDOI;!+BJ2i5=WKGfFM4(U@MAe08AOr$tHP0oKiWB+pp3H)mT!u0=o zAL{CyTuYGb;q(T@Ro;E~s^lVOgGu(EC({A4`93wo^wN2Y+B zhN~^rqaxf1T+X+svHtCnF#7lVKjWfo%i2DF?w;7skKiMhgxXiWLr_s=!lCL+RX2UA zj*5W5H5h}SoA2=0s$X@pS0-GUh^R~p)@pJv{qnPrE<$JA98uMZFlhN;wpu6#_zmTr z=O|P3$ru#{cJ6&asQAXPYUnBP3?Zc-i}C;cQfCufJ0SPc1PCh?wB4A|%6ZUQw`(

@vXAm-Lu$=Wi zL#Q}SK09i5g;_%l?_%ZNfhGH+(i8aW26WRwrr+y`8^BXq*7w87XI5LouFlD-uZ6w@220RjhoF@f#>SXQ+JPB zCN>&q{cGFWgqYRq@JkR7nCvGfCw~>?S$_NfHAz=cc5AyJY*j{o z*36%B=L5IbtlMFhQ==W3pu~J{hE+SBvkdYvOMmhUA690B1mR9JCT~pZ%`L5|FU^-) zRnTMYAwMyd;o&6z=KOWaTnkDTm$wx}_g2g#cj-4!Y`{f#= zww3mk$OZesDYfS5&TDTd^nUwzuV5^VCN5{jBY}3Q}{uI#1^~D6}@}x3?PX zUZ)(j6#nqqQ@w6PmRBg{?6!7L{QtCfu2D%~Yahqe%y`PunQ56bU9>rNIpr;{h&P(I zQ)b?#%o~POUdVfaih@8hOV_ z*8Ac8K40GReXqUOdiLJ`_57Z-p8q4(98c1jW7aUX9_@v6_hxJ)MX&R+M6U<7#o1wI zZ)d?mSFW|Q?Nhi@#sj#?^{JS(hEP3^pumO&t|tzRfub+^F;?GYyEMJB5S1h!}U9H>c)|jQiy~3Ll{o+QE{-~ z+~!m>^vdR#K^a7N9Fx#?9-WeupDZh`Bw9x8PO`$rze!oqXgW^k2vbI8L8|gLyY+eu zV%wCY?bts`^KZRaptP}WYP}@iHyayiP47OTQYWSv9vZg}Tr4!m)ShaSIaSrc_rH%Y z5Bb@+9?d?2czXxiJfQ@$cELQfSRPw7P*_&rFUs?shJQE_J!E>17L{dSr+HHr^X}$^ zWk(0dW`CxvsILLVd}$P3(alSj;gRz2bTZn{6H%ai__`@6iOY-jtgYC;Ee~ zc?RLN?)7JIljym%onHjHmE~;o)bp_n8pf@tglhql@KQ(T_?d1?JuL4_N8&;iqo+(KLh2rEKWXHo zRX~y9Jx2KxN0g{uKb+%@r@Q#4&VuzfRXjgwJyzcMP2t)WyB5x)P{plWl)tvoe-N7l zT)UDU5Me=?+vTycb*bDQwsAV0h|#n4VkGC+#n94U<>9z91p2J48hDF4D2*)`k7Orsh94|%4!)L2inSWa zP+8mU9_g;Nx^gdNUpLii!#6y}^^B)v%4IVg4W+cBuQ)kJGS(AcZmmnk;#9lVX3fIM zT?65z?3x{Gpiju#fy0(j@wCaN(o1t;seCv0xJvf30Rd#qH!QH>H__>RWv+38s(}|{ z8CH{1$K2Phm=f0nUCf0Ybrbyz@B5(ZZ@zwhRxgN&R*^~ff{&2AWq8!(*uk+ieL2m)dQ~T53)y|VK?%&&QarPB`$W%~ zQv^bfM{u^rb18NjelH~~@+}Dk@3o+cbEZS2q?@5BA8}MPB62^GpX8?gWpV z?ptFiBL4+o2K;@`<0tI98Jpt?V}A{8*)3jgV0W8WXy2+@RrdLM z)`|;qw)CvVbX|VY^911A2YrgcmmozL6@n&n9p?xz^(DY{vI zwCGV7Wg4zMJZ4dMFfB5(Q6>2PUHt?^tec8m+LwATFK0WUNNrt~ucowHdnUHe-z+!f z(^KfRy<7E8Q%e=DNI8!mJ z2bWSiBQnDg0e+!#+k2N^;V+v9uCBCy{3xsxG! z2V!aGaE==i)QKMBPCG~)a3L4N{P|2N40KZ4xIyxvHm4C_d#mLLTZ| z$-p|>@H$E&+UO-Sj{h==e9A^+groLoQ_dq%GC03)k&^a}(@Bx{@X3$3BCO z4_T87)m4;=AO0J#)IhaQXYyisXJ=>i=atJ#OJhv|wej6-ak28RdVr%|g-zvKj{yL{ z9-Y|z-#W|WyiPZVV2=)11+9M@vimC9)B3De@vPzUP6={DG26Vssr0wi9;yI2=~IQS z18(CiYKb~;?obW5n7jf$>h6-_Hz3W5X0Zq_Cg+8iy~~ws0+?^bhbj>Z_}4^zz~4qy zsUgcXxlE2f7#J*Ey&6uM$P08;uxj{HVu1BlYHKJGRB2kOy<*M3@l)bE?eE#3X!YX` zVarkKj%K_9oOsq6pO)OZOh-?*g!Thhz0wXJjOA8|AQoujS6Sl~q>Qc?XHN+XCOerO zky`3J9kt0$57rzdOM(hf;b@mlp^`^;>hcJ!{C)f3PbIvQ8uJOVCc1Tb$~Nx#M-c$9 zlLfi@#GpnEYV*5Ax}o#;zU*q`qs0;7M5xg)(?oq#m8=csP5QD+KV(JnaqeSH+|H@A zfu#8*2EDKvcO$NPH6_4a(c33i`T{S0rc!Jn6xsWL`F+aBBxr*wUt=xq;#LQUlUGvW zHUCB;ma%6dQ2_0V?Bhs@NGZdMFIAkzxR#N0>saeBc-gt z8K2JWcNuqv1dC&JNSCDc^QquftzCL*A6SgpT&;LR4Xg2!8;kR(M3!ewtjs?trUTEPlN

jB1B9%i?n@q%VPRExTdY-(uEc|Wv*CfYapBw?=z=qJ0H8NTEloDM8 zf}w&JoNAL-jSY?FU@!^9THk)WP94XUBk$n(`1;P3QI~|@0-R6A6dkOw4ZMiX$8*FS zjQXQe+#!v~a*h35Et~7aa2q2!@maQpU{8xo=&)JOnEK_bqusW!9(UXB+%pHr1U9=* zjLz;X=w3OfCo%pvW5w1>-dw4hMKR_p+a3e!xUsnrEUh=n_KLxXJ6G?)W4=3I4s7}R zwrvG3M{Z!bLcs}=j}}7oo`U}m;+#p>jWG{g^_19DzB<#3nXiOX48He-z(MCV^9#S4 z&J)LS$GJa6!e(1yH{!&uiEE~s5}0qblBo_cVTpX0!5MXJTfvbXN`rK#i>E2`rr_z| zwN%q|hcjXb{|i0Tcx@zc70%xs-bY=sSB^5NOdVM2*0o&hgd!CjH|#6cXK5_0<1gR8 z*gU?!%olz4fhH5rYBkP#?nY^Q*Z?KAp20m9vCows~o5SHdW7I!Dy~_ZVx(#-`Zh@ zI9c(tX21NnB_L!WDh~l`Fd_!LN;Qsqg=fR%Yp^x@A&)Y~t~MC90XRFWTUDQPxXPegERAu0M86FRe`>g#UKzm0|pE zFZKD-D|3J;s{&insMME#g3rq9 zr(tgU4?e0NqdEX9roa=R z?P>T9dY!b>6{`0YSJTNC&iz&8S*1c}A;wbVv0`+{O>rK**Dv`4-a@9U#WDtU@i>TZ zF_dEt`FI|SzT`8mnRKcs=0A;Om@mOfH}<1?(p=NNx&vNm{rYy4M8pZRn{Tnc!RPj+ zDDwxQD97g)wMM;!<=O(FQv5TIr`v5F#@d~uC%JJ+RsKB;l*PL+Id+eBx^cPp$lWWr z$J!(>PNT8^(NbkbsaSFJ^xFoZ<)_xNv)lDDm{fh(XUfKtv-Za0HB-QQ>q5B5zz(lP z#v|V%r(dG(gZ_yZ3kJ}b?pfbtq&HL{o{8_*CT=5SlKC0b?e}rny>Wo^omI- z|Lz6&PG`O|1cm+52ZO`UlcEkK_lx*C{r~y1cN~n+rEmbkJ!y7JHv5*LQ=E+#3&zo&J+wv8mkl-V-2=#@xiO~ ziI)y%-80V*at_@G6v5Y;KzVy=gM*>Ar_-?Dk>}t0yW-$&G*rEJ&5B8#hna9$Py6%H zTxk8GmBC{73sLzQsy*1ra{&j_IAJj)9Mew?jdjvb2H_FNo3f@Z>i%R}mj`o#nml9i zoXdW0n*BUdhay$g>KeezM}kyYvxD{<@@|#!{0x18rnd2Vef-$ci_~o*6@jJhG3C&f zT9e)WkphKONV%}~52Hn&LtFxXEAk3G?eRVY@gFy^9Sa@&?&ueu%3YXPZSsaI#$c9I z!h_I>KOfGzG(4C34Em#E;b7_f8GN?|4kn}l&(vVy3NNT!K-3x!M6J__0RaixZ7D-@ z#xNHGYuQ53C=@Y!iMWEjY@U?6P!OcE$X9Z2{5BQLFSxbb}MyB zYx%ct2;Ob6a@rnlv64;Kc8J||-URRHed0VDNIO~<*z6yGq6JV&`eOxWVrHA3xhJB*>oJSOyQx)|)b>*Kgs z=(F}gPih;kps?Lsooi_99@q$yQ=Z&rHG|M^EG<$dl+ommi(|HXWp@{#Oms09S>ywu zK_T@s@Sr3-UNTz+tUVA(Js5e!VV)-ZFXrAVEUvBF+9e@C@Zb&!9yECH;BLVk3JdOT z!QEX8cXxM}!kyqyxVxTOYyIDrfA8;{+jBdgx~ON&Imhh1wYT*#S8W__W3d@xR3SiF z|7%Y(0WPLdoJJHGvqHO=>*pbp_3zc{EFf}m&Ee(T9?6a*=bkcJP37e87;eVNhdyGb zGeo1iYvQp?k};5Ww#m<(h;*i5zNh>xM> zN&NKo99OrGa3A5=L)YopzGd*K27U2m39183=B0fO+g#bhkg$kD05f1r3G=9srDQlL zG7Tc-`2rYc*uo&W$}BxW6bn}&CeL1JRr3vRqy5HCuNNm6BB(DN;CrWti6CFgljkn>Wc?-6lXMR}txJ01boqy9B{$R%TgbM1Xav~te3FV_P|2cypW@Sss{#IeI zoKgFnk!hK2C@ueUypT8Y!hNyo3&K&?fD%Wg%QB^ zK?T`pQAd?emm|hF;c9|f_W0&ZcbRIK@1{;M!zDH$n}&;Fd9*rL?CRA^mml+qU$yp5 zw!m<0^nHE+bcK~wQ*-mCN+*g+!NU|w$)T_isx$ugrCr8ZW_cyc;U-%?EuDLkNS3w`Xi`R}|D88c^>ygRJPzL8 zMdXR8h5Fd#EG8q~?M^P`?y=UROhmz-9*S#6rMSdIQ4J0J19h|b{@`{89wl;J2!dK4 z6f#rCQQS>c9HIDftaNd{PlHkljXPZqPfUF3>b++9beX74Uh4cum?Gv*702MPjU}VQ z7)}lQR{Ch>vSsg`1^&;$?}2}^RmDL+FRr(|Q`+vC`%xl@IVZkz2UU+o+8nr%yYEE; zPU{1ai1s6!-|fK{b4_zv$Ggyt)C!pKJyLzfHg9gb6uh0L9;bKlFnrgYk+yxZEw_FK zoP2sx{=jYO5~!t~k!8)nl)Vh=*4(;KTc!W}ae(pLV<+=h1Odb?MyvJM$a$TAr6)VR1f ze8DKN-f0bxa^m9TTDsl@=2hQuX72aR7PMkIP6KYp8fpTso9+P6|xE`l3w8{ z`%&;*PUDVa(2{8tbXtoU_Y*5yhkH`37YYvPYZym>b&FZnQ??9~(81&sR%DYJ0t zeHfn5!b_jnjr3$GY+X((@}DbFiNPEm0&;LJB+Kk5^_d!nXY>4%E?-HN?|HtD(hGQu z2@=@*uv20c0yp--_wvUwGKy}+XcfszzaV5zM<`_Ne6o1-_WH}Jpcz*XAmMgdw7Y+X zolt{=`~L~2*hQ-SmrL@u`?Lta+@82X7v=eQk+;Wz9pw!paQXK(Nmm!FZA8X_rr=AG zB4GM%8lTs9wH3YHZ_$3L^D`Cm=3}i|(jv#IUkkZDh1F+yT-5X*>N>sIQAe>SilymL zD8WC^R->G7^qF)<@2;cE<-=5DxXtvp+kpV_BCEF&W1K7T`GvV5AsV8;BQQ?f9edhG zI-g9?w@lByvDEWSsK2qHE&THJ<_6HkBgW6ce^eL#vBqy0ZF7JU3QK0HJrQaKb~Y1&9RTkY6ac=ukGVy_danpJoe8SKn{DY97~JO@73DF*5q^%j9#I2St> z2Wwfvof``WJ9eH6GKsT06`@5lWnre9s@eRl_#A8I+>QyR4`0}{XfF$@0Jo@Fs?zy@ z9NIk%3+aTRI9S8E$jG*i@TM5Fi5M6^)9n-ggnDEY9c|psCx#Teqq<2o@i^@?*uzfp zi`n~IX8FQ&lZPiu+e&3WF0b}v$8TS}HMM~Ei35cG!sR#+7?!Fgx0H-Xr7sSfJ=o24 z#BAx%%ynf0oo^UutwY}jpihhaI7(}Kj2(XFXIT~{J#KzBRjo|ObSQ2UrX{oFz`&5w z{nkcRWi>Go-T+ULcLw(%itoqC=IDdtphc=qdT*6ALo{p_0}Pt8-(z_tbsKiITUh#{ z2X_EjMXq}L83(qrjPYD>Iv@E^OKm`u*je9g+<5xy5hLj>y@^sOKIWV&wbfg3`V>_` zEYlR0Jw3Zhd|cuCp>iTiS5G`!#llZ~xrptFJb5SKGX4QTy#-&sSq{bAM9o5&!JcnY zD5DiJ&^MKAnWAd5HeH||ad#fJ!{t1C+f7zkw#Mar{ z+yTogR^s)dXV{CM1rws$L-`4b9VyP1L8^PKznt4RMt>$Bwur>J9%Xb27l zpPFbX(I&Z}+va)KIq9iL|Gw0oGnH6xNRMV+I>;AIKuPuYy8p1n<3sK7qTAuCmhl!c z`mB=!>Un>E_Xomb+r;~Dz87bepvwSarg6#W&=BDcC6|pfeP}N5MYI% z(WWrpa619pduLV=XC$$gdM*pHWYk_&>?o)M*HAHMuom4QV1l zbl6A}B%W_|10vD6+UhW-tmAR!oOg=|Z{85`EL9IHmnbP!WjBZ*R1Z&2bf-378&{nn zP;%TExPw6-9Npq{{%HOj)B?h()ZJBDOXnMqqS>>sex{Op$QvyoBD$d?=3VV~ZUBGUx&XeytXz){#4N!BXMNx!aRZYjoC``{czO(jm$J6SiA@GWA zy`WMo00+du&Nke+tW2#y9bPPN)2WgTRWI34P_2S?XMe#nwq!i=f=Hs-IkZ9FypAi5 zspC_v?z5Qnqj=~*DEo&(6Q?7#dNYP`0BrcGtItdt)l~DI=dJXak9BECx=Y!_eDdw< zO@!&~VEv%5&KP2|X86R=g}RB3QG@u_t^=n^tT&%sV5Z*;x`-t{&?$OnpY02VEgW6=JGb(!p#{!;xT((yswLSs-5wUj_# z`!|XkO=|@gWWY^qnm;Amg|+2){v1JwM~>jl4myD`0|giO{Aws)I1(-PGEWh{yBG|MyV&<6Ypu;=pPMqSPlb(d zS>BfTE#4XXXcOVJ_PDLbACoG?YD`Y4_jJsMCVftmAu`?8XJs+BDDUD|a*x&P}h+tp|fTlbIa;$ayGDd}!a+B+NS$Kf7QI@Ry5yF}fh%L)rvy zyS#>aE~zXoEfv3G&X^(jja5|NBb}=FA4_Sij`LtPO@-mKt_qZ4)Zf zR%YBp=u#M0u$y^!1>ah3@SK?Ql~Pry-nw)6WNhjhx<~Xs2LbV$pwX_T&1d9aIzu_9 zgD$spCCsyUK*jmL)yj5bv4INtlk^=F*KrPw#X zOUa61VAO}JBY56f z+*>lW8x!;;MJarahQP`3LfKm^pr?>VduO2e!Oua~JA1=!y=50}eIrXhKUJK8vyQYz zm;x`a1ms+cHN_>e%FpMnJ8m6 zdJ4H;N9nNe%uqk`=vjlKsX4XS+@9jDelcVze0vNF_8i5VD}kj%a3H4j)NIGouG>VXAEHjv%a+verzvVw`50+5BoAhu`))X*$^( zka8^~`;Hl;@iD8&}mzxz&licbfyAtTecIqebjkZ)@L>eK! zPTW=hn6}ke-QcrGU88ae%8?w?%Afc^pxCFk4L;OLh60iP*ga{QJ?0fg+)DjK!g;DF zF7pPY$E2|sD}rl0V9UfD8y{WWPN&|HhFPEB2!DueF@?@TLm9Y0^&4*+v}>m}SL?!a zOuHiz^Pn9UPSV(h_Zo&;BiKZA#UFk84%%0YB(dPoB%HCqmb#(oGum*yHgR`98C%RVI?Kt-OZ_ul+*0}G0Q5$;F z_}2FwE}4e{)VgKLEDm>sueceJg=`N^ajn%Sa4jZccN&RZguX=zzjgeOL91GXsXqx2OWD6FzR~`pRU9T{C6- zX7hWS9f7?a0F;!?n%R+O>Q1-?_0pS z@-;jhsUIlxlT2n2D^4CY@6>Cn$t0eph1>*e$@Vv`P;Q39113JlT~#v=2UnrOhuB|N zm9-i<>!*pB&8IG2A;@W`SIgI*&G1#bnVV<_JXP(PtFZ(U5o*wPB8(8<4#r64-$}u^ z_+Rg~vhzo??-J&6sps~E!IRMC&PCdwGq)F&_cNB;+hkYg!z(ZIg32C3f!n3i)ykIA z_4Eq}EUSUig-@3PV~afLe}qb;8nm_gIF5dH`==7$Dh<8pZja1<^On@In^I@nh7_}z zYg=hQf}Vp2%sN2n$x5d>?NQVD9Dbe#$*ZeTSppdMZU(p< zGkK$V+R?9@5OKzZH>X23DX9sb!-}QpGky-yej=R59qEPUpN=Xua07Kus_9;e6Xixv zGf;sIppK@Jecs=VG$aPQQ$a=1X?_-IG`s0~5Y0vk!~J=+WM|fgDY3pZTRfCZ;%Ke* zcG>G$Q_kXwnA|<0GRKaic`on7J*{P)eR0u!()5tiW1wtflzlE#Cm!?1f7Nq$PHzvQ zAm7d$*1>5lnUUT?#jZIh>$!*^#E^7HK(R_wf@p_s#Ix@yRU>JDQ z?}_m_AgVmd^xqWau-b#yqCV9r5>n8v{bm{G*@-W($^U6}c|L>Y5UFMs z29$JAyT$}1pR89xrnUiT6`-*fw#oTX4T5N2$ z{teKUw>%qEbJY1^TM(Fj@LhHOo|>KOd8T!pO1NxE#AD044Q!Uyj>}aCZe64z)OL;b zUky=YhC>LKL0rs}&ymMf%-(o`4tPIHQ@%3OV%93T0qE(GwP8N~KqY6j2aOZ=?4|h} z)Giii^*b3($o3%{pr z4F~nMP7YNd7>nYOr-xCh?_pq3Iz`wh4cZ(_zWPxXFUZ=kk+~O1^mpYIP(`k8Nn5-U zmDF*YJaB8TNoxLls#n-rJqT-Pz!Xi!7h0aFYa1@@aZ`a3`u#)c1kCbh&T1_?&&dm@vS+v-I*CV({C%Q&ZcW_ z9GQcIWA$*MdxZ6kw5zBD1DSW#bi+{0C<68Em#9KL#rD91jq9fO_sb#&FGq;zwxrbk z7WZzJiz6<3#(V3ICFa@HgTS8eIsT>K&wW{#cC{CKRvkQG`N@fpfIIjrKX7B~2A3gy ztrt~spqi8`0vsci!efmgHqmeMbjv0iL`F3pz~xPlL0bss ztW8M4XtYO#$%+p5`QMdf9_arRfH$NiP8LKZ>TMR zer_}IbY-=Y)Obv)-hM<$0}al4)|1X~E|^(3h8pe3Ja`EZM*&nPM)*pO7hD}ZZZ2jf z_h!jjny#B5v?{f$H#`yemW2{XB0d+K7^#YDlkTD9Io9sg9kB$^Uo?DIfR

DVSsLTDAXZ749B%)$Gz&c4_S%zd`DvF-ZP`*| zqYptzt;0&w7*7Vorfl8h%68XSR5YfHF0czY!u2FMyq8f|g!`ik&)q~2OH`F42cV1` zeLMd2`I`~!@1BO5Y!s#+eG*(*O^Y#vDCUBc((6Nx$nNqK4Z5`b6B!-*R;A4JLIslt z7d*@Et%{xMA5G{aQ(68nF{(&YT&aB|V$-C2kqQv+f%Uwse9{WJ$o}$%CgO!(wn;eL z_+8>g^LNwYJ zDne_ueNsmlNBoc~(RvO;&qZu7M&gbqUusy%{F{o9cxzM)OXX7sYjnxmZ(Bylpd%>a zh#GI~&t5GQ)X=l!8R~`fdZAW>t?PE^zw^(YPW=L`0yx;Uoy?KSgOvvg@hq~O%{px|bGfwXMYz+lUNfZ>s^ z%_|#Q?^yn4A9s`_Bqwbaw`l7#MX=7X3yK^Y;eT~mAjC_ytrk?`pr0K$h&p_9JPeigAZbwGl<-iauaZc$aD09@c-8#$52a_0De^kW#-jti`pJ%kN4aEM{e?6lnAw9KkjaY)PZws+NukS}K4&Mou7u$+x@B4=YON)>a z(Lp&Jrr{;u)}SONqt{QqC%q4rzlg$TfChUv#6Z+v!bE8ZG|)8*=($7PmPwzs)Q{`6WBbC6Jji3#qR zm0XnP@Wb2f^~aYC{BM^IC7HLodRu*O5d?!`)~?;TNXO6k^7TI`QlDfulOnEgX9`&= zJF$P9O?2orrG*w@aEL==CbZ#xYva#&A=uXG{4(AOH!~_CFp?Yp?2KCqyae}jd&E4z z>(;Z8mJXQT?{viQ?;_|smtZXBQ|P!>idY1fW^f{WrnN%s9n8!>nrKz$s=+zYG4C}TLSWEC-=WwW-X8i zdKd0eNUZK$aaDzR=J=~pge}B*64k+Y|E&sY3S}QMcj5?r%*Jjn4b1p{=0#Ox-nngTz$6W<9Cpo zZyg`yhI|r2L@%7Kgi$;nDM`-iH~r>1F&eHAHTpr@<&EAOZZYjGHJ^TSbYDc={rc4D zr(3ZD$}@}YS+FNRa)hlb3Ve@cno{q26bAfGhz5#zi|o4Czd8UfD!ZZb&tY+5OTW11VgDQB@|)WiE>e zl3A|{tw2FDR+*$+6h6p*j`WPS{hgC07C+svg468qlf0f25s|qJ8Vm%>e`~9Ukp>$RE>F)aXE%s*QxdS`1!dwbr ziI+uZ8l+aMJCo;bT>dtY`-n+#1j6PcZpT=WW4C{->@?{M!X8- zPmz~t9MWOxV|RgF?E!C)FoKuKnd^nh{>=wBjL1_m<{J2A7^d)y3AZJ?C}zPpiSQchS!lUhjkYJ+B!~UM|K|6;+@{bEB&=C z6O0lM4^M;uKNpkt)u%)IOp;vYq9-pup7Ay5bX;a{upjhPr8)kIHV?crZ{MC3Z}MsA}@a3gtc6J z`(L`>FH(?)c^qR0K|<$cWznDmf);b>%PZ{~%L+`^h-g_(w;77$5F|Dygt!zJzYq09 zf1o{VZNI&Pb5F1JzLZRjH25jkibu*fZ6D>Z8h*^hT(?UuIR83)UGS>(^AC9PFiz>X zC7?k02NvU$n9u)H<4=a93uEE4gQqo_lsBbX*EDjsMuf_|WQ%x?&ZE_5~+Mr#uq1 zPONR3o(6bOAQBt?230oUPp)+E%`N@*wI!E&QXP~r<;m+QKsk)5Be8yF}Y*DD(jD{;>d%&IE zfD5=`_Cw`J4B{Wywp=?tAJlbv*D9Hp;pS;TNUjfdX`ab$l%*ze;wx(QI(*#-b!)}-<28>nRna=Y2(aCU&Ai#w7K+9x^sDQer z);qK^ukMD;4d;ktc&~EAW?t7usM`6yjNS1QJ~yCN1W*dZl|ZH*JNgHneqUV~Ni2S9 zy5tESYrf({%NT*L)Wy}?I zQ?l!$J>twWp;3P|?~W8HFO}`(xR$FD)_DF@?3>R>*_tZ1{ICIT!>B?`( z^_*6xvS3>+06h}VZ$JzOfll)SMjm0`VceZhwbI+^X6ZltU1beWi0z0QFO&YPmR|rg~2WsBDpR24Njv!poqJg zRKy-RS|&g;h4-E(@Zl@Bg{E`I26)c0w(R|Js6o!zG1^#T;mqRSab#*51|mv+meP=~ zyT>kg5BUAE+FR|SkMx9sRN6g2)Z)E^fD^=0$g4Snc;D${(7bF9-O1=)IVAYUH8twMdru0#67AYv2k&SjBGS>>qj9k);tH?0^-D<8H;8kAIg zX&42}h{Y@@cuJXgU+g;di(KxX=n9^#27@1oQzn5KgDQ0;(Nu zPc44+Rlw5H=p0S1RH=R2(DDE@R)0B6IW@>hoGf30j}Y zpNPfRVUsc*?EVCnl@vA$z6Ao$F}Mg;t&GGLC=V-swu8y_FgOCiWT(aW+n48|gk-h` zQ*okgT&EzNFPu{SGhuH=ms_L1i2nR%92FrsRB{l&Han+Z51USS7;bcZj;>|UP-uG!+7$5Gk4^bi4rSV?!^1=4YxD;e#{W#a==vMH(aC(<>CErt1m>paZRx!-#9i;0DdAUZ4k^CVk*z=EtgD_OY-L$8!e&ZDSwy`v=PU+dNcY<${X?)9}vZZ|Xh$^5rC;ZGALc_!VK z?-U84Q-3}jI!kLiMPI4rhTPwn^WnC@&k>Nh<|Z;li|#C(O+Wa_^x>Zm+vJC9usWU> zitLtJa3=cb9xW#WWc^SWR{zujT?TJi8&&@N1rKCO9s{yy2sYg zK)VF0-`(|iOHulKI_$CZlyWh0x%rGv!bzH=b3`-n#~;=C?MmbCs7KyI%yv;fmnRmf zWzY7oe4_0KE4|P3Ei!vWFKP{z#2OnbiNXYdn7=1_Kejr(Tu8JF2XR4XEfB6|Ru${=%uqW!)G}oKkOJ4CoCeL$?xZ3MBUsRf+ zNXC7+Go{2zR!QN#;U()PDR(Ds4}qn|)Lur2 zg|x+BPrD}WZcOcd>a4+jDhV#28YuC$5T|ftHT7#%v?1Jy${j&^d-@Jo&D_jlPuW06 zK3v>YbE3uWITh(|>Z%`j0> zbf25-?b|$`51w8y+`KzO^{61i84|BCD=F1FGn2i0kQYPNFJ^zMNEpiZ!+d$q@!Mh) zspG4?d-@6R8LMH5GA{>wrzRD7v|&uD??w(kc(#VX&#_OA{=u5)lH*+X;@?2w{e3H+ zObK#8f&k|Rd{EH+r9uFfKO-_`%Z^d-<1oA^+sWw3658|hsEUUlt;zr4^WJxlQvDaj zgn@PzkH_`XXv*BoqVXCqBcoqXI}pCR9zVs!r;z7=l|G2~MBX^nxoq!72c zY{yz$svcP=#~NuTU3Z%O=B2G;pVmot&5jbz({na3U8^np9`jnxFXC{AUv0J!K60L2 zjT33-dM^84djOlxC$X;Q^X`ps!{Ramsu^UE=#7D{aYpZME9Zr?tdS6a zmBZlJfw@W7sUTIRp!|?@k4}rwSt)Gi203HU5+xlck&N^#v&L7_dzu{+OtL$>ixIY4 zn1%UlQWeR4tX8_y*HvUqbAr@oDvcnXVxMn)$%=oWZ88ny#Sja0zTU?45j(Cyi&8nm zeU)7oh4susY;8&9+|pK#ldFlr$@(PetzpgXw@X(U>(@rWtx<3XQ?$L8#5T=k4%|Nw z;n)1pRMjsyA{JvCIu3**u(`kfLI;1-Y+^HgMX9qs^3lH8YI|#s-_}YV`+i%-C8Zpt z(P#M_B9&{hSw0aqaow-ys-m}QN9+!64^)>V+%zxzW~D}gDNB`nQuyHE0_tY$*!BRY zu+C=*otJ#>P#=Xr^b8wm@+uyS#HeuYtK5-#EuM#zp zHTg^OSm=n-$--ZkSH_l`Q|=Hfql*3mI{aCxfJ6D>6oiy%lckGDDVA?@S|Mq4(CjN>oGu8(ylll{k8FIZ>VS6 zXf`V)8y4HKy?^G}6_||KgZTev|4yUQ{E*Tb(){w?#@T^fZxd_U@TrK>c7l8MB7JBH z3<2ud+kNWmF@z#{hWU0c_}0pgKvbI(JG+{)9y&iJ+@eSH1qkLsj`t76gRn000+4fb zWXl&_!gr(}*Xcf14UV)>gjE>rgHjT|7mhxJ4^-!_KS$fz!OQRUt5?Y#alr4`_Sza6I`{_^Op zJpAG=dTVSPPg3hdOyyu|oym}?A&$$N5w)}x;{4yX``)r@^a!(OBH7PMBE+||CO0s< zt+N$|GuRr$a3<x~JSaY*J4YsH6!ypbVo;FA#BD$;L-0PF;acM|x`Blq4cp6C z8}U(oT{=QTrEEGxqb^>|a{=9Un=&X+-A=6`3W3JmsqaAnm+H(I>Z|ZcXLybvm-ma8 zAM3_{=n&_s&07P7{x?~2DE}74Jd_q!BSa-hHw>2w3{S@jy*f`#PrAa3Fc9l}*j!G$ zS-nOm2y*^>)+l9im&)&wqsk-s9p~^`|HFHPL8^LHA$iBpOI#jTTHjrVFr*MX_w3I`u!;h+30e zO`XJ%OJYcmk9}id5kh-nA>-#1_nTNi-!k{n=vg20_gn(ph3$RIa`n{Gb&p~MI~24W zi|^#pn>-F^-RP0jF7V{cG?u2U*5V;UpwW{_;2rmDkFaqW4U7y~o}xBgxJ=Rcb+is2 z{tA1pV?-zCxhnc$-O;mG2Ti+JJ^8LML~6k6%itO|07ts0%%3S6T@D6#-9#I85$=(4 zn80jXydHn6HS#FvGXOtOuv@fDn3H@^m}x?&gmLb_-!PMXh0(9R~>|2M!BhWQPr;TeYPG)hTy0ezRM(9FO$q-tYw_BKj4~mCk(Sn=mS)5P) zt$<=z2gHEi@vLO7kVd{LT%8^r^cBB1q^!iciTl`b%%3otp<+X~2%}iDd*kqscKD0B z+WmxcbdqK7z!`*|YiHC3gtf&eR!e!0t2kQ7(7X(X=X`TLH5S6&VQjHTB2%+YA~Bl*i%fwSnDGo@OMKJ0jc6w=EbM^{{^eM9Q--$P!OC@+{afpt@PrXy8ZQ zIGUfQ_6c2sb}6-!Qz7;g4?W*}?N#PIUv9Ikd#(WPDt`Ep72J>z||( z=tbU9hosh*aYac;AV&q5Fb55fw;lMl`jCFirb#MjcPQ3+lCK~KaW8ol^ei-f?CWF; zXMZd3mGH6thyYWhOwknhQ_n&r3l)Hx+GUIR6iL7RNlAp6Lj5q^i?9R zWr;?*{(R-*5A*3eb=(>I%rqgYQx>1B!s@P|B+p1fJN<1aVwO|vJBe*3H;DJ5VkWuk z@M`f549pWz?XoV5TQx6QB{qr*1I+me*r|2F7N;9&<=dq1dKTmvfZ@^1ozQ^y$#+_o zy59kHm!IMPto5TC_Vs?U&vw!+`M^L)M@R9b)1LEw-cjZf#AL-3qzh&(lG|4s;ytf#Ij3}dNtWOO#jEn8yMD9b^;v{vRFpo(-z6WIU)$X5L>z@Ag@~jve$!AESxKG-!#>%68+I}-?i13D$3|&tY2Mu13)Fn!QcKy3 zlE^KQWxcj3^oi4c6{Lq2nM({O0Qc?&yloDVo!s?HaRK91o*{*1;J>q&xv=K0@QePt zX*~5rfi__G;ZKCwbap2WD!c!;ld7*LPY((d;OJ?}VAHb|TZ`k*1;>kX-NKG>anzO(UZxp$a*Yc zUO<{yDWW~sH>I5{eUziZ=C;dCg(%n$&?jk4@=g)XTSKX1B+&rxzP=*j>mKX=M$aGK zrx0fgIRhzrMLG337xDP(m$i-MziMXA`ZKx@$FIhBp;y zMUr2LccK4V^ojASBs(x(me)tEY!o{mOB>r-->vs!fx}hdOO=e$vkO9{YF(C_2xoDT z^l0=~2RELm+qKhKYivRPM4<66Hi5*fRy3!R$L%;bKYvN0eXweC7t_Bpx*39q z84|@kiPd>{?4wK7LyljEqLyz_W=9^5svg->e!d>kJ5_d*3@70q;Mt4(n`Q@xw%zjs zP1EGmAf|NNM>{q+Or?v1AG}>H&HN}D>$pGD?=hKGbxFduf#m&oR1`#-=mr$DKG3vs zS-&n&WJ)j}i;5AgI~4r(->h~uj7|G;)8+p$q6MBRT!;5CB#SeD=$n`n!Zx{lsS!qo z4;5PuVEi?8fot%(IQm;7zk2bnOkb^WxhUVRZIeek`zO%<%AxI39P8j)B2>Hh zh4vHlbo$1NdVZ8d71}AKv$NXg@>CZehj}ldbMX9DN==8&DE3rMz7yOpXK7vfK=fRr z0O=X{;CdqM=^S|DUbY|f)kutiQ@89%?*SJRlC#xTNPEB^@}co7T;rs?La1M*e!MmR zkpBb`5QKB9+(9U{j}OZ1;fLW#ewJU*>>$8{Al;fC;3DuGRh}Y4|6n5>x8s(**2!wG zU9b_I6|CXKFjt(k#M(gH0b;AFx%;fQK`P5LsXBlQBNhS<)<4C)pcu6ENcmCn0vP)KGg z)46DyGp2Upof5f)8??DORUqN8f{s^Pl=D%`mBc*@uR$TNF4q-VA@VS%zyvN%@eHe# z1#)(pT*k3=(Jiv+%`1LIz7(OmQ{ctv?e(Inp7r4Y+9Nlc-p+xNX{+5f_kT4d-OkPr z*l_m4<0_h!X=L5@veF?pDdiWYQzMi(c&kzI`xaN~+>@7q?Si37#1NMJ0tG+^0u7sU zig;JMK;IX-4Q0l(r{L`lmSqgWYcHo2h81E*WDjU*4vpq>#RvgAh6mj(@AYoZ{7;^J zRjRLCj!sCLGGo?*+HeWB7wK`=;a1d0QrwlZw*Hl+LX@JnCY1$m^_Zrc@kEplqMmzB zn9!X)5%X(JK>g&ra#e*rt|E0=@*;h0^kdZ2HJRrIR^6GA?LYpD1@IA$WI3z$2B|N`6qg7jT=4#A!31>egv)Ua?Qknf% zmKC+!IwHXj)cj+FSlhl-iB2-nFDXE+4EeXn=m8z>R0w56>gBxuaGlCa3|SU~T%Q*D z7i`9`*!v``&ZvGkn#sE~MwiAES_T<6mhDpFMeNAzd9BfNetmvKC&OvasRa+*eE~m8 z-jogtI#A4dEf4eCQS~Y=!IGoluTiRFjVCI(cS?7hb&up&ttdIBo6h_=U40z>Fum_> zE5Ra3@axQLyQHIDZGE+H*&fv@4nU6J6f4F_>G zETO7=zvC63ZcnyAvrpLx?ML+#pnJuojp7rAaRq=a!-6w#>J=N*+OT!m;421qgZo$Z zczG`Ibwze{A|O9s(K9#`C@cn_4`YNa$X2L5>)M0unI%ByUsJsCE^vaCXUVd>UKch) z8Om)uH_byTw4~zx@!>K|=6Kd+h%_c=FTdbe7wkx*FB@om$Y=8rT8XYc6YGilLTkle zN?LL?4@E*(r=jm}fGBqD^25Exwc@} zN|q6Z_!@P0=T>WYC+N0_qk~uXM23gTLbZIKidN5`y5n#2SKWKZ(W-bSOC2K-^6dI| z-K%d-_a}*PXBV>WN94I`OrXKP4Xpo;wH8xENqm`LFfeg$|;6;u1s$h)P5(sd>}*N@x+s2n+@DFl-0b^F1O@% z8!ZxV1jU#@0joR^XU{|M)vE1jh;zok2NmGpEB_lgeam|fN9VxBJg6ecdcfi{I7v{7VXx*?&Ij$zWeP#wg8uhp*UAT`6Ho5Q2%^4tpqvfl6cQZSv(2Ed z+iGa#M;(<+Y+U2J3un)qY&me-x0FL}pdYe4(nQau3J)}zkwzN}E$ju!Gg*F!&UeRD zYt_6F^kJL(7`5vhvv614}$nS|dBIY2V!#0#_Oo~3!WLiK(8NZFi<^~IAr#@?`!!^w-lF!_ zuHN)tHG&R09^e92z*HouUo&~_oA1{@&!+qq7+Cz7Jx5sdMLG(gZ!tp@zk6bxbk6{$ zgDxEexZ+_}ahzuSiI!*+}R9zMV^7NJkxttxBJHJUfnU= zmQyOe5|j688yuF5t%8T>OwOOn)7T2NfnO~`8vC1DW}UL(QLO2W@7e;7;l08R#7HD` zwT45)U~sq|lYK*Q1SVt6GQs|PNk5A;Vvydz zVm#v7rZh+_NJ0xfRs3l+i08V2HjIkNDWg#VeWq5JPp9ChK2m0y_l|AIrB3+espb`@&0 z{Ppw-FL<%L3isbxNVSG63A~>m1L{xDai79&_#?*B=n$*GH)n4Q?eI$f!V0x6-_szv zv)$;6lOW0d-=e&-+Y-BJme!#B=X;YcnXvy)Z(kV{=d<(+L4t<__u%gCK@;3v7I$|i zKyZiP?h@RcKyY6m*y03thXA|p@_)}cb?>eBe!5k6Yrj0ZH9b8&Jx~9-XQmtPAihBW zmOL7Xt`VaVdVR~t#^fh;!G!-zINF)iaDg3L)WU65`CY>#EZ1KC>QEi_k<>@8(FmJ` z@EET+CVY7!N7||?d#8(|{)aWs>y}hGDn3@A2dU0Gej#p{r?8M^r|yd%m;X~J8yjv( zE1@5h*WQ0~-FiKlz~ePv&p6-1L+-_VC$jL-4YDge)CQU}1-SH(Ku>>eRKQXyl^sQF z;oMmtQMMo8)(G5kWDR)?F190T-jTwi=?_G{_dO{4Hv2*Tecb1!%LwB!4IUJG1I7 z{jg@xCJxk*a8dd99rkC)-I<_BC4>Fu!}+?k3=J|eGNum_EY!JC#>K?MDUOcP#>Gyh zp{UDmE6iV7GI#FNkW|)MbC(j+dJjlpm_?xI){^={C-WsJLB8|;g%VjciJso#L+<%L zrwIq=zR-Pk^3z23{eWCD+0LzX!4n0DEnN`x$Ijn#s^ddH$e*Hv)bIC=edG0&sP?9_*WGqpuASu|@Y} zFEr(g(gN*B<^7#`d$#hk?5;hCcV}++l0p)JvaGMWxP--WC>-zLc1pJNZdy+(Go6O& z6Zpy*0d?xWxblsCZpPTQQl81JGg0^L^Wao(#^_927d#Q?F7)!5E8e-oSg}?aH|h9L z#sEZ^JIXhk~*T9d6y?Y}3pqbc9mZ$d>ltqK>& z^r?ZXIfi@Zi)!fuv^R3S&Mwo5*R2e{TpqsH4lTF(GqNIgS4={@NC<3H@OmGs`HZmN zD4c3<2|0NpXlKf8?eXr`j_jbi^!EH{QD||!qOX%Rf-fHXQ;y1#e~kqmz_o$fala}` zx}MjS1+X5;VXoAFR5q%aOZ3>XJ`v5x2@ET8YXNq42q{w@@*H^(k3%L~n4G9g`=j5pB3D6gxs}i&V`ou5vM1AAdxz!#V{t8pMd8ft_oOvuPGP~8% z(Jh`wxZ~9{80`HODCv%+j;8L~LGr1zeK2xG=?!=y_q7rExw&V^(tN1lYqlyI7TzD?Sp->tDIhNvsADa5n# zV3acow(-4Pnw=pl{bMK7kl}#%h2gMmxp*~0f;)IS1)roMoG&Bio~70PK#F8f_i|oM z@#0rc6=Q9E9yoCz25GyndYw9`u%({q=nazfcm%8_57R?Lpug9*1M+t>BPZr0q$`a} ztIc96)80oQXz5s#t$ivTUzymG(RpKIrYyE#0)YL_#q{T;`XkeIK+4G_S3Q*1Zbs0T zSi{DL-d4xmVdwjcn+DfVz!9f9c}Gp8+6Lq&xEOnOwo!N;siX?e)Uy?{YwbA`Bn{!Eflx~#o@%h%wK%qj|gr#KL6?v}k@ zq|pk}9&>-8Nx+TApfK5y$0fF%nDHgj=SSVH$9Q+DLkwMu_D^0%dU?ZTvE8nuh4%-8 z*$lUx*vKj((80(dm%hktTrTgBS7i$%D4sf)|D4Nn8L07brut)C?^-*~qq5)A?su)L z)Hn(U%_veeyH$}BlAma{q$1rb^^AkOlMH*Yr2bW&VuGULL;NL?8`I`0!-%PGz z@A!Sb*=wDSw|M&BJQu@4=baxrwo{zWvah+X&jiLn5}m+$i2B0s+=;ZjSc;)&`Zs5- z^=`)=D99!?V~QiaY6B|yH_QOV|BsJpcW286>*Pq}-`Zqk8gRvt$e**Rj%T;| z#pmaZme;yo_IU1sZcu>O0S;*0Z){y(_S@utj zLHlPNz5-t6WA!pkeX`sqo{EUMcAfz62KL|9$~;du!%lhw>3|V-U-FdwynxfIcLC4PrZKWgUL^cm}(&rE0c!;H+gpQ?r-pPxQi*(-YxMz_z4zL{CE$v5)!q* zagm*LPHk?444ht~M?_Rf=cM{SjPqJvDLx8JUH!6+pKbOwprAN@zvxeVem)`DNv@r9 zb52?u5N)}fh??*0;0&OkBx3VB9qdXoW7;n`u#jI#RkJC(yEzf=;=IDh{9P&b!UN~+ zecQgFsNqW@=rzYGbyp7xxTrViI=CiU$sg&stQVr~?Q(sqa>-ivREZ_+^H-KMHgYQw z=kUN>C9oo!vxN2~Ma5lxl{do5FmQw$z?9e#7Ep~Cu zcTGrZWJC7ww*A60sY)&-=fzRc)V@gcy6?&{1H>AAKP)^x)bCrLUH8)hCF-*CHoT}1&IIkw_4vZvBY3ovptFjwNL2e*X-Vzu z?!4{l{m;&9r*AVmJ7gKa3Hdp#5Byn~;w!**H?)o#FX1eE);r@(J?sA++kD>V009n% zivUt=CVeO$TKxtAj)HyT?-WgRj&4Dvn6uj~CMcq-sK-7cN3 z-EVR5W19Z52B!S-j@W{1= zjDPH%+KC3>;P79IYzC0wu)d%~ug9cNtjE9}MgTu;->?jL`o(tgBi@8dXRthVw8PWn%9#F=k_-#U{$;wB=_&{E&FC@WVE5g>o-%y5ID2hfF`jX` zh2Ycu2&;B(Kh4ap@a5nViPCqzKcOQ@OLUgtc1k|X!&+M2?v1CCcaHPc#`Rh01W{Z= z%x{pZUMxVnnGtKvBbeK_lFdq-wt?4Sr)o~@Dn4s8qCFayTq=O$GK1b2rIGAhx-pFT z@OmQanc71X73`ltOlEpt3Wz!~ReDj*_Moqvc03Se9sb(7OHg=bqFxs5_X1R8fwiLd zgY;Ph|3xn{IEXz3%>I>gea1mL0TU~&8^R@YRbKIDdCsCbRy8kl=#<7ju}%4EGv8M*nP2ME<7%vCxr;|DPAZms9;r*xB^Ar}$|0bH+_RdPsj_Q^-zQz;3LAdq9@DRwE~8JYa7E_?<|pLWj`FH#iiI5hKyvfryB8 zkbUzER+6^b%+W$XQ0qnZ7PO+)J#Qh8Uk<8A*g^=(vH^+|pj7wpPqfzV`0z7C1Q&~R$C>fZ^7>qSY5C zF}5(I%)!uv?b~!V)gKyM3lt(s9YnOb+Ztx7^I1m1{) zm)i&9wJn zW|;S)*+8~)+MiyD{C`4q)a`C6U8k4+&#(t=Co9~dg3vTOi>Bg(#AfZ6Zh^48I|HVV zXG7`JPY6n5j=kivX;jBoW=Pa`E#c`8t?#t!eQ>K4{YU%Z_(kwcYjBi=ci}}(#yecF z?L}WGBMIIQNa?9y!&y)+u`EXkjqxlh<`?+Hq=4oe)0<3d=2EqP8TYI^VWerjulUw{ zq`20&QSY<`OVQa}YGWkaL33dD_n_Bq%vyZ9bP>SCii}qluqx*xwi##EaymlQU~bUw z7ncJ)eK8zB_sio_-;@1YllcG)BN49OK(C09_)WrFD|IgmCg+zDK`@Md_DWZDQ!p=| zVxzew&F?5d8WgnwzDou}Pt%FuJ^OeAi7& z-yZG z^WG{``f|8yT>rhvoa| zumEpCVmnq|Fo|@-ewTFfFL9JQY#_{T1H~lmvPXkWV+nj5Lnz`*BO^YA%|q=Q0f}v^M!E zG0lwxz)rZ!Y6tU+=V&x&$$3h`hukWa{&v@?#fi>iCdYTD(!*di9W7rDKmbn^KGr9s zoKpEBtsz^tct`1-JGC!ee*Oe~O@W7kBECZ3QqwW*lq*~lI0HVTmHaO`>p)t)2B~Np3NK~71Y8+2yajds(ofKBTk$c-J|L=q&VmN zw&j{YcW>@jeQ4wTjg996MUCYpupaPzBmWMXiYj}YZY!(}8d+a`lrRyq7R&~_ugP=J zK`n_em~GB)mhpM346m*AIwwZw!^lB=G%pRxPC#}W>&BX|KVcyCnJXS%yrU&3*UV+N zs%=B9u&~hW>&w$!swa~;l4#NY3S>2F@$=3|K4;985XpVE+j>%Q-_?v%gf7Fx`PIU z>aVCbLUw%1>0*e;k>h0$Z**j&ybf9KzkmPnk-t{IJt`v*BAAhpfx}@uuAuS_Q(WEW zc(Jz3bT|$k5&r5=axxM!vX}55LE)uz9iI$U@ffGa5r;Q$e@AK|^d|@B1)UPmST{{?W-n@Bc zF@Azz^Fd`$_zfkl3YAoghzok>qvw$Zi&oL(R~Y(|9Zzp(S{w0y4-*hoi;ylaB$$W8Nn1u$8PVY z0fwx&W=rJosun&fW6MiZS~RwIN%Vy2H$uG-mBSnn|4djo#2M)H5DpG;c%JDq;iB#g z$L~k8_I&zG%g2{KlYsdK4({cw#sZ8J3spfCL{gsv@|7kTqxteg`An|JcGvx+jEvEN zNUY`7Kv7?h^FE8l6wh?2f6dwPYzZo5Sp3Hxb2;d2$m{D9J9gjVl9Q7|J%~p0V_X+k z*B1v|FW7dAf2LSfBgHcJ5q0hSL@@*rs9vFpV6f=zGD{VPK{V9ie!SEhDBA4{Em3u@ z2~dcPikgMJI|u2l*T2fFWNg3iYmm!#)j{R>;7J=_p}0*N`z|B1rbJg$e&`WyVErZA0Hp@aJ8+9N?9u_ zI)yCmBEuIed75OW*YabCq`jpp=HLRe7 z00AO>f15?~j|I?82yvH7XTc@YX?ORM(8bx$YQ=*0ba%cJ2W^A}D)0JLfh|vi6-&q~ zrh?sKw=P+&+l<_xi|StueXU-Xya*@OIv|rj2iF{%S(qvJiphJ2s~*nB$I)l6IC;#`1iWlOl-)>bdfKG|wt?KSb(+;yd}c_9qI$(! z78Y}jqfRu=qwcU@jU+VsW18#f20L5ybY5LybuUX^`|X=Tsc$+=bQo_tN_T||j(dgG zQ%(jX<2v-Y2zk&Xkb9&lWmzV@lLl^Bm%JTtXw@*1bCS^ov_q=q;>*8i^Z!Mpf$_tX#{ir!@5r8DxcET9a$zjq%Y^>LC#e6*fgB=^xSpXs!GN`P06!c*2V>K?^B&* z`QxokdF30r{E)d)=Zj6)y)vcE`06Rw&$mE2-plNREYI;!OdMTV6N)lCW{RaDvQTWt&E{7sW zo8lsW+Ht+tWX(0)*>5CY4op+K(dy*rH3gpaCOM0QBvdj4Y2qZq#$-lTPD$f)qatby zTPY(UsUlZbCS_#ym32bKree;!Du3lR1#6KViC^oA;VWoFTF+%&lAZ0EfK%SzaEbIz zN?vp`jxu;9Glps;?;zK;>_6V(jhW2J$wM`~uz!@#EdqeYGGNoXBdZ|g%BLJ7UAYk` z>OK_v3!A{3+L*CYwmAr{LeTodUO63fI9e7odlT{vymp&^lBlH?cKE<7p1kd`y>=CS zaIE0)-&u-Hpfl#akM9e_oS-DKM%<5Gh&d+jRG z0B@1*oJIe={tSwD@-^DV^CQpSZmh8;?jK$iw!a&!zkYaq4_*i&l$k{Pn30Oee_hM< zj9odDT;!tgxuCysP%dnNR%-M6lS+92pmvKS~ zy*Hi1yRaiPS%{phL%^Sbt|wwLM(KYzTZ1J`<`1w}S5#2@fJ}a~mFd29N6nWTIBcM_33pDJ>UAQY10+4mirMdE1(=L2u z%XCxM7*2pFtH;iKt-R?q7YdBYkx(c>k3vMmnV<s6ho^EKl z<5~!WAex??$!FcIJ?_j8+JTG7_VJ)wn|Um|-8{X!Zcp?*_;aDYqBWy2%^O$xPs-mp zmhNWTsy;#uv&t4-l*=x5>zPY|An_k!!7xf@^sfn;)#aQXOx)q`%2xdE3o<9IJOtC; zkq)HfptImbjU#vnqJ#$4YWLPblZ5Zh96pN9(L8jx$ECnj{>JG0DqYhk^6tfyJ~ABR za&A94((n%d9&FFcuVrXwxpBffLVSr6t~R%Hr_Tl<;7@c^*m(5e5cQg=#M+P1hL!R1pl7sxyDy}5*}LIM-`O30c4(;DUA`jbxN13 zhF9t){~&F}tl;XiLlW0OZ>m`f5gqK7vOP9JoBF7(LCf|<3drq|2MCd4eQpTNZGm#W z?{e%K52Uy_vP6@-^^GfN4%ljx3J*BO1F`xE6mq`v|DDcHlzL?*js)(^Y?f!k5?5Ex z3_Ei(%#ciNH%IN5lgYW5z8;Iz_T;)pM!?VU;*Q0rANK|$W@f@6bAFaO=ZqJ?o6qf!3eEisuu(XI@Of6u1> z`jpb)3)|gXByslxs_jbH#ftkhw?KAq$R`GrtW<@X>kl+V!M}-RzcufnkLuE%yVXPI zpaV6UKEZ)Kq=H~IoqD*`S!eBY-1P?@EgtNoD*vKSc1kPRI#YVJenY=d!+|rZ{S@Qr zua+C&EI`61JUQbbaFtXum*F|g0iz(nj*kSrce~pm_&wu?*0B55oA%+jpvt}O&x^pq zLN>PtIFC;B5D)t+<;vFlIF~r#aMclejiQ+%TVYr3owI;c%J_hh%Fs0{bz$tqu+NeH zYfcPbg#x1UDe4Vm{b9_+X zU`5DTgJ~;>u9{WPdk);=vXqlgUmn&ahaXi~_@`ul!?1Y&rR<|IW4YO`;pYB?{lT7F z3=4uALfKlRLANtak7_l)`}f8Zma1MBGEaQdn@)itEk2j`5!)kP7yY+z^r)FdANNI6SDTjkIPfpNDN`8tkCP9d9`}|2 z{APMzK7C<{s{CLR^>GGMRWi{156}UZXWB2mJFPZgYINB=aKDK2mcT0z>rIW@S8=Bw zGJcPz*fy*rit)~JGA`dI|1`{|8_|4*qD|4A$ti`mX{cJ#h;kVIySLV$KcK#Ivz_5F5Xo2Au#EoE|O}Jd|7fibPP}=$6rE7== zg)gW7gIh@3_!P0q);N2|NA2!ecYN z?4|E}CvAF;B*aEj6kXbNzY>Z!aR(Kj2xo5-sdDlfX@;;>1mSC-dJxf}75O*`yAUs* z2zQ3TWdI8FrazP-CZ9SPFV03{D1Q7XsZrk-4L||-r^w}jLk_JUvwt`Gs;<3rOoi?`A#G`)#GS16 zNONzFOboc+(ACJLDZ@V1oAS-gvPnxiSu8M3O=L&rW{t~a#U4Cfv;VFPwTA@EXLmjR zM9B{e+vXq?Q$eYon>V5Yob-e~PEVU{jsNn#ypeiSlz9~n4&3W51DRAKI!+l(&scUS z2imw3uFmGv*P{I?qi-SlaFYUAy!{c-G7C=m?MJ{9xnG86bhk_#eB`#7*n1Bn9Kpj{ zvkkIQ^9mRu({W-zm9R3{?tEu#)3%j)CCjPfI|m*FHrRObFM4j ziN@Tfv1na>u)Cy?78SwmTsymKZn<$&?7E~mdMEl5{BnTt76ntp2nIHm&^cgT=q5Xx z5inRWTlP+jSucshlf}n_2gN8NZcjA}-X?}j>GwkQ+Po(J^V3Tp5OUU8@d4NH;JT+N z(0R$A-Op)L1_K05*rn@QsaweQLz8L9sG-r|AmjF@8?xFLnp7B^PDY||k4P?%jz=!& zv#Beq^uQ$42GiXx1-#2$>7|?8(S>n&MQ)ty`a7KAq3>S?v;%yk*8pf#W283F zhOVLJ#%=mOf+f0GbA9ZHi|>8d?dEhS*2Sy?aARSt05`Olv@>X)x@! z`Ds0v)QQ>}kX%<(BxAdr6u}<<9@tX7c)P0Ksg(v>aI_qIZ% zghyk-`~J^VLzycNXXL8fjL?C@-+@?i20m!A2gcVyLbi7j4L+Gs-44a?6pu?K03+xF z-(*ZRN9yttj#lcWUA%VE;~y&A&){nAWrm(_O_&Jl?v=mAwNiX%dEV~+oZS)4>BDhg zq(Nat_zdIR-0^{kAbt@0>)fHF#&z$4d-6ZHoY9B9M*v&7n((!w)hir67uSNioQ@hS zU=6bds3}qMRN8rELysj5HEUAZ!-FS{#h~8`wXD5@l^wR#)YTC2ryUyA2=+JjaY>gm zf+|hMzP>(qcz7d@$4djbv41RdApIVE*;hjDa?u+V)~GbeQ%wQ|wvevQw2Vm$Xe{XC z$MXoCIX5?hPSvtPx_r9ws9>PgfEkA|7a==78n64ttCReY(vZDLCB%4qr=@|@xE%A? zq1W%TV?m1d&$LKrXs{S`MD%TjwrvXTj#bKzE*>|A`&YMTtXW67>61 zDn%BPR~TigGBPscOiaX5^a93Tp3+DhS2nQzQLg+-2598M^mu`}>3k;W=(kONIq&(& z#%#W=z`oj4Vw*c7vu?|P8H-PF>c8U*ud4(Vu_)2!wg~F@8wh$NrKCibTIX)iMHN>v z7#kZmSuH0Ks;Iz2oql>998o)p&98&$^L6WUFtRP%a-b5D_HEMUo zpaNw|1hDe2kckN!K2n43xL{0HYEy3@!}1LmG~6Tpo&S|%@^5*`P!2G~AO4>nsTmk# n&*oWP>9F%dB@W%8UxmPZ@7v3VFSVhEfqrD96eVlKje`FR9Ej0j literal 32956 zcma&N1yt1C+cr9nsECM2BQ;7$he${(Al==KG)VU#A}!rg(hULvl0yne$IuMj%>V<# z44fa&`~S{)&$qt!tTSt|nEB=2_rCYNulu^M9j>AzjrW-1F$e_0la-NF1A*=pgFye> zJh}%QS=zAk1ODNBlF@Yqfu45X{r!`~`jip`dI6G^e6Qh^vA^hVKslYsc~jLL6du&| zj!;O6O6ZX(VN(A4dJ^o6(5WOUg?V!RT*qd`$;F%YxmMn$opCM0rJ;}0&2A|ktStwB z3+J_F7aY|Gc$Fw$eB@Z?8&o2J~ zfw=p=-McM_G@mc!D=K9HuH~991Ye3>y~d0!QBe<2gDEJQKCOs9-n$Q+tCf5mb#yW< za&ZE^T)MUEk7tl~Nm*ZCZ@J1dE?+q5`x8ZJl?S{66f55U;KtSvW{f$Qc5FHM!_X-2 z;_8~D`*+d!=9KZ9yMpP8l_(-@wu}J;YR|B-vx`L7`uk%HrYx>64jL9*3h`;{yTE+oY20<4@)PBr(A8XIDn4QedH#Y-+z0#LoE5#h#zH`zmf|2D0JP_8#n z33!is+v{95S_hqkM~GAG+L&X@pPi>i2C?Fu|H@?I7FAVcx_MTeL2p+RM66{ndH7I1 zH>GG;MVV55{BJMs^?8~LGO(7@vwk(g`Ba`Z#(#bN{nl%_`m;$2;L!pt94fE-t>|}x zlF6>s$@bP1<05I57(jyo)n>M6-!F;tZT{CQWX1~@muurQ0f!5XU7T&d{jV=}k_6nB zZ#xqLE?U8FX&~!koc34U5!n2Ib<*0VZ&W^I@;Q}=iU=C0sQmOf-yI)UOJm0}t-1*p zr_IgDqKPh!4J$6T{(A6Sj>jhi*FZs9iN@_BqlI=N-3obsx+gd@UY^aW`_O8%R6braV>EZK^nQRF*qDGPce zS{j2qyF>&eq#@wzSf`))`ScGSC@=Nxyk}`Fiw(10Uk~qyAC<2BX@+Ds6&^W$a^=kxG5`3?=_IZ`MFZhGEjxCqMTmSIt+{P!9n#qCh5PFWeG4 z{9&d;?-$l!ZTsS)1Ie+FPV?S}%%hMelZFcx5$c53>jQ_ZUKipp&bgoOFQS;oE9r`S zi^YpO?gp8XuZogJn4swR7>hYkpWTf#lFyz=n2-GJ5y2LBZt03s1X`60uBpb;7xfIM zRR$IRUTa4FI4WuWgIjQdVApACZZ3f%eJmjeBoj@39c~?>n!SpBQz#a&f0QNcvg3Dz zKT>%+Lzf=XHh#4%H}p4&Rl7p34sc5b`D7;I2ro-AlGl>-t)-L&?DVZp4|4+UMj)5a z!DN0Vj@BHrDW3Zh95*^;i@;CPjz+T`f^Qgvk$g&Lxl%uARvdr2PZQYR_NtuO1r z9Fp2B9v9H(U#?<&E6H_F63r5!V^qc1@9@Fdq9@Gya^|=RxQ}OY;!jg33!l@|B@5e* z1n_$gNE~h`#MT3mXSxm7QnZ3kA)<|ibU-WR7^&ff`OZ&No_&m*`Vy=wU z((J~=CoAoKz%4BzOeNES4;E52E3e{wvaz?}NnmKIx~x8F^%iG&qJ%zeuom5L$)%f+~ zga<8pV|B>KINi6HwviEp2X?KerlVyUn~qGG&3#wNuTf8)72-!n`OAz>bab4JCD$bH zAiR^g{&74HJMIw+PQ7nhZtnYwALOxg5Rx7}B^MIl?#KIWI-25)W_%=cl;z_H9yajD z^$U{0L|3{GlwZ{zvjS_15J4+10f`-d#6>xt9$a8!{V{crwCTV zYL6})tC3jIOCfc72lMDpbo4fZ59r^j2|ddq7ko`Cxd((K-SO#ZvWdR_AdzrK67F?T zK4As3#22(nqnoR%oe_+?tWrue_I8vUW7AF?(U-ix9oKEgyA<-xUUyRn>v(C)j#ZnS z(tfy(Csh(D3bp=Z(dG7(K3q^TqqGFomlxx6H*r^*`jiJAkx>-HE_39Hx}S)`Yrtd2 zgZDx2I%!eobbnBa5-lD6#{Q_tDm;r@{@Wz=h6Ca2MO4`Vdv@zFC9N6@kvH79+5?N) z^`g5~k4(!R&ea)V9Kd4nI5g(`{zD8N5I|Fk3q@!vjw=Z%+?ug*r*WoD9KCd`ucI<( zsGe4;@{qso=K4+Yp`I<&FX#ghTWQxqa^D*t&pc+$;&NmnT$AmtiqA{Zr!lN1W-8aw z=I*Nx9=_@8PmoYQD2rvLdivx&rGU2?*RH$lN^tLtdE6FL2UeUnFr4~*#A@r!bc{3c zPpRv?MkPds&57j}?)QF)&Y&R{)d@co*P;bGg#*)EY6}R)aXw=t37TxP^nnv< zEsby;w^3$+YvpIEXnzu?sgz&U4ndM1DESgq_D7A&7gZz`B+IlmpY+b~x$w?nLi|aK zC5<_k7&N?6+=?wvHhuiJ>9h&?7IKR}{Vu9-(9to<=;l~wI6EQD>A?RvI(ULSHy3c* zRyo7+`#K|bfPLBR=dv`VxGOGYYKum)YF91<++qe&IB(B}i?Bn6{niHXz?f}m1Oidy zdLOq#MLAuWx7F%N`?p|`NX8XKA8Q0LMr_AFOi5hxJ}8y)b;3m^^x|gCbEdkw`uech z30A5J1PN^D^k3u4;BYwbT;&3_Ax*rkZ(Ne1A7Z?N>1DG0 z(oK}5YK~_NK%YPF3=U%hNDNnlb`1gGJd?P0%fRox7mv`u(dYLA!2n<7b{U-Pl5$I7tS$6tE+W$nezy-$J>Y1+l2zxt9)n1{#a`M1 zpCR6O7tWG_7khY+Tz`p@+!@WmwO%H;>rl(2k9;lE%9jiOISIj2bN zULA&C6FYy%@18$dEA*4@MqoFrrC+9c*WuhDH0b&`Yc~&$MQwD_Ag8#)mLUsZ+plaW z4QRtTv%GiF`XBMd8S=eXbeeL!N&ZD&RgMncsyNohS-rTVguz}cV}ahy(UV+m%q`^5 z`)JfdD83YE)@40jve6DQv!guMlS^2LX;^#bgyCzH0q@#8BA$W$D7LjOevIZ&PxxA5 zw<}}4?kn^(w(z5a_X{kplH1P~e zAm+Jy&s1%-gK|sj&)yBKv99>JgKJ0%tu1GS?Qt-(;gW5Dc0LETgJ@OR=u z&SqEFWx?Yt4vH{I$=yGT=d#Hp>gBc%zN7USoLjkLL$jR~@4al?`=o!R$E#Wr^3=@> ziy9sG#kUl$rR-nS^7`UX1SZ|l{Lp>v5M?y-u2?x|@00POlvy`XGKqX9%G}3o1P+JFpcTSIIDM5AASJ-h8P)BXI46AJoE5XJ}>wb17t69 zZ*bAObsLk(ej#EWHXRlX4erXPI38Exl%CTK4oUaLob2q##y%HmTl)hZa5gNiILYg7 zF>9Oi4%fJ~zGcV^$L(0Tv0?!Zvm0Rc!d`P&oFHw=dwV>Y)z(D83$zvWw81N%pKSL} z9u}YTkCktVCmz_)mS?^OK(>~@_(UHKyT-QXfxY`YBktd?Sz(mBi^)89&?k8uyvke} zDfd&`sZ1I22~41Qw1sW&uOCD`rL3yRtLm=)1Fr1-*HRCCVi*6&UD2>$#{I?m3G1TE{o7)nBo3qH*^6 zNlyvduaXZ0qG$TJoPAJ+UXYCY)m{34`URQW#y=nvIhpgjL^SrpZJ!YkhaUCQP*Ev( zQUhO2qF=!NO-o~U|Nq4)GtnCU_bF8dw<{w`XH&IhNV;*LhI>0W%X=%U5SW@vWQxt zejC$vQ;=<Hq($m+$~Fv^&KGxV7H^`*y20soTUT2FR^ z*yX#8CU?qloh}<8I z7QX$YH4pQ`PBl?g%j8vOot<{Dacxb_VdM49$id|R&%gwtNuao|kmp4OyMxVfw&o?`c_UDeP zN0^DX39vr*n12tvJ?}u?I2w;IKEX$?&Wz6Dhb;MBWA=y=%Ct!<8WHur)0I95G%PPb zxJs|FM$&yN%6pdCn`c=Wa+;tVfSM>_V$N!SL-wr1?5Y+on1@8bf^OT(1*|EDZO!|w zNI22G+tFC3wLej0oKd!-XF1W)DO2S}>N+|+^O|xifyS*ame$KLMN1mr4BOf?cEm0d zz?c;_D0*|gw-)Yq-WPe4)wYnH?ylaUcza@~f7KL~ee3sEugN@x1OA)mcBnyF2?b=h z8>haBk2l~)H<@mk<>lpnqrepEzlxWK@FPGDlU zi1FOq+{FOIS&>r!^6y3@(b}}D3u5z!76{~eXBjIfYHg!z+SkZEz@l|GTzV3jBH}j@ zxw?rZM^m+x7n}iVWiOgUz2|pu(N=A+_|A4^NeEnQ2aLRC3=gC9ZyvrB$U-87 zM-Y%KudFQ$1l~4MxYQ!z`LtKrph=2<(T!;2n%`cB)3D8cw#JT#r#~+p3?j|3d3a-- zEsTk+_gb26VDHCE`t+vO4HK$$fH|olGxo1IJPA#b3sx&hJ>$%81hMdIwVv*BHU!wF zFCA$!5zATDOXUf8ZMW0mi=hULZ&q_cX+*~t-3Nvm;QEjytfr`)N_&?|qekwV;k~2H z@q??D>>}i!R{|Z_FdYOu&5&Jo*Vn`vg7Q6O(!M>}{FYGATeeuBYHrm$NK3lVoVr zx=rthvR~l^on(aXG?ygL4wCbS&F8~LeT2}olR>4qT=41;KU~kd_kb71OU7Zay<-Xn z=&Q;UA%0DfmUqn;oH0=!m5sd5*&)3matve07-QizD;h4pbvQP^|1J1tgzRQ>77Hq< zQyo&Nc#3BG<%YTG4^)@PzI}tJXn>P?^4>P+-?T+;ZalW_Z;R6LSptzK#(dxyJlzVG^rL$`W}TY$m<91-YH; z2mH#mixJ{8GYh#?F*1Tn;ESQh<;8r@;$k>Pi6#xo+jmOiT?ID z-#yjzgq$xyv(r7hgrFJ`QOk+akSwHeqYDE+|JG^`A|W9`GGB!WSQD#MSY+Qn&XOq^ z{5v!>V8~5YauepOn$yGSCLsJe~U{>x79i3ucH5XcKmQIJ zIlB4G19MeaK?9ii3 zPk5u>hD%8k4=XF{Vv?eG;Ht|lxv>_p*PAJLe6v~4>9irV(eI=)WGE!uZkk5d=VEu= za4i9Stl1N!sadkvyd>tmv0Ims!H`mwfw;zWR(v?d67Ob}eJ>y&&tcrw#ulJ!>zNs* zn1qkQK%h$_h?}voF?}b)*GP8|kk?E+K_6v8FSFSLoE;X#Uhj;ku?%N{?Jyk!0X7S% z1sWF2U7ahlu4MWFe!s5dV+wNXUAHn<%9M|Uyf^m?ViweWa%#=dsB`?KfFsJHC0o?) z#Ks2F5b9A^R@OCsd3LX<Mb5ed^(QC61BRYuKBY^qGe9a3V^W3 z7FFtVtzTpAI)qEcIp_@Ftj+OnG|PxubEg>POFZP#MP65{GNi>!y~mJ%)u2^$Y;sOu z&@ipvXcImX;CVqQwiB?rGVcLVJFnO>!i@f1okzg8cXnn^XOgQl{rp{ATx1X9$snhl zRWUcH97X(s=9=*F@+G$o^!z|2IvNODt-Plm9U^Dg)4NFxa1Yn_htwYuAP^HaPhREe z-YP50t$g9Mj%$o&I?eHQl`$BMn}6kR3HIO=a=pzTY&3|^i z1lc-p-4b0U8%-q!eO^}-J4Og!VOo|(pjRE1U0q0#+tsQipCj?i8~CbF1cyNr>iWhL zGL4)H03$QEI50i+4-m1?xxu6l5+si%+xOkI&T?M{fdO&;`9;U15vyUty$#V)Q+p_P8KFG?(c|IO+yyurfL|{&YTo+ zFQnh7=4@*IsKw9yI3Z>sp_5{y6fX7@zop;*B%!BK_pkbq0XjSZlg=sZGEL2YTXL&B zkh0X|wll76?0s&0bEPjla(nQm8GLKu(6pDH5sz;Zx^$6wz08)K$$wSoxz{V^y}vIr zObJ~?U-kwdR;zP`w2a#p#N?Ydy+!5IL|!|y4-3j!P6bDjIYQatKW}H3k;>80(QU{Z zUkKD#rv|}!3uV-XMjV}Bwde9++HVi9BE=xp+7(UyT_T>|OO5N^*W)$mPGiK2F2>2L zsIRvu_uIbU>gn5Ku>h$0ZBG1yHyWk6`OEvhRyHo@X)9&^(4*_o?|y6Md*Rmh`(}=g z90ZnDR#4B2eG#N}8>T|bwEtdrz}1-MRk|o@GuP1xY>z9mWh&Y zs!d-Kgzk>`>w*ES`pCjeroV|0__>kH|)LH9&o zvx=gJoB|NWZDTI3V?#R?y9#VW11}#eYNbN$CjO4?J*J&gIWaxBls$TMB3$5S+ZM`# zw=~-jdRYSA`E>nPNM2q|KrFVLfq$JfaW;xJsNkRHM?v; zBy$W5>;7o)1c6Qqy~CF@a%?XX9f2s2J?D2cwv_F7>l8C`Jv@IDleNaduHTe@8J)f- zntOxpjpApMJ#pi7U0#WRao+4DK!v<**KTjtYbc$bk#25mV9qCuMdq&e$O1gPq!*)u zDbG_#;T{KtyhT;UUM5!&)fweCd;A7SBL1ve+baj?hBk*`tyzy^558DEd!0}PT#X+& zvK}sxmejh4uHu9om8JChNwyN;GouZULn%)qzunq#e%$`&^9QMFl|Nh~L-ZmDl|M9Z zL7>5hzdiyf75D!KiPQZUZHN~U8&Wy*;1R1X)_aj8anV*k- z*(%iPwU>UGnjdMW=m#JX?dMRt{^z(}>qE;y$7#{q;@L~8;c+WU&TqL%ag)-G`T$elb_0MK7Ln ztCyF|gi6Qu`v7HBz;wR%%SVC>TDsbFU*lEe z>T)8RD2Vmvi>K9CEclu!h&A!>I@nxizH>u~2=MMF54o7}DD}`jecAN=1i!TGy((;O z?isA^nfuT1jHt9dYbFsD{ud5=p$EMHw>4|{;w8JtyVugxYrk7ouVI3V_Vor7ey zt_6W?+<*ZY4{X>MM?9z03mo1J7F=A|WUXCcU~zUnC1pKoaOQQhpum#pn$WB@@3z{u z>GAl^W5(n9L!8B`?sA>(my()7H}7$zS7!f&QU^EG$r&iWosk^=GkC7Y=5XFz5QPcD zr~zb4eOKU{MRy$oUE%iQaoU)&vK$_jy{+wc`m1#;QQ#gcKbQEv>HA_XrkHnQxDwKT z@n=x=4-c_Rk%*4UDv{Ot_>n(6N>4%WC=_75VkTw8=D|pfY%l7ixv9P9VQ~6qHhI%* zcl-^W)1KxXX)}>%h|~XgzhP31L)N>uGBpuhcG6Jsi&rz@jH!hh+ox;IN!-eOlf@x3 zhlv5YwCm8(x8(ktQ{`mzAE`uAZ-XM#mx0Ns<~^b+&7U#Gq7ftL^*;Y+=2}vheI)=b z6Pf;j{S4p(O-SE2ef-f6)g+u|$d1~{paOm7No9dmIr4a%SOj^0%Z6mwHH=gQUvfF1LPi?7OUHIfEV?2`eLpK2(A?Ew@HBiX@( z#Y0AELv^yIH;NfZ4dXAkJ!E%&R}_1{Siu8`Ac($6ht|8I_J3&s{Lug-Ogg?%;~+{2sBdX)P3b6@``Deszt)l(1`wew#*2son1OJNbcsh40*MgC-H4 zmrtD$4biwP>>%hvt7h40w2PZI}zU0Us|1C$p0OIk9ST0z-+XRrCeha^B? zkrQcFf6L{}@n5tO_fA! zID#VoP+Gygk@j+OgZ=%wwVT62+DkoL9{^?|F%bv2kU0)>IPa9Pi-iAXyTw^6Qde7@ zDX6BY_x1A=FJNJAvhNIkGUx$cB6KFZ?{|kX!nJtY}!u zDhkZ57o9TW zA}41K3Rct{if`BZnmO-}Q=XJe0hmZ3)Ivi{?ERY4*rg4HnBuhZ#EcCEIK4UIa{r-J z8LyxL2Y0xeV5Z$+>9ZjigkEXgN{Gr;iwM-GP;NOFg*!#dW8~-2rBOldJpt!>*|E!D z$7ctF{ZQd?8D>|A_IE zgEp7@>eec9BI8Hkt1mK@w&eCIa6oJyMSUZCEpkblmBlbwvPq5UZx~zn>`e9kevKYo z=gZJ^RbzG9%W6aU%uVc8IBN9jR+YW4mVWbz=TH#w9hjt|@8J#G=;st-66ohm8&4Lw z_}L*-xphr_>+4Nh+LQcg3X;*JS3>e0Rj?1Qq8^%pK_4TJWQ1UcbDHwb2{Ex0@MtW6 zZ`P2;7Hrw69B^y7n6ty-P`JhN^SdC$j_YS$s(fmkRHrX40eV6z#CoL<^h!LSIi`-h z6Sd`EzG(KyA@Ooad8qPZreBk>^&$UJsccPr=T8u>{CcE*(PeNS4Y6G~P2#e7mt1&2 z6QL+Oh>PD(dalGHQm*a;#g#6uIY7Ti%)F(a4W_kGTeQMABKrFDYr9H8`%!uDYr#HC zSOoMT{}Tts3*n!ne@q&%>tp6@)}wRDx^?;e#=hAlsZ@PwSOWni1sLym-_l(bHDegt9Hk}Gl9eU=V6{#3n<>HRE56c%Js$=3YV z^LC3=z0OpOJoRUMEBrl#( z5BZ zOPN;+*Yqg@k?pg_{= zWVE&7+eDniF9LYz>5>CTxIhJU&%tVjHQA)~CF zyLBJ5`IQ_Q+{f8?fBQQ!O_Sc>hXE$YnN%uiJEF-2DDFr}x0HH`m?7BAikiR9hf)xE zw~R;1%cc#RCej+4v9pKs!dr__#Snd7 z0)o4h8|m|qaL$oW#ylXSSlKi%pr8G0#VH;Y`s*~*?HYfl60CMpC{S7@mHBR|4Q`K1 zdGE)ZT3KG$2t{0pY>n0r%9m)Y{00HVaBW3snJyW846J|{*kmHC$p0mUq96*cAcDqz zeHwA_Y?r)VDJq<4^~*DlCXmUE2~y9n!>iA_qOzFu5l#+g#C|8apGQz!hIoQ5f8MT? zT3WM!BlsYZenm0x35aa$Q_Su7!nSSo*@d25@HhXGf|R+ZoZTH5v;7#Nb7r>Vt#$Pi zBDeJL$6szYhMQkUiYC|TvyraM-{{%74T!XiyjXGk`j&PAQ$2y6D5qDI)jcyd*uOJ> zeb@U{kzak=Kf=;upJ!2mQrYc8C8qaDyIyWNPKC#by*=&o%wJ@thC)ILvJgZL?ZX}?w>F8NIympSm(1)KC4PkD|dQ%Qd^hX4W0NTWYY0a76O(NSn33ohs6Ep|728SVv%Pe_Sufw~xC4JI?*+d+Ve^7UL zUvH!1eUM&RVShQH+>7ehgqmKL@~Y*SohTWr5^>-DG2MWfMgRkJ(Wdb4R*>O%U)Al+8c^H^)OM?8WC zD>1X@v-;((DiSXjkABwAcmk5s&ikx18aO2^BJ{Wui3>qC4#*kZM zxR}B2l29CM_I$kaj8Ca4c`#+Q!0szwqOmF`vUUNoE|*$*{PVy{gH>~K_K9|DcFdz0 zpt{#`NdXo6=_dAplg@ojwe7Xh4nlcOA1%)4v;L!&NgN{7k|Q!B274iLU*_!W z(ae#gsI4wX7QcO?G)E-!-i!rp3XGg{=zl$f;R&`IIb9paUhO;)#ugU@VpICt!XRI1 z3~U;Zu}@a*(i^4dQCV}b)L`BHXnXGE%>B%3tte$MCu zZvEujSYBGwmi~4&S$%D7`J&@%>nICuh5#LuVQ1>JSCC$zZodVt?D~(d&CD+3&rKOt z0^jM`1-K;r^Z82ZqRa-z&lvB8jQ1@DiRXhIU2qtVNZ~Nt-SrC3&iL(mo*C{`(BSTR z*uG|eFHB)b$@93G+9!S9W;|}dl=sdb|Lh#XHIr33GW5M3M#HRs)vH%bI3#$(;gcHr zw(id3=r^SnHNo^QDlD!I^UReNzXZb+hM#|f`~&*@;r+=}x)t1S4KI2v@h^a=`iMr9 zmCBo3&ns9R2L_s7GFWy_>foBYrDoWm2-!gG;$0UlsP2oHqGr-JF59Cy|DwDb0Oes4 z(=(yvCa_G;&GpSJe*mxT#w8@QHvRs+y{S)dzNJQ}{O&%WwM|x(9B?#CUhFQGPf(KU z@_Q*f#Cd2Q48SdG8owBDe6Lst2v<&hEph&9ze%bi5ob7ks zERRsw$}`CHj>53N*QO{?TYcBzY|yj^JcDbRw0F79g8xLF<6m$}TfYT!(|#%PA8D_! zmjx$q)ga0LLH8?jF~AAUI1~iVzZ<9V-LL-ghPQBSf z@(CMM%i^(2_NA@AfA&mLa=lhRdQh_hRQU8@jP=EFmpG6ruYUE;+9J3%4N=Mx)>Tz~ zd97C7KBD*S={RpQmTGpG#>aGTJ{Ig}FCmi3>sFt=8E9jrCH-fGK&CG{#S}*R6BwC2 z_G3;!U?A}3mo3s}J0NHA6k1d}qxt^GFk>}%DPA77hve}!cXU4&j@SJ#w|og5S>*7RS|n(U7#KkuQQ~? z>DOXoz<~3sDfsA8_Bz3`0oYxjq|)c4$D);9tfd|c?yK5C$W0R*GP(^pDz$2(9^C7D z=bQ`ahK@ziM>OHTTMj*o5AoQ6I*X=_``+t@r1IH7+wAva#(Jx`kL;%UH{qJVq$D2P zAR@4fNy<_-8ES8Re?XdaO!Qg9ttCb&_8!|?XVHBao!ZU)nFHDh4ta!W+Q!BF$h$Is; zGubbYxC3+)m`gSAAkBS9s;5Qz(Kt{FJvwX?T7=z~nfogeKmi7)Jl!Cw!HCZpmuN^a zq9-&pb-K-f$Ye6yBR4F)fc+>CY!VoMq4vR3qu=ohgjI$ec$74)%gy*N=$T$x;oLv@ zpWVL7m9H?@WEz7?fOLA0lRzys|w9%=s) zW&4)}&9p;rnyqK!BSXgiKDswGXi7xNI{Vdp6;GyNv%R%76Ra+zM>$6& z?`}jcm|*>7=%uSPqCcz+iF(8)2I|s?!1yT5@&=moxmalE}tVNxK_@1 zdtw4BT-GM_KPJc?7N#lrH~eM6Ba|ITTDRf} z-PKx3+9lN!#pqVeZP(ZtX;Ue)f_H1zcRLiql|^sNw{kpNB_h(3?=~o0WDEL2+)NP3 zyAyd`4<0>c}s*ezGkWI%u=ue6GQd z<78diYi%0dXN8=4bmW{-5heq`Vy!iMl&(N$n1OZ8boa`NY4!*bwO4g?)zQ|05BJBA zRh6rj;2tp#jf_lN^Tddvwo&JMPK_JM#Rn}F%DR7rV)#n2pxQ@E#v+KIz@85j*9j3Q zdj9Lg{i<4DQ0#0x4mt?KVW=B^T>IBPD|0}E{_DY~R9j#vLKzNCLb~~f81koakMiUy z2;`o&)-qT&kzapDww=`V(#%{gPY=yUMn+Co8VYgy-DJfG`>jRslai5XYiU*LH#h=& z3j_oN0ILC-u_>nnyz?A%fCQQ9k81ebv)Pv~8uTP2l8)`PgTznG{+9+ZXiv&fsOPY2 z8gD-Cw~yvt$;?(s+54Bxc7P@_{~^HOmrj)^dH*3W4^UGDn~2K1I^MHWs8osMe8H_b zs7D^uV`f5*%PQN*IQpR-__;`vsYZ$zS{(rr|C!l#2)ljpW78{4NBj6_=UYuf>r5=s zDn>W_!l~aV?4kyG4Kt>u$cNX46m@bRjcdJ3N=DDNV*Gci>5N;7EW1Po#4h>@)2V_| zv~0C14H`|mLKM^aDs*dK@$>V;F94Y$ZG4ClCxJU}*wwAl9ML00E9nSd*4EW9%1B=R z1=T>sRFQY|7E+r?^9bMV#bm>Q&AHZpGUgX8OwH^M_6T<&&(xl+d{DiN{=d`bk+DF& ztF^OwEr$Z7Swr>zqO$L};tGi8+AsKHP-;y4?%MSHTTh2(Ey6b4$of_-nJd8(hG&9? zSvCFyI3}&^u_Al|dS=)SoH5yYkHmQY1qn6e%1UG`5@vR^Xo3~ z*b+Y1ErU?0vE?BtD(E@D3n6^EK_+hZ=f5<~v8z&F2fl)i5mbFLd@;Ihr?7tV$L{mq zU0NT=8`O+D5A^l#f`!XDzLKV9E4#TgUGd-@5yDFyzaBQ?XrlLb!C5(crdRC9F}-aT zmD#_?^BOWSiy)Gxz~>y&g1_~?LSG@QhBMN9Eb2=hHvK=GI$4uLAjk#^InxpQ?Cq#$yrrIoMCI<;WlN6LFM1W&1M%-JWNIf9`h+a1POgtVW!7scJ;vKcqf}ZdHVdjm zF+I}{Yi`qT|CY>qWMLdJu#4moqf0yj=A>}Hxw3S73+AX@Gwmw&qIwbaXlM*{4$yIK zOCNhsZ7Y7%2Q-tGm-6bQB>TQVNhMDHTzg8y^H)Os!;n{f2X``3Y(2fF&sHH{0jv^+ z`T3Kc=u)?NhE{m|a6Bm~R<0t)tMMA-tnuSWrkS;5Hz{%F%lpuSPxRF}tXvO=fHdB+ zbZmkcm}vfJ4K>mhgc(u~py_PC%j;;N35`P~w6(;$59@5dcYa5W=?^(=N%!K?2&^El zpNCvs7yjV|U+*V`lu|miI1hd21$JDhJ5~Y$R?qRNcA16>|N1Qon50H)K)Y0+{qKdD z=Fh*&aQOd~j4FHoNHc1!Frr!@v(k588yh}dmd7)!`4Fs~SKH=L27qee5AHQ3keo_) zY&jC3%r|RTM(LT-P?scq!PO1~&^&1bPIUmVg=?pj;U`&Xbp9FtXfTlHq?(nZ3^$SAh}Al$Anak#K3>8qcw9j~u!`yaw^ z%1O`lx+^V=Vl<1kH34C>PU~x*Y*<`y_l)~Dr?(crbe8IX;7r{Xf{puSHJHq3rrI34 z*LkNB$D(-K=}n}1Qe;A^qLPx5!rjLJ3c&yp{`r|No}Nq8W$hD1%Gtu+HMzNF=esbu z0vA6&w5TDhb_#ImF=;^PFB&Rc-|nqnmX*5|o!gNu$BIPnTtzu;03TrE-Q3r&kVScQN{l~oK8yD)I7*<` z@!J(iA)C(W)gzHvftFHk*MEozFwi1kdELo69#;y0dJJ8FGjMKDdjY=#03o9@KEO4s z%5onA7({A*iP-OEQB*J)#%>%>1si(V_0{bBZAV1Koxn6lmPT2STgno;oz@(;k8apSKLZ3%_Feo*@# zo}Mzm1^%-Lg^K>A{^@B*s_Q=qwp#;TTet3ZlJ6yM$K*zYiTvKpv5H_B&m$Uz*1%*y zSvf^vnG762$-u(OmYKnyILkXjmnA`?z!zEYsBzg#9V6B9YDXwm`L(p-dGm7CuuyRO zdZTQ7%yqZN+ppe{7DXmc9Si0N8BecUvf3?V)U!XPHGXCYX|sB6jsCN_TvhdRc>H}Y z=1wj>C=#A-eZE?8Hyj*iBx4`RkP*Tl2pn{zsG`T+blNq z&0$WRZPn5~j{Y{LXGrfydhfLXq|`izi1xRfCtk3p{I-Kq!d~KFtHlV=^OLm^4PZN^ z?RnQo*4vYP>8#6@wCy^eXzVRpcd5DgDxr%h{I_UxW~S|wVUpe&A!R6g^!7ARIlqRt z9&|LC5T)*F1HqGjPuQqm5TG}|@H2?|%4bxr^^Em`MZ6tdu(i}kAvgC~T-8mM{m+O8 z?L+C_UWjqg8eedztk*WY?eq-+JV9pn>&Sx^twN-=>%eU7Q43;N->LQd59>&|K5{Ss zjPCp%dM>rq25yy=bYk#|1%aNi_iI4me;y#}pLB5v*+d$Vmpi~h3S7DxoWE0vm!{Y% zj#ZV_PsVrU5YW}ZH=ialCWt+KN;fI>r&UEfZ7ig%uwLh?g~lb!sf*{(!YpcJ;>h;Z zo>H@N)gjsZ1%*|EF2mF7gv1w=R}4q7>V4ApQ^=Wr{^*|Xlw_0Z?i%qBnZkr$^E>*{ z_6I!xeSW4ekY4h&?Ta_pf~n8M>CKKj>x7~6=ln&C(~+5;kqn8#0IsZB8WL7-_r~`J zu<7q%=dYGDdCNnoENsw=iT}M`%qFg?{%Ck#KI1guUEywI4&tMSWMeMfQ<0kd<0XdX zWDFp77{rx*0GXmiHtg3@79xUc$a^?LIA=%NidpTy+1a<)L|SpTx~OfU`*Cm-UZ!S@ zYGj@O{MvtM0qA3E-Pm@rsbBy37QJs|w>?Hx9&E!*#6lrVxxx@iv)K)hM25#DX&^2r z{ru|m4lSpkX-dd*6LzW4{(c5DTT{=;i!7UXBU6E*@V@m#f0y^=VZ0MNNn7Xr%Jz>t zyqW!L>HZFHZ`U@c)L!x^)pt#_D5IvIe>az96FAd5BPs-$WXTA^s>Z(F2G>$QP3TYj z{lj(!x^l)~LVZvL$PDC|r+-FGl*)CLSm?H2x{tviUnt zAmed-thYU!#FnXVc!W~mwc|_==V?4k%Zq6!^Fivj-}j}-WU31vCa3Ls8u1$!E!Q@D z4fb#B`u0tyx=35e-qt)VfzvZ)*p|3aed)7dH;=(59L;+!*s~)gKjaN zz|<#?3zryT21&ss)Ltoqw(GBS9#z)Vw(`+>2nmZ98t=aeYpig)>yK68>))I_IYwvY zhd%mT*Hk_WZ3A=0Z(wztZn7kmzN#BQvD*Py#%A1~`{N`t82!dl#{fK_0JBbQ*Z}I@ zdhOA#_UCGv*K5X?LQF)r^jo_1UmNMff=#w98yjiOl@H!(o{c|nSu%?d zbus<E%g8_UzHWAy@d%~6_U{p#Nj)4k!^=xa;9oct4)fA?MiBJ;-`4_+z) zuG1H9+QNPgl5SSi2HP(K32dQ6}Mvtw;64%i7WUT?l_tlI3!>C99UWze&qi7=wDH>y7s6C=6_3ik?jn!L>C{eaWWkJI z7PYDq?l-|vJzk~sEEynN#=ow~=(sulbq_SiKjE(hg=qg@g}nt-lwZ3xK7=9yA|W6m zAV_yhj*`+L-Ho)8k^>3|N=SE?bax6OAl)6(-9rw;f8+0c-*wLaobUTsvsfa-erE6I z&g;JJ`>6;W#hbvsE?y%liYbfeH~li9q7k1c7aacnVfYRos_AcKP`$bijw!_!GnSp{gqPJgY{?TnT?15Ll-(!}fb&UsP!eV9sQPFdFU0q?j%pz7M*-sBU>efjE# zkT^wl7Pc&{`?;%TA6+@|Ori52#dlAb!*ck5!K@kw*f(#dM~;kLL^Or)YhfUun_eWy zl~Z`2OabA1fC@E@inFu>#NtM-6Liqs4Eo2yEHl+1R;okRA&-Kb<}QbRo0RDti{5V{`Q&; zO(b#;6>87PCuNrg=Q#(moARInvDTx`i% zfchtOIf0usL|X#jU@41Z&uW8y?BR?(-@NQ}!|15`OEU3YCE~4=DMd0my2^K|<~}ww zl3v>O6e;=qoDVJi2`VPw-Z&=ElOURgvVQ_JO42&pyrz`@WkQ)p5ozvRp-ZoONG6`8V(mx!@_YW(_c@NfOOSvZ@*F-5X7vr!9VeQmBl{da zC4JSlO(CQt4$~BmxQ7sp6h1j?onB>o;r@g;cwWa!j?iZC3YgK4MK|=H+T_!!~etR6PT16DNR_1<^-s$^;e{`n|SK%=jua7#c&{?9|tAiy4we9&|o8 zh_AhZy9qB*r2Y$NQGU=cv4!uNJe_Yf%6Q}^Y&@*^MqTtd>!F+Q4`Wpj0G7&>!_S^t zy2dADS!h?Ir}tm==D$q-WdB_g7Jh5D$d1eTP${*#g<7Tl27;({-T@rdQYHAk$j49H zQX_9&VOwg>_!g*%nQ({7fP%?0`O-HzsyEgqRU=o7+ zjeh=y6<6d1>CGnbH6XDfp5w;*y!ie{Z2JVZ`OOk5e$3>F(G_O#_}tTK(>1g}lqHos zp7f!t9sL5?h-myhXJLJcyirnz=P{~bw9n(wF3jUaysO)var0nY>9w6%_#rft80l0W zcYCW@;rI(&>5%1+dQq+3gQf929g0rzR)h1d~z>g9sKQE0Km*_bzG)e=PY*or>m+0F@+^Bk}mCm1lS) zV?D+lulC29W^(FDuP7Ib*h7^KVJckKGhfLHB22JvTCD`qNG=zo` zzxb*fuGpKF@1FR^WQ;V_W|K%8;=AVeA>f2JSGtR7FH1WzE6H@Lgws`!=SM7RLo|bt z49FuyMVNX2U78~6%x<9lmi{4y82RYp+WU_I%D`>65$H$-UlSz;EnxNvZ}p<0fp+}f z7Yo|)HmA`ns$~|>F}|*q-eBg-xtr6y<0lKhdwP1hySw}P`oQy7cdhRK*6K zUA2?X^&GE&G8foqE`<;`MIt1giO0~t^CoAdM9gF+-sBx+9vO>RPpqUiQm z`uZNFj!t^6{3)nnh_N9nO}5Qo&#Bpb+-8MN!Vr2V7ivr+ngnM=oM=LZ>ht1HC~Af zFYy{0&J3ot5w?qm;Z>_U!1=Mzd%K2LJ(}GsD>j#{RQ;0TAbBX;AMTV# z+ptZFjEmuPrTk3MZ0mYnuw;vFJp_WDVjabQvV6lk0Obx^w)v?|vaCPOtcqdit0lM4 zi=H=ylq71c{0BE)>jg^Dqvn*aN?WH7hm}FlQ<*QFwZ`| zov@YM=n_0!-+uWa!U#p18>}?+LyRrE;XeEREwvFe@fuKJSmp zeK%dsD=mBemd9yp8z?vDp;OQ{5t&<@M?ejGOVG`W8G{DFB147xU^n$WetHS#HL{b* z?S4j!{?~Idb8!k=M9nUyk_T3wz<(^paX{sk7+rTi|t*f%wEmcdR zEi+TtOvg`){$p4;ZOLcd2P`I!#(BoR@yD|zyYSFgSL5L+o0SqpSLaw!Wq^?&mFrQl z`J1W~@akwr=C*D4OyFplY~g4WzMCRk`FhWaib@5L$7;yPDP@YuAg@P30d+*r|Mfit z)>wuc$%}#GCEVLSQ}338%!U1RxA}qpX`JG}CIB8=&0Cg2t^@0XXCv-_WGYC&Dv>nE zC_O)(Uo_f%Jhoz6_-aQ!e{ac*f1bO zLY3#l`4U{&iGxe)G>AVRQc{zW2&XUq2?f9Ndan{@szh`2TMFtV3d{<#xZ?4X z)n)7*`JPn%&~54N9{Z`K)wQEBefP8==zD#4b#A4qQTp%8%ik|_)b=S#)uQh@o`i>- z>dP)h%gjI)zQ@>6Rg!_OAgO{}Rt%N3%rNy^+#7)2;0xg1cL3}yjY=tg#C-QodPgeC z8f9X^hd=(rE<2My-p|_XW2yx1y75G!-K>fIhI(0=)ib4#e%&nkYi~CBpoC3`J(x$$ zwF!{bpLpBt1V#T9GuQW)mX=n@Lk`x&qZ(*}`xJ+VON2*T?WBPNx|Jg2;UL$TGmk#E zJ~`nZ(!?53A*z0axY?cavU#$eOn0!L6v6g_IqhQIWyo4Nms-F|({=whJ(|rdU#Fm| zZS`07dybMrv9GGDI_`!~okp<|*V#7UxUjD7k{3}vo!VWcofGS~AT_TJ*^&9w=rptP zK=<>NVq2lHyVVWe36iX8f;*6<|C)o1tRI^}#gndug5>D!c`sL(u|HIV?byTcwb2F^ zr9x6mzM{-YKs~iNSiWHG(?EwD_uFLx{#|Lu@%7%fz`{i4%(WWy zif@ZmY-b-K5{lQ+op}hl6Cd|GeEc?YOm(OteJ0$i+iTOYJ(2_$U;iEonhM z`ZBGaCGWJ>rn360n)PEErd(W(&k7o+PHZsw&;T`kk*Vw%l-7HjW6Pe9%o6GP{PFYH z0$ySf_?P$jpRVE=b8(-(rf4)Jkt!mHRpjjLmi-ln)c8&Paso-C9U{4bE)Dyn=)JUK{!sEKG2Odi%aIL=EUtH%qO^0s3 zYS%o0YE|nQ!S8fg?u=Yn)y9)!hhRSh8>Q}#QSB#$9kXPjy2ejuW?BG<7JGR(s3L4e z`Do1PLgaY1U~|WeDx-%EH|}tbopoqAmq}cshmilJQ}LGs zDO&5T58`fQ{wQ9>H7c?Tu zYlI6V*AD2SJ`{mZ25IzYJW;iaHh|u21%X49nrLqCf8XD)Udz)QML8GWO8r#iz5TVHZIK zLutc_rt>4FD|7Q43-g@Z+}xZT(U`o4?S7)qXn)4RxW@6sOy$$!Vg)fE9s%Ugm$9S! zoR12tIxjb@F2+21LoY8cG@cM+ExiBMKaSf*(X{__s#8%Tv{>i^64K5-Fz3p1cF7UI zujJhuy!c1(!SwP@^hj8$^Vo5cu-eV}6v5e3oWfcCj}Jqk9~7@;eR&|QN}^#f)sVgz zJM*xGcX{Jn*d`VhojcntXY(HW%~yK_#8)Gg## zzX~m0A&0*6kscAIQmJJgF0fcY@h*9hhxoxpyewUu zNv~FhheI8K)4W>PRBR)iD?B>$N3>wHpJJ0kUauybRt?T~6x7+PO|hCem)m)%r@J$J zTwGjcSpK5LC_bdW{0Em)AzmbXX8p;6u88yZdJ`UAbQ@G~e*-y(MW_SE30qjB{UFYM z=q2oT4_*BF-uADJ%hkxeF%*)r{TeLdRN_!DiU!%Ph^#-z6+ne@4{gMD+Pk>8czAfY zxKyh$R_Wi&&g$xjU9&uRgBmO}o=f4{gqYQG^lLFW6+ki=uD5+Y=dDSekyi9eN+IrJrdPO2D9cgt$o|>3*0H#ym4No^ zI0p5jQOg|eTWdCWsMIo5Ku5JiLzR%Y9&KvlJt5!s0oZ5GiWD;@Qp}_h#^baY`XV6% z*{GPJx6hTb@17r*>`k?l~w*hJ9!?Mb4p9E2TTVEb?;?>Dg7@wlvxdGdM&nc3Af z>}MKd_#FGp%|{PzyT5!iEQFDls%Ds1+_BTl$~Ji!%G+hNuhjb9{l|oVx8!ZOdW+Vo z^f)mJd$E=N0d|Fp2cqBG%tmhf^?%H_vCGKrBljUWQ<@Gu%=berwQPYc`E!_c5zcrs zr}scE)cV}2pp$LINmv8MSd}+n#<|)kfm;0R2hXE@GROJ+k6*_qJlOErJ3&9+AUZE7 z=tAQDnOaBi7fm$$2zbEfc{EPqv{DcVF1j}fTLPI$rVf*f%V(Zx62u7kYZ@Gg7<%GK z>x-e4Y`N$AGHXAxzm1_lT5*KENvNkK)9HVqQEWQl+{`?taGAT4e{GwA%A1zIkbgfJ z1|i|TUC|sV#m4ir$~BBpdeyYBN-xcY8cVe&q%se0cPmc& zy9e0ql$`l$$EDguqyfr2*!k)OW68-ng12_a`FKq}qy2~T`>&WH6~$|QNavysPdzE` z113zPuK$;D`5D*SlZ@sgEEY!b3o}+5FFMP5;jVm)nj@6XOs}fnH2Ur~WV%`Bg{Vw* z5raoB7)p?q-U-eBWiHEC(P>|+y8SqytfIo?6uxlFwpj2w3;G&TK;YnRDMDnXb*!V$ zXd6+N8tD}gE0d^4ipO3MQvR5VQ}E_T$C5GUV>2#e{V><{U+ndJ*C**Sb`7=*e-%72 zK0dx25F92TFL9PdHx3njM1t3-4%#OV_swfcLcl0!$lN`i+_g~kXeGPk=BwN;mturd{5x_m_=sVp3`#k zv&*&VvXZt|Yp=&6rJ5kjNxK7d@0rD(e+0307>^rgY`CEPH0h(LQ%3AYUUn1GheNB8 zz3C&-uWCRqV}M$xBf^~4fr?7MT%nFD_EynU8IFe&UYd$nBzIRUrxQ69sWZG$E=$dz z;!wyVBa&?oB>k73VIdO8WL5Mh?hLO?st_lPNcyJ)TSBO%UmOKpU!5(~zBjQqz?k!d zkO(K^zzt>?6Ff5BKJhnRHr9P%jC*PApkCJB-*@cd;^?erscN)Xg$%YN5a~4F_X;#3 z2>?!?s#pCIF%4K!%n!D9R zS=kt+W6Y*#WCF*fnHm^-%69~`=+MBn)w`k#KRWk7=tfr~F@`bN9tRi+iLDQeE2O{< z^1-#<2a$JH-jr@-O@xv|Av>>tsVqjA@EQnI-o@-slI7u#3Hr%z;5EMRN_qmd1WuH+ z==V0dM!$vbtXG*T;~=k7A&a6$VYt8om))|WH|Q#`?UOYX_h@&Zu;dkrA?{^ztCU_J zp&P^7&Xak4!Egm#&VI6|PSk1qt}7xAE3cVi8xPvBkk%*=?a|cMlJ2s%zqHXQ*WlF- zNEe4)(|Zf=55`QUdUE@3-E!wZLM9z>gesSZBTQ0?>6y?`p{7$X#*>?^rL=T#LmT3w zenRI+5j#C2p+WJ^9?GN$P@tEo&orQ|le+u5(dGpr1GgWe^Rt0*B-gBXaD|`i~BW95lu)Z*u%1Np5 z@k^zQt`!$WcVT{3PGnS#Ipj+`bJ1qKegu8RO5!wI%=(0rFx|OpxRORu5iKdR@~bck z$R!|=`viW-TM6wKWmS~sm3E`kJRa8mLd~@wmHd9#+08hdy4)qaR7C7~G_X{EJxEa` z+sesh75c{C&kO=oiGrv^;)ln3ol3Q%ImIPIDw*qd25o_}kobm|`m{2?O=cx9?u zux3=H&4Zn3MWPC3t_cd(xZK*Q?X|u{@y{N!^gPK~jVT5eBl$dcm6&bb<`GKW+Sy`m z_u?olDf-ChSpQ2p^x9GLAY<7_A#bDm`Wq-HTl109$4fmWJHR-kfLBUNLc)Em98qk7 z`~GncO^|(>QrO{exnj3EM@Xp!!01f-4-*@Nj)$So?{}B0{>I~@Gt1bWD#eII zP*Bj^;0BCe^8mW6+@|bijd(va|Y;-=J@_zXc6Basn}C!WO`I&CCghZ*$fN z{+kOhlN??%cPrdO>Wdm9DHq-2mJZC?uPa?`F>27>YC+o@QyV7scA6_b|J8sJa#-w9 z;`Bj0nIUPc?0cWsCpi@yH{poXK#?2{rPuXaV~_Tmpba+?pn zN-IoxtQc5C3MB)Rxnzzxv9Pf2Au_lB6=|xRiV_gBim;Jgh%?bxSXk85 z)PV1@*(%#`Fisxs5^A8=r@4Fp5z9R#dz&fj_{1Qv`#FR}t?3@3N(vCs<2q42Nc0<3 z9mpkZ=}yof!G-!+JG&0<`aUVkZFr2T-1r9!k08J1=!N<*2CcX1sfy!F-pq@C6W@DP zcxi;fqt`>biH)3~%TrC3i_)I^3W1=3j5x9|E+`>VC8|av?Gpc$wxDc+h2FO6E;fE& zOfeCcmiCBq({p8WOcV-8016OVPK!{O$o9!k;ULPY5YZuWoOcY&5?DdQb^`?mx8_Ad zUp6Zm-RBh;kWRToM9>)juD(P3n*`PIM=PA6B+N&d|Ux*>3tM7c-1(G|lU(lh z`*##LYG;p_=IXlX;+-Ux?f0hg01THNv0JRkFy|)d-pA+hnu$E;nMD3nuEG7H&MD7X9my}@zQ>+M}P4*=uS8|&As zqEi`ZF2aZ?w-gdVGFVq>}S`QtzW|k+hisstZU^I3_O0U_Ib!ckE$H-xo0a zv81|m;&kMcjGU`pHfv$9k}(KyVQ*ReT0m#5!nfqc@Vy0vNZur4AQh_VENicW+N*HC zd}GqO${m$)%!>}p5J%0yn$3s;NZU{i4!k{*V1C!VS%42a>rpt#p1zi^ z*goW?CI9v5vW<jt>>n4i*bB;IKQ!t#go0hY)3z$QI*B7l&J0ujp@rmndGo$%u~>ie;b z^7?w3nj1Q@0YAZW9DtDenA2`QwMx>hJx8P^4n8$s6Df~8!vmm5v!ch`>@53eZ+BJO^tnX)Aic=eb;*9 zmer0ou1M~~wV7Nf*SEVa3-H|ig`2#Bu-Q_?)28#`v_y3Fa?njHDZBc4;bw@K6|t`)bF@Rt(L!L@#1Z_jlSBN)rp%>a8D0jDgw-sT_4adK6x}_K1U5Vl1*fV1I7<~o? zLZwm`%HnON{4V)Vs8=X#Il&xuRWX|0hE@_RZ;%>T+;WbvP7S*waT&{bx(HjNx%zpn z2u(hezc-qLS@^M;01}A?I`KviTpi}$+%!1!37jjeNf~@_x;Pc#%bVB}I7m+$`Ap-u zVQ_({P@GmqR_*JD#INgL?Zw9i1{OoTZgNv@b_V(~hK;D)8J3fjHl%xZ+x@`NlJIo! z@$Bb8F?AROZ&n0}k*9qaNi^QeOH~Ce_l4}8FFGu&bN4P!yW7RZKbxfH78&T(+{Gq$ z+c?z@-)@=Cm}tIY*dCU2Mhj*__x1^IdwNB7lZoRx3_4;Izf#0I-bGo9fjRu4UbxWQ z>hSq0HL`o=eOhe6cTIgXk=ktVd=)%3h|e3j+b~^pa{Q%9Ww6QxVn_vm#Ne0%4T|gE zHy>KTAzzJmHcJol?K>0Wt!QNNHPaXB@9!v3G%UB@c&?@j6l5~l!8XDNpiK4V%O%k3 z6It<=`pX3VJMXSL)(xy3;7zGb+f((2h#4ri;()Oq1ufC7P~ff9uniIyt)D}si0v+k z4;GMBFvL|CA1-FW(|MW8?R^}H9VqkM`9)2QxCg@m-^P5q_-94$#OA9!kk7%Ew>&Gz zZ+3C@RM(2ay^crPjW*ZEvo+^22<|l;qXbjF^7haoK3*>;_1Pf1!ar&~GX`+1r(tQJ|2gHK3xx4pWO8wY=M5$o?*=^9JIr zfjmpzyl)`b`FM?UsA9>r>d{XEk(_M3x`qt0p!nYO9X-h_@#=%=BY)s}`YuSwQ*WUK zbNoc^aRLN67^K9s$~Efn86y~uGKKp+`>0QF@MHv>9)X+i)u6NU=m6xl!lJ?1XD|8C zvg)`(t%Xk0kigMO=kGbmoR(GZ;p{^P{V!DYClQ#&u&_mqrNgtCenJrsZdXE`7@#u~% za1VO~MyU3iMw!~o-(T9Q7ZsO@P_y!{?LbduAgU?0RHesfV{vf&N$`kEx!PwDx9IVa ztK>D?Jl_Vb(+C2VdS3`Cc!hCuc9R4oh9o^G?LnYlz|N>miEk#Fm>w*wyyFFvmtfF#7-<#HV?4d`YDL>1E$TgWf{ziaYtt z*5WQJ8iZVX1bE@!M*0?UmBPyK=BYln?t7mVyB*{yvL(Qp&$FQvHj$Eq%fl-(ulNXl zX|*cdB!`FTHh$nZ@T^Fv9sLp~%?Rp9Psbe-X}(BsooYhaqE%LcPiNjQxbH16m&R;u ztot0Ux)J>JFuu9obKOV&q1d}ISWmsSLELL+&&!71^ja8yvK#$wyyd1(s#;)}fsXEt z-19dd*q*?1s87KHS(fcqv!s}aZmRa-g(yhi)F_ovD{%*SI5NWfk>#JR^=W2us-+t|eUaQ{ROT98|g+hYa0J5o)GHKuJ0hZw} zsYiq2)wM&7wz){?>AV}zS}w3`0$`4z3v+Nfajy+x@NU+Aos`^6Me)5UuZr!KiV7|s zp4Fcot_Bpo6nDD_dXmRH6?W`7JNJuGQXy%?AcznAV160YwRsZRRK0NQ+xqk^PObnO2unhrMM4Hv>NBMG>$Y$bq$;SN5C z>kqCzXX0LG6OvW%x@-1%u=>V_`L$Uv=$`;GwO^#r$OlEQ6%#>)Vt;8Fp_sfn^Q1g5 z;M_<>`vn|6HaWowbLy4eK=8H#%6h>CCMEkk^_E!b#plbsAEmHG3{*u9S2d)Gj{-oG zAHJ9Jy2(VW`HpPj?rdZ>;EH8P=Ryy}UM{ZseZUn4@x9pRveX5~RHsxh`yldLSS#+Q zvG1J=G5{TAc{%aypq<^A6!#p|RYdakS%bjNa+DWcVcSCKTMRD)F9&5o_c&o(+AE}_ z9!xQ8A?VugJ1*Mlg)_X<`~Ky_MG8W{MxcborJ zq{%<|l>1n@3jm`8q0Aw^!biAAZ$1rq^R27>>OWae+IRbkLTb$|v+x$t(yew*51AX& zUYuCbj5w-ieHc#L!-y$r^+wUz(-nOul<;Qrcj77^Vtqf@)33!N{bqMlH*-?a#pg_D zaG!i7H?8v;CE%6eek!T!2_8H>R~rlQH(^h5>&Y1&794hiM%+G~QR9sY-**wOy&sj#kf@9l{wo?`c)SmRsLxhCeA>yqO&D5I6f#(GBbp>@R^1+EM4PQ18JH*SMm zBww>6Q~E3^jVK05VXJ}i89sD9?Sc*ZlDLZKT)JyBTl^U*p~ILH$Z59gi%XPW*_>5 zHQ=B!Bb?n`MxWT)^4C*eBvIG(pLNL=&BrP-JB){X z|1Lfi?4}(|FxIixrV@ppE${mgD|gA*L9Y)JHE-L@l3z-kzo~mYWGGy-{-yZr=RIEB z`_{PF^%8SG&~3-p8z1o+9AdDmqQW#15va?qPu%nSIxlKR6I26>3;OCeLPpi^SvlC` zU2k{0r%|3~Q{frR)~{W1FS0Z;o5h;ihL*4Xoc`c+7PL{*GKD-myF+#P;mF=Q{zmq= zH|@z7&mQ~228}C9qh1^P4E&6srFD>^2nSwJE?i!0OK7!?2n?)!_mlkh#7g0C7QTgl zTD3C$r9ny}9~vKC-Zlyxl%5z~Q6p&o0S|brDOCTR?u|ce)9gKLIqu)@gQhHVEI+2T z)rT0q*xhw~lD4g_J4-zOB>`(SBmQ+W@=)+uEb%Q~u!B$Y(>$74HYx}}2bGWh6uo&r zq%{jN=tB2N=ll6m0204X%Cb-30A%6!FH@FM_E_y8dKpvQoU?6Pkz@EPzI4TDFOxeY zFA&3RN=E;wO*SaS({^U)Fv-Vm;lw1EPb`bgHuHuo+!7N8GXQ^ach~mVT8G$$%dDh6 zf#GO)cJB^`I7oCYS@<^0op51isHj2^NM-i%KR|av1@ZCayU@(Ukd^G=H6>n<45ldx z;39N2BF;`HUvq=e_-X6fa*Lpn23dyqf=02iqllsR$lJy z@F2>;lyzWAobu3-(DcH`#OwHZv)Uvkq+~4bT{|ky9^XGA=jYUszu` zbjF#OV078C9K8#BvunMjo!gD14cS4oN|}T`s0UPjc2sR#goNO669LoL_@dh4ZFl`b z+Yy4VKzZ~goaefOb(jZAHZRxKzI-p7!Sm3=D~h`4kc%02(qog3(u(-E>glIyX~;`) zg*O&&1AP3qG~J7G3nT&GcdN%wCh zTK!^f*RURz(pdE*GVZDAeE6q}N6`|A`x$xFrlVZ znxL8&#wMLz>&%iSEvm3TAQP}B&8+vDS#MFqsm6_cV-4h~V0eDw=9Nd~QnTa30@ zW^l0Mc;!DfhN@)(5f|@h3y?GoA^Q1bH?h;7+BEF5LePri>G!6J z+JR>)GAjJt<;*?xclUL`4?&_)A>E{)U@P7qW;9MQm=#`m(K~?wz%2*~%D)g&aQ9$) zxj9qtTCV9mcT?EAtwe5_TZwA@nUI`3H$TtYQtfO6OI@B=vC-1*fx}Z8NZM$tf?GUL zP{<*W>ERmP>wiHYyh0{hVw2AS^fAA6rUYaX;$$}AbY*}F;PrcHA*8z{cCkK%| zWzSdpriEB?N53?cu!YwbpPxP7tI9Wug9&wlWA)X>K`6}fQN!K^V*ipgw-UO=OSUF!r%2ZIKf%3K@l(mX#x@K;-*`H=2=Or=*>%HJn z0q`zbl=u$rFg^;P2me-u!A?OmNb82>`&+D=@GGGiSAV=S51mtKNl0ADc32HO>!omm z80$CM&X`ku#nQhHMRLW@L9xeD>o;rnG?`gXP!*ER^L*F78iw%l4HQX1BpR&U3=55% zfv3&1f`N^lCB;mQrZ^>uCaaB81IdZ&yTujt#g!ivS;?N!G}O4gv*Y+NVc=m~&^0g+ z&QDU>BVVNKCg0EKvJWHnG`8hZJpK7nsi&?3{gJvxGDlM;zOt^ulo4U76=OCbU8(DQCy*l%Ea@MN&u*r!WH7cX2d}~Xl zHoiKguIQ}tDbzbAmODtGB58U>cf18zih=f8HfJRCObaMV zL(`IXT=*(+sHu2tuXR?a6FOh#sRPE+wDZ&=dW{~OST!)QxtgW*vG~#bG+?QrwysYhcr7o5h3S}^CN#DmmD$a)&QnpYU2qbis=$lepOWKF zO7y`XR}DygW)@uSTGwg>I|E*3P!P5IbhmEwi>Al3x2YZlJ*leGZ_}HEzo|1MHoc26 zi_s?5LM_sFaD{xjq9a@?@h4+309}KH{uOhi0X|boBNh4W>Pl!eoo41dpnV zszpnmAA02ZyzUhgL_4dh5dMC3_Z{wj!{=-8&f(3IVheCu`8K%G)}Yj{SNf+7&x0NS z?lO@wNsm5)D(MEy%`T;eI-#Ci370tZTLcbS`8pAS=d~;-gq^Mv$oFga{BdcJNTWT= ze#Lx~npgvM%PV-CKg04E0-;S29KOmFscNicYc$(^MbRgI1UH%aFLnPuMy=}Va)aqF zn!?`CSOu&%z>d^#8x&r_@6|=9`P#dIvUso5PV8{LTCL4E5zBKKehb!&O%|&&2cE)i zFAQH$eqjL4Au&rR2VAeUC-}@44B3mjeLOeRTXzD^Ix7S6jG}1YumBK)1ULLE;3>Fj zq?=!Nn73VSh%eUwrhsD|H2JZ=*n7Pnb~zf-YT(f&oEJ#q0X#GbGuJ$Zq!(4fUaj|z zG*At8T~Z0Jwmna9_Xz%u(f+p^_-0APiET322Y%t>ZCHPde(NoQQL%5IDJS=DA3=Gb zbG2U1JX0k6R+q;;zt9Zgpl_*Li`Dm5#ptGH_VK7Zcs85pojcwk&Avk(Pf($kYr`kN z`nh$@;t7qaH8ZK-j_nSX8Nn_g$wzm*Z8Md)T}x^JgQr<{sB5buf4s}H2&(g>fbXnO z?XT}>2phfHAItaA8MjX?$eGdrj=;5?^-w!wyy%8IpTmvJF_hcRH>z?=){+q^|)r(xhwu(g`rP?Zx;^N$<@jjH+s z=f&*7H_O;ORe#_B?hY~(B&loP{BCoPp3l^$o}XwfqSf_nkzyAHa6Ze}BVYNpPvE8w zI=&LS7F8H{GprpPlhwFKYP}9v2d57kg`4z&L+ElTa<;~aopxF%u#tbhbQ^Hhyk9QR^d8qY$8kVUw68s zGP=M(zGCWP*c_`2C>|sLPv!J>)cU`~{OAVd%_HWDyH6wI!7m}w5(?tQqJ|&;KW&!B AAOHXW diff --git a/nitrokeys/features/openpgp-card/images/gpa/4.png b/nitrokeys/features/openpgp-card/images/gpa/4.png index 0d1e0c18d11b199fa61c41a30a19f149e32020b2..997bb2aaa6d0f9297a5a5d8a3ef17777491d069e 100644 GIT binary patch literal 44610 zcmb@tWmsInwk--FNbul6gA?4{HMj+Lch|;)JHZ_S1h?Q0!QI_m8@C1;xt+bwKKI;r z&wl6qc>R6d{dKRkYE{iSSJfP2j*3uHkU~MkM}&fcLXrL|t^x%GeGPfrBEUiZ;d*6si#g-A-V zypE2MzX<~F%hv9vU#OaQ@=Z=m6qpi$^%UiS!RVq0q#48}k3s{nM5}2|2&BR2J!s|X zmByg+bv!pcc;Q7i_tT~6A)^m}kKpbuVQB15ALC0`YWwysm&fvKjSjcU5 zCd>IPG~_CQt@^ujUPeZw>QU+WfufAjGWqL2Hz*ox;)YFocCUV0^?G$`KTv{E&35Ma zf6{2iz;zX$gh1@HO^{o>;5Ht#Z29YVN%(;|U0AZ{7?5+OQ!p`IBN0q}f#cgI zedl=|Psk|pOSPKp*T49CTx`4~>7JB-B$s6Ne|?@ME{~Z#eorf3d9hRzl$DhgiK{zX zm)51L)HmJhjc`{_Ig)=Zy=SN%;!*Ut24>zn9W-TC%liJ;`TkVvZ64HYY_mWUxBbej zYcynRRiGMnThECNE;hSF zc1y}yo7Jmyk5zRCPKf8+vN2(QX#7mjFf;=hW$RT|_uI2#&}5a@(^Pm4tMSGZnsQJz*O? z+eAW6r*(@{dZ_d`NRkE07!U^`O#hLQk(qLP**mdFPDepyjr*ioGcB&47g~g?+G{H&90e9A_l$c@8e6$<}RloaMq0xhl0fg z7X)1}9bT4_(_CIQ5)oZ_6scWorua8}mAlG1tUI1_j^To~>yKR$rvnCeMKsE@lW`$! zh{Ke9-Batj;lx9p?-WtS`leRdoSFHzb^M%snnI0A4Zq)vP05&lPu(s3x_9R$%LDPA zC_CX}z78b7EqfHwwKtzeQwAc%{>HoCS7~{ey=dLPhh`|^|9VVTZs~e7nr(hZrpsY*^_FD}bHZ9U}L>SNDpe7?j zEU^A_=CteF;@FnWt;^_car&8?Cg})=1urIa09EgA*Ii>c8>+1E;n9fp{^Y?>3^b9~ z$m>MIAw53A67u+jNBes7_&hN4@bF+^r~U-E8tXI;n6lUUF5<)z^92@J#bEoLMK0bb zIlnjB{&?#JK&u*vg`cQQn<&(T7$U+ZNnBr7rSD!(r)CvKTJ~I2U!S<^{4qIe&DK?~ z7YAMV>sJJ5cRq+q_27$VrQO|8j}RHiOlZD*F+Z$cC7?_PO0+%NuE;+ZUH~Y>CD0dG zBN%aG4yId#oYrQywzGPjA9t>2f{C2wF|P5A6RVK*&sAH;N8b9~kA^S78^-bgcs0NE zeixp-(x(jyd%ctx{U_u5jvW0bPoR^J&J;TKM^S`L_J_IFA}iC=m*iiKM9OL~d>-e2 z4B0UVF#?xOdkmS4nM-IQ1FL|Z{P@Ii@bWiXSDudCS==&&X_e}>yr%*`M2s^VQE<9U zCUpl;+H#rV)cn}Pf-<}I?gnA-yzU-vd2pFX>)rO#W4f-AP$Q?KOKWzm4EwdbH90^Z z88^QTl`&lub?lrG@%Y?6w5=^(=&!sj$i^Gu5QUb?%f8K4(VbTO| zSf^E^O}}KT4tYRvqF~GCLj^uVwXMgFoA;VGe8j^GU$)Ns^$Ra*ICAie^k&Eb1+$$l zsA(XT`sx7L=ahWmLO^a|8@bWv1yxnjqd;rE`ds$DZfkq=c!f7%=$ET~dR_86qD#W< zs4&LEz}U(NQ^ft_2WifL|x=)CI}(}ik6j_3F2t5xBJ8MuoqFq;mJK!pH(YbNQwj#T{XCIw zq{LGOYK~z#`L}jWUt?1NUeY*+N4VUg2+-`8pB^K!Fg@90aN-%3JG`l(p*iUx>qO$G zg6@F4(|4R|%EHP@Sg;bxEJw7GLC~q)Av?|mWwgXiVLJ)Nr;WnS&UH0fFqRt?k6JOC zEr%u>>$*=DzkwTu3wke>MNscQu3O=Gc+h$qT@8ayy|x|J)N_szn{KYen&Q_yctG{T z7KdeSgpG{_Hk&w0k*u0+er&mKF7Ns795k<#Sd*(K-|h-^(rs;}eGoijHE5|{5nQAU zhG&J6>`XVE&7-vrJl0P-eEMZv2k*sCH-}lEC<7n*(2*P6gFh+epe`;6MgZt@rgA@$ zVfv(8zlZfkbYXETB|XlNIC9=VS@R_U?u6Xdm}BS3}VA zyV;jMwLoH>m{%CM8#Y&rm$wpsCO zRw_!$po6-Fm4p%C*+8kCuk_B(jo)Wn{K>6S-M`50=)XtXecW&3et5x3fL@xI8E-in zScrbvtUg`8#yzd{nprwP72LdMv*`kaznEzvsDBzU@q`D&b8jeeS8Yzcy8X|V2ml5bL6OxGa0lc zetCG0J~0HFsnztX)93?2{~&yRsCa$PSPbH|Yt604`54@A+86HsrjIXmX!B`h1gzWA zvAQmIVi(v^=jps1e_}xdNt_6$3?uldnc&MQq2dm@j~$I!)0JXq%kuLJ3cTxUFSAU(qJgks|`z46C!l#=dBOSRIh z_70)M55lzMZ!78MRD48L%@H}~Z#(>}`-{Jx?uSW1izLfv!Z1df)%K@!=*M){uaNktbZ0&UCQY<)J3WFU!|_ zzg+XQu((Tm;{xj&Xtv#YRjPZV5xx@oa?1A7mtVjRe^M@UpuW_@`4KSe>Oi3BjZuvj zO2g=V%DMBsmycj?&;^p5H^F6UGs(AqZ(f^-Ja*E9j;qSE;q_X6&;%&9SetT@e4COb|m)zvA<(n;9tsq2!8*x)|B=1 zRC<%1>_A%NB6lprwIS6-?0Y1%gW}H9-Zi^s#ILCL3DNZCD!fXU`PMoV?L^)=ll}D? z)U>4T>Rug2VH% z1axGX5qmzJ_YA(CaTuL;LxF{jI}rI^OSduk#DkyGXySQMd;tLGj5hxiL+*wXM)_rS z^7-}kVcfO;Nj;Y1Ok~6Ngmnd$&a_H@WO4!M`52G&2E#hQ0s(1q#7W|8LC~_MyrA|w zR@_WztiT=^?t;wa9OXyzmGx(O&}~dVT-H)o6hkJO(%$Gr%ba6qXJcR-aa)4DU4>~C zI7Lk-HlONte+BGN=(4i&mN?F;xJf$xZChg<=DG#FdxQhX(yp53K! z6p}?M+A z@(9abR&bV+XLTQv0dr%ba5mW2X*=-}1w^8HuHmUj6Wml02*SqYPM-ZRp2rY^@9Kq&xxgSh*#gMz&T2} z+jdRD5GuIoD5`r6LrNNllCqyW3r>y-C2BfoeB+%&gHqBBiZ?6jNA#JP9b?@4Kf;lb zh!If{CN~Q)!C?~UpNIhqCx5f{EINE2YXJ(1q?fL<-fc(2x)mB)+MWV}OPVjI8%PQ}BVP@Yf^#pjYm#YThoms%KMDXnj0;R?7{AbV@akzGAVwTc#rx#zz$q&wq3jiu z;C$Kj}Ea zDt*INgO&&heD(=^7o?;HNg~1rcL$6coo|*B(kIi4nmGiHut9tB%4 z9XxH?W6NQ}nLf>q64X5uaY`>LCR(#>yTL^dG1oIRhbLLs3^*VD{d*N9rGRDIcM>9M zSnpt9oOrWKA|X(KR`$qTCQ{at7(a5^bl~jDP)W_T(ltJLXsBeMBoKlmofMRC{ThEN za}s{S5%Cl8J8s=G%caJW$dfQdiZwG!_QS2hXU0R`+dII(Um=7TXZHBd?)1?3Xuo-l z(TnQFdr3$*&=jH)_?Z>hF4?2?nX)UX=mwVIE2+VLgZ2JNB<1uWL%p>&RK1ZlLqzS1 zLB!gbdw~^k1{a!5($Zh3=^{}eSDA{0f>N-g96f9)T&)?WO-WCdRe?!8g`M3K`0n&O zbfLqPtcIvdi(W~YsH4(Xa!Dr0=-E3Z<@ZGHKkM34)5!EIPU|vK!_5o3yK_pwO6=|J z8M0iLMBE_8-{r(*Q)kahxVt>ohQve;)&(Hc26JuJkc(Jw{hoIZ5)e{2kYp%Vq&?Jq1Dq zY6yJ?F>KU)ZiTpg`UwA}UR@b0nhFzge^cU#zO#G72F+;>qVoCZSh%C-SFrN+&5aXJ zcD>yyPT?)9$KS|RtenQ=5f(A}C{zXhzO=-xlBoK{DJh`pBL<-i1jiF?ld+6fYj9DSpuZBc4+>CVk3!l#DZc`$RW zU3bhJlQP!0R*`UU-&q~ZTemFd>G|FpWWnwj%;9tejuk5*Vk|H)#v2c`I~6}BK$=k4`o zp4#L#4TR?6&~@aPu6uOVB!sab>8^Q_#ONib%`Q!Ksk?}Y3P0fwk*7@FY)zW}@F7|| zAqMqGf)DWa-N;qmQbbb@@z}(?mbTosr_xgZjdIYjf2TbW7OTSan-Bc?bIs9h^GMMt zW0qiUakXNxstVmso8EZhXl#nYcCx@GXc+`>H{~66a{ATPjAUWQ0@WP*+j&3}&NY^r zou;E$09pJ)yrY#vib)%i5 z{mPePP0*3Is!HuWy=j?!k3b*;#U9)FhTGG-+hS#=rFckx(8@Wy*4Eg(QFM3PGv4lW zBS9h6^wVv>^Cpi$ao_N8)x%jU&Rsl23O#-*#t6-SsEVv(=dpuCey^6X@&gitRwyF( zb?^%_C#0U(bg%;=i8*-#8RK9y=GF(xtpBE_UP-m1>Yh! zmG8(0i$R|FArQ%$qOLBoNOw0RF)*y!zb_{p&xp^?o(-6u7yhsx83M2AY(kN83pgF; z9moT~An@)>NbWEaNG(<L@`b5a%{vDoKDuZ%c?gX<4X+?!O_(5Qz6g%=`E+!D7|g4J%-k zC&n0D^h0A^=uemn#C(^&yHkrxtYlI!8V9I89JN(@zKj@e;3;o-Y^=1>qJ*_!YY4nJ zs8{HWj=W_Guhn|vUG*>}LFJ60wY;29hPQ)Y{MMS|-J&+PsyZ2%)n3es!5%66tkLng zZl(tbT%Y0%uZW`zUhw<=0Bq7yY>RePf!qmh(YtL1d8y-@owtR)S+?G8IDmqKI#Ti= zY!LkQ1s{pgv6J^5%lijS^Zl3OSaF3M>p3MZZ!LqaXBxW1bMuKECQma>Vh2Uf;KD)Q zC5N&yHwL&SVqjkDye7BgZ{e!40*XVK?W+36sJ@QAv<>=#H5j zcyiOd%1o}+cld8SuwW8mV)lLyf@jH)+cQ1HSm4KMTUSt4{`mL^*gHH-)X)@GUtozP zuV8WYw#v{*I+`Qdm{kdEBMQs*-|Qnc~_OIchmd34md3T zN6(xVSaajhZDYw9^X*i#>1>5Dz0Vg$25rPHRA@x3+ThQaM-$sQ3jx&kpkijHuLP%v zmawCMycE3Gk4fw1hVNqTAs(nUBUORu=N#+0I#ZvhmhG%iP}%l^hP^Tr@GwX zTpEY0zb3gF1cjOhjm`b6wldxnELxxeWrP)a|VWpZ*8vL8`zEQ#~#Ub zZV>ixcw`S=_uKI7oQHdlgZ3!a#I==P)))WGxskEi0~L|56G;5h!#dl4XkFM_oa%jQ zXxuOC731MRB*?b+{h_e$KQPGll3thvS`uX?mLX^HW|F$22`%<0w5#}FZ1R<6vtb0Y zkT3CVUFiFV&AXijCWEcWv>B{IGlt4VzsgwmIavdDfxF(srZmQm`dhcW-Xh0~084sd zaMy<9lPacW<6yTzt2$;-oSFJY?lVu>inpTKKyWv^#?RH>M8KO6sLnPnD6cj3O#Rq~ zq5Qx%X{T4P-&uy}T?~yH@vO5tb7jtI6Rqm0lBBC=!lK~HFu7Is?<1b)hYhZy5l|9i?88>s=RIx01Kgun+9Ws zElEiQb8-Z{5|Yy9hCYHtP>SCkpqtMy33~pOYg}(M%^-bL%KU&N7|6!lqrs;`n)fj6$5~i*zwl*P)yevjsK? zZ)?s0x=eOwWJ#(TpQncOK{#=O_e?nUL%)7LzbBtkNI^ zn*=&qr2aRyr_x)XJOn zw6tuwIolg*rhMM6;ivzj(A*--y%5Aj{Clls2xt#}oX z7d0#h=OY6`Ej%W{dgQPof5>o&VMB%^_xj!e&h=6sd_+t{zdhQ|=4QOi%F?wWHPZS; zZn$zT)&_#J>?Z=3CrW)vA#Z>m%+ECDa_R!*Z){WzMMwCp0x(D1%>oj$8nu9Rb5_i% zUoOC#qs?cYl;>x*SR(aS0rZQDt6u+BP@~`(L(Asn6pG>{5XIrLzwMYp;{C3^FI#DW zuBYptmG68);E=p>oEpa~6&!_*KP-8!?kEm6LJ?U{At@q;(tOw=gy`^#4 zG4}%5@kiZUKlt~}1eaLim&9%!6wW5I&I==Efob=3=XWa;F(uP%d4s#%`_9|0ybxZX zd7W{9B?F`SUs`~ePZFzrjaXQ`5%!-(mz2p7>Q^CWac3*6ozD>TvwspfWV3J1zAzu( zuk>)AHs5QYNcJ6LlkzA^PUwy_xTftKb$)FOb>lJm)mT%2CmN3Wy?yhBjuFe*?99;L z$c`^GENIhV&$FMvZ#OL0CE^H6$}JbSqu(&%SSJ68PIl2E*Bv^X=iX-p-~Ia0L#n*v z$MEV+QHoWcQ@|a(qW=2M(ApnC3x+$JsrzqM3;P&5vGm5T&vwBep}2!a^p#j*1x=79qpqkqDIZ}IgpU+>c6<^J01ba!M_^GSyRHjFtr zHzFbS%RvKEIo37!F_jKF}!MfEnY zrJPxxJ@TB?%n8g|M0ca&(Y3lf$+E13FAz_F3gCv(|QHrd0?&)}&V-GiQ@DDNv+(=$2eLvO&<{$kys=G#N|2!k*=@hOjF_Ykva0 zFAggmnrdub-sQBP0a#TW4pY9-rD@L;8*r~4KBqD~;%mRU9|&FH^R?SfcU-*9+Mdzd1F$1DzLF#wEK37sQ)~e-!;>A8T$%Tms}5b)yE6{l zB?Hr?X8Q&qcvdWXTCbpL!HRT8STsK^FIe9WP&sKZrxO(_qe1t=mwMdgGF8gx!D6Y^JZ82}7q$iZXb}T7)CoHZXab1=bGxVBSFG`Y`9b#}tM- z6yT16*M3cSpSi>>WRFadXD7dbu!}{S%?Pw~sUkXQybR1LwvPREimtXd58vnEIXK-L?Q2 zU8lM$ls(aT64TXyFNE$%cdU{`2k%WEunDjMs+NB2^}OoeCIp<2C9HVt?}Rn7Se_&Y zr*foP*Cp0D!|jIN|8hwcjP?}BwbA#_bh=WbGbOt()6jg-mBNW>i!9yD5-tb%q2z=5 zq&_9w5T?2+6zRo9RM6c+y!N;#DA=#$T4c7MRJEA7`q;9r4VrEx6gwfMGFZvWFqjJb zUJ@lWU1-T91q07oyE+W)?1(v@1(dgSot<8!+2V~{RhW3mSRWUb>G&_tc*ZOF!E<%& zZ0?UFHs;gFGk#BM}3}1fU{AA z5QtLAhvzOQ+?z?5ZZWR7k6Q3rLKcX*OOjX1O47U*;w!2MqzX<7l-EMPdgj+Q?(kDM zfx{2D7u)Rvk8V9AVfDojUS%gML;J7tAlPBVrD;qC5kgV?7deAp(TMuXZB&^>iDh*K-1SHPxl!%$G>>i#Dki4E3?Kfyw&;xfWx*- zghPB)8d-D>&0yeo8E@1-^ktWRP8s8oN4k3n4CvH;A=+fj9^4a@^1NvTrZ;x3v{5U0 z=@ek32)rjAD7*kgY%^mU$I}~#m~d4CGU-|IjL7kfC}F{-y2DL)E3zm z$uTXDKevU>eBn$unv+exl{gqy)bV4~MKeUOmrwzt{&MXIubDM>^j#83q32U_ss_?l zQ$6HoN>AqW?&g|4d6JmI^KEt}j(XLT)A9#~2iqfiKZv@rC(2NATafnzYk^EPKq{U*JO<7lC(T7Z*lXPE)fP|} z*V|OO*tu1hWvQ0{1$~QF?M`+FQ+b~hF={<4!%)sbD8f=JT89es}+b%L|W`($!76Ql(t+=9;NOa3ZB|; zZ{b}8T7S*h^;qb*L3?$f2qyN`QPXm0#po9WXBM%xn-a(QJN^knlDBnjy%QNg<;{(~ zy83lXG!}Izm%1WDk5`vo9(*cuTgZIwzZE^Lhg}~@N_a&j;*ccOvE}IK)fp;VM zaUg-G`IAxxxV>{$+G53>qyGr$>9g!g0TorM}l|1krVm?_#*!_uGzfy*?}C!Y?UV4L$3`R%d>LZ>$F z`U7ug47hk4*QacJ`5LiL)7uD0f-4b_$!2>H)G4A!A~9($lMPhCd;@h4EOXIR%8Gnj1)uKYSp7~C*On{w)Bb@t zSY&G?r$+RLy7`+nkrq>Doaj4KIJfuxxej~0&2Pp6%xO#)@j_PGg)lFy6mu25dUs%3nseTHwG@{!Q&LLRbW+0@9clsiN z{h@#3ifrW*E@0VS&0@w~rjq5U2VjW_|JBq~`>TY&SWU+f@e`pA2shuOAt!-(Qc|un z*@~i7mcUwHb|Ce&qAcb04rlh#6VA1P*?$=Iy4B7?O@tPciDW3JNytL>d_T#@Envt` zAiUxn!6f?Mp(LM@sNAS7a2FcqK&O-S+Y>L9aVwQd&1)EG^xoX(SUVo!szp$kl4hKp zPgw@&*z0%|5|a}pcIDI&?fNu$49Sx}u)ax1&ED}c>Q)<`a%8{BUr0L&yBHhmpqtXt zbu6IWQDI05P8b-p#FpL+vXrK1ocvoXL))156Q6Fd;-`{!^^A~w+PqAI`gqzm|BGaQ zIJ?7@Gl2mwcTVH$N;zzofWm=!d|%*XnRV2XI$3y^o#f?MtmLWz;-m|;Qf0&W zYQrCInm%s4@n@`R$8V@v+^vB$_11E_iELhXCh-Kql}iU7PG2~D1U#?@q9msUe#N@6 z1fvtZ19Tl~^qq{XbiazO54L8Nb%SE8A8_jaiKrwB{r`oi*qAOr+ENDhi@c|^ceQ#M z4-chcZ2;^edyT|3P&9>*_a2%}(QmlO6o(Xf8?D zUky%ZNU7&!lLgAZ@7~g$M-;62_se^xj1fH0XbsPIFRo?tV)g5T0E(TX-!l-oaaXD` z@al1bTKt>8!-6&@bvEry7N21G0joErzcwZqO4XR=%EHphqVkAO07Wlasa_c-;3+yw zE)qXrzD}2VTFtbPp$;mOc29h>EH_hqN^eviC5)6Cna!(sQ3bQh@R0rc#RkTrl-pz6 ziF=+mGuh72l&RNJ*+lv|a0COS(j}4I)wxi)pX7t+uS2ef)o@NusH{zv+Flz*ps9!O8{* zOg0MvRsLO0Z3j+fLwCEPX~jC*x7-qzbVuS1YJKmx5me{-bKk!u-;T^`5U)CyLixbao1mW1YDkfQpHF4Mh3Op|M1E?m+Xl#U z@E0Ti!Hfgh;z*ofpz5E#VjUfu-rv8U&9AWxD z#j?_Shpn}0u}|ZIo&#MRSdgm+$s?Y1opEro-o)bXKSK2SU&-EPA*G$iW}g!+28e)H z-1mq0IW7~@LaKZa$kz{=X`MYFX+c@MSbyXf6D!@s=ezvu_P0OGtyJ}&>8V0)S=h9a z_lpK#4@b|Fex;t8zv_t{V-Wzf(;FDQ42WmzE^bbTToZP8zWO`i7FQH$+-LmX`BLHR zBS*5biJn3y^-E#lSmzyv3WW0{X8-Qtj{Av4XKfS3 zLxfwUs?)KY?#S}tkPh=L-=EN5OO9KJNy5>cqwQ^a2=>hE;vX&3cU?H!zp)1D9Qcf% zOy(3_bRRaKtZ)rG&i~$O@2DTEWD*(~`PG(Q_kg7TDP?dKb7bV!YTEn%C@frj-MekG z;9VAU!J*t0GJUC9uSg^8_LtoJlliIYWVBfz+QGVFbeOfN^NCx?)h`W%^AgrZp2F(X z#}M5Hrqf=(f_nqI;;%O;95$xow9 z>g>&n;JCtKnHYX$nsV%6Zu~Nx$5Sd@FOYLza?=taWqiHI3i-)+xs)RbAKC-mpPTiQFwhSeE+)qiKUs8U}cpvLfWo6BT?9K>C1rO>lFX)OQ?dJ;Y zVTXI1f7Hg}*ndBD@xMH|LrkvG(61~H#sUm&*5x#0qA8OVA45b1r29(~9=G*=aZtbS zQW;_hV=b|&*4w9=gmPoR-}iTS@h^HJTqq$yWcf}-Wfn@Qc#{@s`|l1T`Q)b-clm$q z22hE$AetRjoHVokhZ-NBwrGKX=WpnVWlC zsY|zMkpp+GhW}c3j$PdmfhJo2!s0{uxE1&-yIq?>|1UHTm0zhsB+|D-*n7FxPu#Ef z!^-^Fu-KR5OPu0*4Z-bo*fy#jMK8 zRei^w4Vs;ehE)5d9e$i;+Yx6m!q!O(CS>jHfQZ7B_|_!4`j|83OQQ#DHDFCH4j-;t zkbYwk8=tL70WKSX$~zh?l{$CTVgKYE(0l`LY*7fSG*~5pioOknx6)=ah;D|KDPOe@ zCtRx@m|}i8vdJvhf7?97y_}JU`D#TZ;d)Xi_e6$?`{=__i<{WQv;3;*k>5j(AlsVA zArSyXpvxhU_mUwr+OGWCVfxPDEh`ERTUF0D*EiQfswj~VSL*4;;KpmebX~hiM`l!S z(#B-gYLPWE7^!N1cv5gH6u+31=+pAu8G^{n|W|z?7Vdr#r2XMlj_`lafHO>}|>N}VJBo$(18ixLN z8C~P$`_3JI5@9cP6kRqS&c9>~CAM`9w^v`r)5nW@cksBu2(j~A33$ZHPWNTt8A-L( zhWsu30Ryd@Bg(dP|3xL^0LMHy-FjyYc35FM+4U z8G$pcu96i0p<7V2d4R)5^J_9gaoYdJP)u3LH}G)*fS4(xV6QN#KXMfOUXo$BD751a zO&SBx;Zl1xueBGGF&P?-tiDDv)OFzlDMz0nXElXd4V&`{HpG%^4RUvavAtliYFpgo$6A4pNA;|iVWZsU(fVA$7U2#cy2fpqSHoOJHT3g-egp{P37O+vm`w9dofpA zul6i9Yi=8CXgv2>QgG(j=Qs$@)phS~yR>TT8R*^|-Z_n)8}%V|DLJp$VE<1XMnXgA zQ}ETeZ>kG8_2U}rp^du#J-aWO;Go)Kr?h1MbV28d1=%?h*VOhpB*3;b9l|N79aM`6;Jnai~wf8>8CG70eBn~4POe9_=aR#sF zegs^=KQ}v(197^#^?Y>%q@O-J;|tUZ8f~QHUyF1{IBc31 z8lmrcg*a;`zx{!v|MG)1585kP*F=C-)rn`(F!}8b=xI%4==wLH-LJYFGjGEAlp-^R z{o@wi-OaR#w9a9Q`m>RJOaoKVBj*j>Y#pa9Btrg>2(cAIu8iNSG4rT18I3@m+BA*M zTGpMy;+85Y47G!`X<)%!kMCa06l*@H+Q6#P z9{t!9C1%q}O>Km3B|=?LrAwmI?X3TAa79!V_Vv%(`vS z*c0RFU2PvGv1qpkS_#$%{eMjVe03jO_?;{+_DhH*K(|%(F)^g14B0jVx-!67p~uCt z&OtG~l^GqL?g;u#`J>~GNG>Vy(X|;Eh6bTp?iOW<)=~aa9Z^2!G4_{~J)6{&=GbP^;urXT= zwp6a&=d<_5YZgOGs_OMTG#U8r^9(}ajZ5*u;QwZnc3A$Ar@Gj#8-(YmPu{T&Fq?|A zsv5kcWhe5+tKX7e_!dw3-@^ve2+nP)h}F&i@g@md$l4ltSdi?DPCWT1J9bF_pY?dR z=#J-J`^U}kmdl)Fezu>V5SKY5^EfXi`@C0X50?)gUr($WBu{zULxLz+87WKh1x|^W z^0S?kk8kvM7;QVg3ut4Yxgk|<+aAm{-r5N<*bV-v1>t4(V^~M#>43Lt?ePAU@)BEa zo20)ID$?6k8`&-{%bhRBz>0;jdJgUD3bb=o+Pxx2J`tn6Hk!%vX(nG)hR*swL+N_7 zkFK-}-j3?@tO7G!=6CgI^}22kKS#8qj&zZul|2O`35#&x(+ZUQ{8?~3?>{le!9^@a zowNBnsfHzV)?jM|r6di8UVozMdDY(TcFn=_D3to)E|lwGXWcb{EYPXCGks2(k$)Zs zS9q}d>`O*x!Z?sKG2M|eTPIiQ?O?KI?=aWt^!Lo!_XnA_Vx~JD?>iXs=^%&CfRRz3 z-zH==VFy>)E4e)DvWdSo?=-NI%95uAJVykfJkNH$R8!qym6)|@b35otWUN*f7~Ek^ zs*j%?yc7drGB7b$1Aksa3Q=vN;ypuyk3hOb7PnV!D!_X5hdS*q*7MP&rw$HIskXQ3 z52bd;tA1sM>>Acm5)#VMnsk#kbchi30g2fY$9W}D^G%%rUaR#-BwQx5?K!%%`)6)J zoqIG!+XLWG$;H){g-$C7{0)^R_#S`I@J{l;$3Obv<>GhCena~YtgLhl;()QElj|(%wKcNR|3GKKSbMSk7j)9b?XT0@n#HWLy3|2Mr{P^0k-vVE&fpRX>6NRT zbdi|P9E3NP4JYjYTy`^_`dsB!@GIYVT>fvGj^!UT-LXz)rb%l;$?M3>-ExC|y~fp3 z-S6BSr*w|H;{UGVfB*7g!DenSa!FnF^X3!R+Jr~l!Sw=Pn?< zy>{FrZKYjp3+i22i516FlR;smB657zU%{RFdmZYt+Ws&$?K(P_peH+V%F!Q`Z}LN9 z`{IYk8pwivY6Sa7y6mrW9Z`&^%MD_=Dw&WLwH?Soa0MFh2MCt z>n$6{R))@WsY?@ethW^}|5y{^5e=;g97ePNl83}}G(C>0dNvumQ2E-OGZCNDF&eVA zLRNYFNK^Pcs$3XPxt&z__$#p6DVPd9l~zO5oz?m}{F%lS$1V2nypWIVtM57HGsC~` zX_Hd}LDH^vi#d&tx$f`j=S(H)J}?9oODPVknT@{6a1SsDJVEa?gsRNs zDAv39aw=C68>Gb|-zzhI+-^%fOAyRfSk848W>-9O`K4WN7_Ux7LQL3tIfPR7-Pg2r z9BK>275V1C&D(R$60eV{d5nHB$lZTn{EH(4f@x!Tw-7YhK?CaZ#sm>x&N^R1_WeHi z2>nUL(F@|SzkzLYNA4F%l;G7qNev=aKYN;{Iimv6di<}p(x+;O(@ z@a?P^v1+_fPYYg{ed*uY)oA$mllgVdK2ZJLl~&q_esuO;3^c9zPNDgOe_M9Myy(&K zPH@|Wh3*l$xQ+>m9b>6nT{?J~Wi0sjR!+U`iTt03O5O1vv@HhSMDCvRoKa6~qV{8n zCQ%a<)|H$fnQCJEnt@zYzV3fxSF<H>>Vb;dx;+w3IB_- zw+x6YYk)Q*Nbuke!QI^3J4LtMt$*dj>teRWPGv4QmPr~wPEB!a~wQ^8+Nd1 z@&4fZ^K)?_=Gk&smH9Ykiy?JHLS>=XHlpJ32Ved#pW_9u?C*V?NWXsh{0YpD?L*8E z`0wrHgTX?yQ_yZR_|&KCU|cYgV^)y1N^u|1n^B`RDnk^XxReEeqJ2YDvG(EK5>&_~ zqD!49Zo+`WP_doefHKXpo9eAo)K~Jgs$cbAWDRALj(|qY1ZfZJ-D6RfJudq>A?-D> zDhZ?C(^KVCcHL1&@??yNMRr0?4i&1Z^YTh-gw^YPoKDtO5Sw<`5p)*O65UL*br*6S%5dgCW{E_qX($yYYErq&s7

-5e(a6E)xJw9Goh;T7+3@nlcPbe+$ zE?HAe|9CnD>gk09Cc3b{>N$+om2<9ZZ2&dvy(Gsiy-UuKIvBE+<$-fmmzUQF!{hRz z$y{?CsJL7u%=vnJleKA~A*Vpog!C0lmUI~BXw`3%3KPUrPoaXAn9LRN%TgnfTNM3n zaBv>pAxxvG9)GxnFKZ7rzKs>#(nLTPU+d)LLfsxUsS%;HNxj(PL zpxstw;w5Pvx$r6tNDhyuKHP-xe0k>{cE=M)?{JLi4dXm0mQc=en*q-{3m!96FOWF` z#LPGZt`n_HEKM9<7d{x-*&JaG$BZI#TrIc4@_ic~JoeeX+2E)P)f9`mS9K8F2A0BB zcs9o7c@qe2G<8o;QeAHsiT~hXEa*+F9dlyH>prnX!sFeXt~aVHiWliSp}heZ$ZU?t z_4ojK+ZNc8Z@byyx#QbS9S-gB?w5rg#x-#;w}KP%LmZ-$XRH8LUm;ZnhfHAD@Od}S z5?KQ%yHdy#XW2y~M*%Wh$+H*>_@D$M?N~K7dnCOm!|$Z-)n)iET+Lq7U`*!H^rz&1Yqm$wvnxqVQ~c0L(?pK0slwH_{nW-JL&5XLWD3(+!n) z&R_!s;J~QTt;X9Oc?me4QO$O`kXg8?`+8*?HFCGYv9Xi67WxjHp_p|*IsBHJ@l0nY zat(=ZkWwPccz)SEv)&v~oS-N@X72ws!-z)27cUzNfzl}uPS3Kt|IlccSLreDxsS2Z z@U!^vD=k1mxMEs(^__((_LYVDVVYd7K6GOoN+r>FcoZ?~E-RU*6|i8+C2|ojT3lwY zVws#xJb@BoiN&dhSQTCzT+$q~5Gg4>-xsd{ni8wMEa{OoJhbj-5pEvZ1H6^sUT{RZ z>{Wr20{L;z_yI#M;sEr7H?n?Dku@EJTLnQ=GkPnRQ%~o1>kX`__-UxHzeu@EW@Syg zirt{tmXQ9ys=*?Cr8EmMF=fJ6^F7HaHIp`U>R(cm&E|%QF&G_*6pEcDx`x~oZU`C) z5pKy)9A7E!_4YdD`?kb>mWp@qL}1tDXLkG&(&;$KQccQ7@o*?W zJ4&cI=`S3k2U{awg>JUT!XK(flB?f(J&OzVC;|b#6a6J&=b%6ZA)u`+X@#}M+H4M9 zjNS?{xYO~=@g#TG%K`+gM(5;W1y&;Td|(X{GU^eN`8f$^#>!-ezurmOMnrSihh>ik z$&Ct?*cin%hS(&rRK@&QOx6Y#ojDOz^@EjnK^;u4Hp@X$2vCMKp+vi~QA}I8DO#_l zsGZg~-NQA|>V-j@3v_WOAl|tLIsNb1b>9~h1Yz^?8T7+eU)-DyvGsqgM3XwrHf?fc z6+d}YH8ecl#rGQ`XAC~Vz*@L}qf(#P#TFlGqda(tR1Y|JtWTj0cG=PRX1X1cd&8-R z7$S^Dg|T2MMl%c-sUtDcDPp+BA^Cvpuy%w&G+in&UJ~ud$Kk^uwAX8DonO+H)5f0@ zl+Bx0n77|(W4ijI#hn3Uf0Y>ss2#tqTaXiXEUdF~Cbwb5;prMe-T3N}ryrkiFm}z1&@;u*qF6T8;!ZTr-^P2~; zmti@}lq=&`Ka6J2v6C~1ALD?r(<7|9LSoV|gEGmIc40mMG^oQCPClSlD{~_E2g=Rd z(u!Qfxy02YHBvL07!3#tPc7nO?#GnYeQpM}N+dT^m}B^LlGZ@JEXadukG1_W9=m{2 z#MTrROGLJ{!0T#FaQdo&)_QQCN`Qz`4XpYV;K!JjOkF|7v2uQ7#(O)_NPCW#_fbfS zG3t*@R>7!b9T-FL<%Lb2M2V97ceU;#t_wniRHnokMU{McvxBQ49@?$E1;k6D$#B44~qQtJ0m;xpIQ9X(pzpj=f%jq7Jz zxHX^g>W0+-XomVcZBeh=1v4S;bJTdyF!7p;w>HZgmQ>es0ul_zLWL^eVn>+MnzL|w zr9Q!&iH{a+fQ17_=3yz2{!X8Czx#<4F<7|+b8O}4;M`Z=Ygq9po8x69orNT2ipd-h zDT_AKkqvX33XYg*9KKlh5rm`^bOHX+biIt@)LmB3e|+VH^&2H!#e_t>Un} zY2j@=Pf0~rjhMh;bw2i;G2;;TNT6Rr9wPw z(a-te6cyAVP%gtcqD{!~c8_Vt;2OsM7(dx3Nz+P6ZHE{wFU zhQ#>At1}mJX~5KMKa>k#vT2GSxM2jXKHlL8n+2omLL_P#c*Pk88C0EA9C3CvyC&3+ZoLx3 z< zz;-cWhDNcP=VSj+B&!ohR!qAX&qs3xOPKYYiijwXl|=9_$Aa5&{}( zhQ=cC^#Y#cHl{#kw~hOG-T3w~zKuu(XVkS6%7AVEqi^#>@x&zB2~a4@O6K8;gF24R z3_u&5hmF4K+|b3-b4J6-S3~Y3oMl5pG?!gl&l@3QV4UiH!ALPCDlki!BP7`o%bMd(YaQ!9o?Nhka$( z!i&bYRW((8Gu>gd$S(FQG%kR`HM0a2n1MVIQv@8~K ztEFVM@PN^*5_z2y-V{ME&Ci}B{+)%a{Ubd{4u$gR;~DSc_&P;~4rE-HR0{u87nL_M z3W=V+^Mam5CRPE0*Y_!2J1>$?;8aNhGQVCBicWb$hW6hvo>}=o!oYYy;7d+$0EY#5 z%eH%(t|xVtET^qIFxMa!S5zns6?1e`DcwS2-R;TiX`p#C_B^i&dzFBaDN*$Yx{$Y<5HUq=Qb zIaB7fVVE1`(O%2U!<2i?v|M#Im-^@*x!9-Zn5z%q-6si?H}wS@{lWKq6e6c5J9u*^ z@{1cpw~C$Meo5Xj`|bMMJ9!;@8K16qi$d!X#h)}O2fa;;2#9z}(RlViL(>=6I8S=S z&Ow7S`^S=P!K1Jh)Y=oEsEG2GAizG60jxarZChH%#)*?E4*B^X> zwdPToc*s`VQnE#{5Y3;JhX#AcIVyx-u@3VVOj3u6A=;rau=)3DVRtp7H6ECZgsdhe zUK1}+;8x-b?Y%`z+`aFE8<-j#9zhh|>T7B4BKA9}k@yk%?`yVQ7(K^yN}^V~n>$|! zL7S8!jU~RmLLt&&MzZfv4HU_;OkLXLDwxb4*;MqASr|)O(M*kqIGnXVUV1i#(a5{i z^8Z`fnCfO}*7L+KX{vh;<5l}8(HZMp>Mv}>{h&D)9;qpoaHQ$CD}8s#WnW$tJV>^E zIrKEUkqNx+G39o`XCrOej>YCqcrHYoV<_CHJsFnYJCf7d=wb@)@AWJu08a`5Fm83N zmaRRo`3LICtDn43A%I8h>aW>zhKW8JkiM@B>9zzsas(O7x(&Adk{mPwa1G6TbiY|) z&3YLx{gRD$z4toN{XLztwZk04aL`T?#zHtaWOdhF&g!BJ1?f(0o;O@ z6Tqh{W|0?L1P3KxY3&F6LYyrNtH;F;M!d(w2#Pd?u}ve5>W^N8te(RQKT00zO9HZM zlxP`x+%6nHsK6NxL?WJGTNWtj{I|rq&fDA!H#xgc4ab)@AfUP=z28v*dvH})TzF?` zWotY6q>!In`D3P<<1tW%cY4o#dP2T=q9({(|5rwiS1H$EXUdU;mcDwTx1LILf8_9I z6U>0kysNupCM0G~C9dq`Ncbf()ruReeGelq3)lr_uPWKBhaWvgGXV_0*O$Tp4`l#9 zuuv77%K2G^i;@ccdSHsUInv#p3y@~*;K)9_UC=U^U*}(9<(39p?ke$id1q-VcJlB& zvpCV*e9|uOmRQCt6ycykB=VzEfk?~?nCIYO?6VFP5+O{#h(Z!L7`jK5x*fAfw?(hj z=u1|^1Trl?S)cWv$z)udKhW}g)KF;sbzHVv?rF(8KTNiwO_%pF;-rF)EF$c#>LQbx z@y8L6h-=yAs)I`*VzuWTPFoPqE`wpq9Sj%2C^ePGTp9d+^)MpUB$VD4BYWJQ+)}L6 zh$;ioS{E;IZwEsd)9JkP_qqTQiy|-~{K~&WEo`(?p`Y;&<$@FnRxI=;a!$m@-U*ud z=H>@th_STutK|50GMQaR*)f0!FX7kC)LI!jjA5XjuVrU)sWxu|ynILB{?J=sRV@1F z*M?tTp75S{&nKaIcYVSD*&^2W=FbUk5k0)#UgY;F)^;QUo&BCKY@Hm+lqq@!n%lw= z)(HiyUD@Zb8=7|nvw|N|%5qs#Bk*bTv%h+YoVE)UDn2c{(1&}?wlcWLfAK)@8D33r zLQzoNX^C_?twbMjw9YwOE7KJ2S81RfF zHUdmzmC8U<2fq*(;}m*%F)z^8{Q zB^*^eDsrlG_i&sRKlGC~%9Ff{BL#!NaIoJcU9fJF$mlrVR&p#MR9!5YD}xrlkGtL- z^~4x2pZoAk751Knp~}8j25&T^l+L?9#`zg#kuibiB!2Df+3KisjNQMqmKO0>szFJ+ z*olTV3zH*@P6coK99#ZGmp&DI5u4ueI}GYPN~>rkrPB#)FqeJ&=p}+{d~(U{@z-`N zT+HpHo&rql=6FicOtkStb?oMh(juh{*zeipY&238)z?C#I^`C6V!}r*MWdZhg5p&c zvIdH{i|Uk9vIV}}bkT8G&EGo|bIlrexE_~=#bss5cz80xEt_Rt6l@SM#gm+?ooD6G zC^bL@{*#UoRO{1)caXD(29CiAg;^BZdQ|lnWUk*>;KSh!&oZz3*4iX?vT4e=9MK&y z_)7jpQNe{8;gAa+E>S~d6~EY52Oa#d^M&eVE9Smu7Zm>zr{gdP*B4I;;csGV{n+UJ|hy) zi%!h8qw-=i4VfT&U5wUn)*Fs}hh*H?KfE00j9jtF*3N}SsVjG&ptbRNv6{)u-5YDY zZS`_^QUrD#M3lve^}R*^K6#4K6dE^+I?qcG{fGsIP-}I3Deo^bn$Zr1zpWf1HJ^}op_y6{;lSYV z;Rm#QF=I@wa4z}qmqKxOEeJZ{ZVIWGBO~e5(B0p*!11==x$0C2i#MQ=3e!MEeA-`h z8M6_I-`dCsylYodo|BFE^QZWjvFYwiPYpe|{iG*_+uKep^iLzq|Eaf3ZW*7r4sIkJ zOt)P8s(o;N`i$2!mWP*WP9S+biz49fyb^r=r1SBRjRQ+DNDsSR7zrKJ81vs*QbIm4 z?cW7ZMsy+QLS-80pLEzn@Wwd3it6$|f0D?Wn}xkU5mu|;gVknC9O$nRm%SwTt01bx za^H@4(C1m;MPO5iU#cADO~mob=?tYwCp8@NfYhDunpIpjX40!XTv5L1YJ8ta?k^d21H1{8-bxxiT-Rp8s z@1Zr`14+YKvg!us7a-6(V=RN+L>?ooJQwPr>PuIrix%}K_N-L2T+MkJBmN!!P-?X4 zK)EZMZ|!K|t4=n+rnV+;?AiUm>nJx=5%`ZRCCtg@+wYM@K_HB=kcL=vvEE7){j!er z$e5=M@x%&>VZw#`;vuz^oGBG)OXPYF^|kYGz+bpKAavHm7TAgj+OQ=|ySFh4H^LC` z;w7~mBQTFp>wmo)%Rk%&!anUGjko~DH%DBk#E;Ow?nGeYJhw6OMUGJER1&zO(zAXa zGr^Q-T#Nrt9Wb7T_IBh2hQA;+H*mkEMV}(L9vk?S-IiXcd_%uMsN9#*m!TZ%aEZ=` zyg8_M^&@xN@nXsHV#n8ufBIggFF6S7=-ZA|MA=Hq)i^AcmF}8j%(e?cwbaT zlgkPBz0ygK&59A$_R3tJSS8Z$sdCUK_(AiA%MR*i-Yx77LyNDfzO9}_I~w)_yivr|Cl4Lw50AVjxzk7 zB+{K`Cn>t}x&VA`N|*J`zxgLQBxnU47-*DY#TL4_l{oVL!vpvD(*t*jt8u-ua4FfR zGxrFitK5-J9~I|&;B}&=uCBAo-=2eE#%c|8vnnYrGa_cWCNV8z@}W`dODU|Z7HRr@ zG1Q4zPM4q#|FC%o_|Zq^xuf))Z*#MNx2Lm+zyKbN@r|5DPDRH&*thOmN&HV6wVxMl zLZL!AvH^a#*(6BOqe^ql318+HJq~T4IQoxEA85C44(HMp;$orI<`{dXxxJ2-GSS*+Gc1eO?^)Z#f#ceg-yiL`p|(4Dj_m=J@=I_pxlfdix8a-62@= zt`a~xDrzSSmP3VvxNvR>jcmWCXCIWSI-dzqL7Qy4T##ojIS^$d6b96_8xtO&qRm48 zeTFa)6fD$lPG36VBs|eKSs-g^YhUrft=?q^DWe?wGzXN4hz>mDSD6in(B_ZC6bjcG zEr?i`rnk`|94J2dAKox<_KnO=x>o1W{>#clrki^E>_7Y7Oeh%ma-M*^en{qGg#(!0 zmbNDuxE!B{kYn|~csglrUu6#Y{(~|AH~Cd79vQI->Tl&nublj2e=$l`Cxn#+_mE#o zvY`HPqpS38V0Lt(2qS#Ey}XT=>Kn$1S;Qyt`)>9@AVsK+==YcWFJJ4>g07q5k9Tj@ z6X5!6>X?oG@ory!(Y&XR9`OyZZ~J-M;wa>PdUiOIDDda2k-`1ef4mTHAVm0o?DRjQ z{XhOShX}F#AG;Z0_-(iSK9rHaO}V!h{p`cVcK$DRB^E=L`0o!x*@~{Q!uZFR{4#}T zHn0wpPt%JX#eIm7cxUaG5kRun@R2=LVGP$$XZv`MwN3|FRE2@F>NG-A&po@iSiKg1jPN^y591eCTS28e0 z`r%BAxms0arooMQSH#6ca`b|@#9NpFzE|j2u2K9O<@?x9-3QL>YUYz|1g(< zSlqssZbqtCR4i!b(%G}>7;hN}_b<%gro|D_fHdf2FkS10V%-Z{arIAkOxokJo_iO1 z)fg_{LD9rqLrq@~@FSDSn}l}K6jN3GTAVC(u6F#gIRg7sv|?XBw9Ql(v)a-XfcF-_ z-|)qzKV=oC7r}hJgr%fADs$9+DZ0UjxO&mvYHf0&l(&>&DCo4 z%tqy2{`YyL3~6G|_eeYQsBLy?DpOC1I!$LU#fq6yvq*ZDCTg}?TKDu?`Q`r|WAIdo zwTFHe&9j@ihWM&C`%uzL)rH52%OhGX;XmfoJ_3QUd&Rz6z8G!VoUCdXdD9D z!JK5cdI(;|ei2MF;jC zSmE$^zb%#+Ew@t6^HIM7S3$VU&a6j;9|xG+#XNy$rZQW0Mz_x>Hxv)qLE&g} z2eZPRGBj58E#xvG-#tsJh~HMuh?*Ntb-f-vKlQ+eZcC-S!ZeicBr7>R79Xi{{PmL^ zP3k|M?DLObi)qci$cE`Xp=)0_7WpOhq2e4uI0g8%wEzxzT$^dtLi0NpMHsM+wd zL(RaYktR=#MVm0u=o)ppd&2Cc@q@E+a1>|rje8OMw z5y?9Z4o3e$Qs|BMFKZuk4yJb{WdC^W2y!d8p+EMw!*L}i;_@cz9X!c@Y{E@{I;QJE zsL*#T#ljHN8FB)yQs6jX^*;J{)|5#i9gD~ip2$z@6}HhJb6RqYYM~2ajlq*`ZGFVk z))WboV4SHnpEj6?!hz$Pti~77cX6fm>gebT8xHELA1n3 z?%YQj1QRXtV}_kc<=3lUIaLUv!5^nj?=sv!J=l14b@Q#sc*J@Ru2;>T`3hnA9Lav6 zNY6XkUIewP%SQlvy9<2zFSMEM=lL~qdlN0BJNmA(jHsfls-UdOJtKP#*-4u%wY$|D z8+o`85r#6j%FW8UnA4vElu=W=}XvU<$?X1XA;Qq&UT~v6rzc=BjCAqVe!nZva$sl8a2ccOn6pvI32i{>pep%md$_d0EXgd~ zLJ^s$3)rsrFork0wdBaTf@^sAp2yuPP4;z9Ia)5t?b>JmTbFnF%G+^0i6=5&@x=UZ zN41u{uN!l6?OfO8)vf3%h7uD;8CdqY1VrV5F@S?=w*bUV_*E*L;+?T${s>1eJbw_A z4! zs#Bq?$6B=)McBAC9{O0mt+l=FAupAgwp6fs1F_M0IrD9yfXYXH zVaDrKb~p|ggO$%m-=d#hWxqacPLqWzy-TyEhFKRsZwdS!E-G5cV4KSm<_ueahraAe z62~ccw9hAPqBprIjD6u){q=l9eL*Ir|6oIeJu5>L`4IJM!@$)J02QQktJtCT0(I{) zW;oFFqUM^ZUs7748Cetc7OTWM>mj!)dOox`$uJhpRq^piwbb4{5OF%zPU+wN-_DW08)`8C1<>-gcpvxiVRO|}sbztawXX%V9 ze+`B1SdD?=J`&XNF%hTvdSwjEkS&W8##@g&;eohV7eSrn1Q|phA%S^W42fs=;1Tbe#8v*OA)Jv(>+d6mr1pe-kMh7BTh z1$LzeVM3?z9$6hvwtH^Qy-AI0AkWP9mpm2x&QlwUDBssJl;vwWU88?b-$}k+D_{Cf z${HFKP4Y64eFa0=w5P1&|UaFBhL zZ2lm|P-YnKBM?1WGqiC1Z8`u9kH_<3W*>xpOJ63JCGSCJXFX`hsm}N9^~Tz@A+@iV z%uSXQ=_UdeTI(CJ7>T{1J-95b`Kmi6aCTej!IV^WBek~@-Jsdy{C%SfxSVjNxbq9e z8+QY)8ZH(s_tPijec;T88F4s!|YL5*R62cL;MlvablClTi<;Mj-`{*Ed!;H=cf4Z6_NJ- zzJ}-#Go;gID{n5zTiU^zl{sw7FGoBY1zy>Wb-9`CUCZFG!wZK)#tA2lU76a=>Wz=L zzTuP354Fj?i;6F8<2ud-0?J(JSWUBIKA&a>Scp&W{k6O@d(L6d>?j{i0^QXNto6ii z1GBD^PN29p%B7DJUdhwN=9n12B6z{xe4(Q7B_1pjp2eKI(p}%2{ z{F$zS^?Hn;M7$ww#FT5G)u^21i`JyC>$*?xw|}EFSHhg`%0;V>f&<>onNz(mrYMbJ z(NvtYlgbN;LI{FhVzT0sS#4wCe3FJGTv_1<;c3dK;Wv!UE(EE>a5h@7zjYuhq8**e zQQn~Fm29Ba{@r}NI))&&EKdF+RG1ibjanh`qiT@I+i3fc{2p!am&L>6ucjz~(77UW z*^jEf5gff7Q-SY{h^7DGPAj*~D*p`A8xNd|UE4g!&jY=VHaR3-knJ_i%hPLXeZ8Bi zJQU??ggjaIP6V)KeC@R2OH~;M${b@X{F5Wsp#UK{b!D=Y0B@*d0Q!gb6py2}fD zwnFS8Y&cPJOv5l_Z?6A+d-xG;UR^QvZ!tb>mAh(>TqkOc4`PpTMJZT&Mf}8=B8e2}2FVRa+ zReU5d#vTaim(>5$?B@6{8wqO=H%_Ly+GznX8V|_aRalTBkc=*qZu-_bBv(^t3%D(% zao#I;mGDliQv>Mp&;FzJEb@S=nLsbbQB&3>a*EdkO+c)$2_PQcY`dw?>_dIFViWBzm^kes+R`r7u_P>|$x8 zO~B_7)+lAMVJnd>A4%!6Odke~>w)l4rRUC{9;{u_Ax`QIu2SWh>A{MH9a>t+F0bR4 zEjgS+v-WNay#U&C50(u0^D~e$A&-xOoL+4iP4*9I_HS3%=G2O!n1&~R9A!WUec5R1 z`P`SspsaWhju`UaH7`=|{>F-4A+w*iO8Fl*y{8FAG7&7AzLiF1BC{^d7QFLty?V+q zAYcym)uxfDTH_OscDn8Tb2tpHpK01tkGgrW;FI|ZwO=0Nxbd0EAU$%ApT|s1G28p? zMtc@P4aVnErWh>Dy35WZ1LeUK!q*^lpi{n|!JKtLVFh53{~unu5;q0a)Nab(6*{(T zsooB*-h2gq#Ei9lr9I@Md&-Vat{1Fo&gDabr(S!6^+aTobMlz-t9adHmdk=nN8Ls7 zL!+7OstfP79AzKvsq~XG?!zxfXztFQqeD%gXy))P3;yhMBMWc21MhR=V4N`8BodL@ zlRDkXQ(ew;5HeKrqTg~SC@Q5KrOa&DyXQ8UxP)_6Q5ZT}c%*&wB!em0Wu-1>95QYx zaVe4n(wT9E#l;)Y6_bsv!nDL5KYZ?Fa^oAQ)@%DvwWX zr4`Eg4dGvf-z-}3!?Pi$7(7rd#Os|XdiF{*HpM3EM=b2eJ+2IGV4d1|P_?>tiqf^( zE-C|-CC5&Mu#fBNQE z5NlS($p34kn2p{9%B|TcAXRIxnOgYw3{uSil}|NNw;Q=1FHon?FJH{5B{iW1FbUJb zrJw>K^3!?WYByjs{e_PCa^Gq1{?W4#o&DXjsFY^4a$WbP&1R>pwNvmjwfHC<>7(2V z-5F1=5LATv+bIg+rU^XNb?lzahS+1Rcz{)tm^cYa?|a6VTlGSUnS5`!w)z5(hIR+b zoA{Ley7L8p!A@@txaL*Igv{Pj#m8IWoUA$5Q~oTr@C-!3Oj%Pq6O0(B4W_KJ$oZG< z?MufkkI$5SiB~KIUsa!4ghc1!@=VlHmNzB*OA=};_J2vJ*IyNC2{-{1j4VkL<5_+O zD@D#S)mVSj8wgy;cu)a6Vc-11;MUVJJApG-G4AU0Wetq`e*~ z(vIf9Dqlb>!~ZAD^yK*um?@w@4|T9Oc8Rv8Hlu{~T|xt8AcJOd59`o%f6lrmQxjZ8 zeYsBJdH#07LAsJ7sQ9K6D@8#TKEENrXySqTVmRwaCAU&)o1HTISP@fjW$s4aZ1iG} zKz3)yW<3;^=PO&UIp3 zSLf4D=(}f*wk7ZK5E)uwp6`>9n;7FS0QdBjw{XT@^pPJCZmT@@iH^ulw)RWiRKfpC zuZ~<_e`WTkl1#d8nk4P9+4wc|Ni^ODWd4_A)$GKsO`+|W8SF8_%Sa8aco{ZFNR=of zi+d41yuZ=-9DidcI2fHGFzp`vZ(8#s zzi8znlmF;j6muVlyxitPWkB8g>FAol*8pDLqL1>W(S%l-Zqj6lElIA4sQCo(N%U5K z50%dNlt+B&N+*vxO`}NG$j-csy@84%M$xRSv?f7-Awu2B&~~>qf%q1N;A#La(px75 zUvzg^^)tzKbMQp!gD%Iw2Ec*l1>R-*+?MSHpHS7QUurVMS;zRGcvkf;nLc8>$gx5; zKcYyqf+fI$7`=;WAAh-B4()uH@Z0sG=P!#;Fx7%eP!Q1ul^QBba-~+pRE!V1ewyh#el0CfVehKxW8WD@1Uc$ zeL3vPeFfjpX!6oVk0rZ47y)(GBo^9`m0|zmkIc*JE%QK0q|w&j>>E_eJ&R%TMU`rj^0{lX=oj&f)P(4tHj@6-;U>?ao!X($4=CO@)asZaHEl^RRLyO(2d_$@4`K z;2Y_smHe_k*(Y_^#dC_2CM$8FeT}9}5}keKXh<^brd=|X)xN#)dwU5(81BdHHp z43QjBsDvz_w9vzzKkffA$pXf9ukTVQ^Wfr{l=+^fSX(~lip!}eNwVE*?n!ftXnjOdSqW_>#AoZN- z6?2)l!;`1Px~E6F!+ySd_ivEQi1iPUtc13UgCSnERj@OarT~J~l|ywnK^%WpV?LU@ zeRS6Hr`&Vo*bm7*aU5XX227f2$tpCNzqatB97f-&+=1SA{TL5V&_Y)UNAp|Eyt3n6fNvUYE zs6FYx(VXuIKCs%xoo$a6+VFgf&aE{y^qf*G8bw7aQ`-3~pvdqv7y2(*D}iOHfWp!R zCdl>MXg;2aA5q5k&$-H=mT5?`QA)!MJU`7&shVpOcGNmLhAugcFNAq-u$i*>7Xd&O zKdgA3wGx`pKUn}V;zuR&hfE>D_svqgI9fh~&Gc&m{P|h8ezQwu=x5X$i9p!fNX1)bte_zYr z<<`Soai8tk!QzrN{59W#7O0fx9n=D9<%UT4`|L) zMW=G```I0E*3JCSVOINVZ4HwMS5%Ha+EGudpyKhDNota=}gsda-b(0CZk2j~0_W zb9St&c9zt2|IyQInk9LgRkzAwP!8uR5lXcvOqWQI{-O&|O!y^RA{UDSZim9?Oen=v$V=2#t0DgW zW7*2i{w{C*2i1f0dF06cyJE~2fVGK!{b%AQJ!gQA1k^odbt#&!XA z#TNHj?**?OO;Yp_auo9a0SGk9g^e@!)d&7uBmDxq_Rc75cRlLy!_ zmBJ0QxD&-u4N#Xg`5S?nsMxb@(BEyIvfT1(>L1efP`rhxqCH$j1ED)JmP+6JnIV=6Qha5{-N%AcPPg9H72FpC(uZ13)NN3z#cGw$B?>jGiE0fQ+wVUAw-FL{EkoYE%`GhcfLwUgC z=pPO}S{oa;inSGU@k9iCgqEFFOB+~(-Al2#bC97^!vjvD6zq5EMsamefmn;F7dG&v z=QfQtIxicUfuDC>C?@h@CL-*cP=GWP5uwzA0aRNW$a2eWlw6qgI%erhC(y>T!km5c zaxGHcakS_r$Ee$W+$$XI=U_+5$OkLr;aK0Dk1&F2k7sHI$9nmVXG!mdRJ&v|YfXkf#C9SygSelyo$ow+oja1g;9F5q!r94dUtQl5rjsc@ zVmWTr7hEOK!$c>QY#`*9Ol0<@F5f!{rUm{85S43m@_GCH4J1gFJ0IrEv=ugz-#=WC z>DH`u@5p1|{B%m)R)e_g{wouQ0K@owc|d)XowI_gW= zu&ej@dHbRR0;A1WK8?kQJZDRvOd!K_Kb;GL5w-7Lg=fHZQDL<$KacykbWe*Od&HGy zJR;3tZT}s5ZR;EXHHdSA+Yr(NsZ_T;iI(OV5lts+DRcY5R8wT*sayMv@JMsgdCF`Q zS>qptkPkTO7G7_5T}>h=;+0O-79MRnTjMiebqT;VS)LpuzXW%~_;kb@N^6FH4RQ%V zeT>{!*zMI`cU{|8c>y^yvejEfFMgCOLEyDTczcoBgxWrTf-~OoVltxy-qJK z^KO7~N(D@|5%ud%sz*8$Gdsz*X|9|y99i=<4cWLu?GH=pUYdq+!fI#~(UDug-7~j^ zUZzbn7x#Xoemh&nkgPK@Rwoyu5WdhBkm@;U%PyOqqmu$N$KP%oOgpDa zEqt#m*sPWNLCY@Fb8o+Buje#pa&beamQj_$@`@|ko`r98aNG*qXRoThA9rDAx?w_k z;T{>OCMfeZ{4{A9Vl;Aptai8XB~~}B=c+9BL+;mar5k zWXt#`x)V<3G^b0&FYi4dXO6FRQ>J^QuF;XjB*aN?H*q*0_jk=EI}2+HhKW4eZbbKB zhjw!9WNW$W^G3tijHp4kOw{)co)Vw@(eMqHFT|*|dG{yd4HXn)IoglmR#FX;+qS@p zDX`t@sxxTl;5Rn{^uj%TFrhkWcJeFUR=mbVR*zMP-q*hc+0r<>*G{aS$GJ^%H{fyf z91VVW&uLY;81CdIK8ZFwa>+J5xT0NNnYF7R-^Y0>>`-t}__ zlV5DyH$#MkWD_Q{cc;YE&j`qzi^MiHjIyh=1E)anvnXW*Gq*Ko-a)fO9-i-dVX4=9 zH3%43ik{vRHJOt6WnoCooFXi2Pu*VLVVPtRYk&rO^`Q4R7kfC zo`P8dH^NUa{C+9BwJj9}+zF_QFS=8hQb?v;4r4yPm~bdsLr*@TqRfUjfp*LBUHulo zb*-18Q|M?4*K5N#t_-O(cJM9Vdu1Bf1KK#!GSsQu9723oJ5q<+asA{>MXN$SuyhMhm=`$6HboKOrq0J|Ep6?z|Vcktg0wuoiDlXo!!?)m7uMP53S(!t5*b^kt z|EIC9j%uUp`lSUPq*x1WDHJQk9fB2iw_?R9?ruSX779g5X>q4Ggd!z)iaWvGiUmyy z!6kg@^RD;1>;7}s&B|I?nVECW-h1|$z2|pk_HVO=xy&Rc-C)(-gzd|7VR+gd{rdI0 zqtaHbN~CY4xEr<7tNS3Amz$uy0Wmdmd+nUbq&`+>blltr4shZ`E(m-P**f9>0Y-kC z;D%cFyB871V>p`Tx8w2Q{c~>)4|ii=ZLnFq39UW3zPN;eAGb|bytL(XH8#(liY{A? z??Aj@4sA?uoHNx5OC1?X65bGArv?)|rdp_IYT2ivRrK^I)*`AEHi`-6-9u75SEI;l4c(|CW%;=`ITBttVT0($ZYjGT# z-w`U*FQB#*9KrHUM z)R(&e;a5HCj&WYK)IO>+r5etKZutIox&bHZs5#Hwbp9-a$Fk&JB*mO*9j;R*P|mVn z-k$w3g)q)VwGHJKE$mjagX3wZ;!uTZ8pNebyVO6VZrQQ~YD%4V_$5{GZU3NLkMX=D ziht|V^Q=gEWXzmYa}(~qa0Z?rp3esz`GA&z>ExwfM9){GBYechPziib>+_0tYs`D2 zjJNH-Ynf#*c`e^o|Bc55W~#4CCaIP%09|fR2u)Koa?Abvp1p z9ZHF)*mb!6z@>~FdKZi;X3Mj0+4<$@FzPJ!MR^nn;<g}4K@uaJIK{{1 zWeTtgnOqaEIh>@t@PH+y1^kI@|8l z5wVe0V)e@f$2oOo`_5QP)ueAS4JP2dQt9Y249r0})JcT+~Cay3=F zrwC_SZSzi+|KlruEN^lSJtlM>`+7gL=PD^alVEtWOeVhx_CMJjrmH`M8#PFvX;9}o zUt3mJax7@)&OWEYU8(Vp#1lT`5n0~r3Zup${bu+1?A^_J283rOB>VNGWu$OubZbHus+2b_}#k!xxEyGL@>X!fZuoheC(~*WIK7ax8SYz(}ewI=awa za6Q%Hf>ioNm)Ic(Yh>%2(^tel?dWK!9oBDRla7D4w7;A`k+`S2p;EG525sbC4B!UOH9lMVIfKDeMXecZRI?mFp$OMvA0#G4>y3Pdk1_n z1qKNz^)ZkiKsbRHk1A>5P0MiuOy44Oa&E-V21?T47$hOLCN}Jf4Cxt&W=>k_2+KkZ zqaJTEaMeIu3lZz0oS>hgQVB0d8h+ZVI&`LOo3bPMc5`p;)?Gn&4i`N);^qe&{|GwE z51Ye0@?le_M66AFNH9seh|*WGz&12C@>FwU<)&rgxP+~$8YQweN~aP3e3Nh`t=4La zePr^GBwFyF?fu8gdNt#{W7br(`}Ge85AFZ*%sskZI8$%3V-1BVTXudPV4u0>`nbaX zZy9`6O^CP9wup%&C=nTqe6Itoc-r$QMVcE^6`vxlJv?T^%^H|M5)azcSp=eYm!c|;wwyH{lYJp2unPZ#~k8b z6#7ZJTm-XCKZ3}QgIMq@cgos#HCy=RLroVyObK|9Ifky_n z77vq%ovB$>OG`b&e^jI80`m-R;9^8_=`yJ+uWct_KjmGBCX@ZRuV}ort<5_Ta+J1H zU#?^}-O%l_koiHy6FO4w?E>_~x&R-JoL;0&G#hZYLbHc1#h9P`JeG4KijE-ItGVA5 zcp_PiZNPeWIQUlqF@mk_b!BgfiT0UMek}pc|0|1fe><5z=>8+r(_M1@v&=mjxW>WH z(0-`G5Y_YwlNO4;qgv~`^Nh)uWXP55&f7Sv5%K^iT{Ml5|0l?AR=fG4TDH3x@hfLy zGh$$#Czf6y2&h+GnFnL8z!Yh7S_E^8KV+mk3iW@Yl!glT$--^G)UD$wyPa$x#)>mp zI437w!V~S4wzSOI!gKAJebINfe}>CZ!yhmP`JznEgXd4a(rU8f*aZ|UB!wl!S*>h# zXIyV%inoi7AT*?oJEvLFTVcksnpKB^cbeA;SDBl%2B5ea?rstGMHGuPQ}%Y7m55}x`;Zi}L1v?ZyzUw{v1 zrpWiAHT|U%D+7z>80~7;PR`tygB8~RjOb|uOoB{CJn7lNFofB+Y#Pia*?=N?Kef3Q zj2G!7sQj-R{iS3OWd7IT%KBb^#)w8XlaAws`6;COkBjPAKNxU5G04AA`F{^SJ>76PG#2^y*db-tMUdBjJ9(Xy_m^m5CViRl zzs_H%I_XQJF*WYnURVDLKkUdbgD~Z~P8F z)+F(yFl)T#vN``U4K1Q(UG*oZH$pTwnyF%xu{}nyvQ^R-&WPvkBEqHSS`do zqn5Yk&lqasBG@Wa^?s8Ba9_>VuQZsbHW3cyl#Hhojlc>GCD<|i%*ZChKbC9#J8qN+ zF%doHsZpE0eWFh*Y9Qtux&|x!2K82}!MJPnq{yV{hJTJG3kw>ZwHB(i9!)C|>qZ&b zY1z~x+R-+D6`PT ztK)vU48a5aj=OV{y88O!pfkdPy*H&Wn@Lg42xWzXWiVgqTY;5Cv2ov=_){M$KzwtQ zXe&S9VfEq?zdkCw35TN1_X$RzggA;vx2%D~s3Ke1QmDJtQia=AG><{CZ@5vaO17^+`g=z$3`e1Gm;AAun%l;8wCy zz(o#ZZ?gE&vrh^USGMY~`>%>8HPoW*mXZaMlB|BjX0XuO&)|EMj(%OE>u;^nl-(di zw|1gZxcpV|o5U}l8^c^n4LkrqsRhx6{77h?6meJ9M57(gVhj<($aH>Py)hFeR_Pme zT0$a{Dk>Trr=l5^60`3$H8n{{CBzeXc0x2wO-++6dAJ3NHvc+T~>c_S8MUBTSU%%NyvYD&pqks`%}jTQej+pUj} zad2_p^OmKL*aZg%kNNk08cs2f3)*5M$Wk`v&7;T7wjY!J{XpTv!zS=SzM}}gz%dH7 zxtzKtT2eL*MY&Dy2Xcxg@&3qE$4?%JNjMM7SPnQFN1>iBXhRVi63E`XuFxMuWJnVj z_?qE?o#T4>TeRvT>sZr3=b76hU(kf!Yn-G~h zBy6UEvs{-w67em2uqvR9SQ32%^jpdJq;u+pi8B=q(0g=NI5ys78_+uw;5L#i>Wv|R zj;E8##eMWFzlfZSOj_HLzN4e#q!BWl3;*%8`JPl0b{{7lLu0Q>n7NW@1$Y8HsGg<~ zCeaPJys`wBu|JlJ)^^{JAJNg-CBYkuC*sU_F)sv$_mDm^E3v-!=Js#cADh+?d?9{j zjfMm=<#hn!=8NiIpl{D{TC|VL@+Z9E~=<`xis8@uW6VvAV zkE&dXGHO31E|TfAd5d55o}TfH=n?4{^Au>&m8ucjeG1x}F!E+G(G$tF2|2SsZE%4& zX;%_22{=S`C$rTPQ#e82Ik3^>J=6Le0R?Kiz2#wEZ*#uoU^6T?p~l2wlaj1YcXiaW zMUq9mcRnX4cNQf{4k09h=9{fqFvQn&^=#ZvX?!&NZwB84kV&<2A#JiP16eO`L6RXT~O)wgMzjjl!w^s7(@dL@I*^W3+N{3}=YAPgQ zIizit`{RLmE{wVxyj_urmKWUX+fwMSefr&6qO&5ye|)D$Tz2Rf=FZsR*Rhvwe>#|r`TLW*7AOu82-!YNywsB7wa~0iQnB|C?JDRw4 z^IqALhb#?>`rrpSv15h1F1@`dh$$1a!g(BtSCl#GAVdvEUt-()35n#eYO>6`1W>ei zU||urtH{gfNw1o0$GKamE&U2L-0?V?B6m2bp)dnqk{O7RJxzFNj~(51E8*OTv^#2x zowg84ZM9fY8M{I*&EL#I2VZuCxrXLhosmBnp%#lRW}|A!?JX%^p}aL2o!? zTFbf^$AIL?qsXa1519Y&_{`SSH3;YCHZ=*VYaQ>3PC>>v|iX@A1*lco6iZJKtq zQ2|Upier?Q`c_*X`)L1k13eFMgiBFGc9ZJQ9G~gx_$1Jj8vdSE18Ifjw&W&(#q<)-~Ob2(|YCyM~jcg!8CD&`3o-D=zR{&&|}<|nYf3*q9wt(gqKUPuD8`n zldYbgvu;vA4KKt#2;qh%IQEPfsX5$?$R?`0$$h%*7TVf*p?+wN_h|euk-#Se1dyT| zD~6skPDx41t&z?N*jmb)ze&g>$8#85w&hN%ENM}pEH#N3v zy40AKlE)@a+tc;1%?cH#IuO!;b_a`EsOau3Q~_6T>pXR;EVPXnnjM(*a!Myyov?rM z{L7It%K!yPhH934NffN)X`QnE=pwCH(r_;3!VldmDnT_qXolw9bm(kYgT6PdT2o;2 zSKvqcZfF_zHCFs<7zw@L#^jxwB@cur3*?l7LqeF+Eg0Hd zW%jSC_q&qPY|+;ou@$O!rMX?&4qkCzF-w$NV#s`>YG9|y)Oe2Ofct3L*Am1AOu_NH zD=4j83);KE6`G>|r#wj)IT+}&(fcEe_jt$RAVM0PGKX8u zN|=f0u{tR>8PRsa1#I8Q>57&jnER7I%w!NV;haqBXmM{JJ%@YGVG4lPef3Vk zlo$+Ylr=@@=`;P3a`&t6l3BE>9mizAixBsuLe|Txt8dP<7CP-BG=47=zqD%IUnMf~ z(2Kof#f6vxhM^70UO# zRT3RV+zq}nnd7Y02isR|9WRx5T_Q-0PE`!4lyH8}dq^E2278@;TJ=Zk8ftr3LADdT z`t6ja1hf4({94J!QD_&A>+FV6r*21wZVnSePm7!+ufT;{9}uA(-{E(q^ywUBHaoe$VezB8JAimiTp!$+(Qu9SA8o4gYWwUe zhx2LbZcA1-2g?jXbRUf6oU9v`Ja*ToT!<_}7Q=%A6H5;6{+S(V&$-sW&n7_@n^^?x$W^Wo3Lpr|DlVLTb*pgoS&+i>ejSxDJ2|DGBKg7m%R2i6xI(31Ce2 zU-{s~U$DKkuB?TZuXup~1j1>8sfFZc0D5NqSd>`33W0$hc!>R-?h?Z_dw8?e@K4h( zTDjY%8;Xs#5UVY@J4bT?vJ@vq#~XA093XZdpgsSmsZYp&iCYzolH3_R23*}>P3@>1 zo9UrEM?rm6=FO(%%nwo8h94$R6<6J}<7jrbo$+4}yo?4*TkX)fTm=!Bkf+s3cq*Xb z_HXOSQ4ia`T)e!RXprEPJbiLgh5ADY*B~x+lE2EnKj{Mi)p`Hw%|W?(5C}*kjRr9q$nLU3)~7?IBe&pJ(fFKsH8$PB=QX zc?atd7vPV3ptanMT0||+bUX_@0fEfgp4iS0$2*+D{Kni{W%bn8*+!IzUoT1}_8jKC zwC7`c0kt%^<1O!?)PE$z!Aiu!pD!tT?&8N(ZROr4>vR9wsqBHxQqFt>pb&fG&mig6 zbKdFSvvVcKp*guF_E3PGIOvgQvH?jo`m-YsH-pvmD_VE>Coue0*S$s7@@A0JG+pgJ zD|)j31oMJ2LeA!CaBMaPU6B7-@Z8jPg^%)wz0JCK0GYkPGj>ZcAABVz_P!synq!&0 zgBb!7-rk~4KcC#K2BkaA^|jcOI%%#p+2U$PMvNyYQvAH6*%vQ~X1om66_C81;}{7A zQV5X4HcU|L8#hVzV?6;6Us=u`T2PApa%cUlmjfH3f*f(f-i&2cu_0@M9{LSktF}A0hFC(DRzP#9 zxqY$zYkhTY#D@!!Zjd4@25h{IsqX}(Yd|~+7WnO^eCOTG=3I;5p!ZI`y?qf@^sWQ{ zV(;VI^==%9V^Ff1;T7|J5Z?uHNBE_~+LN@UDubQSyQkKDl2KguwQX@W-a9A9t15>O z?gCeNHCZm5bp24yJ}k^L`@1jBI=_BkZ$(l%R8OdKCUqmmEI7q7@%bn9*hxQU$|A$x9jhL)4p>)nhhu2z}a(Gf(BE zTd%}d{wxhx`P(*3T}!KSz{-sOFYq;^xY}+D3-5XPM0Iq+TE)u==V6~L7phC9ZT()g zfIfGzh4=xZBKdS<&TvB_b4w_VgSmO-iJXP4cWuk;1E(utJBO5v5iyYu8i^V`vm;D> zQmNy=SeO@OzJzm4HTD4sJFHEtc1+!$1!us4$-%@v0#3m~bJ{A9kc>AXKRI1`z#aGQnwZaPJ?T@0QC(kp z3=XIh^0iLEfrON0BfR#tSPssMg!B`<`aKHbjg|>z8f-LHz!DlZFyUce}l}yoS@N z;K=61P~8#7kOI}=KR})!{;bimint^#b2XEx)7uA$*H_4V*0Q*W35OmV{`UYXK1w3P zQ&L`nEezyYw65V$=w&+6>Gt`;$*z7OzIoo+r=8(1Tv{QbpffNa{wc|b+vF+R+|HkU zbX`S-jcrb^Wm!axP-S1XCj3gJU`TZggMEH0WhYE7kZ}?FEFY8V%PuCC_RSUV%SWO| zioWC{PZbzgSwC*+mX;Y+&N7XxZ1aeUW>5*rYJaW6^ZqLaJI^nr;;9+K+Fdw~j~Ppc z3I%h01JQ7|n|Ix|<&(-MB%W$WXMz)78f88GV&JD|E{mtsM`Awo{DpStN@oS5z09$_ zE#22Hi}IDT)qEMllJB%IP;TLnGv)i8?9n`vK#Sp)sP?LPpFeROEXI#16d3q9MR-2q zT~6{&o`pC@PAK2~GqIc5cV4|TFft-NB|d7-xU8f9jY`mIyu#PnNm1eV!2uk|^!(p* zD_%rcy?^Dg)u4J0J}%A-)NLwZCzR=6CuSU_g*OOgr~_Q4(-(dBH$3LIWAt#fDW0Y* z=z-};{+(=5gaE%OCyM8JotD2~YtXuShB&r0ZBY#TE33zjvBh7sx&*A{spm)gcRfT$ zaesYDs_anwFWOufKb>xd)c@Z-f(+%~a`65({hCbVM~-P*!6(QdQB{ZfyO#2i|7}u_ zq~3qQ>2l0ckJ0p7k9T(+}#P3;_eg+Qrz9GKyfKr+}+)io4)t{@w?|a z=RA2bJJ0N$Wbc_--&yOkR-~%3Ec!dbcK`qYU0zN~9RPqW1pr{c$gt3!jXgVm0DxS> zS5wzr-OP*J+11I?#@>S5-N)I2+``+&5&-aCKFii~CE-sl+Ng^%hTS*g|2Scb)b#p{ zu^m-Fr{0sXw4ja2Y#H@+75RJrkQ*R;9DD&0*oRz}gla1(7VW1s?5Wt-JxyZHivV*k zCV#&?yv=x--uh$uV@@IYh;A4i_&z_0Mb@0`ES?mPA0U~Sz;%f{vYSq4 zQTLy8KNHeD9<=+tIWC{Hk!~m*+(C3}?2ex9uO4(&e}9g_@4OOhHGL91VTM7GK+m~| z?JNebmDJy}yY56cT5=X!LC8r6YMk?Rr09 z+v7i71-Tk_Y8SMccf058Amz*)-RGu%A>0NJ#KLKXz3A>&TmrWbTzd#jQhAk_ny33V z?FbjMWmkrzTMWI1&RzoABP0GenLM7q-EJ9IqoE+uxdIR2%l9zG6K(**_8N+rVJ|FCM}nbe zv$sjMWIXPR`=^K2w_aEl>Yi-=zck-tT*?e0O$Dlyy z>$W9@LvfTo)0ZUK+Lj$8m@D%iB&8PmqEM%4y3!Y=Y5SscFKD_kH!W!U-TZ9)t3Fnh zp>1H-bu%+Lol_#{bu03UOclpnQgPLXPM)0zo(=79Wq*xp`~LG&=Jdc z);c@caoWCej$|UZHIS?t2&i2JRqY#VCl79S)x0(mrYk(Lf7cL@ zuP4B}`D1oPiMly$%+oMGcxb`DG|r=<`YC?iFv%q?d9c=Wb+Tk<-Tq<-~&vijPdz8BcCLaS}?w!h_!{*x|6*@5pkj5bWUr9*+>~Qe$GLj944tmW$j5NGY7=)AbjIW zBonsSP`$Iw+T%)xt+8#(Ws5$;etYpoWcU%WJ$W1O`}d{GefP3G&u91(Z6QA?PM7ds zQv~LxX688~RVlR%tY6lNW+JIf;OHO%PWbJMmd zsUHcaED`?_TG>hHWL9v=^4}XWF8`D~b;Ueht7NKv$by$%rrO4Ra6O8a-aw|9@X;@ZuCj35??-R`{KDP&(~P; zX}KNAlf}_7D8|Y1Yv(K5!4H(Vq{zOyHkjCuvT3Dw7Yp7FQAJ_Xs;+%+Q}kt27?nZu zNN!lWLE(pG`o%amU;A>Q;GwPWclPD>_EIQEU$7te)Ccy;4ZLk-xD>nEe*|vvqwu>D z#e{C{G!v{PQ`HJK(2wzUykw7Cn6{qPb}1BDP)8hLY?FmZ%lu5(!rIK|!+L-7@~u5Y zvip6uNyD>zrzxnGXxW3P3w^2XJ<`|8ZZuWqDJmq&X=EcG0*OToSh47|9`JF8&)eql zYI5I*jvuUSwyF{z;9H@fcV3E?T&OvcD^f9&&lpL_H5PKeX3<)b<%zB+jApj9O^Bw= z!xjn50TmHrs~oijCr2(5nIPi|j=Kh(GVEu0ePUE@Dw$a!cI8~Rn_#tO09 zj^MN11>!}0QVx)bPSbcUTgS67-;TcikfuWepTzJ9+M4X>rpWcl%*}9aV5a?g@KX5R z+iRx3ulEIg@SMvkrbKHd;vhin>$lGJ)BLbbi6mQ0lfB~7t zt)8z^{=^_Eg}({-mT~vvGsy8+E3hWpeC4vTwUCQIgN7m#apkGBL>+AyyFxEaZK;8| zlb1||G>`C^h*0vcDJI+0sls~%@(5#ZS6SY(i)n_y2fy&a<9W4=FUWJeyrMiBBDMUzRjEUai<08QGoczYGvW(SiWqhhc{_DCm%4g-~9X>u#l( znL@M2L1xZ063nnmu96&464ne?n;hy}fn79UZxdqnt+BrClr6ybz*n&dx~eyDpH~e; zlyG>ljrh_sEa1D5Ob}0!+2ugx%p*JnuK8C^!ykT_rlr^@Fx^6f;>y)x2aDoTNMiM4 zu62ZdOFph-`nLeJcLp}oOtwtzH0Ynl%4l`OK+cK>F25IGFgw%^>O23YiThIACD8*w z`MzXjpQ8cX4W+|oEQYb=bF|7bbZ9+<6!m?E5-Skq|iJQ4vFk-}VuBCM7#bI9x;Ws(p@x*pK zwLT)FA!?$`ow%WY@lW3QO+PHfTn_ z&JU}OzbH`dsR! zo!>sH@YFQKsrAZ@jBZ)ZX2S6yu_;u+mLaC_dSlA-VMjbN1Bia^_Ufh(&KX7q=5x_1 zP6W+0hWQVo2#Vn};})!9-G38YFZjl|sgFb4Q?E+OE+)KA*D<0pqYYl7JO71Qj`vl% zzzXwmqK{-W!$6imT!D@5xl~~9+iPMaJbs_iZx>+`x+HqZ!0aZm@=fc_mxy%yO~+lu z^ONX$tG$NjO%J^>5#iTox*xBYRNcalE>bt=MjM1zYi_&a!ZGAFngWPH2wS^l9q=(O zh{%M})Hj|Sk+2*pAnl>@>C~ArQ-o!&k4}U*M5DlLL=3sAA4rEbS9J+xv)TwJy{;pD zjszR`YO!#)Aj!707jZ5alsT^6M@K~`zQ1MyyHyhONZ`be>ijK^uCtVBXnHZ;BPZPi z?x2|u$Gb|5n?5)Ra9WORO;XLlmO(JzynifwNd(oSbP27^rDvu~Q;gQn)SD0;VDsKM zV}AhDd|E86c3{UrW)LCigQX1IywpRZCgejJMm%g6M}*arpM7_Rxud~}M2>x&fgsfT ztG4`;I3klDOM-2X9xvP4)vhBbu7|PEoBPScLnRoF*FjVHm_zaVUqiK#)yv9F!`+26N_w&PKVgSCp+sg66T znY?eNJ%RzTbt6^+iz;WxGs5^3(Koo-X`L+3(b<3Bv&2&;EJ&`^0bTl2d^Sow^&@sQ zkluW=YPeI(2u7BDH5@-G0qzdK9hjm|mC=qiK!{N-+SSVFzllQ*G>Ynl@5j@JyOeep z58Hifb#T~=*u3ID#M79%UBzgg|FGw?2EJR{_iF(Lv^+i33wdP$S;yS|=SLr}jx%Q< zGJ@7SRe{D+)=#14pXw0?BZ7MYpZRcHet*b=e_xa=-;}_#^%PCN>VHkq|Kys=hn?3K-fTJxcPlX5 zltuVXCwroAhPV^quVyfA(uZ?}Hg@aiaZx0j_H@^+3#{5hI2MGuWlw=RnomdMd>@k2 zN;B4BJ%Y-K`KH(_^#*^TN$&rKNu!`vdiwPTc95BW!ReA*wJF(_Vp`KesKrr6r8grl zJy$HE6`NuRB_4rY4Z(J~v)mS@YbRk^n~u?1z=q^2+gKZsy2GnmzgZJDR!V~d;FBt4 zlQ$0BoR9fj8Cs1ro|&}2C>IK%SCA#bwlsmiSN5)4Jlm@~8YXGhqy)|1jtr|JSQghN zA~|%LwY(_Q92dv$>wTy#&F}>@o6h+du13WwkMF1xXCjZEt0JGA((Bd(ctOCRowd7i zOCoCIO&AFO>y$f6xN}9i2|imJSSZ`l{`C-Uy$bdjoJHwNOcQ ziMSU!wqY39FAW|=*Z@xY0ll$7oo?0ve#!@%!9`*6!3#;uVho?Qvs^oR>0NC0GRtut z*nil{bd$eN8A{oZK%=DTO=ZW%X}6&WVmL$i_zRZbx~MX8f_iUw3mawfZx=i5eo!-v z=#TeH>L|$L9LxRq8krEWI}y}~it47%DWn_v zwUqDc{pjDH%3gYFd_?aO>qy73E`&GhXMd#*`R&G(Icqe31t$Ge`WffOi#~FR|J)4< z_2G@xMO0?ZUc($XCNS|Mef#XQakWR($a?+6SZYKzw77h*LL@TY>+ki>Wa9tULN?;N zcVv4%L~M*tK4(&Jm!XOI&n|=jl6VxFUkpI7CatdQ*;g#Pvp%pvFr(o?_ZohGmfQXS41%BzM=_DKjn&_&Y!gMvNqesdqrA_;{lZ9{Mwic#Z zD&?UV!KIWT)Mv_f#uk5fbH8>pM;PVQa?tw;o`pY#(tgLf4B0eXNNf00Zl;Q*uX5#_ z9EJRC$qclT2IE?)7%foSNYSfXivC{9l7Zz8&0}bu=9F$dJN`~%1NTa{C=EuyP~rUq zde7n{&d-)m?&$lVIM0tni21sbYg^x!e!wBOt!Lid|E2#}bNoL4)yu~D#dp4QbIBR8 zD%(t_Ho=p~TYPQS5)LO`5hIm?OaDWqD7o4fK;KHtHgV@SiNMzL#>}fgUw^cnpa;yZ z?eckB@$JRL0=BcMgU2(GCznl(X6_jFW-8B5qJKiw?r2hbfAU26(}IP<(M2O}%@2*y z)w@vc$fSL-4_op(#LHhxZwqyOS6IKjsi_oq;~$wEj@-)r1Xj`B)UWp}B>U)Hn4FBX z##6pk<>qO!PihZ0Iy2bOP^cGAcWY>Th>z6_Bs(hE6dge9Hj+yVfqUs&JXSXdT2?6c zw)(C^o~=b`;FD6diZwE2Wj7cTBgsNr`ayMu`mbJ@kS-5j)(=T8v$D0+;?*-v#cWdA z9Yerj-YjjO&hVM!3sC-#0>^j9Ipoh6dhWsr=*ha-O8Nw}k~zxTXCoX`3H;N3{aX4I zAo1;hPN(|i_g5M#)zteIjqpVtYD27yVxg)VdIX;lRAg+N+5QNfZE}QUJD%TnS_?AI zM^lV#-0mqve&U6+WN*2x zy5LZxN)qb2hsF6pn?s#xBB`!wp|O!Lj;K>*sCx9UxcXII?+xCgC;J!pDN~Lw(jQe;cLoE)u29Jv& z<8a-p{7d^Mf74&W85;byj7$6d{bZrqH>V0hwNn?c-H}!zpsR2c2+OKdff3tt(s|1e z&~~!~c0KYjI%t22;nfd4Q?%mpg4-Hg`KxC!@2TM(#5m;tI|1DJegWbJmDlpA!&oRZ zX0P%jU+5o!-aizCRr@+Z=G1FQ%I>%A)nhr5+vCb8&ZY7!bj+ufj+!o&IhgV;)+B4J zzONPEiw(?9(2$*?&lo=SS+!ZjBS)g$!-qKqIbxD8G+S$N8dwac2Gy)pYvqtv4%y0Q z;kUrWWTP7a0zAn^ECHi4B{!N(*M`E>rNVK+1q+e*k3I9B+9gD6!*Kr2GyNg3rLi8B z3%*@$jEeFNdbO>ajl;r~A-eg&RQARbZ!e4Pu17+uihOpJTu#M3W@oWfvC*Ji5gSw4 zBrjYo@>JxI`@WQcwp5boY4}b|I_gcg*s>{9L}6h4c$Q8mXv@1!0nd6ZkL$P{iLlh6 zGAWY&op_GerbVlA+YbZ31TPcF$m$N4mr3_Oea#$M%c3AU`Tub)rG;rU2Ty<|wQ|Q~jbD6>a;Aj)m+FGs!`jf+!7k zX55NL;dZD1J+$_gZA8j%^b<@K!p0FIAEXsYejBlb`JB3v}l_{}YPi*_=I8VFlY?}^w^F*=!+lha?t08xx8d-}{ zA+=?+^I?j#T9bIQ1x;^Do(}#DM{N&Br5tQ!CJu5jK%#jFmf*MSPYTq)YtjDG)LKW$ zlQ}^~-{I&jNzsCW_RYik_u0>cv8LA4*uur~A?iXJ6Wnba zTd}!yda;c_o=4^57CPL)#eFY%y)3Lt&I-2=>*M~bUoGdAn9nxld{Up_;m_4UL0jnl zt%8R5n4gQ7YMOZY460Or@&yHc6mG8M=C#K4u#WsAj#`~GA9fF~!l=_^5@^Y>*I@2^ z)=qjRCSLcDYPAHoCK#3&|A2yXQ%KTmWYoj%JwcUognhFl`<|i9zDVJ3e{aTduWXyP z(wmn~WWh?_sOatVgjT--%2mm?=a-Xs*KBvU;!H4EJ`iikpW+5H64(PaUiJEwSouIEhJn#L7D;8(&RE!k;GiF+ug@19vgLbP_gEXqF(xTqYzcnNkp9-he zGVzY&N1}S9c3&FPrrE(SGo%?R(WLtBfd>4%@%kV$)^CBl)l4@rOrvjvg5Bt6>zMW; zajz;!JY=%q61XhLr|bA&lH0Exo^ym}o^vz2qFCi~x|8QD6vECVMNkMT+c0!~i{a~^ zC3&gk;;Sdsov_K_&r9Yf)K*wS8m#x6Uy9rL-Q@e=ZeDJ67R_v~Y$_-`5WMmtQqDxe zQ6`HOvlY3;NU9!#IHR7&MpdV@;D>urJPyB{lIo)f1a7y>VR-P9o-s@PVbUF}wC!H~ zi}`Ne{ZZnO+Eh1ZDN0|yo+4`Vdr)~@`ef@sxwJGH3_lAO_FSVum=*|$`s0xb8m@7Y ze~^8OzR>ElTFR=3etIU(7i3cxec?S{(!u+DSFX-y;(~reX-VRoA9@0I?+wV+$}Cu; zdaaiQ(Kd%$iCMo$c@q>lE}Pb417~u(l+*f@$8?QL27P~1Om}0yWtJM|2=SddiV6-u16Lcr7VK})T@nG%PsG@2NtT^*o)cn~PY9Wj zSz$U5`{^Gv({#@D?hnKc&PoBRKLtB8uF8KkZN(Jwb##FEw1xR9%go27+B*psr=$9f zc4(Ju;kZH0Qy@f=hDfx0{Nvs*jOiRTE2NP)H2#G)l@qnEy+04>g-{s*iew$s_Zkj1 zWg5Z-r_EO+41S9QSlpdnD>AXDQwzqcG6n*$g_7I?3p(dL$kXr3WGMCSNc4S^f%9=AOf*XSO=c2@-jKU+?6t!=#pRj4?@;eeAzP~^8=S}cG{<{Nkw${pp ztyx=%DRV~_fzLvbY^>?VF}+;_Ugj_ve(a)m^mbJQ7Vw~Fg8WW>Ulz9SRpJw#DsAKf zj_;k90jo5MY$~` zz={8)d6_qC*Lr6}iN_?Sr^&yXRbV{FEO7}x^vh6EPL9!c9!12)O3KJpTX+Mb>*elr z#{LK0i?VcKHHG-7K?xF!gf&&FRaMnos+e?F+RurUJZ$P-=i!n#b=Bx5KA!FG_c#u7 zHd(SRJrBYtiXWDkjjpdG`SQoDv~H>M?rCll1#nrLsjckIcR0&Xq^0|5v6nCnr}enM zFKm8$o~7Z&*%kT)n_Olgg!Pp!lWw_h_(zQjQq}!YB{>?wXx8kvfkwj z4>Om4KNQ1sQqVV#fj?0_U_n^q&k+#%YMs-rKSwp1=xUNSk$k57~m@}k|AzImC( z%l#E|4-?}uGCYfnB``2ipME=MwI;3|8V2TYB{uph=Nk%`!ez5(!AgHtM~x_8sn9B_ zS357kB$BdkTmE?_!TF>y!EGsT#)Cc$pk6i z9EThW@hc6=ClD+Zzn!hY2Xgy4bkc@6RBKLO+j+Es_ZiZvq$%eeXDYNaWZ9G%7l;QJ zbtoitfj@HCU?}9CRNY~?=3RH^$I-<~*tmm2@jhk6Nm}G(DDS}axCi}0eM6~_w;H;b zih2`N;UzPA^KA$EJZIDjB`w4FsgjxsQ&?O1AJaJ?^h(MNk83)%%4zmE|1HnJ%JJ`EH{v;4^V=$anz^GGtSS}OEvR5H%kjVoT^+e?$z z7D)ToktAvhh0h8K@o&32cFpU+hc&N49vA=sPb+%EzSQr2$>eYMRTJ(W<7j$1t6uvq z(7)?!;29VClLF-*pqI&K@m2A&jEu4NWOu&qrJLk>%5%H}cL%6si39-07FeA+pB5PZ zGHR#P=+?W-54AwRJJVSP;9Ug^g)~FYC5vMNM8OkEEv-d@Pn6fqY-qFFv3esbls$M) zRAxS>Nds%tB+3px=iUY%-hmcQ)2&APOUkOslr^ialP87$>J5z_@H1FM;4tlTCKY}u z0?!pad($#!9=wAMI*p_scVWjM6Y*DBEB<~8eA-LDC|hxVyxdxP2Nv}^RS|t@n}WEMuzJ*HDs`z^-oOnpZy4oEn%ACswW>)`j+FNsAZad zt+polw*CVIba2>i^Al{%_W{>%{%xyjv1wdk(ouh_)c_C2^4w|f(Yefvc$A5*qcCQ5 z$Y%MrP&~t!5}vp2#BGp1E7{*GltES`d)jv51T7gKMV}7~Rq1YDHXz+^;YQ{cJvT2V z!ad4`UEBNR*VnE&$`8G8nD(o!SJMDI-Kugh22_i*A%7Z8pnS4_!dXZ8BIub zy}7+u5T0HX6*o82WS+pO(4w_v!m#V_EH7xgVcZ*NU<1$B--IV7CT{%7-@4}J@=|NY zd@~El_#IA2X_mQDFfHnQxpbZ)G8n72wOXk=MqJ(h3#t zy7$iW-H9mpus=)GW8->n%&GJ0_ww?x;CZY0-SK=;QPJ_nkmQ7cdZ?1tNj0IP!KCk( z6Mg;TkHv$GywN-DfmBL+*0lDwP1Yt3(K-PYyAgkQ255k%q)8BhC52O0Csd6MNl8O3 z_oBydJ_Z@>lapx~;OzmWVvK&A)EZx=qWglu$`hf2c5@>G`)>$>E8#f~1~V5zU@1+V zXkkaI#&zstj{H)FHjw+ma#->57FD9!C#PLH`t>dxgvsZfs_Wpz5d;`OhWP!I&|L{K zxLFi8^hlSi>B}ssl~xH>^MJ@&8gX6KxB0rnHXCrHrcN z{d?L@W-V9t2UVx|=fDXA%2b@>HXBb;AZ2+)8R_E62Ol>?xh11tL`qVH!TFhY%Uo8% zKi&H>kP7?Y2YqS=@X@k zx?Jt9iJsbX4mER~_wcur|>0I@=U-NKovXwd(wE`KF-y_IA5yJZO}?m$Q9Lv<{NP~rfu#93<}RsX2p z#M}d&Rr0NjO29&*U9kQ^u6C7wOn$HRsATDU=W+?l-jKl^RTPb=n9M-qyJme#;a8NM zw>C`hg*$j>7opw#>KdEOSbwG+s3-sDdW4fK@Nw%;p)4&eZOPv{&j56#J0&Yex8G}f zIz<(+N=;P#II|hi@FS(4qXo2t{w=SfN@UN4`Pm@%SuKa(27^sY;VCJm<*gJ+ELe?I z;ZiP`4#^F?TcAJ7a&QGlM;s*_Oscfw#SPu6C0)FBZGmO`uW90q(5jZA9v!T!%4oHRik+N z<<#E{ZM|H>TH@*EbKCQ>_>Ld>vx4(=jVE>~>u07`ek$!bi_Uk3Uq~#xDH)u;FS|6I z*pSsWA|FJ5ou9?#v6kD=WWFHz+-`uIfOTeUt6wz15ZFqJQ;TV(%5N9ub{TXRC>F zCai?UTO$AfH!6#0;3jV$EjSUBkFqtFhwm(jZk$eAh z<=OPSx?P|(-@ap@smd?Yw?ZH9yk@tHSxde}92PL1mBdw3$5gR+Qqy&>Z=>4N*m%2$ zluJTLn3<8G+hjXmU~lg#*);h_@-ZqmJ~JKcNcz4ZP7b)}u{<*IH^0BX`K-MF|g~efEz<-MF(uKc{S6toDK<$Dfad*hR zgR7os{u}4ZdZwwBQ8e$O(|C$gOG{|k$*oLO>^cw-)QJYBsAdT8_BJT@&H8!%3}ZX> zd?Hd0q#iDB&4eiv?QWrURB~(Kn`S~sceh$Ht(n&tY(IdM@`85L7KJgvLfXC13@IwigIetTvMS>Ut zjmvYg>e#M@Qc9=rdd~%1yq9iHw0^cbVS=tTNkhRiENPcH`Bfe%QGl2TB1F^t5~}Zs z38fbVNrH_H!(S~RYnC=nO_MyFSc%Xr!L3@EU8`=F1{k1Ny*T=I$;lE)JOZ_8?vo}d zErH`R%u%@4kyLV$klRh_=7ek}@Z#ybk zxsL0;xNcIDaq_BiQ>ox-_J&TDQy(aDKUhx8Jqv&J$p)(0gRhU}&>AC?*?yO60HpC)9Qq3>j2Zuw_cp4)%izUXBP6X6U8(;?5Vj5)X6u@d7sGL@?^nany?*h>_!K(D}WCPRB|qeObs_XA%EP z)=LD`Nr@8(KS_l-ahNlu;b9>WlE|(YuPYhA)a;9tniO+y4AhPD zT%#jZh6Xj$sXsd@O*6hzw{=NnoV}F@jGmI%jfPB4{IROJY?Xlr=#KY^u54VpB~#uc zY59;O$aw*R2GNb)pgMs7-*5wcHk^c{x;pkbs8Naqi|IhML<~m!-{F6ar~Ze|n0BX( zJHK#RvA!N2u#)-H-~L`9Q_k+Hy}q_stS)c8%48(%ekexbv5h$Nft+k?Jj^7YDLrYi zI+6O_{II(Jp@^wf(?h>ibb~+1N^g)UUO9UU?>b^#K4NUaglR##UihrmP>Jmy@ucit}pWztqXSE_(Fybc=5tx(a7 z=!0NiRBSw5)m(Jl6i*TG8hZ?0&m?^@+g?Tb^#fBxIo@ zg60caei=R>d)gT$g9RdU1%eZY6^7!vp2k_9&)X{Q;{?yghaO%+cAP3P&T34kMe6Mi zLLQtLUZy|+=TWtHW&Kl-=X1t5($=0Y^?URXBd@ip*&|o)>2%{j@KSKs!4xPNtY>KG zf1^ay-Fe4)z-}1c3Aw(>b;{0t)csj-RnfBUHsv5KjfNH4zwHEkSvL9cncy9(LESZK z^94bSN#7zoROcfj?%!-5ho-uhCxw4i>-t`)Kc0q;n3HAmd)&`l#j~(58-Q`g;A#-p zAA5TI&s2IYd(VMBJn^<)U0v&2TOTb7WlJt@0OYZApu9q@#hvmfGjXK=ch(bVhjj;dXaSO{FG1xoc&tvGr zx*)Yt==c7uf`aYsEbu7?kGIEFT?yD_CAHQ6 zd=M4zeCQY%a9vxja54g})nQJNJokq~g9`?3yL49Ok&!|e;C%xq;40cA`|Q~J zA!Q-Zg+;hfrMRQx^@HMDBkDTdn)-jH~Kh?ct_F z#zgt;&Rbs?O-A$-ytZ%4_QpozNq`m{{)rI_mF;a2^viE5K>QA67Z;baHIO44WQ5rN za0-<3zCV5RbCgLS@U3OJ=jCdMEIuwy#`x_y1@Z3@1!=IaUzS72mD8D!w4So3Yl`mU% z7O>`@d@jA=6wsX>^>P1imQz*ReI}w?KNM17lI~t~KwvIdk$C3U(n};?tZ05K&`fn- zrnTPf7f=?E5sP?mjjvlg&s9CxKleeNFM!QA23fSa9=WL25ae}w%Drl^>SI~``E@8idlP}ml+2K2Q6oS z2XAn1an0+hYh!-i@!A(@p|Wk^!0!sWEY<^G&N!{6G;J!PqN8sPI~g)Ksj$D?eSVtI zg+$iRSLnR0Kdf+;D6c=|9nC!5Jg^G7I9`WECvVFhWcVE)yRL7G`knjR93^pDi6V#h z&lH7T!%%#Pj>w;xp|+Yd)K%;La?WU_aVEUw%twq7{l(kg|FyhAd#3{C-xRFBUCzY| zg127>FN;Q;U9jA?`y(gGz}KwIUikRzgVHW8-rFG>IikY5j}_t96~^n}!_~!hV}9T5 z+Y-lW0sd*=)vr($$JVxVRt;dKsDPlPD(W_4Jot+ zO+(+~Iq#=;o|7R!^-=JS6B%SP9c-#se*E_~2gSLhy0FdNV!{50;g?)&gH z`D%fv#>nUTwoONNJ<#Q`3MfkatjhO>Z*aX&;bk?Ya=v;K{$~ff%4FJ5&G`9+cPPHg z=N58MSy5wnf7kOy)Nka4K|(0tZcQgd0G7ai_a7_%uT5QxaW#lS)+b%!~&1 zj{RWvs~pF^6co(#Z(WWgLyZp7J@WN;`af%#R|*?^ao6b*4Ger#GMnF1fY_f{g~_fz zFJJ}+YzO3*MwFQ@B~g!6w_Be5a5D#WK=yAt^c!S4fRLVbkHyywP43(9c$s(8)S$0bu}Hr$J=J~!xn zEh_h z1N~f1WkrP_M^?&N4B8u|m>3yYu#|J&E(H4*h|~&6=i>eZ z^duVJ^*EZ?0a-cFX6jMYZ*@PK>3Le_#Xx`C{{gz#SZ?G7Y5rJ+I zQZ`q^p<^uH6 zl;TRcO!$SLD$2rWV)Inf!7hmjVB#2;Xbtz7AUqSifG_INuz;*8&NKjUPb1*~y_H;n zc>2K@U;_xRSK!GYet@?VG@8N#UQ)e4!>xCWkBR@HuTb1qDK554w0daPDo^zrP+o7O zy95|^3dJlLA)8Q;p~k#ECzzmJd4gu?W$2`UxT2|<0y$AxUHS^Nuj6Ey9GSLZbt)f zzq9#H_1sSU2}d4Rh$tKia@nY z2v!D(wD>=%Q~F+VqH`|ALtzBx;yRiA#HNDiPzhT+G#zxuMUJOBjUd?K!VSm1$iJ*T zAOz^W)qhQ-*#+k=7b80S^uRp=Lr3LKm}@{wUO4L?#3_31&QtYm&x6TfB!v8 z#2=a=5ktcqLm&{5LLuNt!Kx0ipYtH?TYLv#vMy*3-XA8MfMZ83e1kwyUn@0q&`&SL zer3WF$YM8&5zB>G4K0}t&<@XS!5l!kfr&sa% zquDgFB;nQe*&+3rz*-v|#qV0~t56y1&LML3_+VSU!vHML%{%rP1eyJ!SAL=|7~Y}` zmwPl9NTrGsu$xCM@Fg#r`_n?VC((vH;$-=XVP4L%G73%DkZC|udIENS_hSyZP{cyG zUH&o5EaN#B3VW_;T&KjYGqu{6bDtlZjsMY|w1{zov_H~iRlv*5sf+fp+Vij`*3Qii z@bk&STJ1f4&v0`UD_Kia1wlmISuu;Q;f>ne{O!tuz{>b&(C}qq-YVi6?#f!Wn!~tZ zm0K@AamV8BPG$?&*hR4yq}K5A5QXNH`KmJxjd858sw0z=HT6UAu@}jBr|XnE2+h15IQ!ii@D(%j44#=^K??!? z!$`%;z%dR5ZDZ;Z5v;cdBNHdbW-PTKQK33J9lwPq-pp?QBNa26n*Cy);+pciX)$yi z+>WvDuvshF{bxCSrdBVt`pZ+v1e$Tp`SiXPnQfbiTWI*dV`S$v8s#wowbmgZxs~<` znRZd*|L_#2O;nMt#)_}?oSvZnCzq%GFMFb$o|GKyQ$}6{3{AY?Eleuj4MQV+{mijh zCEzB;B<50f3ti zuTuLwPbDt<=W4VgYxPH2=JIw7UNTxP+#MXPC+#JE4^;8~M^lhr_iq;$lSfa*qM<)J z3A6OzxJPZ7*NNw3Jmnckx>*Kax>w&r%LD%3T7aVevICqs{h1v|nSRFvVP?&08aJn1 zR7=`%Z3e_17>kTv>kfrsDFN(F+`$f`e5yZ(XngYB?>^y5v>D8-(xkf@SCze<7?+gD6P8SQL6UY6>$F?!M|0^+|Baaukb~a82ZgdAMIesYS z_=n=fx|dsB%=a0gS@sOJ-%ud0s`_71!hZx`H|BH1;c8pM|5MplKvmUsYabL4K}w}1 z1(EJ9=?0}6C8WDsX+%Ikx}+PVn*-7e zf~@=maD<<{z0L&!it9XQLgKr7XsB&VJ2F8MbjDYaS~9QM5ytR)evNB%k)89}haHt4 zO#kiMFLL!)v)xguI&M1-HIw@4>gpqxrv6miT%OE5vcjavEO9dCw9h&Q1~TD#N(;KM zy5ASNP?16)P37JKm)Xui^o^o8b3cNue*1A4FQV3RGC3hUu8}Fwv9h^xHwakTiLICx_$?m7UBEEtNyltMOV~}gHw!wxW)E0;rd_}QI76wXo^1}nvbg!ba>in+qkpz z+mHp^3;E|#npwv@@A#;ar5mY8TRV0rJRBAT+&=lmUL~-__my-F*cEiO)ydeLk>=8W zy_pT7MXC9|2X6uqY*d!K=cMXO`j4KBXSO9tI;|^|slsK#B6xqM9@63yq-@I0- zSxMOtBRJ+5JQY(P*SrZkto=jYY7@y|Qn<2a@C{f~{tE$dVmy2fvn*|i$VP@AcK2VM zx0^b#A@0s~is+K`(|Xm=CTkFNCS)1RzfqQ=qz(DmWSjDu|02l!6m9b`2oS)WLw{O>(0Wwnl5o3^uHfoJ*Nt z82!-)myp6fspZ`;fxzLuxh(GG=ntd>D^Dj9eSC;$C<<8Gu$vujNUl ziw)^p6?;hGJ{nkH!DQCef^Se;Q+yjfmP|B9W}Ef>=zM3mcQ-f42cRw*dB zp0>l3w69Y0=#7MNb+(s@r86i)0=B(bQoQJ&W8}p@J5Ahm%bH6}e4V*szm#rY5k>v| zE{d+&4O^IZZ;?~(vI07rJZ&3B%+l$MOFGlRky^Tv={5BaowFHp8C+EvD2$H44nkt9SB}KlGnGVGB3&1@SU$=rUz*TR!r#9AdefU!Y=wncqQWq<4ZH%!h&WO>S&` zpR>Tf=Jf}6C$Cz|+ZR~Osz#>P&PwGLVkpEU47LJA9;p-4xRRbemIigh=s$vIu?uS% zxdQpPGew&YM8J}iZmCDl@TWyW4Zos}c3RkDie=AX{**{U_XzPcdc|Q#<$+bpo**{) zP!#{ABu|(ZRc>MpwQ~G)%+dRqsrC{|6I4 z7(ll?dT_q~Jtihw(&Nh&;obFbV+WDl#)qVulbEsJ%<9^9g1vezJ4ZgGL^9($aXzth z3or|?Ir@y|wCQLohaA_#QplP{4CaEDp0FuTvCJXzk&nD~Rk0Z3Kq1syW-HOunUwA7k(hFo zFz+jtAG^Lw9H?&jAW^$P8#D|hocm2g5V!e??_}54T&yW=Y;t*vr-^v|DD%Z^iX~~; zjN~gyWpxV){C&xXXLDq$`&intJgO>)_-UXDtWq=Gcxk2Y&F$PC^kO7alJy~KZIP!o@ATg zUF)EdJiR7hpJvB?;X&mjpD5sQSzdLgZgV&^xi$9jNS)~U_2H7afrv^#NAY!K%lfff z0pelJ4t8)G(QlV)AD%pxtFTrEzK0!_CF55)gG)~AGWq&?cIl+D9Cu%l<91-)3(R3J zsKB74E~tPA`poIzA>=vxYN5V(Si?mY36iL28`ng-L>i~dMs3BIZpGzhrZj^v)&OR* zKAmO0_?z;F5QF1Fmwi8RVi(S0`40fG5pY=cy5F<}papJsq?2>I1bfC}(~18Bst3R?GUc6Dt+=vao*@w*CcPm;EAiZx3T~ zKyk>Y`lH{%=*mh;U&F$TaIQtl9kx`I0DgT#gel52)ft8;fVm(Ja5BUXq7S>|JraFg z4^SVwe-~D~&(nkHL_*j-nu!UTu&YL1c3z_q=Ai(Lk6wS+O*4TgFrYqdV11q>W*F4I z+G@WCPQ3`f%q^JQCHIuk`D(iqoh4==XsE{@IcUwDFd0f>cI zyv3K?SL-sG3tfkCA~u_IfR_jNoayuU{5~)+!}wHfiTh!v#Rv81ktvT70tr>*aEm_$ zcvEpC+Ujc4&Mn~9ALXQOBuzK z)Q|a+%WYQ^=eb3d%QX;Ape-b4^JN8@VME(`U)b0x*Geb)K44m0s|$?p((a2-+Ef(wNjOMq)vu<`!@S=o~$$kCU4qD`)XyiIlrTVXh>|?&XjpeB^e5RjP#xfD zU&xD)s{Ryo4f|s*DuNiGt08NRf8YqR^6q(Jf&;ufny9x`3tOK2cF;Ks3&y9Icut%- zdvA>6r8|wk&x(hr#GLo5s1PW;05*qAb{>MNqFdgEvx6A8b+E!U+G_JEdgVNp{_KfA z(mhP=((VqwUG1FX?TFW^ch?FH!zL~A@{-ZP*N)A~xnSqSKt@a(d#{mXWnk_qJzPYt z$8c<~ftoo5OdQ*8KXQ=joZ#x1>7dW?L)8uQPVls}9nbu{KTAN=rlmB0|E^X~A4-lXg2wQY+%Kl~*xNHmz`96~goM3h)+9O&^?34bO!CQ@+rvmbLH)*y zYg-k2t|z;mxtT^$R%g=B;0Eg++@Q5+aTxo2?wrGW&ZaxWoz!l!Jwh?9Fl^ zuvZfAxg5gq0EZLDB%|M1q|DqmXbOmKilL|YPMtIs#Dj)oi(_E6mMA@?v{UkT1!3bmR?Ke>4^Fw!fK)=sZP6lqj-U8SPvy4Ag5sM_Gt_ z4Ce8u%xP~HloKO+f2sv`+lhmPg|)N<$aXAGsK8MnH4V){rw;It54>S50smP)2dEo? z%g(E9ug<8gxt{EV3#V|!I9`r}6)Mj%T-!LcP(+N)h}y1pf9d~bBC3@*m+lI^}N*jdp~ zJjfu>{MO~RsAE&*)tYjOH`nqe$Vxxkqg&t;98iTx*yArbM!C|@e>Yrp0uBuak#Iyo zFq4DNrt$s7LCawyDq;s(_Mf@&D#Af@2xG%MdQIh&Lvn1#jGpc6MctxgA}`0Ssf0DV z%z+Nkx}pn`u0f;Eb4A7gwBvV6p@bnDlxrbwc~DL4|~rZ zE#u*mp(qUCyl{b}wvT2d=yg*!aaJ=Wgs7^9^mwU@ihpKI%rc`vb5>Mx)WeCa?2)YYE~GqSuZc zlf?1y*6k?EWv2?d4Fp=x>IyB`WiK!6E@loJeKXVzqSBE(!CN#QC-r7u_DL(sCMPVc zcpqNR+#(t-le-|V#^(FkcM)$`s@Bd`aA&TjE3#$8qj2({Ug1CM?r}LZZ+Iv1st_C+`zw>#oO#?g#J{cJ`mm#hS*@APQG4PVW zaDTPSj{IQ9v9{fIqDYQYPUhO`E)W(Sz?LjWLOZd5j`Kko%O4+Aqx*zE4hjWUdeRJqIp z`V;Ec`A^v2UjG!ar=M>{=~^#2c1#&4Qmx~aVAHh*+ne4J^1(G7@Ha@FhDG(Ujk+is98X)$5x|+Md!WlQNrbb*B)yFy4w?N7M2=NAhn|gcj+U zNdl@hA#YP+-3HMNRfuomCetkTDCLtA47d2(UN_hT_-s#Ur)E&azO1^D9l3jUgy!;{ zc&1JEI-eQGI*XY9qUfPvk>SaOcjV-mF#ubwP384|Qus7#*XV+;zaPPW67n%|A)R7} z7Uq}8L&vSY&(~x$l7e<46>sX-^XtS~$2YuUl$WIt$l{MS!0_FZfq%iW=W_c;iIaAA zLiEoPB2(I>1+IS4=HW@id$G42eI1h3 z(MXm@^Y@X5!Hf;epkhxze}qRbn*+Uu`#~rnY6)HQ@`cMY%JvX51}U$j7iKn*14S{q z5|ij{1BlPGQ&yZS2o>^jKPzWl_N}d&b&g=-T$yI$X*SSyWXI`nmF0#gQ|lHcqqs98 zfS~jAy5!j=#lU6}w}2JmvnBi_FhmgQcVp!y2y}i$T5{2<|TjBI_b{NpRI~m7;f*1DrQEoyCwqoGR#Le?k&TJ43p&1(JQ&H2|>O$ zzG%l61rq|F=sudxvnt-KZizG~Y}eh*9ieo^Qf z8MDZboC15a+mv#fxt>Qg6)C)iH^bR+rmloAub(aDshQAkS<>NjB+n*brDRwkXo7Nh zv%5SNd6qsgZ7ji}x~Ie=BQRp66M6v3UGxQf@IqdO*hFnav7}6Lu7n!Z!xFV`&GH7* z3ykC^4f0F^R(ktCX?sp1l^xcCt_H^u`M3>>bV4b~^nKWDy(a#;8qp%x%4u!&+(9;1 z-}t5!Q-dwGB0&9au61+hJdtIv+I$IQ~yU zk8evbiNjNCBVKzVz1j2&BX~aVoa@7X$dERUU<++1Z#7`foJ7Ao1LIvKJ@;_r>nX+N zQ0D^#GUmX>4u8Hlj67p(J-L%ke;~I=Yk6TMXpJAVmeHqN`JFvqxTQKJrdAcJgiuaRSfqJ-@er&THJj2HZd$jMm@dhzMa(-}li!*4riP zt2ZRQ@H7E!j*!^3`Iz`^g$`a!%sqv@Fb-}6iUtl2wU?-uzd!S*3|-1IztUEM;r$p; zy9Hq+kSbM!dA>+VtE!)tWVr`c(w5aU+9!zOF|z5T&B6tu1CuMLiDG0?#E2@BlLdgr zEHb)!a*hg~PLuhE)7_amkdX;uyoFuu0@N|-xx3e=rTyAFGip>eG^8M!0J!(<8>zPl zC>VCzxGe1cuHeKVHFc^Y?cjOc`tZBW{N88sKiGjSSK3jQeGrygByNT_d3%|EEm3<5 z91unfnu6Kyr8t*;{jXjh*v>XaRNsNaKXyk{z1-vlPf<*DX&SHZW$nUhr@aZ zinsBI>s3w9Sjy~lal8d|`7S$Ka^Qj5Vg9#vQaVA81+(Axm7qC~=_m@Fn4kBNXt(Xx zlr=THj%=-#W#qnUEz%e&N|=iN$pjGquF`M7&IB>8M+80b1EjswF^=-u*p$M39N~%U9R7+o&8h8xaO>AgM^JbY!JTAw-b8u%Cd4-M4Fez{T!v|s{wr5y8(+$yiv%bS^ z@(D&8lTGZFg#q69YP-&*9@b(Dj60%z76JP5{ku|KOW^eXa5}%5^7n=-Wyf9dsZ#fN zdFbm45MKH;x**7JJJ(ya!90I5Hk?kH;n8auH#0o4j%k_SUDLNbJK}kwzH9Jm3V@a6 zu%MtI$`p57YimZwh57mUNO^uPCZ>{4J}FLAGur@9@C!Q_9y>yTW$XT$1jr@Rq5mwu zeB+M=fm?X$NO)aJOfeSswA7Yv#oawU@DoO}{ZC}IJKQ7aJD#){%j`b@cM2x>f8}{$ zFjhue=OJPwv59S5R!awBwz+_Mls2nc)YO?$Wrz#gYK|QACCQHX+}OGk{=wr1!0Gkh zy2yBt>HTwC>=*UcrL86F(?wgA297~I#+gYl!fMS(U1QwlBc_M_oD=kj+Wo z0I&wQF6wia&=BStq35=7j4z46q1(>N{JHsk^hwrmuSrA%O~e=!!Vw!yu!L`j%3*H( z#}A*BwdEquWPRBeMtbU@+24A|(H~j!{w2h?f(*A6Ra?t`_>DUL1amDu!ybd<*dUz$ zczRnj;FlmDUtIIo@$<*)>mVyRJ@)?7xmUTx>rH~>J&@m>7v= zmnU^>?!FzGy3b(a{AT2|4-)nh8$l{!AwuYvaDFf81P-tOJK{V?MWZr|v`c&vlE5Y+ z0)w~|J}OnsB`p#nFp`}F_lw1$=5$HE14vm-yGh9se7!$+Rs^=~5a7K`S8Un=%}Nk1 z zukC*f#4LO$=eF%Q*~huYg;x26S2#x@I3y(<4y`-C`B_Hq$p_nq^1-$N$+JafWhQ}u zX?|@;cf1Ou|AP%3+=$`OE8G2`me@N3dXdvOe^37@%DDb#E9lV38)d6M zIpt&(OS`}pyu(NK&O_vyWA!9^rNy#IIG?F}(FHGu>70wt=y;G*gnj39%WI5e zsRCU14IBb6e+X?Fpbk~q4@5+swDZK z3cNB2KV!%Jbf$i@C}V^>M_S|Khbl$Y>sP$lduGSd1n6Qsua*^R{xqD_1oW%F>=(D(1o^oFh=16ytG0|^-!;3Y9?jd>D&*9nAZ8@5tAF(7p% zA^UYr^KBOFOoT0i7z(}u3p=$DfkJ>!8EgYo&b_g-Oe%AO%xT(&?;3ZBlFUL_k^I6Z z$)OwLO*sxpEe0P5P)N5_ueG;^2p#{Wsj$2r1T;y{<_-{0{9##QV~xD*VNupc`^%M( z@d7tox0%mRm{h_(|R_)y4zpNbY=0-%MqLw=CUbi!hu7%TZVzavv4_g1*#LM+yCcX*4 z3Y}-CX7lYV=#btRs#o7c0QcTzPyYo2uiu~yV!GF&}|}P|QVUzsYw7ae6VY&=2AH(St7BlVvM1@nuFgWx^xnBDfjHi)zAx@& zZ)Ky&H!Xz&b z7IJ{Eg_$6v1ZILkp6|A!?<_5pT_0$m2NmXkvZvT97yykWsu6mFRc3ZE)e!x9A4GNUdH!HgoYYzl26TpESTEz(&mx=NBnQs`MLxG*I zh&8k&EgrtyRZeG#sd@%RKytpObdSzAl^G2#sKJqC+H*Dy!kQ}=u1`GEqlhoV#qt$h z_W}RtRLLVV>uBBzduK+^62QrW02~d->hkf>r z)n>4x4JUSnjr%O`Os9b0`!@oRv;0FqP|)4yL0t@{@QM55-fV+rl_eJZ2Ng$R+qmPG z7DIf_j4R6Hb^}b<(!YcTmmUj%qD-ONc@$>@21wK5(QuNV-HOxl z_e@t^ovTj&8jx$#=m0}PP@2qThMs{dI=V2-{$VxOHxaV9_!;KBakojl-{5oam|CVd_!+$$j+KAI+6*Ghb7a( zhdE81v8KB)rMzdWaR=x#Pu2`;cc1%lH9!lJi;;*!|*$SGhae=e9E zqAjeyWed;!I|-~P(k-pBiuh36o>NC_rTd=lz3B17HSPzXhpe;ZbcOZDegx1S8rO;C zr?*D2B@pCVo$c~V;X8mrgvL&!htR2HE%=Z^*%;F&4`3qer+Ilnux)DThH|*n_4PD4 zO11H@Bu4mtl%TrW+nzOC_IZe9Lrdfb;vN5?1aEvw`Vt4SO!q?;C0sl08( zk53=!8gxjw1Nx~o7L)~p7dj|o`110>CF@@il;S$8{Z{=jz}KNh`xr$uj1na0K}H^b zXHN$%z!SAU+Up~K4qn{T-qArrO?~a@wR%-tP|$lMe(JA9s6IUkeBImiLymJ{`e!|x zSNL_-SFqrib?D^C4>RTkRIt{szy8bVkyJcY0`~ppHt%nB@-M;)$@Bi`LKE(t_t|E? zjA3TAqs6a97}BhTgQyk6>UXS#b^^SqzBEdS8bn{XwfWDB}t&1tF0GWbC;|749~D}(Ka$>x+g@tW^in8>L@ zaFCBT!31Fo-hQcp9+xJdb-KwMHiIgKX79hA!(ZDRJJmjHJ8G9ygb)s5U>coLiUwRW z@x=sWR~Qb``9e`$l7OA$mK0qRluq~(J3}fSLcU?y>}Y_0UsHvW5$;;`!!C4ORzlLn zpGD6V)U{c!wVxaEc4$l+oFK`iAELu5z}Qjqup!9ow=^^+YjUiYq*mT{YU*(=V@1m= zMP9dS8S`Ovh;KF@LL_!P5jiB9g`)C_s3=bBzFmT65zKdf1<1~2<`U#c8uGiTWn@gu zfiAB@Ed#>Pjs&pEj8nr_yF3oI*CoXr6bE5<&9SbOmQ@L$C~I(hjjLgX67>dfiw)WX zCO097bpvBgBnDG2o?w77y)YYBj&|@|A*+1n*;1GADgiIwSJlyFnR2yWcyeIY&=v61 zMtrnOZ{9r$`RbQ5AdcAaQI-NP5YUlR0sFuxW1nqm-x&2L%HHb6HyB%Jqdg2CXq>?! zOMA=s1|~5FTH{OpMFY<9ExrV93DpE7o*hyO=LuTQAfbhc6*>#F)Hh&3w^M!TJ+`)4f%?ub+DL)?V!}ixbl3EAckPq{6%JP zT|4@DE53Wj#LrKESHS@TH$wD0FTE8vmCu+Y?nv#o zizITwFq2Ucmu0gznu51UOLA#Pnn&yl_&l|7E?nZTWmz9iOQ%+ZJw-pd8%QZ@&nO?= zy|d3JTUu%h4#PPhQ-0_EQLiKn#n-HyOl-%5Lf=p({76EZUNK=Cj~Mz?0n4{DnfW5? zL%oo}gBKZVrPs`C#6lWfv`@uIDrGL{{1zheM|!FX3IsDz`zrjD-lz80EPo-QD3-1m zF_oI{Y5NLK6urQ4)zV2cA}-DEeu(+|sGgTGF$*f01!UT%Pvt5;%ahe9UU!Sp9>vMI z^ug&bb>t!Kpgp-yv@+28D zEefUi45XZt1NwQib1h^0Om@Wm0(_IC|-ZPJ1+K3 zjz>CWB6PCOGlE=_@#}Ul;{XLAm+;&{&c>@|Mnc=7UjZ0xM#1DZvQNR8G=wQ|Ht=Qo zo+JzL8ANekjfB0T_8L`gtsR&2zf^tIJ>@sSVXFTbGNCr`_4|~O=7h|Ypa7e%$9tYV zY^j1eFS-6&8R>$U)_57(QmsG!vB|=#M@6-JQ7Z~o1_W?_bSKYKjum}c-6mH}7RDl| zG8!PZe1ANqEBa5&1sm#~`;`m5dO}$#a&hr~J;4`4Pj1zqCd(T`)V9WTg^p%Z!h2ss zvl9V(T`RfXLUlnyHWR*53qlmSFd+WRkqAAnGG%wkK14QKO*4TQm7H#~i-^sW=w}1S`PFtYL^qC#ss}r%hIJepHlSA7LSG>m*W(A?{ z8uTec9*HM-yUV1i5^iwMUFlCE)_MZUORr>qAu;PGP!Tt_k=+0L!^EZ#g9Aa%SHIzPWR)Py4$O- zk`04H-1fh|TP`0u=xltaR`DdqPzvzUIJcAzsC+|O=on$jx3wg?$xqY0Dm?7aoBtY9 zY&10LBX^>yt)FX{sk&!EIBT*;r#-z){~3m;k#Vl?DicCe1KV|K3_4M*j#$)$m;jrt zD*wp~-G;YvibE#~)_HEWD!9AWE5QxcjW3fP){g2u`zBb~gd;jSKv!B{-T8Is;e}Ll z&t6fZv!3TcYlfF|vZwRKOq6L@j=ki^BSSBWIjVy!e^A><#G)PVZtM7 zDPPPA{f0O+-O8~DX{_-gLqn9DOB3lqZ1Igm+5WR{>`8)!|CrP22E8V&lljY>e!?t* zCpVw7OeO=>gq2@Ka+UDJXN5S5RlSJ5=<&F8j$Tppc=mFb;=1%|MVvo~x6S71i)U~q7q=Ru zIc&c!<;lBXXHaz*{V~p$tf^g76U|#VT=rIi2X5H)BevKC+;ifgTAl7{L!QIF)`F>{ z?ra@#RJ#Mm#2;Fdc%yfLTdR_JYx~=7*A1*#hhA zRr@3P6n-rK;56M`vh-rLjl^w23r2|;alwcIoA8-Ib0GyMV~fS~tJw3#RU@e5+SEk< zo`z;aZ9u8&!g2vonaLmp)tG(cj(TyriJ_QWZZm3?NXF$ODn zr6(ZA>^lnGbN|t{EVG)!lY>{Wrt$6Hwa_sstdy*_5U~P|ECiPy9C61`3S{L6)?I!q z;HYAQSW$%OG@j|ut#c#kcpMMHt(K2x}hU?B}dyONw?r<(*kg@uSU?&^xzF^hGNeO98Pm?kKKaTy*^Kq>_J@{5+Be z9BU$Ayq+(7>3Tb|MwYgw8x*Zb@s)DMMwk)VP4~vbGS*RV1$+wB)kmx8#l{$hpOjZk^;snhm6HczuXY zTN}I%GsjUqWvcVC6pHF0iRZ~Cr6fFY4&NQQXaez=IQab4t;R;#<0o}3!}Uz{o)Y}o;Y(w(sMBkwvwgI87*@LWI+wi=Q*>4uu9YFyt zu~4yuzAuWNWk%t$^yaP~27iSPyJ|6B1SkTJrQ#NyRt9Iihw5cBV#>r!<~AlDLH^kP zo#O`giEC1(GL(gvUz5D+BMZ$Q0jlaPW8DUIDPgHZgaHrbX=i#?0(^@-t#Z4EtDPzn z8p={{PtzU-BDsVeO17UpoDDBCcCbCeh2dW0sEsTKl%-hP*^r;|$mNW2@cYD&$Fyv* z8p~Bh-KUnQl$lIpxm6KcsydUb84&@t(02)7*@LEx9=5APdAPQS#-4xKn)l87rt8^3 zlP$>0?zI_W?$f}VE<=-BCz4^B&hb%N!trF^KyO5|Fg{A?6Z?$(^s#rErUSW)_=r5} z(>*Fua;>%_gaV#(QoLKe4?WxZLv)`fh_fF06vbd#@s;HU*O>5XwY6EMC4`WB@Dg-0 z$Yx(vSHG=#8X1||Z9A;4F(so{8y39M(-h_y^B{b8O1q)BsQ6FH&I5xBawAj_#zdW?J;o^m4yM(g{<^TA(Td555MCIJHi= zfHp(AKHIM^N@m9@6GJBvYHO}kx2RWP+%BRV-f8IT62C$Qzfa=@h8a*EE zuQ;jd@-ji4^@ap^;2^D85ZDxfVB_(~ofFvzRTfO_#bQjM$LIpUfik=(W{ zDVW^yILjPmDFLnc7^x`tj+ONrBiG#VuQYVutsL-fm3568;YhBS+OlFEIBTDmT`hK>RaMDxl35l@OR{d~Y9UIQ0<}FAES{jQ*2TmvqJ* zA00F285pl~ykl?hYp=_MR$uD1ww7Q@!UN#D*330rNnac?S#h&=SG?}6>j;`3q z?(aBCzKm1|aY~|3JKY3eA$QcKjDw=Da$$sBl5UB#tddtVEd@WkENf{Sse+j*CDGw# zxYZYjy`-|XX+PjYY{QbWya)M$pGB|b2P_G`jy;WM71ZmllKt4W==jBnhzH}>CkN&^ zsH_SF(A+g`WS!O}9D*8&MKP;RcCCvUF8$%$v8@83GsGKlvd44B5oxl5;@lbOLnq9e z8kD~4Hw#S%uU6Hvlb6tq=t-@2ecZZcJi}64<&L_@FH(btmH02 z=AHk4jJdmh3+UMavm!RqURTMk4NHey+zWKbuuDu!x5)ER5~1m5cVW*)Hy9iab|gG3 z>fz%i1s_6MbjNRiZ;I>+v8scw5-#zOt#@7nKNhD~{2eLFi$|6S#uX~xEj>C(jz%RoT)sj`mwvkgOMS*Q}h2Flo zDv)^~56vo1N35#8^RRaRLPbdA%OZ23l;)n0P&2s+obxAtfx3fI*8#S=8hL>LMT_}t zuhm*yi#hw52KH4f->^ zds{0qz?HACEWz+`B!YTCsd-$tl(xDz8NJgWBgQP$)g?Z)e zl_%*=U>xzLwggEmBOL_&&pr-^wkn-KzF_`SeNpw&%9>q`Jn21X`e? z7HjDir6DVSik>r0P#MUrLt0YzoRy*(>s)D4kdT+OXjH2i@V}At6~5xa8}M&KAYbSv z?w=jc{l(yx@;U`%m-JAy8T+cEV`{8goe1+uHp-*&OaLGyr#*QD&%HOhL`7Lo_ym!WtH^W|MS-o2q8ne!cBsb9@I3KmHe%4(A~jKlnv2as_rPw< z^9@C^H=>#L#71XR1~`4hgJK*iRwXZ(GFoy9P*NTelUc=-x+Nw$Xga29F$!uxh;kMf zwmnTR+FmJC>Pqf>0)g5mdUt7YHUBfQA&2%_{xw;=OlTlW@kF%Od_J|mFEuy#;{w{S zzY*{=EO^QZc#>G0DW%=}xP6VNAZJ^aqIqi_HG61O>vW;eoWHeooP8R{(a~5^_tu#m ztwBWA@{9nP`@v?2Bg>iA1W)>;#efub6jp7iFX3x5SCa~{dL@ONP3#BYI4Vu+Oq9H| zRU`=Kk#&J?EU1v4Nm{N|K_OvC8!ARa@yq|nl~s%28+Zx^V@B7dZ`Pnv0uoCXHk+SR zd0w9=zC3gPeZp*-o>s5BJUg7_9secAPy)nt(|S(zN&+aGs>;GKmJ$umo%%^!zZNZq zWYZ&})0x=AtjTU0#Y|3@ye|;HiQ-%(Vum3Uqq6Y`_B?4@w@tcfj9(uza->_Pf2b&N z5`JIR8u5eoRvvn=4?*>+KJ59^Fx;9IeYae|7`)JJRY%In7P$AKiePx4(2{LugN3Y}+GTWnmEfm25x+ylT=JR9KuRK3EqxtR5 zn_5)rPGX2e+PV~#;a~T9DrXLFg>;g2*(UjyvOjI~v~kp|pdgAXIINB!d`j&lZb zrS;v9rDA_3cCog*%pv}n(dY>sJ<54&>%q(7KIhERaW&_4mkq4xA~wWox2pH7GJ)Sk zyQp_ml(8r)lu*=hO{JfzyPIgE`)QAPEgW=saG-FvIX@!$hM6wZVXw^6D+ux+%0JVE z9=$kp53wUJrYHum37(0}2s;sl_EJ5C+d|6C)#Z?Bj#>!*<^)xkzV34XOA7%Hy} zOM#Cz=>7Qm>#KomBDQsg-Dc|dp&CO-V&lzxSHxcaDHw@RarE0Hs3zAJzBy z@u(1_Mv=yz%@+QV9FHH&;XQ@IvfcgBBB@j$ z7DE0@KJ0Alf7cc)KIe%t0y111-pfJS)%M^D#V|;l#qn=@ zdc;#a5cxiFSYEm0%V!kb;xNp*oIbe%`YNY=@m+tJ(fF=URr4uIAwQ;P7{1-+W0y!#=D z1F7e$cTOGOT5`Ld#}4-hgMQr89^<>u=&MEFpEncYdXAnRsie#o!nED_&*779sUrdR z**#Ig4i3TXG6(dtH~7TC?q(xnRp8x;= diff --git a/nitrokeys/features/openpgp-card/images/gpa/5.png b/nitrokeys/features/openpgp-card/images/gpa/5.png index b14b8705d1ec1d4e90eb00b4647cef8f6ab25bcc..f8dba2ee06875f68f2d641fe53a2dc47ed48f9c1 100644 GIT binary patch literal 13557 zcmc(`Ra_iT&^Ahfli(0s0vp`j-4+eO-JRgD=n_0QEbcDB-C2S=BuH=;2@b*CzWu-N zcX6)H?{}`wUhK|n&s0r!S9Lx8R88b(Re4MdQVawH1WcfU%ohZNH)8PP95fX8H|sFL z0Q?8ZT?(j)2LJe@S$>C~lX%GLdT2OXdw|T`tPpIRoWEMJx?8weSvk4eI(wWV_P`}j zBLHP2HNCS>)T~G5 z1g|ygh|V-6qR`5zXZ+X?x=*ZEl3`R?p*VPW)PPWt(*+0Wr3|0l3?DD3&lmxtnAo}m z4pIRo=bKgk%SqN8Y)PEZB&WeB!sF#;W}LhC{icsMC#*U2|NTA2@fOn%|68fueg}A9 zV*3+t2ECdcE!c&N{KK7xQSD3qYBk=>4$W23fEYS@i1fR;m?XT7<<0~ghglna9HdQ| zIfLz40JE>Ie74hd8=lu9fu@n%LcDW80lJ6YXVgVEKN8@;+pLI9v((zK1zdAdTNtfFS(|U{^4Y$)kE`DD@39F zT7xBry|EPvw#3v~%IWdTYV_(bM-mFe?a)W`FuIMU!9Y5r$w$2X3aV!0v0}Lhg$+OL zQwZ0G=+NmhUip?#zKR#pyaIPGR5I=8`!jIYVIWq(7f;H0!>MhpdvHeid5-2EHs#!V z8lnj4U7c5J*VPh3t~ODxJ*U)Z->_C9ssRh6)JKOMw*#uxDHwE2rn>!K8ao&J1>O+$ ziDL07!nn~N|5t=kh6f|D#3S~7`G_{0xx!~heUU7X*kg`io~t+Ip`uMKr0K3#knb2@i48yF%|zUSZ&}A{sC6L4?U+i+LcguX)t9H*WS-=yKYNUefeDZ{ zg1$E~cnyt)`?(&9&k=uApu1qYf=#y$##zNB4jbg1kZJnjX7yfW z{NHx$S5<7r6z*lz^H`BM1G&(*B~N!7)f0=KgBY);yUvF^0a)FM(GYD;;j$nPNc8<4 z{;m4e>Ym8lyO>z+w!L00O$6P}nOb|J1x4eIN4?a)hv_VMnOCgQ@1|`0JwR+i+)=Wy z&I7P9wz9-Q?d8&@<3F%sfnc`6yLvAUQGNXgWU;c@$l>ibKjULc?aN=JSyyQ7y&`T` zHQ8-V^X*B&J=pOu_f=sUo&f_Yh7024V*o1^H_6~iLP8ETtblt*K)iO`r0-!*xNShz7GFpMG-+IRUD3iZ4c<& zQ}FOmQO2XHRX?S%kr+)5Hemj|XzCqZgFP-t3$dF+X8~JW*ou7~gT~myd_pjCO zJgVvZR|m71&NZS4jN{E&YP6x^Jz4e_qxwv8*WwIQ1p?6#Agp*=8t0WmW|Ej#$P(M1 ziz_qLi-yY7b#=dQG79Zd;F2;jVCc*fe{21IJfYmR`29>9T-rV|JqFMaYRcA6RkF6G zvyb&0=e|kG&4?r=P>Ov0}Hg&u|hS; z3vM4SV1(Eg7iXGI9pZ%Ft_0neJ_Q>`>vnk9<>bW^a~A4dsv8*H>%-5BF0|A(G}PyR zUNc=^?`SPNRxkyojN5J5hwi5EB&vb4Bz_RcrK9JEp04Xky`VompP#&Z--Gs~E)0ir z|C=1VGVTd76pX`K6TjH(Hg-N~^Vg7YcY<@}N^P&>46Y@Q-*UJ|9v&k#&v`|Ef=^TRP-6-?MP9SKSnA zo+{!k*!r(6zO$B8@fK{8RFRt08b}CZdkV&6D{?(h0N+f4gFz@_qnI{yIO{dEo2h`{ zzt{3L1`b3yN7m;(U9N^i?~Wg$d{DJqvAy4s2)bG3jtvm zKAt#yGHCyfrO1v{ERSk@bfVdXlsl2bl117#IJGD9RXHFhmhC)3(^g-e$1?zoX@p+m z>Ml(F`;CS{tQA1wkD=~_XIvIqFm+S9Z&rtOQcR5wx$AGY5T>+506H)+iy|7`)#X)GV-z-nuY^YYb&D@s>7$ZMHNiAo49~aEwlih zWQ^9NEeMUjn6rj;fz^+LE@7I;Mw{ba*y@TG+fH~B+v-bYrPbx{bt(wr@4Ro#s7LihK(JX^K8 z5_(F<5!7=}8Mqpn~uhh!g_XL-r{^=I+*1eh|bL`r8eL&6mHH4^|vdx(7mHC8iH{3LJ z=Wi@x%)ZunMI$O4(pT7bcyB!zI!PKjXj#%#6&f>vxESo%q;~XuR!h})SJK1C`OuM< z2>G%9*`RMv|qGk`|zqwJZFpRc)sDe5FoCJ?Fu;Zxl)Ls_1r+p z)lK#*Kk#e1CQB6Gocr}RNDTt$@HifN33)v8Uc1^~&dGiv=W3Y!?a)=JqfQ`2ZYB^+ z@plI~v+qPh*t~H`x6=&s9TB@}Z~UchmnCQALKPjmc@t?+$scAc$Sf z(4GAf;}A{77gzk{>s#!agF$H+i$yQ<_GsYwN3h4A+x2n_}`E-S_yaB=kFO9~zgW z7F5?38v}`OH`P5(=3=iVo*mcfGm-}gq@?>R(zLWPjiPF+l*d%v_rV zxJam|a92O#ucGa#`^HAm$&vqxKv42YE)=utvX+kZ;TQc)BcSH)O1hAfz0SK>;)RDcqCnc5a2Mz?-_@ws(2zgP{{3l+%+<7$rlLn*oK~r#=4y z98lFm`Qv#{#mDId%?vq2kd*=o)EZ_yw|Ln69_c6_pH!h)-d9f1D3`n~|E_6m z@$26j)pq5$=XOQQ`gO$sbEhlceKowD)OfP1qu8IYn11O65e3Y*ofwfTz(h=$*w@5@ z1xS2X#Y0}R_+wgMI%Bg=msZNJkH%q(<)yZ-?^HI6k;D)x2NhdYMHlm+X={&OkW@(c zq0UksG%vr98gDzPyxgVH<@ehuQ4o@_m!r+=3nJVjXTAtSmf2DYAv7Hx|K!>mv)OVw z3+;rC_^NgS#V2+O-?0tZH|JCxFBHj9<^3z;3HU@M#ue*udN4B0%})CwpmA+eV-(YZkbI%2J6@YEivIEMC#dQGbq?zy@qHFol8szA zt-9eUbR>~BU8savIxjHMgkB^dx!Xw@dWb<_jps|JZgf$KvlX08&Z2R?=SXLCIP#Y* z;^jRuh*Z_)av^p#7m1-sxRW1O>+45%nh?~`^VQOjWIp@nhsyZCC1SY6K-oJGuw(( z=(9_+_pqx*G|V^vqhK74yVZky0DfZz)`Iv@O6^OeU8D16ZxPFqDRk~i=<*Yl*K=8D zsH-mjn5*-2&k+MNzt{8jH0+1eEKjb_jou6Rv>R^qwBu#4bl=8fbq`G*(T*Fb1)i3F zi&3Qx#Z=0BLu5|olgr|t3BugNx)m3?!_f!cjQH#B>c^ti_g)Wxe~?)eD9of>H5OBX_nED{o><|m7VrjQUVV8 zt5OP7y(I8Hse<#a{>|f|SbH4rGn1mOU&rmSWb4g&M6fZff|>N)p7>+^_RgNJzGfio z&-rep*zTQi6ZcJ>qmAsf4PmEF-MBM({|(Pf;EIf^R?D;A6SO6HU+e_UdFv^+;t4EX z+r<@P7cVLY1dcL_E_!!mvLen)UJS%Rmc6&MvgU9)F0r&ODM}~! zQ*9va;YiQ`C?Z3Vl$2yKxWVu3^&&`u^AlHBh{dH%!;V~uNlCMYoe1Bwy%LOsz3MDh zthL$w(@z_7A^|Tc-u7*XQV|J*9!mULx z2R$4G#83*weC(I!+ASs0ojrG2f8KiYFu&wX(U3jTefT zP`qm*1FWoOPx6fEKaJsZrA z{QP7pv%h#S5ks)-D12T+Zre7VehZL)oP-1xc%D0fqZ-+Dhmys2&(j8G*#&amv!z8R z&+&K|*}y5Y_hfuA22L3x6s@qh{!QEY0I;avHHzxRhMdvZ__%_iA{{+{#918&i}gG3 ze7rfAy0*4d#0`Z@`_yiliOz;cs{21dT4Mj941zR*A_h8%w?L^`%~eY5ljY{3t}a6) zu{RtHMwhrIJJ;4SFoBpD!mj5)XNdR}A=`I+$x~gsOu5^CYkCcq=(KV%KdqZN&r>4> zj&HOnp7N33n&|nEtV#Eej87x$N%DIrN0Eg5#PM}9W;5#aC~?jMBa~Mtw$DbERz%dS zCB5ZWu*+1G(M8%(rAMFartM=KbvfONex%yW(<8*mmdJZY`S)^Y>5FkjTcnvHT0(1uBVXR5yT2KCz`45M?u?Z~D;ip`oAM<&OM9LlC9yUBuGmNm2plSV^F3DEHS!!frjYoX?S zq3F6_wb?qaz66Ja7+AqwEZo=9lEClw#&6+GzJYsr=9dWNvMiTl5*W_d8RwAAONK{+v`yixJuFX<6f z;L!WaJq>krbstuTqnYC%_K#vgg?(?~-2n{HH-P(vj=fM_UC-egSqQo9j3QnXOVJ2M z6#3o6Pl;5-UUr5>RaGaxde`&xNl!y*dbB=tb*<)(c7s{?SY-&h)4hUTHNpBF1o6YO zhruS%?@sF(QAD9(nkSW9~_D$Q+qBeU-)$#LZ&4bClD{_-eW!y zW-&TCx*N?dz8y7QTP*#Eb@wD@IOV3v%TZX&KxZi{H_Kb4{Z3GD$3#@DRu*avHEKI<_44Cj7}Cbo(*F1=gZv zVv17D5vq4sU|R?8VGhN#r#H>r$jHfA5DRrswoS;+@{Hx|5KB^z;>9H-XbWZn(5k~q z?JTXWxy<^I6crWQjvL0)dF=4iM9z`uk|HYQ!xcCZSI7-e~yr5+9!e&Wu?rS#>W}uO&`q zTdgeS8O_Y-;VvW0Q+aPl$;qKC7+%r?{K!*rxVf#n#+vNn-4={MmrpUTXZ_lQm7?!~ z_E1W0*;G3sqOm*o4(|M;b6Cr-SjkF{O5J#5U9FY{H{u(Hl(lSxdZu+*>Ba{0l>cznJbT6mfK7%zpHk zKe~OqwbkQ8D4zlZAQwwIm;+iL{q_ctSkMjd{BXV9ykJZV0EB{{AL`8qF;<;G(XqQz zdR|X^a?!|8n0B@0Z%CM-;3gA+tfU67h!eJU7G~p;vK^@m8 z`K+s{;HD@n1o|hX>V&0Wx{nft_kC7&aIi_qUS5uDe{WW`$R;1XI%Lq?Y%G~EhzvP6 zxFTGU%_rv*_(4>msuH3&V zuw^B!U77N`NS+(64glRFLLlif(Ujd@&6W`@Aum^vpkr4$r zdau)EslI_Ud^p-x0;(3++!{N=po9jWIX;z?$b`!m9tnlXhQS>elAJ!!up`d-I2*6q zxr+^ureR_t&4bCCnZ1bwj#^qaTe|D?@%)wj@Y0ZNB|f!PP$1al{@5(iU0S%l)7xKI zwr*O~DR{|QMxqC)KGoH^ zICZ_yg=Y(fVx%RNh_m-vzoQx0q^_mLj#!g)RX2-XXTtYhv;2RjDlVJA8fnzoW0|67 zC(GSQO-(neZkK?6>Hhri<>mO8#Zj9~J@NN3tmnV^t4K=&MB>P!AVj=TW){{BZXesb{b*MQe z8<`p{ZY%!Y(7;7gR9L55<+$E;P&dv8kLH&|Q}mxcg*8r-M#0G)TU~~!3ofQrLXVS~ z*oos*scflt2ClQ!2u8FmkoKp zJaabkO)Y_i6MCwS9xRl#s6Z6Ix^7<|tyu;(w!ag-Hrrl08|OYuR3@L2($eG&4Mj*u zSUpAafGAtGXnOk` z2Of;p1N`dsL&{xH*UQMr$dpu7`GDx75v){}jkpwq{j1JBlBt%3G;h;tLWQJ8*+=^A zo40NsUHwERyP3a*9vttb-(F5XHTdE`Hnwu#ZYB=!+?kVcQ`7{;FyBM$8gKv1QZbmfrIT=etvF40TY zv9YoGrC>D7cLi;2XmBRMLMiAz;?k(UIIbI^(R) z1rC?7A`s(;rS0?>PgX#-VXd_p3fWKTl+(1X>-M}$u{vw zGHSRv$~ih1^}BsXT#a3}&yb!!_pJlnnj4vRW$e?F$WLlIy3A)(EF3bj z_?43y|KV`MXQ&Z8N7Jzu8Ws)@p6Ct8+Z8T&q?A%{h^v~0Z}1t%sg+Dty~0F6^O|iv zNh-?p3FH&weC*E{d=9f(&|jCC@pK<)|M%BY9VfISr-?ML=IHJj3^!o0TB6#8=&JPn zrEYo?@Ux(#WUpr1nvDFQDW8E}`yqcJ4b3?mQ+63Yfde;e^00egY7tmDcV|V|y6uNL z!6C=RbggC5_Vi<8*-tOSOn4UfXWk;-BDsg26~+o|Xu+RnftBY69dTyF`|!>l*=EL- zRt(4tfBu|49iwAHCn%UPm&_w}x1WJw)PjIO;P+oGfT+2}78)j|?5qa>SYeF)mUp;# z06;@qC;&%TQ~_6SaMjh5QUbc z4r-E;Vn#w-rCOcNK-F0uOIbJq*6P`1V`RMlell+ev*c=Crk9^f#-q}Hb~o^y{!YzP zyxZ@ET8w#O622O=B24xnE+u`4T>O|MrIj%QkTuxERMyTfekD820Ya!4<6aZNDbWMbZ zpM=)3a%8BT?0V$EVzr9H*`^+CMhrK?gk`9-l8vkY)(<%+E%`^jA&4K~I%|hg&wqa}{ijZT8g$)mxL={aCjx|UtelK&6$^j* zj=R2jY_lo{8 zY$(P&Vinsfv=wBO#gLO?IZ%nosx6AVGWA&Y@{Hcs6qyYN8o{0y#ofI; z{0fGBWaOZHo%tB97>T3`Hw-MSQu9etFJ_D!r#49>@q)~_q2&fa|7Ld~;TuQ!>R$;2 z2~2+5;}~P3%X$5W8-!1*FZgsGIb%QT&PTr2Bw2h!;XgFfM5!E7ZfDkk+%MS(yhp4q zN0Zj#!iOMFAaD11QOC6gLfM&m`B9{Z@kJ?W0p&hQ#_jJA&QYP2majXL zDYtciTM7?phx4brC@VuM+&k6JFNgF04IY+?G&{?{*`uWT=ip$DrxytvO)U>CS%?)u zrzp;oqEdZo+V;Z<|Be5XYj?=U2wO`q$J@$LnbzUfjjyTQ_?fd0GgNmT{oKiaQ*iJY z@h#IhnN4RVWh!zw53~uEeikb%23twdS}DF$ytC}*hLfuW>MLhfY#TqsG0SYsIq2L0 z6ez|6Yp2eIT@5-YMG5RvyxVP0@?#a+GZ%W^CMJ$Iy&?@&`#GtbsXiv#aWTH4fhbM5Z@efy))RZ5j7E&k=EF)%XF0StT1A)hVLWfM8Z zF^V*tw}aby@T&%?m4xVI`y5lz&~+GCSpXO z92;Mx+0#gDpREgU(>u>!fe(CLP-U?H1;#_`yIxC-PuCM!J{F#w`tx1^87%$}OeoFq zKP|a%Gx@SRp;JFinniED)_bfNPNXLmHNxFb`BBg3bz9e)DlabQ%0vPuCBF1k3)t7f zWG3@dof@=M$fEWdY27JqOgSoe0? z%xI6hmc2ZJg=bEc1^Rs}0b(~go-->$J%|xeE z{=7Z{Y14`u2PLq}jg8O68XLNirB3gX06#iN9BfI$Vex*qPETQB2%%R;@)s1K1P)gk zP94J_$NKz7e@(}g@Lji{(vNnecm4|GCz)LA!ZtnQFJO?%&bQyIoI}IetvVF;Q3x9r zvsZx)=D)a~>YP5Eni%yuq?rskbUw%C_T0CpF?1a;w|q#gyI7a`BPtMFDHgvQhYdDc zNtNyLcyXd61(Csa4@?E_PhQ;H_DkNf`QHfhIj)QpE;tu=HXjb0*B^uh)|Ib3`!_t< zyl_K9`JFTRZtsOQwr-0`j8gK_j0>((1&%zeO^lMLFzBVXZnQy z160lFNvnStC5tYXO87t@ySr;#`x^$Ph$4+)AwxnQR|ua9@A_mbw`N2qw~4WC^w(@Z zr1iIO`7U|boh!DR#THoX)kAn56a5q{)^0@{m^m93$eK3}Lk*>-$Z)LuB_KsbqH2BnVLdNp zIKgHJVu?ZPcHupd)-!rhm>3f)a^=aBcTQZZLZTAOo< zkZPCa@$+MlF=vE4jJIvOOsB267W13x?7H;|zs==xgE;7%m7Ibxus zu;<=;1Q-?q`JVFLbzlswVsP(luKAw`5JzBZgi`FO&tC>R6E8c{KpOVI)JJ)G3&ai+ z;jl}}j+*t+S z>G;JeziSq@DYp_i%X*X&>&H3rfC0WPy(1w17Rid>@yK!LRKO@&Nns$B@&?xhj<7?o~LuA0Rx{)Af7%q{asx?qLM4~!g2ehf4ldgj2 zrNp3q6G}^0DcIH_n@>in?T$k$WH>xeVL~^zfT)MkdN@$oo=Gi_=Rw*p@u+R=cj11M z9ZqXkIHZHEbzQ{AF;h|TBJov43lU_GurCBD#F?w7{ZcK=%~D@)D=X{mb&8^gRb@fE ze}2wjlM^|;C;Piu-+<9(kjw<4rP+7a)<3IZ{7Qv7Y@}AWE6t5C88NMM&3e7L@cx(P z6Le@Ijnkm_^wJ!`xRyxkV3^q;aQDw&+FD%q+IbF+&(FsGQ2omQF&=3t&V%`b%}eQ> z3(S&OXZp;K9}BiFeGq%sh}!;4boHj_!p<=0+a+D7jxswOjb7otC+klAKxgXCww10 zmFE5V=epMa0oK@NHV2sM)-yYps00eevhfr0LVc0Uzewj)Q6Ko`=c#J_R#ZH*vBKr` zVyRy+j&|fL>Rc=T^a&v}4@5~}5}1>JbCT#uvBdG2+U3AbbY(U=_3}m}hqIR5Y-bEs zQMQw}rh1W?;h$#ggGo(_s$Es~xsp_5#B_(MWZ+6==ui2*)+0r_Gf*r-s z4`l%&9+V$jt{?VEhfwgA=^v2D&9|?(EMr!~G$~-Q%-c!g$c!ID^$R%wBP=UJnK3?9 zlZHPZCc;u?X)ug3g1#{TO@9V$vHG_@lC=2QSiC!@9_1?7We84A=!gg2Ej?L2NUN@6%tp~T%5Uzfp%~Q#?vGA%+&xRfv8||o&R@>~8pg3ZiS_EoIoH^^ zYx7AFVh54)iwouV^ODF3=4@M$qvtW%7dEA&YG-MUc$^n4jpqN%i^=k=+*+g4`CLhh z=w8EypW`peUU1vIsx2{#+I)&#WqipotT4;g&i9Y_2Z?$PW`)3ff}uQ*2wX;Fz&&9M z#Wah=5YBPQbW3J2c7;`$Dq7@L*kEb)Cr8$t5VPrzhF%*N4tH1PGvtVMS}0Ij2B6{n z7LOR|4MGtc)9%3|n~g+O+M4)tgq_+H?e3rU)dg|1eit1rHqQ5v3B4K_+{68YX@d>iEXD>fnd(aH|JZYxjrdnb#+VeSCOUJG7E1J z@-ttc-=)e#WTbbiqofz=&@?~-3saUmLjn@FxEtJ>*8dBegaEJnTC>r^{OOZx*VDSq zaklp-ln=ho+jc0mz6tg5UrT7rhy$PhB08Pg_MMT$rekXbQJ=YUAW|8O+;VF8{5=rA z)b=G&v=x4c>&T6uA$VW)9_)r|5&;{h)nMN)A?NQMwQ=otFG74%>E#>lx(_M}Y9cf2 zu?yC+7;9_4iX#FN}F^2{v$ z;zY-I$j}v&$e_pU`U-c_LsOOVze+=d#s3QD_I8ptE`9Hx8rANPPCy%%_i-Int!?Su zwG$FA2lR^#$o;4CZ)w;%-y7^r{q24c3STh_Ady%cB*I@U!@jSDMs2!%e50sOIu(TY zz4OtD=J8g1sdItu>2~eaWway>?*pa!-V=Pcw!1Ye($#u>dVDrjWTLD_Q+=*$DXg7@ zn5NXvpz@{>-(7)GJ1a)beRCm)z}HZ7s@&4Imw{C< zD(>^ce0%qq9DyS+(pzup+;(hvJCbW$n+=#Hb(2bQ%(9~Nx(_Es>vaiHbv?#H8Y1K4 zB-I`7c=)4`cGji5l8<{g9i~4Sm6@hiU;k6HfXe^!f-2FR%@@^AQafl8Fv8jUH%7xK z>GpF^_9)#IuO+0CwQbHOh4gB4ZX4fxTeS>V&$<)K#zt3`vlUg0z9IS1*BpuDEOkrCXQVj<C1(v){{~p zts~=oRoXp_!{)Brz~kF_nScggTaxJop(ZM-dw>j8Y6sl+3D$@zm%=M5Mj8wQ3c7xA zz}1+M50_xIq!WMn2aR66e|P355+Uvj6*3Dc=SIO5blG48%{224YYfpRmD+iC8^bd; zs%7{|{K2`q^&WMx1C=QMYU|U3(fCj;n7EU6Mu(hQw_OD4mK^D?f=^oHkf0CbHp8u~ zY;kjBuQT8Os^#FB$OZvGctSfBpiGBv-ADq@ zwiYs!%|WvdWi~2@fBZRT<>}U_kFnAlGOsrkj3ZLdv43=9!Vjv&YGB#+NR7U&X_3k- z{Wy*Zi)4gTBKD3XRIzCO%?c11I016s-ahaN(B$D2YLT3mr{?XA1krqr{5aO;>7Y!) zFM|Ztx6~{3i>Iv8Z-(^Rt(BfBp8uajh&fjx zBs09=sLG@>uA$+}RX8O9QYhea!kd8Y?&+bM(l?LXg+#<4(m~+HE<~@ zLp;v18agQCpzz8sk4A?p6Vijgo}j&W{wcJY3TIY){^zv*+X$lAk9 z0nef*&lZ}vKNVel7*UQv#Z%NL;6>^t5_D++^{$NcbO2F*F&V!fq z-HeTZS?4Ma6D=SVTk<(}=!cIVYgjx^!WO}wKDDrTI4dg;To3YRUN?%P4$NYuPL@^~ zF7jBTWJ*h#UC%?itU3mK+ywGlYDWeJ-mtUVpRDzWHV`?R+IS7fY<99nv5>N^e4n^^ zW;QBU>M$om)#pq{S^cq&5MQ8zjO%@VOqDr9m~fgeQ$mi7{T8JF&7mDdU~hG}Dc>if z8vHTKC@&ScqS!@EN0LaPOBZ01qBPyy&V$!h_+2~b_rWYk4pC8WUki%&cMc8?Nl8gU zj*I<^9Y-Fn_t822S&|8Rypdb~{^665H2B_}-kfc>wzk?iFt7diN&h_bFAaka%MGK| z&*-si(GL^6sW2G&kf4P86E7C8z8G`!-H1Mw?r=5f;PrN*h%mDDqQyHZrUaYxKfp4` z~~ZJP8VRR)7EU(!15o_627|^b{7dw$u`jm;$GepYmx+i-v-k%-hMDg+8gwr);$~ zDE?*1q}<4GmEPA&756vkL(L_+GPrBi*0O9b@S=eJF2W@gvJ?zLJn!DJa&YMt&rQ>k zWOd%ln~3q!>*^U?^rrb<#xRboJF?hkmAwci7+S@d5?$-J@h$I#bD^P$|CnrsuIbU{ zj)(Gmrh>W;?ZI7(Pkj0exvH>maemGXff0A$v1|#S{ppJKcFAUgN-KSX{z5jNO=r4{ z82pbHe@S^?pcF-fx$icAzLpU*yjYPb^hT3zlc9UbgFUrSj1stQw87apFyvk#F@)r0zSBVanp*-(q>e0fN_My$gHfa0rQ&Gn;`Mc?~(!)x>*tY+%?z&^9jAcPLhR~)R}Z)oo{rn zw#`K`TE1`3TTLCaI?~|xPI4FvqUsUN`zlVuCtFKtu&u*7cqu7^_2Feg9IwkKG6`mr z;u7(-f_dwqxXNGnGGUeF*>T-+zMa+*3=H}M={pB9g5cWsaRF7L-oUX{85BdINulPU zE*c>jJrVt6l9tBivkZ8x0ac$O(~~=?I0S>-e1Ufi%|b>A%#Ev2xZ|P1PLL<#Dc398 zzU&EkosZth?!S7&u`-%&%(V~De4Fcbj4BhK2DgB)jC$`!;{#*7j7>%Cd^;E$;qeE# z<9@KeJA($wO~B$ep)>DI#6d0@y!Rv*7t5@H;`fN@iB`$8{Ay37INlPQ9$|m90v6Y! zuoPKEv&7Bbr-ILIKk-N+#=jR3lPdhQPA9gl`&~=!eFZX7RR9_bX(F%(7$s(6(!2> zHR%^cb4Z-YzVJaOfw%=EJS?H)ZpXdnDH@uzkKjtTYezfL^1R5ux^gYf6frR|l#k;4 zxwg6#Ev=oClawFAjg5^hP+oH);zTC#`$6RUf3>#J-Ocnww+KDNU^pSz$B( zJRS>u)`nc<7;we^(=&#>c+6+cs!7^$?Vf_Q-b0yJDHzHlPSta2E=b65h z-g^{k;{=jxn}04DlKJ9OOVhkX(I=G65_qVe_PpV{GHAVwB3joXlP7$f`IJifg*hm=X@g;rJ%^WlO&Nn2A`KCnueLx zBQ`mg7Z>sh3f|t{j@~w{Kler}K_5Yt2D|_MaknGj&_ykFDVyi+g6dny2;u6w)2KIY zKOdnPpGMEGaowq%kM_wgEiJij4WFEyF(eGEKzln|({FEYeSCa4$n)gG>z>xqIwrJq zEV3uNyaFg8pkQZz58~kw6A^KGcBYB5w=g?<=Yn92Q#ydd8?-!=8P~c^$pCRR6V}~j zU2_T9(FqEo+Pco+1eCS0LGRhj4KNDYaR9{vc>6(z{=#@cC{Nmq@`DAnsa#whS~!tpVWUl&)9rHxFBO>?Ufg#Mjd13rl5 zeLg+FM2_=PIg(obf@X=@A*@+Dv0_3=$tmnqZA=r!j6ANV+T@yy{}_ynz9`*C&?xYA znebB+Fbh5+W|br~Nj3h+_weSfsjPSIyJNJ2a91io>L-e9t?0Sml;XTKlP6jej-i$I66u;Y zH(w7{?fLU7^>)vTT?ZEs!PQdq_KC?nlTu?NVnwN@v`Hh zu@la$DRP=dV^jO^!~)iPdglAoRuFS$&*jhdLrus+URzVWkXR9=VS7pa%h{k`;nNH^ za3WFE>oZwWa_H@d84HVV>lIs$?098Y+PU6TQT? zz%Te5QP~OH?M(T=Hu=Ao<0hv2L^jBV{|58A-c0j=n;|^>8hxAv^DRIQQ`#5;9DxID zq`1*Y^&vwcTOWH}YzFe8&vIwKNa>V9QFg2` zW>oT4kDVx)!O8Lasv|Gy>q5(&d^%LC&xJ`s8X=7g&L50iDKR8j#S zd-+1%K2VpzBXC?9Aft+5zs@o41|POdN+d2WHEJ+;Pw(-|XGVIS^N$1#r_yK62<)hZ zF!nPdc(lVF`<`jxqM_l{gunK;{rq^4+y@V}Q&56vmCqcek}ZpU!JuF4c)9;PBRw_h zw5BGc$jbIp^|y-bGAn*tQ(n{8Kfl!ktG|fpH>pm_-<&Iz6NuZPz40O-TWs86j z$@dm8F`b>&4hrPcsvjG~Ag22O%`6dRdCZ_g-H5fR8)4Hy*itqL4&D=d{^2c+dfz{Q z8C9KM+Mn>%1lyZi)BoBDdFpH?LLWpn7d)K#7^mweQDXVj)R>ZK48(<228*sVZ;p0| zU>7GNJ((abA%76Ow=ic@9u~#3f-SA4T4?9y1c+%Y@{B+?n#VmBk@VklZ6YSS&ATeOfgDHub4mBs>`}uHku(MF4i1EC94$TWAXJbqX?*T2=M`a#2Van60pu1x zSWYi%>x!R* ztYKs&!*l)}t+~#U!SmM3r;pJ7bw2s;LI0Ob?)MYwU74Ls zgx<+5<4L^=0&L+8UN3d0s-n+OghV-s$;&^&1`AZpW-<=j1s#Ik#9=JU2Ht z4Gj&kNjWpi(Sl@5?CjWNtO?D?avN*sMhDDl@;!?u7b`?O4wQWF(!c%tL*S(RgOD(e z|IG(A1E-wxq4feQE|AVly~mZZ;Tw+$@ho&d!)eZEhLTVwnVlIn?HuanJ9o=db4Blt zU(R>;SG9wKNDZzuKC8>JDmeGGkm4_lL&=s{sIhUt*$Hz|#QVsewps=m5C<53bhI+F z0`gzqYCh`_5NQ0S%-EYQV8ey#>Fwd=%g>RL^tlODZ1>u~SNH#+!NSD8=qb}V z;^!l^dt__t==l6aj^c}~Gv7fH?7q)sYg?hHdytPEhK%(%!}t}2SW3A;Mq;A*{3n;e zUhd|q6ZoOR>JyN9}p*8ohg&+~bXb1gzY8yP3b%{1Zf?C7-EK0a^9P z@C)Kb$9F$4_Oo@X{P*EY>1NC^oZdk+)NRIu3{*KzO*6}=y_DD3GWox)Jey`0boJfc zt{UCW8|os*!0cC7h20V|OZN`WD*BMkff;u4+0DOTbrPgH{VoVrS5uQtOmQ=ugX9e# zNb0-4^BlF4SUMD@ck@QsjOU3wMi0S{A3DJ%9n7RahSD`>!%jw-J{GhSU@o}8W<;0uI8s?B@dI!-h0 z%9jp=kkws57c^pb;}cM}!J8vn%TI9X4<`pKDk#Hc7k|CE&Dy0YE4{M7yEa+;=esGm z{$RHQM18X>Lq0pXG8CGVm9@0B`6Y4-@yu@iQhWO8lP7w-Xbu<>Bd*)QqOHP^$c3^> z>_c&MLq86pzqdynsMSzfTpXMxpQcuy7U=y5=%W5b73_4dtg78M4Q==>Q-YqJUWGS5 zJT!mBY5u%O23~?dh|#O+!qkm{Uz4bs&S(Nr$KxM?(Gb zT%0&J%TdB0yx~0J_Nm>%(|)!#3=7tOT z?@cTdFf>DR<@3x8^RM4=Ed3UNidT-{+prl48#!ek?p)3JNk$!m;Qmb)^v*$6H0?J219lWv_-B*LqE< z{0iT^b_FrPdnLag;%_w|xBtSqcKK%IQRHi+55(^BaKUcMRcuyX#`zdH8Kg`7cn@^> zG1oONwP>BqM4_|OvL4%xU6soZ`K6Nfv-OhNArNO*Pu|{XGPy~tDkH1e!Ab`zL0!`8 zW;2DFiaLEhosb61kn|4E&*wTpUCP+D|8A${2XmKYFs;a` zpE_9G+FHrXET8@aq^-?q(4?_AK~6$rr19Cs`Gs zjdkNWN^cw_kprt}j!8-)_FEm4>(wj_8%0wF3vtpie$r18#6+>31zuiys| zS5{V%J2|dw=&#JM(NKMx#~-kaE-EUzwY5uvc@l`oh+>0JTFMopI)dOQvR%@-v8k#9 zOdpr}^J7H9KIws)dV&A_5-4+|{N+TUnkG9J8{3e#PuH2g)XBvOPHd{(Zwi5>7O(X) z38#*mb5(Va&&VckGpq>Yz2AEQNMrU-b^WUKYzA+dU#+2*_1xhlEIEIqKe-#ugoZjk z_5K8kXw$256ttT{TzEht9F2^cT{_#+eO7#LIL1S+&(u4_+mSqac6NU5&0|sAXWIA3 z+au`d05dK0&e_z|bYN=ev3_}O<*K>=TOZBV){I+9C)oJn;@!L*$swm;xTe+f-SgS8 z%kBP+KrP#Ed_B9vC45}%zvQr%N=h67$@=U?MP+3RN2x)(eZiBO_7W=8rlnKI`N0hv z+t%3P&nOD=nnY9e%2Ee0-{g+%q2KP$BCXqTe zW^(d<+P5hjv))9d2>f*sX@}5?!N)J;u;2gOiF@@t`0M)V6YMQJPKcXZA`U&dV{Tm7 zSx06DCHdj{zTIav$IkHLog1TNNs_R=RZHQMBJq^d&6L~M_wj?D#+`aP?!B=2#KjFx zlBHi++uOo?3(RlUEIxdA>5xH)6;%1&S=04p(mPkTAHt%-y7~*k!lDs9Yaxgh;OY%g z06{=(Y-P`Me&}dwcHLa%L;W{r59Vqs%FEl4h<&vTK|g?BVx^GRSGQo_kmgXZhX5y> zwy^ZQJ_KZE&!U%gkumR$OL9seBjJaE(a$N&&MPcD>s!wdG@32>!TqK+Rb%^KH#hG% z;<7EKN*!cK>_Kuu;n8-L*U{0TXE#$-)YdtZ@po}D{@!`?P(LZ#C|i!Vx}ys9w?~D8 zqr-8zddOFsZ5|OG9{%LXlaVYn4vrC0=oaQ@;IlRx73EO-nB zLk=)D8^oB9eKDpcA-TMdgITDgpzhApRg&2y{6hBOTRdW>qYOM(LzC~#?mX(fm9_r0 z3&ksS=hE^ES+(A*`unuIihH!P--H)DMpt-c%zLw;YV+G!Pg8TqsRPLwhr6S9csQJr z(%s9aqi+h&-8!f|>k+>|kxq;({Qbj}u-a?x7o>sD(NtE3O^E6ySGv1`FAX8C1K;X< z{bR`0hH8z*X1gZ(T<6DLu^Tm<&tKR<_Ti$4W;w2m4z8oK?b{qZ)z~a07Pb_wm&+u< zL66s6V6|oWwPmvGB#n)Y5O??Rp0#W^jSuFn-OLcJVY4ZHeeu-HOf9P3whQGa;B$G9 zA>@QS?!wb=u)h)CPS|7v(cYamr)r~o&!XMnB@5K z|Jw`BQq)_bYfpi zcpdId<bL)%o}Mn}*`cd!gYT`L0s>e&kCm2|_KUQ!Y~5Qd{bt*qG#S2_e%LL% z6^H}?%9|vz2V#3PjPp#~TXpR*iF3m)&8jTL-tf5!8XAOm>88t#<0zCp;aY$rynqcExb7m~ z*v;4!MW-0lP5I|*SHjC*T6tV2Gt<-XTXr#~@b}R;ba6@*?i|dL5~?)~r7&0hxN#DzIr7zZjM)zZ592^`#P-U(IDwQx`j$A1eTJd(e1q;ED(?x(Wn*(2J zv=~ZGG4kFmDavl~y{Q>^3GF=Tisj0NZ%FSQBxl~V>FhOZWH+hu{!yu^Z@a!d0=l`0 zF4YOx5@J1ehi1+;eH2k|uhnJZ zJzKopcWw}qXP+U+1L^Q0hCw7|U04PXl~{_xU!koC;#Im@N zB)z(?(72n=Un2ohjaX=;DPT&>Y!+sq@6Vw)UPPHCXSVm>UO=27klnEqs!Xb?oHudq zc$HrK+3nVOdV_OwdQ2%&HO59}W@gH}Q=^>KYfs70zev|rcWwrn)XH!r8SrU~&5kT# z(rs*P)HyD-2(9>@jevxZY_8zxQP8p<>fh#23hMp{>e{?W>wirrD0n#q0=GG@_m=C` zs($2>QDPywyu8fhxCZOk?u?Wsqli^>TWMDJv-7*Pf1S$8caUI<5lE#jLHSbz=Hk-Q z8=`lbnh7b5Gp9|PmGDZ70_b%p7a#c0&(9AIha-{5+m5*oQJxq%`g`|2@L*-~;d0M% zD(uAQzOAw{W^Kh2cyKGS)7Rd?fmA|95o^GCaoK5CdZI@cVanO~r_XA>K&4|WCRGyz znpv1p$^WY=TxjWtorC(Jxv2Qcm@K3mO9xBVk8tjPYMMC@j_e>xKhuD7 ze?Mh*_M7+Zrwtbo88V6pEV|49ZgVr)y~89?QQ=RLu%2^ymu3Ubl=UW9ZS6!?*DzE? zw(&(j0iC)E9>1y@f>0{NM3}P*vFRTPPGzjUB*ohT>9x>hQm>G;9U47PmVLVqc3OdXoi(ngYUjV_B=S+8$yG;PMZgQ} za$G(GCMg6U#+BpW*b+-ieOE_9b~yRu2c=m;QXe@}AntC4TpSDu%7=%CAI|dgNEO0c zyR#|`k+s9ZSZmwc5cp#AQY%DpoI$yCD6zXK}mu68kh@yrPpzq+$yJ#B>PT4uMu z(tfm;6_QO{Yi$_(1molGV*i}L)RhOUL4w{iM(gj`Cdtpg4N@%X&NlYM(4-4!{G*%i zs*du%C_c4{+^XMOtjn;WTgsDNMvniX-|_{)&YbMnsdA}OlwV`$=mhzPyTC<5OiC4` z=#9x@xY^jsi&}Hm{+aL2YP|siFX7?g5#Gv96+n1?tpBZ@lE1C3%?3Hya4G0h>U#Zk z4l8$l(5DD+c-Hz)Kq#cG@h{bggo%*t?CbV_tquz)??Z$@!ees_2Q{XItjtUptPRi! zz!(6T`}z51vJg$g2$_*JK#rDsB1xfV7e#E-h0IR6w5^OL_lOIC)!0Cli9?$zDV!JQ z=ZkGVSFK0w`bI{MrQZ7b`p^C*Yj;YhFtnl0Hr+dp6^X9~#hP0rw0g+jpE}CUWOoyrM<%fijkP`cyUoLcHijz}PJG7IX7q{H> zjZhLdTsFKJ-WKB1EUqn~Y)4~8N~wsZVH z7803AMOwW|YJB5XXjU5~;RG1bP7G5gL*-_frQ34-LN#oSM_2!lq z|GRO;oCAq#5esLt|G@&BHM`!rNRAB+-7c&kFV|zGvL*e}158>WNASbL`hDKIS(r%3$zRg}!iS6y69HF0O|Qbvn6EecqRM z*uC5b2F}$L`T31GU^`h^MIWCWEnDCWQ)^k;^GnXo!}+e@)1%?pZM^-@rA^+XXD(p&R;0Q;vb5(tQV`;`mZnJQ(qNtKEA+rSUun8;SKtSojH(t_Ss9l$vbm}g~CbBv6fI7dyLJWIwx zQ)R^{nOs=7MO7njWRZABOsI*zF=piWb$7R1k3QXhE~mEpX~^xFX&%W4-%`FM)?*n6 zq!I94=cY;Me(X59ySfTE^sO&8yQZ+~on9_Df!p17^JAs_*Q14MYH9$fc{yj5Ll>0o z2NwzY6aQKTUj}eD%m5u#vS--zc{NWl?`RTo|MAm0z&B-}X}TaIugxUO@E$k`)cE0tHFFc zFQd_ErL>e+6AjUfDbI-;QO?52F77?;)S_tZ*^eliQD*$B$viep$=~M z6=7gt5EV_A$z3E~y4~698;_N{y1eke=mEvKGUNy>D4OZOG8}%lQgcbtDAmzp?RAIZ zlD0Kl%thHa5;wAnOGq3X9E_s8k!>jdfc0yA6xVuq-;A0E%nhgpqC@p2><^9Vz9yFG&ZA7PJ-pvq17X+l}>Khx?@luy37WNM| z*h|Y}G$dq<*A5O3V`(H>03!#o?6qA#W8`yC-S>_Y?0-`Qoia+0$xXd`guH#fnAXN} zaD8x!-8B~gTcAPE9@b92|$)_(HzX}UoCcu+6X<5B+~HL$w#-&4H^g_^92z=V{9 zZGLPmY9gXKpDQ?5$KC0_&Oku68W|a>si|#`A{Q5CGGKIGL&+QoNXGS(G}4X9KeGYm zk0A4io0;p?32MR0v{?K-ILXU!xu9?L_3mb}UFCWvty2G3lEqo}^m|sQ*FRVxI8y~= zwPrMp7S?yRXtwqw`<^G@4iFLGk=?mQKskyl?>!%f5MUu3iY3R&@^>%vun&ZYVF5G*? z(;QA}HZLy|K5O=NS>xd7VL!$T5CKo6dcb+njaqGF|hZV@HVXSh5)4pvs~q+JI9UuYu^vn0YfB!x_JS-nck|p8O(A+#XK0e;n zwLY#$t9|7u5oSOgPHP`Mcez38CSHz=8O_Y)zV*RMG;|_kXD8jGLJ4eAxSY9sH?N{NjR@l3>m0URUF}X_LrY1S? zB>B&})N)Gr=dLmQ&?X!?I>%(s5$)bM-x`5tt8)fB@z3+&+qT=Q&g&sofeyPJlgKIID*#c=sG{d#nm#< zlgKH?4HQCc-R$i4JF7a7Lql8{m$Arbbuc(*Gbe3geB7ik^vSO8kDFAaXwL8NKh&33 zhU#bLPCxFBtxcCyFzc&2l=iT(3wZm z%_Ef(E^#_Thuy%9yX_1|$qh9%pIXf4{=T;KmHv9;nZwh$x|C1?KP`O*wvR7gS-7e|IV9^1frIQ>UGM$>`Xzlt`gSjsb z?=T1PWumP-92VRQ$AgGJYu3lkZTvxrEHgJ9d7GVSqn7WL_wQ{-v6rh?v}0>7)Jx9V zs&DK>p4#ysB8z7JK$iQDik@}!rnefqrA0&!yE5rTjDy#m;pJ)mwsq|;X2?@Api@W)3X-NR%?$2?FeTVNk ziPzdKG&n3Y9E!Rs)c-sPSW9xbNeuzsR+l}r42LU8jHskkUc^2)*RoInGu1W)_`%+` z)bzwNw!yM5r$*0i6%FU+4XWRjTzy0u%X#G@#t))+;CnP_+U*BgngWk_y%k~kuABY& z@rk5vSlc(gUS#Np4o`*-L)oSJ!K|q%+VA%-CY@_i!x65^n=$QNgJFujC06=V*)AXJ zMNR83JvP4bWPLMRTDqh1cA?j9T_zAKgU-0gvrLL&tB$2|jp@c@7r%<_Q~jI5H6;+^ zQpjK^R=IvY<412zYhu=MoUiD(77@VdO(+#BPl;rc22cpBE#{{#Ar%Atz1V3H?<-EO zm|QghRO8^Xc%sO`2H6RTgQvT<;H1s_!EB-YN?1O{>Wr4hzpMnw|DrGww*oh7ucZNm z7ZA~#J2Q1#8qj1A;tl8D!39Moz4_|Lh|R z$TnF_!`8Nv8XISnv4t~%kN^M%X+;~M4)~zB8yGz6>tv6d2ump7OkmEVX0hpyq5c$o z3;zuh?)mp`H(>)PARoU(VszK=B z*y{`)L_1N@2SpK0g$11(&N6YEYayNPaP6uhVVO^qF11=KG%sT~OWJ#HluIk^?#0R= zGj4LiZrQe(8HLzBlkAeK`9dL*xQBd(+cHZ<9hEQNo?*q_V@ti;D6GP==CO>D%J_m$ z`0U#468EW0grkCHuQXmh9V6lK6tnUJB2M_cJ-ZR7y(|NCx9@WaYi>ZEtu}X5=PpAI z(?uc#2=hXhH8`^PxG1KCq8un*W%<2|jvz8jEX~<7SxPD;22d8NM$H=4ilufY7cxQk z6o>*^eYEr(22*p=yvOX1h)bc`!@#z^E$zMTY9~wYQ;dzIH8QN1=64JKrpd&=RXYtT z`NEa`wdPSg_g+<$$1_WDy+q=1U4md)*~Zc_3vsImq=R;AF0wb``KjkH&d6J{!xuIt z=b4W+8#8w8>0<0~|By+ZD6R-l6WC@Kd4~}85;tVCOP=IgEvjeprV?1Sj0WdtAw}Om zj%E;#;kvVq%Ye~;x2SR2eo4G>LjN^MieXr0N*u4ER&GrH=?Zl)=q|awy#UlV8z96G z7a-MxA#JT-y69`9U63u1n)wtacfw_dKBCOf;Yt7A9-URI&hPyGCd}CnqtC3{Vo{fY zr_1X{8y$eJ?Zf*{Gy%ELoWT8gLqW~ei)mki)n|rYZ4;v#{biKT@MzcRAl$faoLl#rgq$CHgntHrWbx&H2QK~3=~Ns<*`~IiAd+&u{ITdZHV^an2A#w; zbxZB+_%uewKjL|R2xR#4=h)RU2FU}fUMpn!E(61Vp%&fn8O>Xplqe}mQqM_&n|RZg zXL{9_I_h?fE+}YITt4&%z?DMpOy*ywZkqG_mK!Bv7-Ik+6NYwH?hXL?1K>U;d$F>J zkuZ&OB}(X;zTofbG;90GIvmUQUwdDF4eKJm5S89nooUwC-mOB(k&Ti1C-$p>3I24Z z^7!}sz*F#`<70l*#m)ZYwcSNEcYJE^*yYEROmZeIaLEHEMh5}gU}nIIzm8* zUS2GV?4GS1FI;c^fRPy@ZXV>GUwB@gBFFE#9fHj_rOW!-PB4I3e{th`9_6yIlH2yd!qL*GO^YXzxSgSsfZtOko^Z#;#YDqTnX8GdHEyt z#zV@HHJO|#vzyX^nJyrcm&jqOh$&H!o@uf8*{^TPsFFulaRW5#9pI!aQ4wFV2M~xS znXbAA+Eo&uHJ3&7imsvOkv=rVMK=#nb%lURe`A|JQvh;40jmY^e^?H`$fQyq7Zlzx z^aBs}qV@h4tp4$TKh=!@a={7I59ks!_Q(4>JE;f%na!B)KcoG>IQ;)@h;-o{H$$%A zFV)4D#|@m!^WSukziag_zs`9z3PECEn zDDE$mpb` zP#I3`bof|y)8)@_aQLB_4-;@d@(b^%sHi9@8CV{@yqK8)%*&}EA^TZrMnW+3{sNdb zXLNM*zlsSkgWCuEfMCXQn@{6tqfW)AdML_YU0wZ5?qO=Q+CM4RFM(@@iC(o&-@?KI z@O=&s4){R^|CtHH&+r~dx56|H{kA4c*85_bn|)s4th$JVmO5z)d>ZDSCiob6 zy%m%^4c)bSlHzOD&Nfq^If8uF$U)(pZ$C2xu11NS_m8Hcn1cq}PDV#heAq&{I7~&v z_I2%fBTipve>aHKHZKG)R%mELf8(x$8y#s7mv(PD73is7#rN~cbWt8n3k$bitKxNI zrPjZQlVe)=rgTYEw5d!fn{OtQM>1^KvNn_%i)zxb%`0ZT>UA2Hw?13t)3-`5?*CvQ z>itQ53xHq>I9&iU1X%2ntsfCxX)W8;xwusWff2}$>(Nvj2es}^AjD?5{V(%Aw5v*61 zn|Z0JsVXVMv=7iMV*=4ncRJI8jD&iE!Yl~`<@Wadm$-gy5`h?jWFZ9QX^Rvc= z1{*tD*hq(e(Os+}s63O$tXHnca%d;j!n|7%0ki>eGkyg2TE6hdDz+UYL}Q$-}lAn4})4HDNTBP z#(p2(a>`^t$Wj@(T`yY5+}`+&_0Rbv6~!9K@a*f@IT?0G%%^5Y{`O$SXim&%KY3k| z$vRI->s}{rzx|)Vx(x=^Vkwd#FG%wY7!;~IOg0ts*J=l&rI^y=V0ApC-WYvwn@-bD{HW$`>; ztcvAIj@%CZ(;bKCWA{e`^pZ%8L>_kNz7!KhoV}#)rfOyyvocWdmeF8*Xp7$t+ zFerkq`g?}R#vB2$8IMF}S5{JVR;=IF#%}n2M4ZLOx3`ZbTLxiqRyttac|_0)JpdUV5COO6NEs3n?OFaZ zS-i>CWkv#|tk4xcyE(hNKswk6b*~~mfNl?^Dgo{%5)u+q3=Quis68889l_dkoD?85 z)cO|rr{J7r+eC1S-n~-md=}3F$+O{i2uF^$-e|K%MqJkDvg`Qz!fIW$T09gH{iT62 zb&78lxHc{;RG#Jw`Kr1p0^4M4J25`BvM>W$`7_Iwpg0o!{Cn^+u~z@ z^2F5kDSIXFo!#thsOsHP+6bPa5Ukl+UAmWDx@*xQsU|Yp;^E;jF)`VnKGcPp8=@w%x3B#6c#N{Fi39y>yM9^DDVe%Kzit1N5#yw_9~JvjieG`80LY(9CDa1;1Z z*$HZOQQ?CADB&Gq3`hY~tmQ$LQT<&*KBk?+i{4wu9NW>&lkSEmm?KQSFRT?+S!sV3Mjz|CC@+n^?6uNK%AS~ zg~|_%HVllntFHJm+MB+}f))K%1Qw${{hY^V>G_Fq!B=rOxHy+r=WD|0xru@z4&xxlbBFq?nQ(f~vP=S46(2ZTnGFD?R>9%J=yG zvVvzcO-NTsBP>P_qxjpFz1_!CPQ*zw#A;I)`q=?A8jInmS3Wz zf7|!F%o(4xQFwucm{RC)=z`2K0^28m^_JYbpjYbhJM%Td7s&a1>%cr09FX-e#Vrtg zNuS@oi#lVxAiwA;hT*8J0pLIXfqxPKT_0Tt*w`TU0_2=>BD==3_kKz8J|QEox#6h~ zXVdlKwSTkf^y2JKsjH#d?Z|CTBPLoZ*ooL!u=!ceuqrbtNFTHB%a<=cGH(MKF?+_d zrGEkiU-be4#$=tHb3Gw)jy8^aNBexrs(g*vA~13r!P_ZPjM0N^Jq$;!jw?zb{9+ieqA=+yl=uD zeZ&{=LR$HKT(C*3Z`gO|zK0snKLPG;ZY)TU&ymq7g87c#%v7h!{p?btZaYxk_4iAi zzT5X1$)`|gj4q9pEd4Wol*0-f57q{=wY43+KOG`~@4i--+*}o_I5!|T>W83w`PReT z_nF-x5xS$4t{msve(dnvWf5SeXjttd#0qYg$1RChA$?yubYyzEYmwih5XH6(MO#h z0YRjps`SUa4=}#|y)9I|gC5`H_#s8;<3CYSdKSGW@w?Lg-qDd!wmB_@>&BellmWr$iqCcsj$w8awg?KXit)EOVH}py^b?u9fS@!gmv4;4_k;#(S z!}{}Jv8eGRHa}lqqno~cr~y08w{x+%g@U3E8VU;UyV+{oH%MKod<6~X45*=?Z~%Vg z?BgzOO8W8X(QIoKns2zXA6Ta4)_xqwZW>M75V`DId&3J-vp~H(6-P+TZkJKk6{-eK z#<+L#d0)TgH#evJv4%dl3uxTwyeA8DbHSm(Z6^q+mR6t7&BMv6xVX4LcFQG*@ngx) zgHMLq7N3p(6<#O<(8;~%3ap@HM9Ts+QTg_Efr9cWW4!WwdheAK4b$>Htg?6DSF!K#*C*rvFmYuryUAO3S`n+csma{j zylF1pUo34*%)O?nbs^LFL8Sb8j8pgE1fd;sr!9J2KMe4b<^Q{UDeNL_M&4>n{TACurRHN3oey)!j0N_wMfQmY;4Uuec8Z41WM-zx6Y$ z|8cke?*&i)t6IwICt*j}%g8rC0r6HvWQJ{}s6wK6XGBv8SxAA4BG*HO6&de%cdSXO z@*1~lcX*HWCVA7}M_RuGU~wb~ujPjhn@rq9rRdzn6@jh&6=?PKnYBzf_(P-o$M0bY zzav<>YspKWOxE#-w7(c0{3_;{xPc=m^^yW8@;W}w@IiclTWoupWA78M|PTm{ymDP}t=|srF|mw=z0~)!Izu*gLbU)@b4n#bnC;L*v?M zQS66<#=9gf59?YzwewqBTvI2>M4kqsyJrSai0Z zo@#T+1DbdTzOW)_jX z!Uw`wb&->waww>B_fAQidEGrOGSGpNtRi^Qwq-TH6_>_DM6kUm_|;#6Y=YNC)W&Bo zwGMsmTctiRmhzVW4;H}Mtdi(~csAZD-(m680OiFw-_t9SzY;16Dw5C12!6cOG}C1z z1%e^qqC`cO3|JInp|?xUG$Jg{5D2tu5apEDmaWLO@@hGw=WuB8muvH#SOb+i{H2x0 zQPM!UrsLB7>^)EL(}`O^fYJp4%D}pvQ`E=53sKKhRajX$Ix{mv#kR6dQ|Jf0^)cE9 z#_s^9MftdeZ=GTm^*qEE0-go_pZ_i3e@7|)7h9LRbN2jY8`c1&%;~g`NvPfe^5EZ> zFGrInuYj<_Ll8tW3{HYdg$b$Xjx1zA?|cpYAiBk3aqXMw+t@F;NPs8Mn1sf=rDEyf zj_u?-GmYNCX8IZRwS3Ltx+@}{fjj)`Ia3t*?XunP01!I zQmuFD*=!dtRSaZ}u8$o4Yk~JYpVz=!^UEuq`s^h8zE=k)XZ$%HAS-=lMYfpHz!3og^A$#Tjw+eKp4Q5WTXjjt+wJF1tgw?EuH1gQN@FP(xbTMK zlfRcMzR$pZ{UdFku_xA{HJ3Rx$TJ%*!}ml$y;5P5uGav*Q`ktN5>QdNl5>) z0;BLE?ojlwB^c}Ne=0)Z3{Tce``< zH^E}E&YK<54UJ#o)5cgqB)tiVk@Q8;26+a;(IN*0)1v8hAnvAc4-PE4pq-O1*B*E+ zU+y)&6H!zT^^S{2d7IJDI^pGp%M|osmabFXOQ#(_sI5OE(vd3z<6B1e(&JTaWFZg_ zWz47Cq*jDq0`&C;FrSv=%hXy=e|aQF7#@KC9Ou=N!?zZZE77@mt!bP(NaH?-{_j<- zY6^S_$)DFYu`s+0ul$OgLxSF_U%2!^EWu)aa~9g=Pv5OFC8it2@zn)&FVmz>Gj8EJ zD7;ye+xX0?`(n>sA+byw>l8nR-J_dnzMds=Q1`9O$Pxmt(2E5xpWbdQ+kN)!gapga z+_dCn@zsw+m=(AxpeH0EFIN7a;@&%`sqkwTjUq)*KoOBHy-5e@M3G)Zx`eJ$0@6F7 z2!a%)Nbe{}Z%PXgdX+AO4xtz6olrt@HvY~x-z{X0S~^wqAJMygO;W+A08*a^-HV zV(4hrZ2ZfmUmCV~{IJ4Z!yKf-m!y`f{g!zl1G?%X&bkF%7Zs^2;~aVQgJt=X zI3ZJTz0lD24hhy^))F$FpC4)93|?_I11RsiMBmFWv_H&u4y%d34>>F8-a|D4J7t>t!+L>{qCl243<|YQ>aBG+JZDz=Du%d*}Pv;H$;cXWy+!Jcum8 zYJ!IJ>@VIpGEOA{Pen$J$LlXPMDDEA7%9Ik?;Pen9o6yI%WjNe?Nm*<$`#m<6<%c1oDxj<381C&a!RPO7wBv4>*e#a0 zS!b8gMQX^eLqcej+`k;eP0rvUrA5Xkv~K1)<)n*vX?zbD;K` zF@nVNlhwQcv>Rw2p49|!%jJ$W6T+M@|FLIQ-Ph<6NLA4Dw8|$RYW|E_GuZFCOwX>u z_atY_62;)8q<0n=9G;To&|8I0PXoOQQnjB5F61e05wLvgMhM1hxB{DYF%r+~@>cov zyaz{K$dZ)bFjJ0Cg13hDCb1{G9MRWUmM?Vt9KW(WIM1BZRhZY!@e@r0b0?hJQM!@u zwNvvSsR2hKT(9*NF_Mm0obt5~z6a5cfbHWf?c_CfY2CnF1M_tKX?6t?Q%8w8hPI6F zUcryl3@io&OQ)Mqe&9;`E{D=xe=p9G0MI>@Xh-wZCb{P#uTn% zbs^p?!O9}?Z#bhV<-|H9>%~4P-?~fW9cQDQp8I?L?tr1#Z0wzccH>n=Jp=pRSNCjV z_sO}YbRcC7HF3l=)VGn0zjUd;5+Y5f|*o z-F}ChcO{Rtv>rFfo!5IwMT`lnIp1dI2pJ4`iPnO?2g>y=;S zV`uS&tSHnU`xwRb=s$hR9ws;@T^gQ0bfHDyos+I2~x;DvEE` zivQ73Ua5LNG_GzUGuQ6U_Jc>Vg-76JaY5Z!K?&nV0p0XIyLMWx?+@k4obvg{_n4J{ zk}=ARnQDn5jo1e=V{;5rZJp;6U$~UoE`HurqvC+h>xf}rAr2kIcf&YVF$Ir2ocq_S zMxKT&K|7vwKKA)2|93I*UU#I; z3jPx*sSf+{?Ky&6b@8Pcfm~Ol?3a((zPCel`d&m}S6Y@b910Bk$2^h71~)@l)pbsI zzNCBRF$jKj65o9BeUkOT{EyeB32$rZA~#2>6Ez=?rhjx-k-`fpP(^vh3YSpi@+`)% zG;uwc2P`zC?zhF0gJP1eKV?fu<_dj3!wQ%eQwQ(gi3Q#OTCxEe)ZBueo<6nw^I+!u zPk-J-)9+s1CsSXPlepzu$e&M%?QgNQA*L8^1P1CQB*>PP%^{&D)t(J9KtVro;In5$ z67{wH$-;z{m6v}@;nNU=YSMP~KHm-G_XoRf{bCAx7k@Nv5E=gHW&q$uo98G0fR%T% zIcg$QGzZq+3Maq&sOvaW-~8_EWMh|{?(Xg$oc7sR>crK(4EKnGyN!l+cD>9WCYKw3 z`t+mA`AIC$CSCh}szSSt+5`W!;t!S_!&GQQtP83BvpirB)Menka5Hu#@iKol4s9P} ztLm5xM26t6z7ivs{wzAq;^NKCogLaoEkw6iNj~P13!D8DMJ`wRTd>RV(~AK2 zx9;vquYuav49LLkEI zv&*O)(Hi{GKVm3jNTx6@5#6mYh6lu0RzJ0V+~ zYQFM%CI|$_WKxl5%~@D1&>O^W)`YnL>byf419-&MsfWu0E@qONuiP4qc;1%fT2|SY zuh@*;14P{CuX6>)U@ng@&9DYqD`5J!o0m;{m%=(#U3T;6tJP=x;^WmmQ4%`zH$cx& z+m~N(^+!X_D*@Oo#x@QR7|ZT|dC<-na4!JfbVaUy`+XL9u<)((^A9`cp~m6rTWgz> z3O7OfiS$^Pc}KASWjT&c`sSG)X0?1Ci&>oj6O!TkW1kZpv=1#J1HrgMs&fp^kzxyB z_VMGXV~908rzfC~Qm!^}+_l4Y^p4eqiJjE)9s~lzMF2AFBfX887i*$iI!EG2y3mZW zzGut)0rQwl8E(2m+(A}s zXRp)9aJ<_uEWb9uah1eDlygj*IE=CsKT0@ae20Cg7shtpcrJchFcuELNO0Sd48 z&eXj5xFtXf3~1$o{rT~RjunXxAnnmG-ws@K0A{&=2RK9BCnpnT>taGc%=~}V_PoIP z>Z&g_JGU1ht+?G+{V%)C+BOLFeV~U)t`Q`&jp{=V%}4&SCclQe(Bq*kxdqS#u{=P3 zo4~>fb`7V%ev=+gIE-!>oBwQXVW&@!eZ9M%B5C5-u&W(^Sep+LIV#t%O~;+ zL*Bn;W_kjc5v%ts#sRP^EPZ>-SVVpoS+-=AB9v;&jRzf zvyJo$4LI?Z+9MWg_O;dcI;yK`Eb&7vQ{x-EmRxzooV{lJ6X#=Od_?C5iXhrajAOCy z-#JyTGJbG->mpXL|4EGpRhad8x55qz)b|K^zCsOkGA6VQs)$G&4D(<_*vWV{<8w}K zzhbZFDiur*Nj{0e7p`$Mn3z>qg;mf8ZB>b|Twyb3b&->{+HD*23pyg|OhqBeI zG}M1`uOCN9O!>;Y*a;ePRnpW~JgmdvN2uoWZ9hkQQbJoVD&AKvYL4TXANiRuWH~gD zFIYe_Z&Dg2=QWgO?)wc288VbhBg*F`By&R4Ap7nn{=fUSNyUgCn1x9 z&cz++;)6fLnu9!P{bMZCcRr~#mQGfv#)OttK#Z<>E6#qic!oQZTIB$GG^Lbw4f)J z6UmvqI(q`h{d(eUm#WqWObzrQuo7+IB1-oWS0sK2O1sd2(z6c2>rzMd?0ifQs&bH< z07pMU8CAz@X7#s&+X;_vzv8%s6}oVLp`0hgQo7sj!k+yrXWRU$hGz|pcGZHm92{2J zqKw1MJSj+d8`0e`XwbP|!`+ zlPyIN>YXVHCG9t5MyfE;faTMI+_Q@g4Ay^+sJkTBApfF4uTdl+BEJCk?MIC7x-qI_ zJ_Z$%BPlc=JIf(&GQr??bM$s#bG)EQw1POAn{kH*>Fzljw8xZ_rr z@i55&m%gElLG}E6XzDnXiH^2snNjccB0b7;!~AC`qmW@isVkeYjo+~idbL$;{!#Ek z%_)Zb&A?c>!;BoVPZrQ=x#S|2BbTh095f)q|J9Z$L*|xUcVb<_CuKA#%I9fE{ z&I4ZGPOE~33nej^T@u2_O+GsW4WxkE)%j|4^&&y-7QS)udUB->zh-=`&V~5~*`c1& z_1C;kIgcI;)EaZ_27pvW=?|6*f zXROH=p=G(%_A?_w8q<}nJr6r@U{5!!8-Ll7gy*7+QilnhtvNv_l>$H+&Y0O&aCoskJ=X;|Ke(h4!Pn- zc=U8a^o@|y_C5J1zzFWJgR}Gh27sgBsjPPUK2H>{1YF`p#0MG~ zMXkc0u4sCeT6z8cm@HKo7g_ipgP(*a`gR}{2Z=Mjul0V%3IaOLWg|iHUHp1 z9?utsY$89dx<^KFJsmQQS%y)v6KqLny%{d`4oJh-bon_Pj(u4Fxj*7+ZrRt;N*ERL z7M>aRe#9jHt>%jGlH%QQ!WXV5$J%oXCB%|c}Mgxo=L${)j5~c)4 z?>5zkH|N%pa7-n(y2v=#XUgHFl0^*6{m-(H))+H=LF}(!b#gZUl#Y3A+NI`+Dn%L| z%Oifa0`ixX(LjpWGxeJr9lv?)`anc5pk6Q|#QH>G;>lLA#w-7&8)53Z(`pw}f0GZk z%x(32^dOMcuJz@YHDnZ)`a6=MmJ)j4r<+~z0fQmr6|_mHtjj7j*=)iS@Q3!8j6FJI zH6yn{DZ8k+sUrs;55&2MG)Bj%#N{PB3Y?NF1WKozIyVis))Xo~S-k5?g#hD|%hjTD z#snYIi|b3|x8>8*or;4|+w( zf_)2(Y(MFZ%p3B2N_G=#0_5~NXm6?i4S)4 zu9G`cSKgjGn&m-)0SJ@>c>Y{?7}4=(Z)!*F{X^+K9G?Z=c zfTwtGEj=hy@EEX#RD4MHp8*>G83!zBN?%3UK~rn~cI04oM7L*j_nhY*ksb?RF0ns< z*&1)P)zUg>zkDiC%4+3`)Llr02(q9e{V@Tbq=L8hsr_bOTy5R`rByCt`KwL#*Ry)f z4!4T?)Ld(Jr~RQ7s37CwqO?aQoWqQus2$+`A_K+b_#66`=VH0%itrRyit}fmEB?|T z57(C|D^qu4c5B>S^MpXWJ-teKzajQ`B+F&&dmq$a7OqtAd zp2!dr)i81kQnwk%w;rb{l$PZO^Z-SIO{^$k>eYJKJCZ&KT z=6jc#wlY9%dGxIDc}cC)c&tVB66gl}?c&nhrR5W>Xi6uUDwG}&ii{->(&SiO9(YiH zL4I_knrW>PvEC}%N#dA6$xIZ(3_NOC(c!u%IfBWYO zvxOnc?=q%ylSQP(f(aQ<&vQg3R58zZn_2z5FHmP;{d2mly)2dnd1YeGqIHy4IrfFT zby?)S=r#Q*en<{@{zJxvw-N4i8VJ~z{%p2;h@{l28gD?+H;d8@uRO}Q#dg9V70-%#iC8Z zL11GN3x{Z*I)<*#{oMhb@f)5pmvt0-JC3vqQ*n_{2lgJ`Lza&UFgD`Nft6`L@@R*( zv)Z(5-on0~gsjQS!z!UTL#iM2+LIqPueKqL16~>15txUCJEEVORpZ6jC$`%L$%;tF z71f`zH!Aqo*TWQc2Os*ytjxHgvwyZ$$R=fG;(}MEYZ?=0P5Rt}s!TytVTJx^Sz{Yz zz)J*7t85E>ar%0`^=U=k@WRATfCx98J1%_6u$~R`oS-~XDqm5CF?Vf_dBvUhcm#|p zV;=<=y%)Ty|7v)@*~#&z`a;d7aj352GiNa1_MEEyb13rhe!nmLQ6N}nMdj86n7q$6 z?$4JUo~%V@zWco7rZw5v=~=@W?P>*EGkqW?{)>O}XbCx1GZBlhD|)FsPO`8>$Ftwf zvK{;6m;KCKRHxpCk4}ma1x3*Y-ijze@hE_3jsp)r@juOd5w|lxUiIz*Rg#py;{rHn zV>d_ltD3a)_H>z%%1h1mjnaD2aG%ER^P(l@+S|Krf}e3u@|PxjKp@ID*Z&dVi1q>2 zEYUU_7h3S5NbK40(2Re0?|@@rc9mdkTP$29Y=KAV0n^D=*X9OWvx2jau38yv%(Le2 z$10Sm7r*Yn%>5sjg0du3X*AfN|uj zt6cEJ+DgF0utFfiTJvdzbl|~mO&%2XBy}CqxHI1*u*pIB zxhy^Q4$jo$VJAzjZ^6NK&C@!=Zuc%{a2RIh%h3jl3-&Xp?9V9wfO3$oRH$>4(_J*_HC{VGgat&&sEp;_dW>?3nF@IrYZ-s5kmiZ2T;tw zURnF_Jq1I&T)#|dlXK12Ct6eEOdIVL0XiU4)RydWc`|AYHkbb6qDTT7xuJgX!!Xug z?2chLIAr(AhBCS|H76mAaVS4Zoo<}2R6i$gbI)G4eADoSAb?l6Nhk1OIuq2M%GCq~ zml6k^%8%%ghPCIsY?SYf%A`GDj7M-TZWci!hW_kzIOogg)UVqu#Q(Ih^>l^Z@Tg7a z^M!GSAjF%uuuDbCVn})jH2C*PV6*sYv5=I#h{)8Qibu&lbu(I=s>s`RA~FC|?R1D& zA%B6|shKs>*lnANDhWboWQ3%FN0Rf*!uc2?*tf zr~c`4?rDa35`~ZLioY+U1L{+ka+vpmuZ73g;;o1Y;WA5@f*M8U`wP5`y)t}K`0K4A zKbkVOF(tw6MEW-E1V!apd9}!u!*AGJ*n(t^*j-deoWJ-zQne$cL=&y&ja{SBM{~A7 zoCXh(p-lLb?#X7xa|ok2Px#oE(=`nxJZy?7030SHSKr+)S6@Ew_fJX|^9Gtr~B| zaQpm|D|TPPQ3f!F(_rJ1q})x5=jsuM5aDqKy^ zo5Cfbegov#m3zy7$bl!xc1lmH2>F{UHYK+G0m$iqk7XYW8SwVZpxeq9I`#38l7X7C z!EG8`5Zh;QtpB;~l8M}cS)^i0SW3?%4?(+qUZU!vdjRZzemYPa+%iuy)RkuX=2gbf zBw}E=1_`Qjcg9{1{1kHU>Bf`iT-%YISDoF9A=8yX|0iYoE8hAUXj&rP# zd`Z4Xy~lzWRO^*=?@VF;sj0|zlI8Z8BjSyJK(oeZS)wwO+mB=6!GB#vMRE2KlO3s5 zX%8Fu(s*G$>69KD?yNUBYi!xAYNbl51Ca9viQ}7|K%6YG?TG~h-bHIxJYUIy*}V(; z(B2T zYiO-dk!#hLw9QL7P> zYX5bAj~X92%@9-F z6!}MZjg8z`k5;LXV3*i_0%+=o5x}IOGsQOXMtZzYT1U`~@?fdXovEG7;PBR7Mu07rqP#2vk??}XcEmntx?tqqF*r(2saKxEj;)uT&-2{%UMn+otHjH81^ zt^8405LU1e)0E2%(4ImF@MI82iqba3?qC{6WZ;Y*Iwv;(ebH%jq6g!S|3;R0S-m9A z3(R=7QN?Sv)}(WN7%JnpFYwSp75H19{jPX?EXKCt!X94jeHv`n**DHcP@Rb)rC3g6 zZ=?*lZO;~~#NPd9#JEmxmDdCLFaVoM6J6#T<#8ZINUe{sT zU#I9In8z=32zns6`vytx(Ftr2fIH+>wz*jwDdl4S)WjSrE96bLRW)3OyKKUtWid0)y@M9wt{cE8q6n6ipvtRmv%D5~2Q;vVO;(yKYAqcQ5(MvLjUhd1wFx#)|?RtBq zrV0uD&Ao1o_@NFsqdAGOGE&e7iZk0i;db}+=-NjPnX<1hJ`%%B)Y4{4JWZ0}qI2gD zD0AMPKIE4RW~(RZ-d5M+C@8=F(xht<_;u=Ovc(a7ZM{l~!!}=fP6<8{s6}vx@{F-` ztsxDv$(LY1UO5x4vO79j?Q0;JV6QE?=qS#MO9y5X_}QuTmP>l_4V> zkKP3IrAg){&Q`>w-@@f*R?kx&f)~OJ7xkZ4TI=0_JCs&wPuPC)_GIjsRoPL^YodQ( zz>A2(LRs3EWR{!=7d73>`d$LKin?E@Ag2wa3|o zeWt`&Y)<|CP$frQgG`;tYTk!yfa$uBH28 zyZJ*j!=1~S8jgXd#blrEc0+$>{sO2Xz*?M9d&wr)X9B!Rq1R=$-P&oM_FwKIeY01x zGmgW7ovT}LRHBW2GX>q^wKP*H@>bmeH#D_+aDI?pziH4Q0s?VMIzmi`GFRsOq~df8 zt|F2MKrI$8@14mYN}&VZ=ta!d<$qlowGjLt|DWMm1Q<(WhJRUQmywo$OuD9Z@^W~y z$-T$Z@rEpq6YSs%K*z6XUy34T(H1L(1MLdMB4MYl9LA2#K#C-jysf(Jt+7TjG+`}zE>bgAIIWgAP=J#PxWmA7vF zHX6@>Ul`lK!(kRHec53?_gSL-bu$7J;19|Esh4_e$q9m9JWK2&3Wnl1n%S^ z*;c9YR__{&HrGQX8a*W2*6(llco+fa=`+J?FAp%HB-$E&xzq||Pxqe8?ZP5KA3Rr! z<0hO$Uk_$h<+(TdRS%`-njIl%H7{yB+1S%|UmSb}eL55XI1PCvQ~%q3KaUABQR7t! z5=Z$47R)9rL@2oqL0{^zA~P}l&s0pu-7|45i zpBMT5_C0lW@u)R;f5z z9z_Wyvh7?FJdCHw;fd6P0yxD9GuUGzZ zCno4~A8@^ zI}M+nRF~O_w$Ij)z1dx{)lSUI?ypLNyXKi(dn6R$yk&MSPHj~fa}!9LcN1Yk@Mbvo z>}B=JV)B|ISE2#jR4O35_3?WOSV0S70hx&;9&EeI@Ta>p{^5Q4itRAqm=2}KF3&~lFTyj|Y^rHQy?-%+oTNje|M^{?@Zn= z1jiiJuWTfZfCckAR4xuAmvu9zBPK-pD7#F~=7%w!`Yv31RfvXVTaQ_ZvN58w0s}>vjl$H5)YlW$^#^ z+|~c)i~ql^xA|=_QhGg;AY}#s6@$<2pI!f(71jd)zrtrgTF4F#yq$jgx=85%MHSG> zJWvjhnrGHa=m= ziv9b>YIZXYYhFP7lQ>37raxD1+!NtSNu@o#9svVvLEcWEUzb}V$yM1Hov0O11cJplh%^C!gmyX%fO;8Fc}1jqSD+T zPy1hmz@5hc*A*IWXor@q|M6|Kzi#7O8ftZF$14sjD#Y8*$iKr}2&CR9-1=?Zvcmk% zU%rlHUt)6qv2_1_cX{_4SOAb;yAGk)&}tBu;X2dSkav?>i<{*(Dg025N^<{d?3O+(*tuqSl29P(Pt^26K`HUr z+s${Aw5A^J)3ZvotCy9Ai1E!|)$E^r0BY&^5in>y8yUTym_;3hI&6pA#P42iId8>q z>&sP*XmRTl{uf9}6Hr$;{!aiVSZq9NKE_vQ5)Dq|J^?5|nL(L%j;jP}4#c1ZR-xwQ z2|}`E4St%at%%l_B)6AiKP zJy~B$SXWqu>d8!5^8Eae0{gDgL>-XCPqWq>Tfp#L(^E~7JqHzhl9KLOpT{tQUJxAc z;Ctp9b)nlRhQzI^APTtH>Rn7K9%!y;_NMH`f`!y0u{r*sR9kFzY-dQbc15 zunyu1!N}UW#WZKC-7T;vM9Z)JC%HY7`d16L{$%AV03qd#o`@m;>Fabt5e4yd%BZdMNjpjAs?zGFE7=rnoEzk{NH@1z7?Tc+27u&X-T)cU6&+q^4XLe_Hx2Agv z-PP6Ks&GYl31kEU1TZi#WGP9}pI~4R6`$8na4?^rv?2{ppC>3M5h)e8&zBdRaTpjF z8JLu)u!>ve`G#vMme^*`ja?{whLb+7i$5g;w{%SW{rE{#v0+y`?$x-)R3`t!CEt{r zhoJ}>QW%+3yq|Fp<+qw&69z8S&P%VuDlS0r(26U&#gYo)4s{^kN z!;3u%zKIDG6imK_=Botb|9X8lZDs9^W%EE_EdR;g>y~UbPfhS)k}t`TFFlt&8jO{7$XQL(0EK@>_Ku zB%~oOE3L|Ea7?6QHZrrwB{VsQaidoh%K8STOvc`J@_i5GHG7MNymXQ7l5@u#2rCxY z?Ghks66hx-(TXj|>U(CNRXZofcOFT~WUYXe3ZH=rcf3Wp)Su|%9tRoVPGA>vuvnEL zO)u&`YF9i!4HmKMQKxI8uYDy zXB=c(4rK+lIAX1ztyFlRRTdP=?b<9WWc>PfdTi@|DqZT!dbxVY5{o^O@P8TtUPy0p zG@<(aglnOh$u0-7BG!4^;wcl%?8xw}0fs9df1uJY=S@m3y6`T{_~SAglZUajk_xAi zKz!E?HdC9lL4#@`#n(s;#bWiRu`IN%?ow76wzsqHUxp@#GPzgt8SZ7}S!<-J8!pwVl0s@{Bv*>@H!-#2X)l*=iLYHjxM%$ba;4 z)>ceI@yFcYssdEs5jh>01lieth5F&}$0NdM^tLBKXCSb=z1m&?!DBnQvIH8}nqs++QWGo+OjyPVL^#)et)&bVbyxN=ZeFH)+$5(_d~ z8ekXs1C|_ARM0FM6DqlCsd*pUMi2gso+EQNeRJnKMmJ(;)KvCS z`*LKf8_-qVjk?)8_xpz6)itc|{x>ISJo~G5J`Nr*r&oGeUvqphh{PHez8g>{()7mL z+j=zLbHY%V*5%Hs5-kv}xnTD<-v^mi*GKAO_gfl;t*@~Ml=oC;jG!!`?9za}_2&2Q z&EEZEQxnvORjzLOsmNE!DJ?rQq_jA>qO#j*k5`4Ur}~3iw!4GT(aoeVz^u_@dq2Zj znf?{Y2-yfD=-%lQEYPRtvSv?@kHUIz(#)BhNz5UAPwGrpFFj;~>K@LiZ9&)l@ z@K@FysvAiqlA4?U?!upq{cipUM}&11GPW@UNywC39&F9tqU1jA^*K1aaZzJ3o-j;G zRdu(7ONo~6+Awc*^9uc*4S0u1oZi%SdCh6nmxOqFWW4$7iH`{dyV(}b+kNBeI$eP0 zHiN9q>P)7yCvuHbRBv-5yZK^G+{*ap$C6T70Xi@6J1y92%8ksg9p0^Dc-hzPGp{6o zL!4c7?tl#hsUn=Op%BVk`mMB=`$bk=A!yPMVkC$m{Cm2-Zw6G%eUYX_W9L=Mn>P z8^w$Pi$bRQnkwg{_LIXJgZzEUzX53y&l7+=Zq=1&TH9x`-CQj(0O<%_A&a($mU+Jty?wIg9b8U z#$*drfeH4`_l2t`a&1u0^eXT68Yg?AL38&I1*V9?S96-2xaw84+%1Yzje0zF$t2(^pmfdvz_Pg=sZS9S_HlSat z-ay?f|Ml^U?8X@Sio2%e(3)NM#`Y`cmX}k;T$yGw=q!Y7t?%@~gLxe$27x*^ch$z2 zTY6-*J~}_&P`1QYsd4Q>y;4;LAf|-1(&j-ho!^d$=-0am;H71eg(Dj8C*>cJ%}(5~;0npo^Txcerhjkgh5A1ZOv-<)*MQ_snxSmy!WK1z7SS_bvFdv4I{ zr#~F9aK64vd6A4?7=m z%BmaT=pz%jmru(xu#Put!laYE$9M_W_2xLUUsSFuHpMhk$!x2k(5clyghsKi57ut? zff4(7MD1pXP%VM^g=bP;du%+DN}&EhD;@k^AH&d#_)7$9q{H)_V&vr^eYG2R%QJIQ zV^=I4s@-nxBVRr+?1Ut`Xd1`sg zoo!Y-WL#3Uz9rDI?~{@g=AxBXP3kyPCRA{n2*P(QRo zXE>}rYL0JLHU)OqyX)oZr5isi4kgR16S%}8^xsOuP)~**Kd5g8s1vTSh>edHo!_np zsToRuU((a;!V2z+@>`v!?K6;x+D-4q!soQ=J1GR2jIDH`ZC?$(6HoKvK~ONbWgZ|G zZ~6I=$KIVF8kJnOr9OjmZa$HpAZKP1Fzq3mc%S_(@Nq{BmnSFi>ts-`i~U(FbuwDL z;;>{NVoBD~Wy85V4JhwGR1mN_WGHf5zQS`IwgKDsddJU@2B|mVx@F2|PUgCdx(Zvf zo`fCSF1-G|a9tbu#yO(Lm2%OX)ypii(A5eTb#d^a9mMjGrXgFIpiWfEvdyEPyx{J$F#GX*$`KGeYCKOCE?!7-R1w%^>ZiCKC0W z*!UeZbk|^VRNcdo{kaIOkNBw@Ls+AAPGd_Qo$dIwG`YOGt8MZujn$09XVRJ~>)%D1 zi??la^IC+iWSpSG_0HoL~`cCaaKwkih_Pmp2J_!4{{9j-! zn>`t>vmw?%qQ;L-?43!RSQRV%v;RvbIo@r;8b>e_p-;-kg({6H3&S^9Nae8Bcg3os z5Rg_+P}-kw@VWUAmB5Itr0rw1z3H*pM%35;8RzC{ z$&B4J8oM9HpFUuq%C3#|cOmm6`Os>O9fxrxP%OY>vw>3uvjIaLfANR4oM_5nNirU` z?wWdv)A}}fm|pHXoZ9<-yh4!%+DkYQETR`vt}C=3yZ?wC~@bWr#eWQif=e_Faj<~<% ze8P26PRx=rD3(~I+(P_PZNrguE@Jl36#0)|cCr?*ln<-kW;=}_l_OztdV!A+NawDj zb)q-QzzPPdy_^-8JMlezS~OUk--*_~B&Vw$b*YlBz<7^k+RV;kkAYu)AbzRat>4Md zb2zj0`Q^>w<#FfZvf9hxB?wFQaVZC{+Rap;p|LvindkD#qb;hba32G2n`JNI`0QU& zMHMyDjB#mcEBTMB^cSmTbVHUuSn2s~gW&x=nBOs=7JGye1rp$pk^ASo)t&DuDk`$O z_+YyZ>WRC$`@eamse#!1t9DdX21WG48c&jEn-dKE@8h?EAb!^U{N<1hn1X z=vcD(98TbF9YoqCCsaYtZ(?A-`VKwLob@{|AyLUfPs3fTW~lpG#r>)e`=|nfk7)aD zr9pv*9!(l47$pIOBJqcl`tOHuYod2YXOxb6vm|L=e>IbQAo{j!%Zf*}W;ny-Iv+*F za5R`6a<*KUE}^&3d2OXyO0o%S%G{OzCXntnh*@C8OH7xxTwr_1IkzZeUSQm-zTRal zkV2SIdeGl}k=MD5Ku)?zg_!RHrO5oy4>s#A?)9u znC@85mSk7yw*UcJaWQw(9ChH52LY^@wI%+*j|~7)m9h#nHY`W{jzY8XNw@oDnwi_- z=lkz(SM?ej+zga?V$24y91S~g3r}xOnxVfD1$4ZfD>A8_3n||meBDCYi<~J%m*C~N zBR#WQL%6_mhGB|04wSL8xH9JPD*zC7yk$%+j6y4b+R1EwcDgZm& zVKg4&t&-OoOJ=mP=b0gh$ouU;{D4dolv_h2JqC~-yEq@gIhP0V3*%%R=kwjVR##p| z(rBqG7;OSgHy`kR2zq3)7WCn>?#UfanLnRSHlVt>kC3`ujK849+1K5@`_}xurN+0t z_``0;c$B_c&nmEgH5Ms9?zed9?ZtmY);umbWD5I7|8ji;L?2Ie@XGOP0*uF;!u>j_ zI5jtFJ3uM#A^wSU%F7wsE}K+1B?C09&^<-DMkp`x!~yz#OVITVeEf?l$QAv!(bQn` zU+_b(`tES)Hu3Wydc1saLrhe;mXH;I9E~Plig!m8HS94`yCq*Zey986TzM_YYAA2V{1 z@1vf8{#LEm&LaKZ-j!R*jq7~6-e2|%kVX7vz}_a-(xrmC*%*)nA8owBcf#N>;ztlF zsjzlN0LPznXa0WNWwfNvX6+P8lsAW^9Pl15z#za*GA^Y53iLFrk z{XyZ6uDvrnI^vOaeI9(9@NrIGn8i@tDo@8>PeSzcrZ ze34cMT|;Ys^r>0%sE6^g#RM@^!}@BRjmGyiQ7sBrs>vI9 zMm~_cJ9Fb=zJuS?%#fo*+oTQF?Zi}aX(a0=;KO+slkGo&H6JdG%0O|POTOuqVO_bf z-Epuh>%hnN`a4YcbQF7%7%yar%1fy0l}S2EsL@qhr}?n*Ju5LOQSlOIVQhY~x@lPE zY>uTq^}YDa-Dbr{8VS-Bq|o7f6j)&o2}d-T1o!c*KN5)RFh{>tcTkgo0x9vm!WHQ- zuhHw_>Z5j$T=Q{76$?vDvB8pxp5DLeh?!;Pr<3;Md&(KL&ID`yQVm4`9_lu&z zH;O;4&;lDz^b7GIcPQ;jJ2n73VJS1m2Xw8=3%5%`@tc^i>(-l z@Du)W8D8d6ID)Th2^}-X2t;^=irsz<(jGe$moE`@ZO5r$2p_x7FioF_X8;3wVG{SNhU=EX=04=Gi1 zZfP$H2S1&Eyit&tqvku(p{6=IS_T~DF6(=_6QFU0F-+G5>Qs{;_uRM5un|uX_$@6Q z(}cx;WtS@MFLA`QPASPiEt&XR!*j=xN z()%U}pG3b=@;RNw?{()XXE_9kDXjP9V-kmcZJbfkfe1o#>(rH<6J2`XNqOHO`6i;o zvM#?uDfB=5f~Sh$0wb3OA-yQiVpS>Sov|&%01vLQcc$h)%q0G6>BdQqQol0$qGK5i zLRp!r;Ku(UAMr7`VoIk?HBATTTK@-|06S=JZf>7W^MIb>k@$_*%0K z|1Ss0|55)W_I`bUCBO>>SZ2w!*FPI-5a72CQu8Dhl$1$}$kL?9OPVOgqEPb?{nuI{ z$1m(fqZ$V_jw|o>VDdoN?;b$5Qz?%16pQrz!-Koa=8RVKU}64U1>pa6P^qf(iR)~7 zE@(O>7qhrc3+);jfiWvI@u^^aUg7cClhvnO80$Z_U=siOkJ+E)S=w>|#i`>RKMnIK z&_y!mm4U#oY3{$NdD{Ocja5+>crKVCi+mb7YOQ`t@3MTu^uutJAOCSwDz{oJI`OGeENgqdZ;GfDCVy4SUPWo%LxdTUD;YeW6PKA z65Gfh<8-mdLRaFw$E%Swp7Wm!dEgs6Wc+9hH=l0?h88kBwkAB($To^~M^`#Ud^QAN zq6e{Xr&4{-`{&kQEIV5|VV|dhz7BP!ZN9bn6q$R7G|$qrN8CvaIc*F;RgqwiC6Wja zXeOC1*-U%|OOGhPhXwKbw+K95JDE&)nvB^MS!webeYAE{362v9@KgIwE`7^u@Bw9A zilX05UI`UjrTkPi3kghWcA>tkP#8%K|ZXy)G^w4OBIRfmHm#*&E(6R%1%l7D+muNf5a_49aqp0$szWekx57f z`38euq_<3yq4+9ygBz=u@3}}6LgIyfFUs+QtX;tAkskfyASv*Hlv>QnS=sW!XyaDt zy{dc5er%Te^8e&4*U)Ali>Q!i_W?q>R(My&gkxiMvvd4zWZ68ha5Q1EGB%gSm5b0oOmNSNZ^U@tDvJCU}9 zCd_H`JGskm+0omoGhMLGCQ6x{Q`;N~c-wPBUSQY{<@K5BC-l7A#+6C?7=_;Neq$C) z z6>w5LU^bJ%H<{UyJ*jxr4E1hQ{lW`tG{&%f_giC}-#l)aKK+*g$>K-mSce{6jVnBb zR6&tRi+`y`Z)e(~OwHaa8<8K)+E8D=R3@u4LI0=6@#uke8_{Tw$o!)eb+N2IC4HiKnhq;&%=8Xu$&#_ zHQG6*!9kHb`MvR5B?Xi?=u7sqq<#N-aZ6DwvLDl9$Db-Y-{H0LNbc8;uqLrBNm;bf z-%cFYnkiTA7oJHnf*v8|p~1P+(bUaGXQ-DsOOpEtxx zo%y#W|HqjPDl~D(XKJ!HS5y`wFFw`WSFz^re^0vW+`1D=i8BO9#4jO00#n-^k9xaB z4m&jWhrfJ_>W$wrIyxVCvQPLEYikwi%$?Aio&Ok~{AFf(zXQYhrY#XejXjmlj^&&t zzeRR!OhmR6wb#KCC@D2fo(HM(@^afT!H-J7Xy+5?O=#4 zES)E;>jI1sQ4Lh4(Aq*Q)XM_y)0az6HNg%jVQfFP(kG;uNt#m97f#y7GO@z_sP-(f zgJX=u(H{Dw7Y|kSwQg89!KbEINJO3z<%wQ=cul%djb=Ckvr!)?TV|4_5s6>E>Q{S| zhGGyZPUc~JBdI*u+nHP)GH7!IbWfi?Cl8<_A^Qds!xD!HXQeU!8KsVNQR3i=UO4D% zJ?a=a_x!MGO3IA1x-l>uMy3>p)f%PL7JT9-A?A&8pPMusZE$LR>iG2)n#c;%3i2RY znuFho^6@pa&8Diu6W*LmCu=}h$LbakS*Vtyc-uq@V;l_lH0>7~s|T(MO;NR%`zr;> z3(kyIOIq1)MT@aVOA|+JP?e1t)>^WDm_oJs3zl@W5vGIrO9GfBOMEBCK3WU zWeKH))2YgZGI!Zwin#ew{!%XoZY@r0ih{A=dl`bBr#~qg4ep3lY=nVV$5F^V*`qn8 zcBZRk&tC1h4465<#snw5<4uz>Z)I9~m{jbQj08&U zPF(#9zuA!Z>_+rJbO->qWlSfPakBB>P#nN}J#;WF7Ia(eEm)|e^6SmZ{l^Vr)rDDTeC8%>A1lI44Om`?i zeZvoXEbB(5LHrxV3u!~L^)q*;mY3~RcYSs#~CIZv%$ z;{`_i$*}rf6$*_eAp}5f)H8c9XckukslovZq}~GrW(r03NF^&x1hPxD-DX1xb~h8Q zQ{T6*Q@n0v1|8_^DjBaH?k33giYu{H9$a0_uICPa8op39T^)(ZJH{tu?td*-Hs>kp z^WZCGQFc2Xa#LOR#q@o(X6HpYKT2^%bUUhjb$3lUOP%A4c)S~1thBDoZu*rB@W#L^J5(mUjr>7I=W=s1N9vd=uDRU69M7xC-2vq8Ha<{NJU4e)D?&q7C<<+;geIyB zc6wgM3;7BYhh|GbOCB`S&*Lao2Aydu9Tc3Xj)(*0A<4Y=lR-$12k?Uw(8-aBvUpT> ze?csgNQGAR8I_8_RW@tCmx?u*hsYj_j`VRpDG3HD!GmC)dQ^&l{Nuw{m!fBaN!iFc zGqzH<6GW)&E_A;9pF2GpkGGqnS?4QUvBjouS&-hgdqZ7a@-WE*N>OktW0^_1FtHaw z!C)S;(&V1KUmSVljrD`7C3%~>M+&OFdSkU76Vh5^9|Yh27&KzO^Qf=kc+odBc6c^- z{PDJ9G&=%acs=eCceHima)R<69b(l!Eihi*rF*tOBM|Rxo6mHZZz$p0R!=*=iFqFJ z3FnUEWjNO&69mLnn?%cTMcb9QE_ceqx18SjZr||@*UiBLNWET+wXAT?jj(|0qV^-3>gBjZ2RbjfW zCc`PeW1z;?IoT07rQ71q1fX2ljFx(@^lHferrZV#hG6hcozO>j8xs3vM$pZl08Mn{ zw%h5<>IBPEMT9qY_ty6<^o;j|K&*@LU_<0;?PI70S;2nAsl6nMbR_!2J5;M}w3u4v zpG^M+;$R%MPtT&mj-##5&vt2C4zuAX1!BoeI^%1PSx))=aRj?7V^#@8*AEYZb=x8G z-HX+d|7HZ96J(O_Smt7gRw9PO;zuSX96-#Gn$8Cc^~l2wTxTnnjg+qSwauLd z4JY@NI85htg~a5;89PS3e}U17o0UWGgYg@N0KTE+dG;HweEz7pOeT`MdtHM2KLROg z@i9^&GWKJY(Pm}Z#VsuU;I)*iBNy`>9}f;Xa$2wJ2=s?J=!(hQLtg2__v5f3(rz?-txG z=!5RbxdhP>1wK!Cgx-h%3^#Pdu~m1-OSWwJMwV;R6Sp;Pi~j`Tvt}Ip;O1bw`vRKc zTJj0|B3%PjR)U^29ROJi1+StMV6_3u)&0ua_iF{HneR6>Oh+TVP>7Mq6*QLf?5|xw z*^5U6y8p)4C|? z-D``fk9*6=GbLo@)Vu5@`VY~-F}#)y1l964WQs<}{}Ydr^M&Z2(gkHB(Owk3wIltI zhoP){&vo>IYnaErfe^T}7)}?Y&1?TuV)0ycHomp)f$^;w(Fg$#b+ezIk40N?H`*>& ztn1UI@e}kYyAapLwb$W@_;F}q`A{=AQD;v}FNU&8Jx4~6_@G#Z%rPdapGt5o+n&X!8U@&~`n65@AVB5x5;~z#|jy2W4Imu!`DIXa+RhqB5X+xfzQD12l z2eY}-yM5g86zV;xvTWt=&6NM=A%GsTfc=E37)S~$Vp9!{{5`O7hp7PO9st55hNPZ9 zP8vcRG#!Fa{THIv)U-22qnAb+?;TpxDc38OtD5M|ejdZY-qqJ($D06F_k)6*)YN0+ zG2g50kb1i>2E#{hKEZ*7f@Q(F6P_9O;imux)~O=fz=eP&K8{Oy=r^viA^apH5_ zTMy_<8*Gs=)l6g;=f?8^8x>k=A%N0|@rlKwEBzVosk`S>bCeEG)+JrRz#F4Od!;Dr z)}(*BFSS{1mhrpJcav5^+QN$xK@?FJ5w_U!xJjNM#AmT&NU9_{o4Ih=b8Of0hOI|~ z_}uX6UVFNw3>8vR9A)j@6M~O{@ubQB3b~LLNRSqWrd#8IW{DQD+ruC*uZ_jk%@bL3 z%G{UwcK_(*1%Md+HRX0})BExMglda#4x9VBXIF1D$*ilVI}n@#&6aNYr*-P?>6sRa zUSHK~q+hPkN%gVQI0Igr!-9)Hfgx@_{4($jzSa8!I@Z^p^NKr`20BC#ghUE@RP9>Z z+s{w!G5xE+Q~8Gp{NLc^EyG_t#luj_Y(3_dA-96wzZ$Bb0T)7q3p^$X8>q#*!9@St zViesRvp8@L8s*PM%z;RF!wx2z$9wd1KLifdI=TEri)ij{(ITK=BF4^B4 zo&;Mc8WD4J?7@$+eeuTM-%f1&z{CVE zB<1$@dxvh|^0K;bFhC3r`jdA}M)UNTsxul;mLdQf0Dy<9F-WJ$}cI;Xv|A zY(LZ;Dc0%4Th#}7>k~ISTbAr<&8Qcu2U@EDID=QTdF-cV87B2!D4n`qLcU$4{pnW# zrBR-J^bU}LL2uaR6)|cG1E7kmZC)>a4QqcY*;2yhQoRHZTiwSU+i2#UYpyAfxkgM# z=<9M{4+%WDl71u@7Ua_91s>v+#MTR4L~|{|{LS8t8#5B*92<*V{fqb3V_CJ8-GXZc zT9++YY>B{wNU=H zxGggDXjY);BK7OP8Q`b24>mS(<3(U|SV6(T&+Xt1ozRkS!lI&X1$PVA#tlA86pP(a zjgH@>B{7a6OtxIzV$TPDwqUcIoCn9naczwK7r~*nuwR*P8>h;&=$fx06 zjD{Lx7=?_=;c9*_l4-*0+;RtTsU3Ppa?lzBzZrw#mtMA}=;^ zIuQR<<5D;r&_SWrm}#D2bX6!5F>iRhM|HTB(#4e{Gg^8 zy?qJCh*oJ%uS<-P1RF*6YTKK9 zm`+C$G^WtfLU_6QsyGyhLJhiVM#Mnm2*9TBw=4nEiS)sSQe}A{-lryJEpp8)zvUwD z)zG;UvY^@tDfMKzfe-u@rPM6Y5DbjH3vp5Y2VD4-NG|SqTllJI!qvuFZ}OlB5*LMB$A4XHFjHA!9PN09e6f~_}t=p z17Vls{h|pum9({`jg7fVOZn5+wE>jMaQ>8Ez!}fAW#{f)C9b3Sre~i_f>n4H{(S!z zFECI;xFf_5Sj`-|y zxv5Ng6eb`h=JhTXsaV#X>KX{V5GiSC*U?ew8;`S1)GNo<@bK`R?cP9VaR_EP%<=_s zOG~=e)|CmD8D%W!_KlbgTf0Z^|Dh5uj23`k01H2yS?LuOJyzl^Lr^&qgG*Ux$akcH zMGbR_#R3=Ni}KX;kgJ=*Wc?tL0DIg#8ozoh*{SNE2Epm7q}59@riVUs^z`9T72eI= z0dptD!!g7y8@5|Mi)E=e*x0{PQeyMrRs#N84#wZpmsZtybWR9HOR~sfsi*+RWU&Wz zkg$W%Ftn8Gl>x`!N#;sK#l(~t{cwYD8T{e2u=;-a=OZBH?Xt@%uKxX6m^`38$Q*Sl zT~t<9SO}!x<;}>?|B_!&@Gb*??!rq>o`;2nwOwxW8DaGI_kT*lWN!$$MZ1b)kU^>& zy7JljA7=E^Nt3-LVY)&;_GTliP}7^S>VP}91g;v}vIxL}3$y4h)@>95bpMo7c4*&7OiEHxQQ7alzasRIffJUON3m@_E6K=G0sPL- z59sR?p`$<0fBx+4^XLv)d@um8MWy~7qXw{dQ%X)M^lRpW{^`|k{e5yM&b$Aa0|MTk5o0?^UX_m6P5?Gw?7h$1Zz*d{nt zt)!*ZcK7H%>z;(>*pT{{h5>VI@$vD?txnX!!v1(6Be3+5Px=R1-O_LIKss)x-SC)y z@ElK8gGVA5g)LqYI|e}I3l{zEAC$yhV8!4Xvy96QfL*jXoF*ayV~!YoiPYpnTSWoA z??R}BxTGyyEn0K{mG_WZzR_zX9Y13KbCN56jnxoxUl6K2T?ZSn(x0ie&X>IjP zLNsWuT8}h7o<|kc-TB}*ZUeWE6c4fY?I7RE@IPeFQmv9C6d+o(d%=ahmN%tTiJ%F> zY3My@EjgPaI3md?ct~MQ?`5|LK6IN>j%`Y~ki_D+#+Rzv{1O47A`H z=s*%bL*zaT{U0Nm!NpH#ZF^`Qe#9MqU<)+D?2ZnaZTf%PN#+;rx+=Y*%K@lxie>br zm6dj?jCu>5jd`P$%yRjV>p@V*$dlD2z@LhxMwZ|b6AAyb_0zIamZqXZoL>QEe;{iP z$*osOg80FdBcb@=D*V+UfNW;q(vn1=Q#*?P%C!!9i0{Ahf!Y21`!S?X3^MF-WMy&*Rue2!h)mFtMpFaiFAUngO z6@^zTRB*jSYTek-3w%e5yfl3GckIwq%(&a;6rRCnW(b)~lX&9k@3HoY-r^7|SejP< z>2#Os`o~k`R_6aND`l7V#b(Vr4D7a_4wUZ$w+u&KNf>)#3?Fn(ajK*{lH}J#_vEr; zj$NUHoUK!Ow8kuJYXtXds+Iln6?MB%#gyJTwf*x;%+pnMge%M9JUVre`g<%JzXbKL zA4GEAsx0wR;<6VW_GHQ}1e zw^?YIoa@dMx!WU=qD+;!z_GFf%m$_@cw^l|*L2-6K)yj-o%BD-2BoWQ$$_yoXa;IG zZ5>1-t~HdM0YuG1(kZ<+vPihbZ;nA?tpF2s@;p60<%cf#fxD+SCemhOQ7ridNEH7DbGKtb5pMtow;UsDqd0?8B0^ru~75V(4NeC@F+TQR22 z(wPdvS_L*sXmAJyG5%ne_v>ddQUKSG3$@ro=(G@GIT}d1a^)CVJH5l^g|Mh{OMfWNfRf1U*pluDn3{m8{7BhZkqXR$EGli)b4t;`2$ zE9nSdq+*Dw=)${$CL)SvD->Md<34#^Rmy0CN-YXsI{Tephaut4jS>pktkn;PAGWj! zTfOv%Tzp25URA)O!cb)m0SO6@f)8TRLRocm|8J{@RMlG8C<3xlNotSL^1g6{^tYX|+vHvzb zP^&TO4)_U}QDozBfj4u@&ypnMlBQqDR2`rEiJ5nbM1U@_bpGXUNYFIrXu!mo=}{HL zBFT-OrQOI2w-^x|e4bii%&R_$%(`%tECLymqS%ec$OMzg;3h%@a*{lx5k5(U&?8ro zD=Z(jS7%)uQGNIYQC1${;hQWuGj>wUhEXcUmC3_Y@Oc@U+yEn-RK!8uSKK>Q+yp)6 zV@8*vsF)xW4FK5CkyV&P zc#?h-;%@4AAqG!fZ*Ppu+oX>wN{a9A9L_ota}B35S2i}mC!3wr(C!kNo!MnH%M}-| z#+5^#$_w#dIV%IZqcZ%3gb`8UwIcu)tdZen|F`IL|#3RqWm{ZA0s$HEZDT24F%#F(yOBG>!?yN=JrlM{c&&@+@c+m_+`cS*#(^mNl`gD(V(AvmLAP18qJUK^k zDp5hw29h!2zb(W0nAP=AfD#r^M`Fp@nnTNT2q*Ir=ti}SWc zC}$#FYD=t8hfLp;x9$AfUS_SN!t)qmEK(S0au%_Cbgwp-A#){3xfa=nKR45-Fv!Fg zAzmEA(IIjB=cYjc7qb8Qb^-RA!`~#|fO5VM9#jlP(GXC^yk)5`t2 zEy{Vd@p%tfz9@9)gOEos;rZtC$7jK~I^cn{=jO4~zSUYZ#2Txatfe{3^Jvs3X1zdm zfmQYxcxmKY1hiUGi{w7i{CKz<_A&xjsX!I0X-+K69>=;St;M_#0d35Pr;|rf%Tl^I! zc@SFgNvmBO2Cbt{MG|@^xm8cPORIXRVticUpOs-)N#^zlxLnD(PT3riZ_ zXMsU!&l8PvRI$8-N)$?PEB>l%iVwCpa=WVpT6*da5oy4vM~JKuA?u^xp_L~EOcuGf zXYgo%IQvCyw?j^&FZC_WieF!E8aO*vVRWAC8NBS8c$%7k0-MmNmD656#!OO8Za_W! z&QfDxqpi>EocN&q!m;eZt~80(>UJX5aFsb^hzQU5Lr5ap>umVOTb{~n*^wkeh4meA zL(zp%==kf?NMpA7ScC5D`0H0E1?y2he%Hwj0~5E?m7wtS+*Ox#LHF32p!viHo?Rr` zwc;4OA$_*%MRPEpscKjsz5nEo&bo&iSS1tpa062M*Sff?6n(@dmhDP5HHzF7E#tgIqseW}cQ7Ly=vviDOY0P?Q^1}Ty7%7NFi0=eW*|WB7 zqkMzZLzpl2s7n(8EDk@ZqMz7##gLQ6|i4tNSg!H@01Un(hL7c7DFz@#2{} z*Am`Fln@#FAwtKd9|-gde`ogCn8n7i#9+r{9Nv(^fM)JC(e{gglBd=vpUO+%XL`YQ z0)*2H!YWAQ=5hH+&t0mRms&BMJT<}@>gaz$QR>52z0Y%FY!aA}v>7XSkNjP;T)1L3 zXWAl2rah4JoK&L*Kbj*lQ$e>_ZeM%&IDkl0i~Z2~i&Ad`x7T)BkwsBY=J>^$0xS@n ze`81#4sp#{9Uer(JB1jXy7PC`Z zax}8o?oJA({D6rYC}s4`JlWkk)%&~a@P?z!$(v+#RixF;8KujC8N{C#93MOnNlRoT z$JzqulF1w9fq)E&CZ+nBo*sM3a{TMMajhVx*7Y}$cEo$v?zF0<{VM`3$d=f@i;|Mv z%YgdE)^WRMZ~hs*dEt&lgv~b-LUrnKO0!1KT?}t6>Cf|~9@Pvkf?oC+xW3VlNr{`y=Exfmq4o5uY` z$mOQru8<(DQot=arx}S+`AfB6TiWm~I!6OC$BTIBHiG5G;AYxXyhN~IBesoCu;MlP z%o^yMp7~eEPWfDbj>&Kt)vAc{c_WecFKvB|p`s zc2p6(fA-Poo~AF;6E5Bu;fcQe)B_TpKH%_?7ARd`PteiO(=p<4`a%%;AtP2yOKT8r zmW|E?;D5Kpn%dNy(1WjJiCQ09Z}a_k^A{9LY$;pZ(stolnRsJ(p3;M;1N(_~7#yjz^!I}SMWv+bc^eI3IKf~3gdQ$`8 zsbzS8Y6JI+$oLLHGFONUgTMQ@6X7$b@W_eThAgG!zt=wKCu)o}=keun1QQFLN50iw z7m{E<<{sO3+#jVvG#$%?IrP?)0L!MauyAyPbS#w3L%co5XjiHJs_mo$h+8ehTo%nZ=q)Zbn8ViS#)EF() zl5Y9Imma0Ke8lqFmV9U)`0=Ck#Ta{fv0aoUA(}dllBr}4 z`g%QdpPs8!^-M$n&Od*<8ufy~o7>vaC2AGfswKhU;X7klqF2Yz1aSLf_$lZ$9p?Gb zz``OVI2bc7iGZT5jYh4UcxPvaspSqTiL-*qoeHYYpMNoGH=o^|8$b!^9hqPK?v83knK?M}^tuDofByU>;yXBn z&Bj)fplt}9yCnQD+jUvY@hZC`KEl3ZBxKg7Q?hJjTHCsYFO|mM^kXb(PUFY3$YDx8 z`0ve>XZbhR)pJ;w|uY*P_y>?d}trbG}a0x(h7bP@epAKfqh^9-_48}5j zLy38!c^q~=kdO=mPusvrmCUjkyfXIo7ZApL=z3_0_3qDmvxhQ%^O~>8{2?@17p72>(T0&zkYyAL; z?~;X1sU^sh zjO!U0d7m@h|41$|QD6hOIbM`dSH~~YY={P{|CMA6kBUfcY+NkjO}7CWAIL!}RI2#& zqq$3Ja%qWJwBDuA1X(>MCORlA>=Q3#{+a!-Z?NKz^NrrB%4!iKTJ7VFX%l1PzsJnO zf)#`P{l7inPixefvz`W?&NtWy9WU19$)+`{tM_Y`LlwWDjd0t1j*XcRm5KfN%15PO z5);QMLzBzK{!w=8-LP_=;`;G%a7!RneSI%83r&Xub=~cq#kEL$+3Ltkr0r(|4&D7w zxuk04!j(VmqQJ@ATnZ*W{-F7DM5C6|&g@C|E?mwIS|K6|Vm(t~psIl6{od=goipmi zV3p?5hiks&r^gyPf{s{9I;P6}CabJC0DqcdQP094ioZw{1-?qjG&}-=0@UPSqaeh` z#}_KwM^i$#Ab-f!+^)`+6{AjTXj~Xth0F8myJ2=l!EkN9U*l$VvGn_*RU7X|qy9wo zNYS}fEWVx5kxPLxu3g;zP-s&m|)ZvcpZxc1GxNzrX z1i7Ftt=1)a+B1zx#R$j`^8?CMb5u(JB1M1uW->VVaQBE9qcF7iy&`k;xSCv^*?|cW zSxr)(3(y0xUiE>+0A@bgX1cW{l$ijFbgfd*@Jw&um;&tUZtyeIh-_t?P=@#|6+K#U zFQf{B_MZMkd)qCCA?8TmCtfV-tS2xDsWqETz|Hix+*0c-!MM0Y;CX#WOiEIy*K)%~ zp%`bW8cp{(p`=?O=q-1ZpHA#37lq)jbYLAy&ko9zY85RRv(rV8?(DieReIzB)j}q1 zg_TMhy9QP8`d6ZgTblfhz@53y-WtvAv9KsmHO<)_8NA`<<5k!!x!kfX2Drwm##&9s zamHDqyzG%IJMADePp$=85Wr~Y;JH%pQTCNd#I}ss+9N?)L^|I5xkqW_%<30 zvgf=RC|7?@!(n%F?8>@umE~_AxY_qJQ^>=X4VUGHAKBG-NV7xC7R6<|2+N0e3WN4x$ZP#FD?hU&P!kI|q zK+aAyN?inUpa93GHN373d+ywH@(OH3QWEWsmI|)ERl2(41=P(Jzgt)QCqxS3G-{r` zkLNt9r=Jfg(eoW9HDVo{x{8!lU;#u!YKu04=j3s-?bsquQhU~y;EfMQ9?Okw2Y4eC zZ5^$#y~xB|DZ#_3G#w-aOia(&rG+!vE+ND3!u57{WqU@2>={{3WnM~D=>dI(w-WO6 zLOu$o5xTt>Mx$}EBT?y$nAR?SL|WC4|uYDzvH=*`k8r_D{FH)YC8ZZRfHAZ>b_+C^7 zm5S9h8p^{LiNwbmd%5FJ1!ZcLIDRD~=sGwtY%a8q)Pl0#Vb{`HT8tI6!7XWzUc@AI zaSl^>Y1?7YCo@+@iH`8qesr3VsJe}rH5G7Y2|UqMV$4LvjoRfo+kE?rcW7PzCg`l` zV#3~G_yb`b!RRP(^n+$LZ&(U~E^w1e@MJFbwqEGt?gYV)x0=$RhiihTVfUM5`3;o< z8sF{dCEnI_GXaZn%O~q>`-QurN5!}2#gjU#9TS(^t~NV{gy2$>`=Z~{@0eI>!uinh zUxs#<;m(;3zZD&5-&yWzJKq0H*OpBvtBX2%ZYB$ZlU!fh`yJ>_)Mwf57jDQ%Pb&MU zv2APT*fmhVd)!yPuKx=o$OxR`MBuI3-4x7W2W`nZvV944WA!xXLQst`m*B|2BHOE;s#p)b_Lu~*w68EW-q)??Fkm!ksmkpfEZEgnY=rscV7))VG2^zSNtkS3 zg$^QVB}Et@M@-yyX2BWSOO<|+5wNoq0_viMa_%_ZQ)EpUyC_EJxsbyu)7D5fr1KOOFltuu&aoxWtn zLfR(BJ&KBRrdBdqsyXo@sM4n5>G!6%Tkrrf+e^D42eyU_SO>=~>Ey zRH{Lu)sCPr`xQtMI@@{9tB&nUs%k)thn}}&q>`n{_-@Wd!UlHWb&``aX~?n zx<7|=lkN{*UEx+H%Y$gd+@61?;iA>K`EqsJN>MC|Z%%%{L%;VNV3{E0k9TyYC@J@| zDtVcri&1*z0nQ9-Yu>IMbmO5D2|4Qw$lv`;WZKwjj4=C*G{*8V$XABLQs;rIYJP@?3rPCI zZ^rg%gW@LCMc?R@l)f>0c=w`!xzFJ$hSTw$@egH2>CV`=pXEa{-}aPvDE{{uxAFT+ zz?{PoHPD+lV0YwpkLMEg$K04lZ-#V{p?L2AILN~`qfpAB&>~6TS>nk3m1AZ8pl6Mu zg{Su1fp8^Nc9#n`Qh^`M1e78nU6Fy@WbZFPrhW-ILq`rDT>qodL%2dvg|Qn2x|kh^ zAztLna3P8p&U^EH?QYBYYGtj%$8C|v*$@uE-rQyKN;EKo#PeLdUFB77Wgs)@oqM8D z{`?`x@Al2jF2)3Y7|p1Gr@iFH#$cY-t#`n#L0^QVfQgN!}n@ zB$x5_VgopEKyNp#r9Y!rFy+=ieBuk>*ghVXMSaa?vhKX9MqdmYX-K~+`? zKA)m+HH#+hs7AaQr4Ff#QntX4V`;vTG65oC%zkJ8{&a>Wod$rAx&3fJQ|gI&Ag+`+ z-tt-1%)nSC&5ZL!bLHG)=9l0=R|A!etH{s|1+kYQJSKOY2T22s?4lP()v#5nweNwY zM1hUTxKIb@vo4E+&2Zr9BTN;E=KnY-OGr12v@1qQ7CwxTf zZgrqdNM9rZt%3P6t=av)k-;l|ZmZGubt{sUPFltRX3w*m;K_Ma?9?;)f2e59b$Duh z5UfLj9=Do`Uw~WCYi2tJviW_hiEstkAuFSBQ1D6XhMv0ZF!3e4q{Yu(Ea8({8VpVZ z);>5RZ}LrN|B`bn<~Z%`*s(6G?0793zp_y9`;#ZRzF0}71bX|$eA2jl%OSID{lvL_ zB{Qe{D5(`^OUj=x?apY!ZgSR+Y;1ET-fiZ>lSQoWG?obqa6D9?AEBAvpRTyv8n28?!nXi6dg?e8=1 zBCS{-$@wR1-@A@W+@-z*+!p|b&k@ZX9O_S(q=bdz=r7@5iz_{Mb*6T9Mq_nGS|HfA z6gd*ANJ~G`ZkhC?+hzJ+$WvRKLxTDPdo03qUHci}J~%}MiIH`!)a1b*ZR zrVC_*ku<-y3Xrr+1+TnI$_9tCQ@TuN>nWI=q8>mJzqcphnDn~AlX zUD<#;*Oml5w)&IEsMJL(ZTm4+;jk^VWoIho>udgSzp2{7mEzg1mu~VtY^WsIn)4iP z!Y0l4V^HW4jHQflrm5F5{n;TQQ38!h+f}F%9$sM?BGKN@+X`JFBFByzG(9U_&Wip1 zU`-84Jh|as=>~pCpLZhJHXvDbO%0zTZD!(eJk34rOu4#9&(5QD0VwZZ6lgP#3Nqc_{IHe};Ceou*e&5FlArWKF)8mgfR@kN zYEe!X(i+W3g;Pbd#jur58}hM_1i$VHb@wD=a?*HO1T$an06Zy? zi@XY2-no7o^NNfoev4RN=`(>nc|<>au#B|qc@5+hvbB&iePHNlB|$4GeRyRnr z*wJ?)B-YMl5r@4=<6Gd6An!A+=sgDliJ^_vaX3GVe&Mj zDg8A0sM%2r{O&3?c%9L0qt>;5ymSGpe~OvXW@W#aAQGgeMGua*{(LcR;2!HVQr%-X zE_+gc8ozL>FIF+&vELiSI4|565_X~S;t@Ljh(Ech#CV%H8gJwq>s0;C#q^_BTkYPv zYdnDO#MBpv2?9+*NrtYD?>f=w*uxr`F@rPmOH=iC^CQq^{T(d7)0iplIrBlI(adxy^E*i8uEp({d+TT0V(Gg7&RmE_0b z$;|288&fK(EDoQq1z$_XGr4{#RD4Zn)+(8X6Tez8tWBPZRLkjogYPt8$}#XwP*FRKQ1KzdnUFd!9MKnWISfexk7#o*f3RY(4B{L)|_YvaPbi(Zr0+e1h%;wz;=FV)uZs| zWSNeCJGa%xNtHHZoxah>O#lnd9nJ@Ny9HIRr{#2qw~ecsO>my5@a>V*C$V)lLEfQk zT{s3~8>82D&;7|096wv3s^4W8W-vkNDS>jvOR+_5y-`@>-1k8Jq>Ak(Hirsvvu&ea z5kl@8D+pFS8NYkfcFMA>&K#<~S!HjZ6kYb@Zs#y}4q-=cMmro=u{yl#kh1d^Fwviw z9bbBgF^C{Jqcgkq@C^%QFd}r?Y-37*+9vkmrKhlrQA+(C1wU3wygA1;>l4qFY6U_cWrd1*zup8J@N=Rvb*vxusa+4V#&2Chy zHggY+Y1LXSrz#c58Yg)lO#N7>x0cmcRBWG+iE%(L86=c!(+O&6V@_J1Y^Eq@!?WGJ zV)bfS2*EJASOh2c_}39NAx}NIBLJLT1_(nbBrtFIZSpwk3Q7}ret)y0VMVUihLXly zm{vT)e>)69!e*Y$S*&{$oHO7CK?8?IL+RC>?}{Dtwv9AWSxL>`0{geM7EV_3fO5vr zD~c4-Yt^KO9WIGuliN7Nkqp17EfpSdYry#Z6E_@Zb&%RjOF7;adZU5-!z*_>qxh38 zwa|x7|MN1E#s`RL`}>NXKsws29Su@Q#!Ft2qvgO|d&cC$GK}e1B^8nctWR7=< zuVGI<3l2h=QPT+V5lNjmAmpcwTgy#Ym}rq*R<{ĤrATE8fw&d0{0t1Txr9La)s zX~I2`5CzX9-PE3xI&GE}P{;b}ZKms`17h5OYJKYrQwDJH%KAlaN_#X7?R3K1p9)Zp zFA-N@rO&QEgsDR0TIurXF*HnlEFTevl?)(gGm+J!A8*qrKAL4ch3u%i5Dj>HdJL=!rQkB=R|f zC5Gu`#NU)|Sd)vUpfNmX`QesI{b@p2*kbz&!?$hCpw7GC4BdQ1A*D8*fmPSbL7Q_g z2COw=B?gv%4EGBiGW9K<1@ z5^L7S^dA+({V@4iQ=ZukGm*G9q0h`fGAv(oRLE6HPLV-a0V?FhQ`OmtEmk8Ob8x&T zJuwz?jbXZ2Y(AXlg7qhv=7WD@t3S_c?+%mrVFP3W&i11|c!?mapT|v%Td%99;C|iI zV5EXeT<5cAt$R%uD?pTS1GXXfsXcWq?w_`gSlla7mlj>`lRfeF1gxEF7pm0=l89Gq zWs3(-6p_>zJAJgb#~O^U5T9f*F*~=TBA#rCuq@=VhAktNEBGl)F*r>Kt~y#xK>;R@ zEcGnmMtQ7K1vMXoYeqe>LC?HzGfX@t$bBZd{(ylXW8p(yc;zCwQ8NAghi-kuSVb6B z<&4@mnN3N1OARu@>0;5z6D)NsXqfFh^#r!x;JKhSY=f+*#dnJ@i&(%pm^k3lIBH@b z!ECEYFnU?)eP-cgn0fs?X{VuTK)scu?Ro*nZwvaj_;o%}<#hJ|3Y+2vLU0}~*?5me zRC7CrQ=e?E(Un?lnFi_WLJm*5dT1Y8J#))F3GS7}clkiOBNw9H;y6E=JoovCGWQp- zhSTAA%sG}&meS))t@U`~NJX9AQ;*!kI#)dvTKHmeJMy=&H3IM3!v{MAT z)rxK)+3;Z2`z8x9`4FBb&J@pP_NZ?Gd{dj=9*p2gm%DUa-U2Qk)hSrK-DQ5mnKpw}UkRgnUu4*Y z5r9~0GEGj_N5b2`cj5NLbzpO85b|b4$Vf6K4o`h@3D=dyNfzZk(wqU;u3-mV>u%GD z7>D0QCm?VUUp@yfMIY)9T999^&`0>gj!9H`4-z>(->^3mFO1-O`rID67`uImJ-H^4 z5<31(P@q7AUB<48!F9)Q;+!*j)&A}BE z7n?S~y9d8;)4FdbMvdP_u0yh>ie@AE&`EcjM-JkI*sQORq|;tFUJqB;0Q=#O&hI>V zx$<3FG=!~1VRc}PSK97q@B>^Peb5>>+0N^RrF&4p(Sq1g%_H0WwP0a&g**p>(%3iV zv}mMKF?pxeK*)z;_$T3hbOz9AU!Tz&1KzQBrBq5zE0AbjXps>P0BN#*`u72Z9xprPV)K+S0f) z`i#|KB+uNY2=_Nt^I6CqSkTr#Ke=!a_IjPEdfXgK|MQ?}@hXlOGg8FY$bW@i5O;9r z=jlY99ztpvDu1JMI)sJu?ryf=*oUSRjR!m;cc_=Zi@7+JLj-YV(igk@)7Y0`yn3S> zzUq>BzZZA(RQ^uq-Zl68h_v0|9U9ONlJ5N2@;Wn>RROfp z-qA7Pq-%prR^vza=lk(W_`GX?;2)$w=dGCQ#rs;t!Cqg?Z7IWdyg2HrN8MfBRO)O+ zNW&$3QTSeoYik0jtvC@Xy)&qZ>=}98wA;HsSfHsIG2R@EQ1KjTH)(?7>#OV5HYvfs zvE4v;5B_!XgQ*g^dla0?%Kk&r{$DKks8D*n!`&E6C?Z^)`K(*keXv^MIt=KxSa$Vz z%*zTN@+(CQ81P?QfKq^SFf@k!6q1LAoXEMs!OnE2AoGfdp*E^epd)I%;wE3XFMFp4 z91(>&&*xN67Zm#X`fn|Z-aReBfF9;8$$&9}P?&%(Ua9>yr@A ziS&6MA?o5*a&IcKLJJu>i=n9&?|`UO;DgwRj-zHCQt1h)PNw|XogHfDVtxCVbQu0$ zSE>o0I8SE)CQF!LF%6wu+f zQnLnJC$;X?OQNfnm0H<4T=q<{NApGbUk#0E6-vvTU)=PqtgI)kQqaAGNmo`ZM|4`L z)ok`7JEsLnAW>Vj7B1wIJd3wWG!&2C5(+`pYQqixP4_$R^*s`g|^02-%KASIykhY?7zCmQx0k?zfB@r)T=NhEa!xa#;r1e znS`+}E?u4DX%jDK`)4BwrTi~%p+&R*>B$x2;yRyhcp8BJwD8so6l25~VUw}D1|=os zS@m1IBhtOrAG|}o`a(sZkOFzv`p-iz3>PPQ(>i+NKDD~j;T;MP9*=X}TQV_ByK`>7 zc<?%s!VuB9YnRyT7j( zq$ZNC9hH3ML@$tb;c{O7PMx(L`Q}gT=uU52;Y_~J^n@y>Se2Ff2Z31u_)=;d`KUQ1 zlX<}sE{U#$i`gz`ZX?OZ3oaX$m8m#I=gbIRa5IZ&;gl`jXwSp_r|XA&4T$W6*)%y+bR=jiYWwZ-oFESdoI^s6UcF|`nKT> zb1%rVE>@SrnyHOn(VdHgIL-EKuREQ4EEUlI+X)>;Vnxe4*`VbH%Uu^$Q1~i;RNX@% zhT}Y1bl&j>UgCB*D;#!>xU(SVhu4gwrRJq)KU#S}po6QT(NzA*)#Ed(ny7P)*FeM2 z%Q_YAtsTNz*8+o99AD`_%cDau$~8CHldK41blz+mOcXI`Oc>nqgf|Q0+VMv=?`M=z zP6}}wCOQS%j%)3qNZ1A?HCF3cwLkgz+1-snw#sOHxB+;*btjIMx>LFgzT1HDnLpa4 zz-mWPvA%k>rQZ`x`R-JZ?CW1e+lY%c=_tM_3_#**`V~GVBzw{5^r4sD{A@n{8C7d8 zw3sYlyE2Yk2I!I>`Yk?|`q)}>2O~GWmqDr76^C}>B!<7)wibtu3;RytL8W#GCGO&bzIsZZE=&m~z%O?h-SZuSsRqQ@ z@Y?j2z&b2Gg|=KC4DgKu^A)3HMnLO%r{+}c@NUOAY`%ex8#{!up&+&FSCD9DD)VVy z1KGn4lg&T+sF3?FwFV$_AL>lP+jeyEPv=3emG?l>{MYB>Gw}|#)?}4`uO@u`PZo+2 z%0T#Qb*Lx4{A+PPd`td6mNff&jL*L^u+1oqBJ>p) zoaD4*R(nR-oS=>Sk9;*PUpQ5(EmC7N^MH&7w)f$(jR_T^DPP%m?#9kiDXOzAOUi4D z43*$>%+4zeLdhM^KO`f$Ztki2J}l=~9;TP?(IYu3c(d5Jn!uLC_6>{^FhTQ;1U0|A zqX@rqca2rca&sGJEV+_%BZfxIjWGspZ?Eo}ZoD&Bf_9%BnS^UYYSTIA}Q`TY?$WEma~+j}NbDMB0&+F@6NOfTR0Vs&L&i!!8)*@edlcgxxSZLw%>yUvtN~jr> zRMEWyAnz|Cd0`E8H6*VeuFK}(cB{L8irS(paRqszwWbLaO+vok87m3>sRLEWlkMRX=$!T@8hMpqt z5d&ywq2yzPovD z*y?t)9uxCb`!W$~uh+bW86Nu8uE}=K&pWuyIq-nXbxdaY@)V4IbPHFHgp6docBLCg z%s*~2^SiW5j3$|UA9VS_k@{>+%F^aVxiyG$os4?A-fLR|&M|Ah{F@R`Xq(Yt9;x1~<56;wQokHMcU{-T;s zTUshT@W5x``>L6cfKlSnIR<}z4y`VjVjDmv@)0~w zke+%QP*i&0Jrw$BxM+v$`>LIQT~mF^77XCry5!()_Hbmb)2Inb-f&?<6H-hpe&8H;SCoU3J}cEEc&z;{x-DL2?(Bi%?zb1T zYlerV#W!MP0rtTC`E>imziK1F!u7cVFOGqgsb4TaB{)xWz*3F%FPh3Ok$*Ud-6_B0 zIt}o?v_>UbjtIWiU@_QHaBs~Kwb>XAjnsW;G6A_Fn=-*j4$)6<;Z_jl+_L0@3$#vH zG8iDRG>3*ECu71-?q=h=4)}D`^2y1D_oW>{ou=^qu-|Tm!rZR{N*7a-i&zH><+J4z z^~(oqvqWIT;oNWs-inKME`GyK4KCvwDdzr6X7&aWoAhA%IU5I?Y2W98f~mp&5)5Vc zRnoEG7pLsbLkRJzW9wW7S#p8*R3n=ceU%Gajd{>7lmZl0TH%?i4RZTXQo{I4pbaK! z=}!8#>}9a={EvZUew$zONptJQNG!MdlaNAB+w{Zp`|tpVtlgcAtlZVWytd)-NK@ix z0UFh}$DdJrzY+Wz+~;ZArav#LaddfK#n+XdJe{V{wzX~CYd%TWpGrQ7hnf70q1H2f(Q&2mhr2HCiG<7#lrd~3Z8?zuU&L)bG9LX6 zs0wE}2^4D;t@cMbNU35FT6BB>hGz(+LGDGqYY?%D&)2eUrsr(?ZA;979I@gSws>C~2=M2(hHwe3fXlrHWs!ZNZ!9;2K zo+3FdHD=I2x$$eWUpF|S+T!`M;J!jczLLnK%>|p-v5B57W*uUEuTmd36r|rJ(2U8Y zRIB4G%q(?YH09i{FNj97fU_KBbTZC~Hd~qvQ2q(ljcne#YLMZsgm(7KV7*c<6R7bA zO0Dy3uTO>lta;C}mO~l)+>;c&opN>qPJ5da`AU?ZJ`!D=v&&+>*WyV3N`kASvd6w5 zntYt5*x@*Q=6R}QPMRhL9@zb1TQ-`RfqUs}hLhvov>1@^{gfZeD#B_(A0@~GkSY3T@ z1K%3N@~`(Pg8ljbcmDn(8Ui}O&NQ}N(f$no6u5b*bNg*_+0ZVM&k2Mk@mLM{ti$u8 zfJ&+0!89D(SM)w_Vs$5BByRu80sbPF6N*&il&E1!7!R0s&`zaw<0iOycsI9aBN+|i zZMhYd@CWb&BwHS^6#zw?;^n%j5Nn5`LVut*CyUhS4e|>ZA zd*y=VISwu9@6T=%I{L;WE`+k0!?j#+MO*tn)=ERZfYbFmJA?iqP?vJ+)?Rffv`<3(>;=7f+@Ue%MkDkY_90*0P zvFYERpUEwG4Za2LD-ld(Q^t8hQ?N2jf~nUO+Wf2&X`mTojte_#R5ev&|PxGJJb_QCsi_@zA-T%YMN9 z;nt6EtCZ0eG^tF*EqVA&a_6>J!c$8p{j=z0;)OdNG#lB1OQLs;(WFu4+>gur`tHxt z{c&_h_Z`WA0PpX%u`pxy$AQActw@zZ65?E=OJpqFdB}o{`RjD-gqUx zmmRP2r2m%ycFTt7JAaUo@nBw2?QzE*9pDA&sNVS*qvST8TSe5s^*WfvM;O`+PJOXL zFrhy@*FXrFiW{O?9t+Hk0X8M8K@Vw*1ihBRB9taC7Bm?-c2(3KD`8guFH9c8=2FvT zd(2IZxSl~}f43z@V;hdF!=s|Ba;5O9NsUeYj3T1(p7$<%t`<#px-H$6baOJX&(91pP~+mW)-AKqg5( zUxMwO!V6QaNrm^y^|Y2ZrWWy)xvOrh^f_sLN8H>5-R=AQ%3P_dQu5*a z{QInt$OCID%FZFg0xmy*%650+c`CiC)JQ&IUlL@#9$KN47VimWb(sECPPOy2S<&SA zhbT7R%&6t+BH3*!FW(beZ+24&P9LYd{UrDHYtld9eUXK?1O6`?r`efUWyqmlxYf4r zj&108IRPL*bvF4sS$%gZMn^utP(NDOs*KX&0!8}Jt9QneZ@%^p>qU(>9ps$0qws)_ zk3;dwl|Vi#S7XvkbpG=BP6u`kuP_&(8+mFZde4q$Chd#&NO!vdUXPsr!`fnii@Ljj%`6z+UerHQjG!B}&c3;iFCuJA`_L{coI^N$-r< z#Gl5G7;1&gO2$J9)Wh;L4v#n-y=6w|v@#FzfYFHV%^Q^W)PCxUY!p81gpPYMPe~Y< z(n7by)-e-0?$xL}IQZ@7sAcFcojX>YmM@LuO2(+Vn}@^HPF5t`bR&(rWTsOsQNJU2??6h~Ja^kt3)nV+L0livLd1e7-EMxOsXn zLi+UMy9`&K@klM;Cvoxc*41clVmtjWM5%hV);Ix_4$uad*4#|!d`Z_nZ$7NCkKoIv zU|OURs8*JsMMe|~;FO;cW z5^zdSOg+tn72eh$kh8XZGVaq>9>DmdHMvE)l+;|8nXu}~S^g5U3_;gl$i?G0R*X+_ zo5~CwK;R^4Oo4=HHZfP_N#|I%-fm;opQeh(rGU;a=Z|m@*c#rnVyn$LP*Mtf_`ggW z|0h&D?Y`d*^n26kqog;Rvm7}^W{`JaRL*{^{FN-uIVYNl!`V0eE5wa1FT0*l5Q8U@&Z`zYMUB z^boO7rkeDcKpM}d!nDj*AQ?zP5e5^aY{_juNfv7*dFu=(gz;`74j{kdkdRw2N0LA< zx}Cqr>G?BK4eWnpIS>eWay-iVI~>j!y`ZdsW%8(A%H;wm1~D1#GyRYcCA>PapG}%v zJp?k){!(CE@Q)HQES}s?Eb%1|XAA5Vt@-bFO}lNnKl-?V%t|e_vPT>{amPxoxj%q#7?knRS+TYYn6g+x25=YdbIbC`&h*p`aUovQW z^Jdmw@JNyRs8FaCPbUG7<@A*M>VNlAFDTqr^>6Uu_E*~x+uP$N3VbL9_Kz?Jqh)3t z+CR}(JnSj}u!xvwjR!{?^nX~&;HU#tGxZ1b3oT2=i{hh548Ya4rv!`{LW2vVt0tWc zavEH>vILjrq1#98DcCl1Z*KX?z5ZP;(r$CrVj<8=TU4-$b&d0&X6sBfgD2HfzuBnX zP>MX9MS=5B^0aUNfDE-}JE06XHLn+(X6vzVtz=}U;nk8{)$5fHd0lL|tSl~mj@UeP z5SF*w$$Yy}%ERoMHqZkT$PR_xp-OHXZ6H?i-N7uynjw2>nKmPT9<2#>Nd-|>c}WFq z7%+A!lDq*wNJtpVNO{8H_|iT7l7DaB!h2Q_cx>W5x^P&kQh{q-2CfD@yDqHoVSU9_ z<#tEU?Ht}rr5jI&36os8PA3V=xBjH-q0(jiI8kio(E2EAY~|rroB;8nR54)TD?dqu zRLTyYn~wc@3Bh#L8@CTofgWfzrw+MAf}!90FeVL zudzzga*KfsiN4e`B8vtp;jZ`j*C*dKPn`)WIN^S}ea87t{>hmv3u)vckf7uHy|vUF zdkJ#j?p0RUs5_`WN6Lm!9LvK8*5Xd1nUU3zZACQK z@?hUcgo;U!gQkWPe#g{lsq4%0HT|)X%viN9YWi!gT@lb(Un!=1RAsHd*oHOVfbQ&E zXzN^~g;{r=FrPixcqNmQ9hlFD1q)&E*q@btlIWv{*(u2?omUIjfzzUi2cL+ELI2&g zwzp@Bn8@KkD7fs-fASE-zm7S-Ir|60>>YB_V(8NqM6hXs`%%Saq5Pm{#%Enw1-&FF z=#A7b#?^b^OQLEAc@l-N*o*Qn%1z@n2MhG^`=1tTKjNLER^Kb@_V9VemHr9(Ue114 z&`)lx(vHQ3=j^^T?fO(oJ9eMu@94F3{Q(0bq<~ZvT0#q>%2ZPQo0ynbPd1Gn4hEb| zKl__E=mI~)zA8f-LvDH~N_P%{NwW1~cfcc12tc6pxx zm$@VnK|%Z&q>OqT0KFW!zK1Oa!4Y>qHo#)vnECs;6fHOMCxzjFjJ_na7+0oNmJDbq zpt=6uT8~U4WwyL@!>R>>4Q9gI)6Tu4x0IzF0Gu=Z2Z-Q=GX5YoH4n$u?xk}VRWMC#lInsr5~wcn!#Y} zVsa3%V@vQ;`w*-D8E{#ImyA6^#uHLC0y0zSPG^l^cb1*_F3X~;l>2cNjWjnDTbU&y z*m6PeS8R*g69<6G@kY1rbtXq9Ub9TphHjd>QA zw^sbcdN%f%(Lj?YP7>lSv7lYf%@THxCfFBsGjYB02h0Q5fIfKFT3Tlh zXVe2U=kUV>ztuePj%4EOthkc5K{}AVPDs&EcLwo*|9Cm(^^(BZS>toD+&xwX3*T5c zOa_DT*zv$u2R@gdq*+vFqRv*7pTf~>r1e^!@$0QMhe|woC$bgT7Osg$76Ad3p3y}0 zKKI7hfQZX1y=#;?zF9EDg|rioEkO`+z0m*ZWSV$E#o7+4p!D)tj&=Bh>;{Fm44fXM zoeUq3mm*5<%23*uOO_|QlVugnjoe4nMdj70`BcODw!vz9ubp3Ch}k2hx2Qsz1kc`e zMUas1)nS$ru=#dKx$&oR#O6HaD|rYt^4IHRI6Q42jCidCM7#B}uYSBL8@YPe!n9g_ zNM6qBgdaMVvRcG+^?qSvJDityamPQ$W3r`rFyOzOMvIr;YDLgG0VP*%QqAAke|s-| zt2ZVN3}ARkuM{A1E0|`Oz5Y;$J3gzV|Cw;(U(5xNkdDMK`^)yZRg~bR9{Ipb<;Ksys$QGxz$gTH| z|N7~BYktHIc@vjIU$R8P44R?AOqOifLkwfG$MB-EWXX%Mhm4pqmSNuU zzW=`K`|%OjY&U2pUKKHq<^E`?^b2=c|jh`7ttsi2058eVMeSyTo^*fvW z_{>P~%L{~T;_}vX$kqfK-8VQ-H`ziZQkN;BH3A^TL+e^%^7%n_+#|~aU6SLY&Hy9v zcm&u}&iv22)7<^`9G9MfBJ@Z*uamS<~0bne6kwURsI{@~*ZO)d!YnwA^-8za@1&m>)eukOWa*7j?-Z)GvF zEWBsON?<_KET?44*#3_Kw^am8VRNA1`l^pm8q7{&j}>&DBEx2F^`j+Pc8aUg0-cs_ zS#d!r?$xNo&IYO3uVt;QXaBD=GU?KnbEiIo9?Q2?DmLJvO|F<>)3ZC@q(S6~?XeER zc9ZvV{L`zG5)zI}e`q1*2d(T!c&VCY^-zpVGN(q5mE-InV8_Ws$JU0#m4>(hndXv3 z^Q4ifPXCLUI^VK^MJJG>A$$=^PHo0b6Wk}*;=^-FoJ}QUGX`0A5q2!QWw8L<96p4f zHQ*0vFKfyNG0~pW9x{|P{-=%?!u0wR<65<%YubJLxv@HkA-h)mLKwxuZ23Y*cW?Hc z_~Rm~!P&nI^u^{7cdw5br2I>Fj=)3v@p!DjNJ!eP=jZ1^TTOKW+8SW+km5^X|3K7l_G&msx zs{n$)iE04RJYMBjLYBkQNzu8VP&2x(pulA61NwIeO}rU%-6d3Zavv}Clh9W@aKsf( zYxzI2s31TCWn%jE$D$p*ir4BTu$u;7+Sfw!$XGZbxDR|P}By|6_r%y={EN> z>0QF@+mafy@{S*xqa_G}y)wmvBPhezzUsx9&P)P0y<{HB$(RkmF#IrrQo`ADeDH{ z&y15g+s|u#Iu)i@X^PV~ByN{}L5(%p)y#e!v&GAx3-*=eeHQjb0xotLRq1b}rsXzH zz}zFoZ;FeHr)mSudTiN=wTn_dxC7s0Ud@P|N07O<4Mn4tJe%8y!cLrq{9?G1j{o82 zo^$s-dJ@I#YhL7jqR9HqnBXh$PoY$#mz4H!Lu+T0t0Al8@41z$vfsD&GDJ+2o%1f6 zrRMg(w^{!3sX(+Imm>MYy?u=(SP|RwJbLpUCvM%Sym(-fqLx*^xmfz}I*!!OQkW)q zPTSK~kxxCs1|9_5koD zmpGb&BU0MaZ2a5Y6cLh;;>I`Erp4H+^K{j@o<5kLaN}3YCe=(c^vllmejaocpcyFR zGy+8c02K7|f9f?RulCH0qx1Sg4s*1M&zOJLs9;)3T>QBaCsU{~Nmud8KLgH#|3q#= zg1%*k^bz2!$^Qf39qhZ_`7Vd~iTb4aG6}uaxF*4zdkcaI>A=E~yRr)C2BPDuRmHcH z<8Jf_&^o}%l1Y$yhgG7DFMf}9**>!|%k$naOSlu6DP4&A1zqj@aq9?><8<7}R%40Z zpTe3kC%%&(6~;0|+kd}kwWLc;zZu*gj@nLsJnso_>#9F<;O;x?idLCFAd1#QqG%5= zDX`S?_Y%o7DP+FGOW&ecHLxSa`Mt-&(*(Y%-`}J!$bR%#dcRaSOqchN@(~`*f7W|! z`46*UpTDBUqht?S4j{OeoGv*n1QEfu=pD8>l%#tZ8&emmydP9#Hzl3^8EHAyi30|( zsss^pj!f+g7Oj5qm7BH{ypl1l+N9L%4!cZuRd}VoYN4))-p~@!!=Z2lzt24}-wC=| z)!UaKNtm`#j$W|Qd4;q?;(p(2gcX9pt!LsfIA|zfFW^21QEPolRq1;bhiR1K89_^E|+}m!kv> zJ$O&cmuo#`CJ<>5kMuW+RN=(Ab~xr&PL6)6AF}sOCAWqxbvm%jK5juGS0QZ5t?gqp z&qkeNB8m`}U@&uu+c{1nD7hlgDWWmpb;uX});to6T~T_69#$3;Pz< zf4Q69VaRfQD=bwg)0o!^rh;=}d42WQc=EMHlPS`ddN`mhA-Phi>oNXqqO4zU?sWY{ z|1ui4Lws}RC{347Zy+-8D!6ycclQsR+J9B~;488N>yQeVKOFg#|u_mQD@+89oV^U53ch6LSyd;TgbW6U=8`I_&!dU?96CJ9`CDYK; z^cfMchs^It6$LNWS~*NLjC)F%IS-!3ZqHP-*&Tf~2B@(PjRcx7-hs9HO|Xk(lI!;J z(zWckOt#l-)!Pg8r3IUyfMhW?Nx@H~OGjIOUiFgSy1JAqJ{%s=9nE87JJt$pRrW$! z-WP%L83bq&09@kXa}O1kw?N?Bq4G`zbUEQJv6j=t{yfkty5_8j1FXhBGO?j4vYQ<3 z9f$Nb&L;5E0U^M7sKxK@E%(XV^F!3KB9ujtkY!>sJ*O!xQLedzw&X+)v6rbxWmd=6 z(>rB1TN&u4IOwH)dd7G~yP!;8MF5W=Cj^`?Zz!aBOL$sH)6A_Gal_5cC$GE{Wop$+ zI{Cw;>7NN{-0I@%_V6ho??Jq0k#`6%Q{p%BalFs))!t z?ue>zc{y=7Xl!Tz001W`A)*KX0GIwWS4iL=3GUUgG5|o@?6Xl?cknkw7sIpNzTF`b1(uev(~TSUawf&vuxN|6+wkSP zOZzBd!FJcp;`?d8PgTfXMh-ibg5TzC@BpoFw0Ej8-A%n8L1f3X&9m>k%2g-s^+R+d zC*SS7-u-Ii_rdjh@RY(SSBZYS=QHU_MKM+gbIJD|J@VcZP4Vf_^B3E-#pjcFIGi!# zCZigD?fR{@A?b5fbKj)Xj?bu=QO=UR$v=95uvRxiM*3Kw3@YoCEV?a><1iyK{;W8! zG2d9Alz6=J{ z`{=Du0)v4#F?^GSS+ShN=_r;-p7F|t$*vFR$R|Ayw1zXw3cD7nB0RS>j}#rZ^-p;# zicI&p(UMHhwbN@2FO$dN$~J_wcbBCN8mlq&&TE?O`l0cnPMtm|xp+shA#Z2nPD&8e zMztwx7bZ^=InIX3dDPJawv@!o!$c-#%$EDp*5?hM@ePK1Q^k*p&es}dv&8mq@uMik z=dq1xk9Sh53Oz9>cEK~D!G#cz+N=%q81z;%?5vK^IR7jT08Ilq zmRc65Lt_8GV4BfH=w9Sr&w8z3LZxdKAZd%6R6dOL5|}rEjL_d&lZqXZ-maVxcl4;!Y?8^xYrAC*yRXQz*~P!3L76+ zjh&+9D*Jih^&ip>vIQlMObgB4vfbY_K8d>zT>c7X!0EM@&JQd#JR4bWC40mx`;Y>6 z+>6YD$p`K#?dEYAUhYlMEOJ$hlltE4KL;HD+9l2Qbztd!URzhd=OiQKAO1%P!gn%y zyQSZf6GfPPg7)3x6eB#jCNr6VcCPKcua=WwFrf_XZr3tNHh{F0Cf|c)K!b{p3VuPU z*q3J>?5oHS&2^U$RfM9NSLI4{4C|(p`N}4uTZRu0`&zh&Ma3kS=rnc`v(`+|6^AJt ztJECHT;woXJ0IlP;`or&C&w#jnhpNwBm)(T{G^$Y*P@Fd>t7y#5YL9VUOFu4Vkk2!&3?l>-N`;qqJmtH0+KfOI|5LU;C*Gac`hnGV+cajzmg4nUUI9@vUgd63UQ-mNiqnPwI1sd z_mXEGfOh5^_q3Fd*)*Fgwm&rXuTaoF$aw64)zunvx3quR zb2}3iWeQX!IG#!E)J;kZP9}kC;}cjsbc|OaA4<+2BW&z8La^j#^ULa<<0>9UEQEEp zNnP4J5P{-Ylpa}9Ot{Nx=3_*RkohaI$08q%8kD*-RLX}f4qEuG2>WGE5&|c}*T4MH zFKBh`j?Q{8>DJAUfUF7hkuqhRH=rH_ipMeOW0NLGg|9FI9+ifZ`4&YO#QZieffFBZ;+P#TeQCU$*ThdW8H%@B+wIwX?(Rz!)WP`c*@N zURy3gu^;3h>a54s&ittHzX%PfvcPhKNQ@r@;4QQvX|jrKS!obM#r8}oA7)^0H+lN} z_j{OjBDcWVt@B9V)j=Zg@wC&6xbh)^7iACew%0X*ITCB2myKU>y}0dTK+^(Qf`&sZ zasMIXtnPzHQ8(AA#vM4ZDDC2yuBv%j7J?5@xxzN_S-=)%Mkm8tbG91#sO$S(kqW*A zhU5-eUvV$;u~cfGsjj4#Ef%OfrE+H4a!WCtd<3m+V_x22Muc5;Yd|cYSr)mj zQJ9ke(qL(m&qy?vYJ`1cu?aao#V1fB!SMK-I#dc{Iy!#bj+Y2Z<`2ebU7y#(JV27h z7gQee%N*zE2;_>C*V4$k2giI?0e_^>nu6MtVJ+IyfB8O;%6tmoCX*n4P9k9X3yd-a z;$a6&UB%nc9agPuT7n5UZHvSu7D|GsPUq0GG&r3?nDL*#^T1>t8BgrkahntvRy;&_ z7|83M1GEXO=JWx0rAjW0F-B%yl%UNLtfo0T8M2gVqp-Zrp0+nOFfd~2&ZfR6w!6~9 z04}tZy^{>q$kSMXR&kGg&)|+BYLCALbRdjfd@ND(sE8efr8AntJn6IQR6>azy`5Ci zuW3u&Rb^oC}bHud2ie+GQ!S&(XckiMXg@_Pglyg`a$pd3-pm~V(s%(xL zwZDbHNoNi6_>W7AEF;0X@ z_Z^RzBFM;g<_K`KsG2ME?WZq{OhrSYIk=t1Ayg)lk=;jN#|ATKRszg~AcMpSPl6Q$ zSEbDBK^yxpGA7*8GZAMSSV_Af7WxJM4#8Vb_N?O)aR3Ni4%R(rI#IFk=y8%9?B8#Y zsfrsAa6tnh7{hB9LVN^T0xr`H{n5$JD{tQ)L2oY=_7Kb7KVHutaIx{5ZAatN+Bd`m zJtBj{cGe7P^|9jh-q5hX*h%z*s$SqXpsGv*h(o}w2&F*2axVm0-?2uBoqw@V-yqsfAHI zT_s=|i~Nz$I@<0)6%pH|muijd2)p6@vkL^I;3vf+JaJkOV8IA&qwbvO4E`cH@dAzp zc`hG+KqL}F1}G$rv3Hn@tJr!9mk=M~hILe95P%M)&R47lDf9Ok7(HcGBLE^Ez_tsN z(=Z61vm8M|1o2>GJx803g&PD4*l#urAjv$(J7$Rkj=qbZDwfFT3)!&5wEshMBS3JQ znKY}AO{l|^$lEhk)5iYrcYy*eapi!))_@T0DNchJos!U*vOWO4I(>l*@v0}Aj=W#q z0nOhx0{`9L+iC81GBJsnGVv9GreNnm2tEv^M<*tnro?zw4zc>CZGshskH<`;^>DDf z3)bqP08obqL^hNfCa_I}1w~b9y!WD4!F#R;AxeI+1=%x;Y#mYlh#E)DoDM0{E<|Ch zN`+A9Gg}J)=4Qg5WVZi9;C9v!Rc3G$i1Jgt&M_83xBwcc+UIz9OX2jzv=;%iz{}r( zhi1~vC)8yatpU4;>lAo|KYX-Gzjj`916D06zqZUK zEENKjX$owVT$rp|O5I^L8kj-dBOv-Hp+w(rTOAb$RF84=nF-Ev=Irmu@*mV=AT6=Q zoj{Ls^V#_j_-zc8iJ3K&IUF~BAc?DFwn4L2Sr^pH*$V_>Kn0p&5qHA?3_`leLYo!h zOd#?KR34}%+{mE$jtpT*6hi_#$*fzD{4pf)2F1iZ*XJ{hiwSS5eKARxC0V1U~RA!KzB9aHa)QW|<4_o*-) zO*kV05LGnagZDThAJ2!Z$3VQE z8^1!=`Pr9Ma_SH9+>YX4Q!@eyQ2KuF&U5e>xOdPze7ouurg?0>86o@T1R(@4vLow} zzS=qJcSZCqkA5?K&2>k#*0r2>OZOnmelx-6nC(yj?nRNiY$ICc|u?~`ZzMkfqj<#giU@Lx4|Aq73QL&VVQ=paX_QS-z7veG~2 zi=;+`A-m=wK9%c|>qLybE@MeVIZ!0!sw&9D8M%rA!w?{o6@cHC+}n~R{eR_UUf%LF zD!rvvV|8^TQ4~(-kONF((y2m2!r3gwAtvzCtpj4*9Y5-pET!g96-eOJJsR)gqw(BC zDa=b7XWs=Dm$1t{2+rRnEHM5)!mF4kF_D-j3Oi{m-plvqqEKxHMw#Gl8bt4EB{I4y zp>T!u8jK>6MZr;@*z?4YBb2F!7KYE2nuwQsvhl@`Sk*5m^Q2a_u?=vw)F_LnMskL3 z^*nE1^+i`-(pw80!OB#Pr{=CWGg2$jtwm`wUAqdxIuuCGvkifT6! z7Ez&UV6Zx`op{n2<1_s$Yx2O3=Nh&J;t5V=>)d{|r3{R>3v$Sb#tZE9@WV3F+=zSH zQ1gRxn$>93E6@^<-k62PaF0BiX$_&sidxL@RZGW>crX`4!3mCBtb85f-JQasi)Z|D z^*%DPXMit)B}Fg7A(c)iC&tyb!siY##fh_1Hxj|fhMA8jUlLKSYw?^pOs`XLemOmF zhdyp-W*R6_YzfnA$I+kC#1YVKX>y}^DX>IJdH;1)13mDeOtfK-L=zD=y@h)6`q3AR zQqRC(<*VerM?De{dKA!#%D)fsn#O7=D3vgm53u9=taX39FBw??{2f}4P&Mj;TVz~{ z55*5|ReZWZH>$;iiMd?TB*}&3Q-&1@v{5`gZJ5RR+cO-Sg-&PK9@$IAjuUsDo1;xq zorM}eVABc!2jxZj2;_rL7azh~GM68sF?%Zq%)FQjYzFh0*XO#hLncUvnP-{q>ScOM zI^9$hgrjPXDTt?!T^KlP=Op+426MjD;nn5fA1~8N2QClJ)wPGJu33N8R}5i4-Sb2&2#E z%?g(fADBJjUkLNqKFu_Id%aS&RMLby~ip3|Fvl+oC`(}2-25LnpC;YlBc#YKo zoO*mb%k1+ojbqIn@2T8^q*FR-&okH`I&_qkDP0r- zqbo{~il#@QT7;bC$@J&`d0Lm)}HwlHCmb+USIw_n#|FQ=#OA3 zq66Sf`)iwfz<~#U6j>!Z01B2{LRmtxHew(F2 zcxpckbl@Y=g(d-`WZ;{k0r~o7P*x9b=Ysiip&g?{d3zn{d6sH2;Oxh0OcN_splhV& z9mZx3RGNq?Y2Bi>AhqF167pd|Y8CwF2DK*f*%gts_f|-ySW*ff_h9L2?x2Nrl1((v zOO&8*geC1{zzUnR;b3t`-HzX@rS7(|GP0v%tn!>(rRL^v?>y<*b|zYl z;OheQom=6e%-8+`zAMBej~b9SqT6Gb;;izKy^|Hc1kf;(q+2>_+y>b`ily9mhp;&N8;@mvBin${;+DjSc!&A`=xVY8YsT*`7)^bPe2n>q5iPkeaDC$>D@{VV=^*8eFomKV!hPab z`rBo(uu*{K4Jh8-#wu}?`1dO82?DgymWUU1qU%S4=&}8Zy_d)}M!&nE3&2V#gp_a` zW8VM&>O{@qNC(Q+01!4l-!`)^I}7nx}?uB(iN<$@d4zD5C#XLc)ZdF zxm)8|3N!-N*Mutt3|L2kFajk#doFjr+G9)URB21V`8k9Kvuk_N0(ScPahO&*=9w4S zr5fNSO?Q5cYP_Z{7&`=o52wFNG1UWO;**I#HKKckJRi1ZlJ%;F2|TncJ=qgcshN|g zSLLcO&ocE!E0L!n?=1Yj5ml8+Q^?mXYN&#o{Xz*NrRS;EzQFKZa_+5_TEftURb2W5 zVhaY{HO-j-6%x}X!{q$o8J3&-=6l_TX|`6jH}b*)QCUUIak6V} z;pJp(Wn+<8ml(ZlaqHKW-bjJi?Y6xMCzryhhC;J2$b z^K_e}#$_SG5+MUo=y=E&$bg4UrrV63XFWFf zEh-98zv7~TLfbUv0uSLwjB0#BN7VHTC8$eF-l;jQR&8v6wO}j}d`s6ZYd{F;3BzOS zzT~u$!qgba4*WOyH5JT{ZTaVZ&2W;{jxv%g)IZPbxSu!cw0YTuV%lx_ZrhF8OR5)#Wwi^T6W$dZ&*Z1lra|D&p)R6&AU^AIC7<%}~Yby(-p` zsy&Tzi!k2I5=*>u*0kZ3eRmNbStHJGo9l#aMhX`2apo4E4P!hRWH}P~$$V zuVJ70r7h56S?+3Cj=q^<+Gtu$E4DY?2W0-9`2<6JLnS7eGAer-8*U3cn>GK1z)C+v z`}>54#D`T7xiS1z7k%2@F7T6HiCdTFuYrR-ymYv28)N0GdHdaoLsMDs?=t}iKHGFj zgkI4nXPel$A!XU`FK-v$;m07=re(9`U+HU~Uw3y28#}*izI|O9zU)uBJL+HO^S*5l zjxNDzZkWEKOj%_rne%x)LG)$7=x4neI;+bxzW3G~Y@oBh#U7H-%# z97HJxnwSO0y-W9Expch*XVd3w7-3N(T%)6woC0i-4?%JuY*e{V!YfegTA$?ndn{qM ztm5V{V(!gWAUHLQ?Fr3f(MTuTZIn!(euH}Z_&s{WrL;fT$irkVHaYAmvMVz$>CEsf zTH1Xi_&ReI%+h8DYXi$y%PvV*e4VatX`Bl8pgbU6{?nb`I!XAa%})h6WO2AF$Inv} zz{K6D%X2PgPc|v;jf+qXef&4cHU7mZHSn%BC?uRCk__3Yv?=^g&N2N(u>xyR@NQVW z;Xs@jzgxtfha`sEB2Nwc4cuRPZ_pATDH~4yQ6n{^h7t_Qr4}Y@2(lB45-_`L?{17_ zbamF@T&PIaMl`E4M3kacR+CVuh~JY6LIh)+Ryl!7zG^OWu|@4G*@|0qmK06Up0pSS z$dk+omJk|{HmabBef~R`&!vp@uKQZZwttiVFtHRs*dQ!VwN+voSi|%=U&Z=_uAFVo zhcQ{Ktuctr-mxQl3Q(y){LXA{zDEs?o21){M}z|QmC6H*6lR<=#9j%YD0Mgn{#rnc zT?pN#v9#P^bjGxEx1mEm=DSQ4DUy7T$p{T?MxB4soZqaCf9WslRQo0|h z!LmZn3C%p`QkuLN0F%CLwObr;rc4c00`iLE@B}G!DO0l+hS!g3Vr3ZPeQu2?1im6R zqin<1v;Nf4$=~#kc*{nN$d!&BED9i_du1Ut$?{e{kL65Y_%keUM-p>z_(-yo7$FmsRv>!jui%C zYBCQ5hvR0@2?K9#rVb7|KF*d`d$!rQ4{i~bwyee-S)A@XH;*BVZR9wcQOV4L1qq=L z48y|KyDE=uMv!YWFbrj06xGw=%_UJx;1_^@&0Z-mC3sXzDeu5fDvfR=$=7@q7u5`8 zE&bO`K-1Kt7jmOH1q`^DS+p~w5$sUD&#fj{d&Y6T9HT{zskt&-Z#15$fO-5=)gpLe z9{7B68v<7fNOfg7+CVES(?ZM8l5_j8sqyJ%nhYKhulEo?stwzaCZx?BZ-kR75Pf9xF%R2PW1)gJ%sDhjcn6YpYYY?FK2V*?1%1`z^)HKIjoJJm+TgM=5PCy6jcbp~5 zo-+wytp%(N0)NZ1JV|%}(+zzQ4MLskd~_0=swK`&ncF{AE8o~bi^(mL-{niiY0bDM zKuryD+<8qEx*1j@Aw~2}pI|`)CE{`$KK_XL=r#Qan(7b0DmD$`om(1cW~@;23Z)VX z57?&Ob`CR98FvLt0XQD(re4jOZkxQ@`%&(iHnjyQSJl#xj)WhjOPh^K$nH?0?f8A9 zcRNZ$DPbek<^4D(xj^0xpF<3)QHC=i6!gxOV{a$=jCg3-C@j0r37Pd_*<$l$=u$+O z*}s|?o3ymol>%BNLFLy41eYrDZ5@cdmw!7X_(6Kf%8U80I( z!j^`|FRD&K-lW&N3z0y~g}y~&s2+E6^CM(?+Q|J%;>KBXQB9ECHkHHXh3IDfngc=v zO!9VYq4j1+RVsz!yOiJ>DWI&}pj8t<*O;<*h?#|ydPVe^if>CBQ0(Y+Hdh-70Ujpc zhr(rCNJ8s3>QNA>_`OEUyX0(Jhh8&^w^sVq5V87m>6#1i_p_s%Jei9}K{}vtWolkeS5hLviPey1`J_eJzAt7VW2Hn+R^eAdxRbEo+1FO z(LtC-=&RyF>rr`xShVzzIcHX`$%=l+^f$a4LCjP&LDq;)tTLWSse!X4!MWdA@xAf# zpd2zBI2-G+92PliyX9rZc?seU)$Zi{Dg2M8#$mIV)w5k^G^+AZ8k5Ih zA-DzeP>8FCKTlX=(O9L{W`7i5IM=E47c8m%s#{7hnM#h($Z9G{KgbF|%q6l>xZk}d zU7hx_@!4Jy$^6&MSsRM7n1~eugaer30XXX#{{}La7B|P4(DH0WRbwCfbp1?GbnUB6 zb{Sl3%*;ZM$q=92`*#K>-XV;@`@qgjQP^0O21enpHF|mSyf^!nxGk2XRP6RVA}^K} zA*{tn3a@q5GBmsl`RF(@uJROfeN=wl8d=_3LW;d~u89;`(FDc~Lc?7w5=6%1kbUXE zoW}`drIQdAi;yxWT~asmCe-`cur(3W5EIHTIzEnNQ^DqG{%(bQa<xf%J~7|<~+R-p3@w{MyS7)>WWv@ zD!0MvbeeBip9uGKS2O9I`Z4mh(%ljh1Fp!3O9i6hqzezIIVuWcTF1@o+R=6W#dmVw zvVz09sQ((un~H;4&_AP|Lo`$XXc*WOwrcgDxQJgLy(O}K@E{uM*(wsw2SQ4yOES#a zo^PbJ5)#EHbwe)!x2~cV=Rp@@FZrquEq|F`4C_uD*s9ewZv7$ANr8JMveYos zi!7+vjTYA@wWp^NIBf_te1Y{*a#MYes8QrFz0E|Yxh5v0IJ~pPzu@|MdG2F*iOeWl zi{}$Gv`Aj?4=9h!>A{R`KY!{D=6D4_R+5==J%k8{CC(u(xOlVv3dLW+VM68ht-{Q; zs-c`iD{MBC`kAc7@RdOPjtxoh7C<=B*%KP;#PS zr1timlYxlbjQAuf7yyc>fRt!yZzl-SELy>#v*^n$Si%xt=c1`u+&u+bC1*iX2Sa8< z*W8?CSg`_Krf8)F(+o+Esvrp}vieL)3q|_;EDj6`iAd;wa_{>Z+BVKP?Qzxi?38_+ z=|v)~JU!kx2 zvy1}Y`(&3P2Dd6X8A--dba2vW8<+Fbqda+i{qN)m77=eg0y~i(6H(25 z-Bx^!^mShkx;)cqyvgt-5{p+M!Q(IqucXzkv*hWM|L{Cr8ial8?adcM@ z8o|Qp02KgE{KP~QP1a{<)O2cXqfUz!a%xiMC3M*35!mJ9ql8pv*lz~6@JacLTT1Ws zQ5y53p#}Bxa!;LD5ws0hZd>pZ4rLhGK**qSD{-htDT*)%9X?xO4apq+{7<;^&G69;d)gdJSA=#x6MEP-lSLYxv%EqpI5>p5%2B$t~rQR z`nhJh-B984kH>;alqUP_{B*vgMz4Eob~bO;JcKhPk<`gW!$UEC0?a>~)(741;QNFe z;_dsQMKpfm^3@K#+YLDP*`Jp0ronUi^!3_b=wS@g`6RdDL91}N8E6=eXVRZnnAOIg zK)}r#UGLg2=r>jbt&KLHNWUa=$J)!Kl z@k3hl$X@-Z&TK|C_Oj{d@zW$?UiUH$&)dSf189z)-JR(>54n+A`n77U%c_@{2ZzfN z5&wMiU^Fcerz=M+$PZ_GQwem-2LNzWgF7cX0k`Ilbjf@4On1Q!Bd+(x8mtM%H+$-` z5=2N93YXkLkTJbUjY!eY)hKByF6{FXD<*2uVs-uFO1YSo9SchU4S@PQhK*wN%3YU^ z@QgMbCc6o(pWHDKMLe)IQzwanPA07L>pGKnvG4!#od1A`ArpFbP0*XmP-_JiTVw^-iL zHRMA){5(4S`6X*O9zP)q1OPplnga0fiqGpl!$htY9ue#9K&szKFLh z;t!meFD~0+bw43c?EbCNX{Lc;#fFOG)DLUrzD-pi z18ocj&0!#9!GHaf$Rgqe0l(Y&5g?9f(HzkKNA`CyER=sj(XD5xt%#z~Kf^}`0 z;&*CB1`TRNhZ0CXWMBfm6Xn&Gx)h(v<)s%Ik>bGgSa^T%{}zREVCW_c_%Ezt-je(m z9s~Pg{_8gha$DVqA3}YT@VIL#04CUh0+?N^80}a0_ zkGox}JhW$0bX)S)d{G}G2wNJuL!~d=CtlGedjxvgz_d{pEy_iiLW>WkolJ1SPwcrG z3d_l$C2Bets0;XsUFlELCC^DYV>o-UT~fpE_87yCb4H}X%f{I5v)&3~F@{po5rpi# zN^9?tI6Y|q_H_6%Mq1?h#uO1`dEz0Q9~3&+LjLN2sLGcO*>VJK6(!RwOEE2mAg2(n zD?G*+5UIO1XP1m{Y6Hs5CQ`#iu=}}$STD^NxWNrYgH$M%e%_*BDCsvf>S!`z(O8BqJNl9|&s{>|$lX1J3sbalryeI@spgbuR>SBtxP= z8@-b&g*XRx^>TSV9HBl`M=E2Y)8N0W?26tyfoVZ#?*{~j8->@dtS|;b!m#YL7(~ag z9db;>wr_Y2TKM4!jN&oG5}i?X+}N18=dP#t@Tld44v1dwF< z(SXP7M?P{{^M?7B{(3}#WISoZOIu)JUe-)YTp}rkXb4o1rxWyE6mj*JdJu>adv=PH zl;Iqwr`pC2*%Tc#he$jpXVB-bjoUJ#OMFdYQL)E%Z9!sO;{PZ}&=BK~kA>AaeS|y; z|G@UUb2RGVnd92fyp}KZZ!K(g4+I2&KVC`?y9Q3%s0LRZ?%ahhb$VwgL=V(X1o1FB z^BFXXSs1X-Dj*XeF`alu{sOUHY{STqjvz`lN0doOM-`Z@0K!clkfTL=nxTYfhB`=U z-T=$n0JYDk+fg3)-whzw?d8!ksj-_et=RPw@DE+(kww}m*X)xML>QfOL;uiFCe4?> z0Xd8B#&Z9Zj{k5vaB2hqNBgcB`mc8Kj*5m0l_{sH7cNq|YQsz72UZ!S_3wb%M@kKl ziE37viVq4n6rWPOxcsN1{8UO^Wmr^cPc@{d;TQZz{=|vP@T1VSfuN6Hk~)2<)P-cC z?m<7sOjUhZ?Ft~2VpZWvy2M#YxK4&f5iPc%WKfyIdBS1N!22I`|2$yDOCgcG(y3sl zmP8kU7QonT@BtA84zLaMlabSZ2N#NgmJSZj??MuNQ?1&oFEET?j*ob(B8a>-G`Oya zNjq)Z08E9Yv<}+^w6~$oyN1_2v}Z3<7XF+7Cs+INb@`WJni9r2A^*J7i~%?lDWLxk zDqeHaRy=@4TGjAK>zZ7VErGMI+`KwG1nbpEab=hEDIY{_J32H|0nN>wV1?XAJ)@S zOS!#tJKgpM0kC4r7A!S3wQzHD+D1i3yYKj7m>q|gKD<4i*L>gK9xPaMb9a>4_&PY$ z$&hQ+8;>eu5ynYi4>Td&f)>b8ty2Yfi@UGx_m^Giqd^5q7Tj#yPKWt9fu=2O2wva1xwt@W`&_?YBshA!cM5z%s8-$G+?tN!zOxL4cqzJ?%A;AD%?a(oO*eC9H7 zd3<#Fa>A(pJmzn5c_&@B|6E&a`F^iC8o~ysd+Lo`t}Pu}Es2YZXEdWL>{6mXFK)Ff z&~P5_T#eRd9q#-ZA8CNLlx;58BaX}DZ~z7@)#y#{+FwPReQJ$L;t*`PU%sgnm0R`q z<9NAkwyQXNbQnor?}z-M&33(f)Al}{{OzaPwZiXyWlh0NlaAFSI=ebEw>3k{|E^UR zO2hKO_w>c!h@FmFM4_81(?5mr;YfV$CuLIdM3E$wwNLQylJmtJyq8Y%b)q#3V-sPD zOj%X!r`hhz7c2zu7Zc9rRx{VS=Lcp@{`C}du|a_SMLKry5A*i;;E2&C_5Nrw!(3_0 z{rnPnwCQGXJV|OXDSz+#$}0%;Z$(8$WaRzc&TCuu;dC}z!;7WD+}Ape^iMZBe)`K|Rx{lj<8Pg%S2bapGo*6;6w?%JY?#^gq zVM9az+??Y&bxjeBsT6fOA7$0U?QPoLuD;f1VDJ|$ce2oywyTEW>4C{LpCtLe*P{%( z?oU@WwUmN{f`W#9vm8H79gX`9r)l2rkNf%O5VeX$W$MR(_x^6qr^jSEzcFM#Jsq9H zqa%30pjwS~t9tEeT&kY$Yq+H;dZYd>tL5@6K_nlq1C>H;oJs%5*^+bVLJRiVA>L+^ ztPZSG1qFLeyRx?L%X=RMzJ|+A0ZM}P`l!Wk{P@dvvOK5Fj^@5gOcZbz2NDK<-6y&y7 z-}iRQ(_{vF%ZKSo&^bY-yb^O4cO4a1{HSsIym_;X)^plb(_#}_Qexc;DFLvAIFFQe~mg{hO++_1>RZ5GW_k)_;F~R$|H$IPxYFf?KSofz@No07F zCciRwG7j1OUcMg6*=Qu&8arDJTzh;_E@Oir5W1eXyr%iyE1Ukh=qTwN2%jrcFRJO` zdR%`#UtC`1_`X@ptFp_9V|gXf*!jI**1^rjfKH@&J)A7t;MshA`8G8*Y3?%6(CE|~ zhj&)7>0fP3OrSLIn60j^{%({cw|GgyX{zzHf9nl<_vO)3RoZs0sFz!;dU9^aIo#!% zb~~yXn#!#ByJc(3w}r0?%i=gUsoFSNMO$U3qN{Ax4(OTmfDg{ab-z~mG%8i5b{kEn z+$u=0Z=m5uEi7K&h|-k5eyod*o&y=#p>(k;7~3*9r-%-GEp}*7p-i1bUYTfN_3dz%EN;aAey6nitJjUi zbYjMqftFUr(`8JPtb+oFvisPR&z`JAb z={U#RK#t}6bU24#?IpLpuCBdv#m2Sg&(PcTzvr!v>nl_1KA8C{+wU)B^c0+@UBNib`AO6F+SKNfF8;@fd2c|ghJvo1-tqCZ zp02K|ux7jEVY;NekJ9bswAwniO3AdY`o9scc`4V}ZRldOg39{Sk<)yT9Ald>?J`rG_wZVatVd`oCgu0J^FqrVIiKNw^>CS4I@@Q#&dkQsR?<@AfNrC8e)5 zR{~BLC6%1q8;pEtSzlS9>=2Zdo0Az>&6%c!gm!RpBe<1tICASHiqzKLly9TZere%r zdrbHZPtBcFlr*R3P7g@wzrwUQ{5H==py^5|myYj`Nc z;wObN6>Dg&`zbB3Evo!{ezxRO^wW>iEB~!2Ek*o#|KjI&^ZrTGe-Nl)ns2?{WSk<$ z`))=U!N=z&ZTJ-;0-7Nt^xJ5!vnG};R9(5L;7o{YUp} zo}!zE``e_Hf1I7#-@w*&-*w!KVw_$|v%$&g>ECTsXy`Di>typ0wws!%kB;zJM?TK7 zbe2x$B-T+DUY1AqAsg#Qz0Gu2c!eg;xwxpPiK*#Q%Mu&w!uQkpH3C1T&&3K;n#|Dg z{qyBIJ6>>32kAvh1HX+osb<0K4~@u61q1zg8-Ug4FhYg@^I`w)kVY;WnVXAa5+>76 z?|zW0;t>n(QQ5)WJDY*q-}-^M2(-`=l9?zhhrK)H>LiM{%*ILmC} zgKjzGU!SvtfD>hxZ^t~vm%(f1CL3|_b6-n1qTl*yU2PRns`xk5OneDkkdIiInhv2<)zI7!q^Zh z`I6WISeR?NzuJZJQrYdYwduPxJm%M@&sXALy^=ozKp-Y2CkZ@H@{~&Cs8A!8b-gYR zQ}nWR-QID({kQL@4iB?R5C^Iv)@@lf3fvW#(=HxPFVJYz!n>z6(VGoDWiPGLuFtWb z)l<99p5Y;`z-;6TeQi)Qht$Dq_JT)6&7BMQn+$)w!wR)n*P+k6G%SZXc6|G zqQF_#8V6AAvjI4OS8{c4&|nYh;O?KwXApvta6#JzAwO5vmipq&=DYZb>B3wFyHr=} z?amXNQx^Ig*eeSyrr(ESIP(=+`FE6`!=&a`iXNU;JL|%B%KpwyPrZo(Wny)8b#d|1 z+1lGWM&#Ps8lU^KPD0~GCiwLCaY;x>2n+^2E{}Wc^zr?--S~J-XWe^EhOYPF=ic7l zvl8D*m(P1N9yh+v!|YE%BSZUzrJMI|re33Y=|MI4Zs9tKI`pvRFnFxmwLN&yuKQb8 zTYKWrk>aW^B{5O?^LF!yt=;9W3i>c^p3Dionzo|!j$uSfiXfBHf!Y1yoQ!@oym zk&pD~Xm}^5bnUHD)rzKNV1Gi%Kp`MtNMwJZyz~r~iPMC*GXln!S+S2bs?Z{7Aq9+U zi(NZw>rU7Gx6g}_52fx&_=j74FTU6BmsbkE@y|oIHX(%@rR=7v$wQ@AOVQ`{cam1= z;R;1sbm^+ujTU!l0!o%GJ^eip8_J_bR zbbs89PuqQ|?LkO-<#>Hg_WzWfzMs3l>Chv)e`sE9ZS8T6-`7|Y&5s(HlIDLxw3pZV z>BKkL;F}(u)r(&ASs7jpD{GVH3ghu)4uhSAgR=vt+wI;T=ktO$ip52YAOS{p{;NdiJw7%G4QlFfu z=kznMcpuKrz@YAdj~-wyF=u%cQQf}X*E&A1N6X%V<>Api4U?&-qO!O(J7wS`!%^~U zme%9!pQ;B$un;1sJe4wGu5g(q>dvdi9{OJ~;S-T$LdcmiW9oH1GRlhZIXz?4K#|=}Swh6cj0Ctx*|0;5{Bxgi16YKbc`+ z@kI;{nn%$j9UZ>)Z|oq`<6ZOXot4=wsv7Hu49*G}$M?ZwJ=R_2#*B){9D?Dgsjl|& zvzUBh@F1cj3G<_)AF^g^OOHCw8}-ANG-#LdghQ9AwA@ZUv!;38hrF&kzvRZ^ehl_{ z?f3nzrsvb-us`JU{&cxgNAl~}(~lX+l|NrzURGHyc{Ix7Gi3F$%hs`6?iE#s)w=zcyfL;bsPm7y_v@2dEIXB&)ojL}?QUFYWdKa9O~R8(L5E<6YV z(nyJ`#B5XP-GiA$zZz9ln6od4H_DY<2hkR}>sLW0pMS9kOkK-b)#7W@opyvZ7<4+U#qxE_U} z-+Ffe+18oFYgf4CXsVN-|7y}N-IHvi=Blwwn9H$QZuTX)12(wj#sf``M<8j^u7Ij z(}^%1VZ_Q+z7$HBs*Vw38I^68&a$$zi|sX2cOiS-A^rpJ$}hLDkhR-?abm%=(|k~0 zgb?&f-XRTf{?|jM1$=ij?Ct5rZD+?XdVM^dV0bu(oR)`jCj6x@NTBp@E32w+AYs;|SHG{Lg`~**?l7~`_kiyTvUzL` zH{Fx0(`-d-)u(B5T}yqb9qukJXZXv%8z#4gH!A$KMh{*b$EMEAXy?#lUk(+_#++hN~xEUcZLC$s30ZUb}f!?aiOXcAvc>OIb{_SQo4ET`3Q!z@i?> z--R&_ykg5w@R|P*{=#+^{4`u{GDpR&%FV4NU&Br=_I-}px&5zY4N#=L-~-d?$~l82jH-PcHfpMM$# zyIb^td2((XD_act(BH6#iXws3YMxLW;dr_(i}P-Osimc<37MDXE97;){Xo6{Sg1t# zYvh`bLm>+MYRtZOU?^Aj6RgHMwmd6q|Hdu)%{RKi%e-o0a zajB@L6S%2ttUo0t32PL*-1&6|m9CtqN<|z_9O%ZLNo*GX&~CCddon+qm(kp2Hsv!< zNphR(4+OBOqTV<-fSPow%5pme!uJz=AJ2@89Pd{QE1ly~kh}|0Ytq$V>U$OG{Z}~s zZ?(<;#sZA=U&=}C6^A4VR~Ox!rFrPJ7>q3}oFjXSv``l)gD)p^E{H9klZ_Rt37%+- z@W2Vn9^H!rV%AMaoaYH$?<#_|hDvv?|5Z{1Qu}=M+mV(SqmW14=i{$N&J4bUgpnnO zN-2M`-4*?$B?@HKilpX9b`93<@5KJY8FmfyV=;tOMt4zUTGF)1-45S4`|4fr@82v39OCz{7A*ttM!)|~Mw>iE;-NY>DUMWz zib}plV8BC=<#;gx!DX(Z2#0o=(e>#@Y4gqQbz`Fk41ARXHIS2&t9RWQ3!?MI1}TeN zGlAF)o2fy*@RgwYdLi}62Gic?oU4F^qBx|U%F5%iyYVePP%BXC&??o4qoBAQNV-~I zi?lE`-(26chphg1RKKh6g4=Ng43*;;G!eGuS&uEx_3Zag)cthIp_h(UMok^Zsqb~s z6~1R?ratzP2J9DijiKM)+b87iwaLbes`I6yn@`s$Xcl)eZ#&(VccD>Ex6YHg@*mJLk)ARI^m{IxC8EWhIDDAuBhZcRd7@ccW>hDiz8d^9QL+ zNUGn0ERBSeudfflSSWlRTo7~#DUFppVE|!+#yU*Q0ei$YtYdd@z@{5lSt(MsMe<;+ zyRUB-Ff~+swqFjarVYNV1YptmaG?;_7N{F7|2I~rgmB35;-IH|R;t(O@LZa{zCMkj zA^=29X+k3ETq4s1R1H*LXHfWdN2EA3H~fO_B&YF;uYr6f?Ua);GCV-6nzxEK{jza(LdP}V@{nzBaE~1A z>-%T?{QOuTZtjY?#6&@t2bV3+C+rhAH2C{kL{j@N-3>)7sw)eMYs&|_+FrN9oWx>P z+-x*nDOM;rZJg4fV8mk67Ufzcs=rCO+f%J}FhC^)9j-=dv$J+K!k$Zt<=H-6r!@C;Aj})PupZ{nxE2l2p zOsEeZ&8nYw(>0`d+dC&83Ulrsakk{NY_xtu2RZJ;PYOFbD?~+L3JM}u^A03-U1y~< zH_QHna>M!rdN)y#k;CYOB4uEJY#$vxEQa!#jehPTkQ}zwohNruHIhK!5+_;fJs^gX zcbDl8$MR?vvif)nhcmr+!J%J&e!eq)adE-N$ET#EbhQM5ICR+veReRpn;II?MPQ1$LM_sG59p9o zR5Ua+F{r_0AeDJ^qaD?zoEW)VdS24`xwprbkYTn*5#4o5YRC80cP-Klje(sG9 zpjP(ihJ{;K2{B(yuPvDu>GtD7=s$b$B6`1{&&a&5in$Vm_C=<=#1$9hg>++r?$RBS>T-ECzj<6rQ^FFFrpfRr_^wCX}%PG-rcJ4fl9seVh z_WTmO%fV*pu1ype$=Dk16G(N9ce9fE5CvnnZ%Y54t>yn$r&@tzg`)d0_-_c-(S555 z=r$ifq~Enf2Z`3@k;kZiv4loQ1b|e$t(Qu`dDe>B-vr#thI0c~O4n%o;BH!4lkqn1QNtf!k}wW+@3FrNvL1T;v?eCZ z+p65Z`@`$c!ZOt_k0_+YGMO`1vR=8AZK(TB9$x&{ug*RV6!`uh*h4RFy#xKjA*ib9i$*#?VjM6pJ8wfUI+HLqi>9aG4 ze4H4061UOTeyu;RVB`?(=aJ)h%QXtqyB`AMZjHve)6-jd82Thkz4SBI17t+q(jjo2 zb&W*ZvA`Gr(6Fwebx2@qyR--;=}wIrVk8SBPF}^(XJ3ETL%Jlm=tdpKsLq6l0dane z9w0MQ*xe{8E^+o4&u^5M{Ohxi?(w(+JgcIiDpqe%2)%OM{_-LK=*|u+4)a*=cj7NE zNQr)@7!1mMywfzQZSvQpke*B4L18!|bS+~e_)$O$Gb_mpwjDYupq>4J7(fAK4Zi?7 zeO`2}V4bvgIp_1dzw3>as0R=M&ptAX?LcQaMJAGVOGT?3rc3l2+z*7^3M@=ko*i&5 zUaBfS3O4z{m7#56P*giSmKt2Xga$UwHF!{zCksHe*!VOXJd0pc%7~rzIaxjVV6x@r&D=Fv&z2kXoT{xXk?92>WA z-d}`I7SQn**hu2N-jWdj(SO zT3m`3zal1hB*^737azvN6jDWA-8WPbmZ`6K37qn%Y-_*GFCB+-&2)6R!!y|VouqnL z0>rgicTl9u*bgcyUnaPYeue)SShb1yWHS6B)I@OSb-gVu(`ADo=Kkt=seL>NJ}YVp zofFIOOR+^D-Ay>iKzQYH0H{V0*aqP~1kV>LX>f|%%ag_X0wo_qfqM51oX0Cs98$8j z0TOerW+n8pBFkT!_wCXOWo4aJO^=ZAx}=UDpoi1}H5a9f!W_)3Dp5?BPPR;@J8EA^ z?7pfRc-cJq(-W(G{scS5tA8NYnP6i&J8K{U|uds)W8s*HLA{tvy7tjIPn*tff^UIyI!+Jm&?B$iHy@Q3#e!IANKkOVudKYOt znetAalJHj|WxhD4B^lzla9s=APMx?o4yUQM!erZTP`)@+98VC<4vC!i&gyZ(YaW+z zx}~ZoJ{J|aArSw*kz0yQ8Gd{Z;{JavhPyjUfE-Sw!Oz9hd{_Z?8XVUU?zrVg;)7+Mlqk5nGRD! zTD!q}@Y)q(WFaf(&r5t_$$-bbf885>(LSt4DJQf&S6Cj*EDUA@u#idh2X!1Kb?SlQ zHF=axqMC^bsr||$X*{$(49s6yLwMX41{C9>vhOekd-(506uFHu?!ZC=8tw5%&CfJ^ z5HRk;pB8W>y2%5FW$BT#<0nE0mAIrv22;KKyGIGzy$Zwl=aZt+a2?S-5zNKs9s5t6 zj-qy3z)jw5o$bP#pFYTk96F(c%w+;N``B4&HnE$_0tcq=UuDK*R+~V~a4`~!u@>8vD=K3ja zrmoRIwYBvZ*{3$jW@HLu&$o55CWUu8FY&)O?`%nq9=m+Wy7FW){i!oj!{Zf=|0M2o zU>}h|u{U^W=D%(7(=}R%7W5&+rRtHamAMzklX-OJb@SJUFKEtEKCgrSMue;oSQllG z%sL51o0dE>*-HIP@}P>+YRv)BTQ$N29k86AaeCyVnhhg*_lh(m+;`#$X`J}MPOI`^t>O5lN9=FCN@{I2b z)Yq*e*)sULWU|zXVz(tc@bwe{H=A^LMX?+OL#jwRf+*+NcPoo~oE6rRu@3pa8ZqIjbl z{@yR%t}&xsOYj)m6*$MNrQKRibdv|`J0jg@Ar^?NuI+iqcPe8A8d&-Ui7N3MY(FO1 zb3Zg|N4|^7)bdQ2A99bS=3jEX)xds6f|&g7_i1@8G!fewOVm1QhxlY^ zoYWVRiQ)lJbl83i`0*LInBT9N3o22Bo||tm{$b9Xq2Ka-P0QOf003GKso(zrlvuaN z*nXMa{Tbwfc--4Hv<3$0^l$(GIMesHUS?5psU#b zfiwPJ(DHZx;V(?RxK6Qr?3d~y;pxQ+uGTU{XkK^lnB$EjGR0-JG-*FIui?ko)DQneXUmj>5YEQ-`}qcMj>muBZUQo(9p7_ zC5SKv7Z5(a?=B<7U&W^I%az2%>789($ovPdKPSJ_Oi+O3S^`<;@Lnl85$LT7%alTH zKx|b&?1gR1*Mc`Yv)r@x5$^wi2HzY6h#wqp$+RG+x_Sra!P4qr8Z@qc2PN%w37P{t zQk>4Qxy^NGnx?G0+^d4o|Ly@h7lIZdFW=uym%C|D>spvg09p{SU^RV1p*$QFYqQJh z0M)A>c>$d*+qZW3SUY^_?%|TM(K>hccMY!epD?UE(O%Fp)Ji(*r##75H{0Of!Nc96 zpcuy{ zE@hsL)9-!!=)evhX1G$#=ed#)*goCkU5dspZ6T9s!7${S+P5D?uM~gGBx9Bx^yH_& zNapVvO_+mJ@Ae0H_WyAi7QcTJywmj5-8uMF5Ka>-S5_u9DBk){wqYs40s0 zpfZDlYs2dI{wFVgtUhbp%eneVYxRe>8Qz=;R&fepo z4y{*eD$5+5UH7AE+zWpd3`I_jkxH=6J*@J_Pc7lmap_i$qj^)0<9zwx$Rs0i<^@dc3M~h@; zJrTcr1G7z`1Vx%r_$rAE!P~;Qt{MU7v>Aq9GcfTtNJffNj2@L|@aPh~&e(f?ZyBuE z5$^8p&D8E5GD*1&g;jqt)<1tEi<#9>2Mb<7LoFco(0%}&42oi!%~6BF*G@0aS`rF{ z?h>NPzBq0FeR!MmlDI8t98`TE>b%|qv&)F87Sv`oTTz|IQ<$=_$VIcA=Wb^}JF233 z|BUmlwRO@vhdFZN-F9FVEU@cE(%Lw^QRz@rV%B! z&tPX9{*tz>Q-07BpuPf|nZCC}9mFklb%HTgg)iE=V6QD_C-p!7V&Z!W-{Zruq)EzQaSl0e9a*B!J2WspB>Vm!4P?+XrwT9T^2Z7qL z%=W`4k*P7aisx6^*Z8S4&D?cqG%y?f?+-}jZ?Wc(>iEDar7ykipioPU<`K{(PW3UJ zxAYmakbP4ic5mauj?upYjR33I2CqN4XNC zgx~ZGDG_61_yq@Jld}r=Ix>KbCdGU+vRKx;E*go8>1LS&+5e#m?eMa1fL=?1jrIIw z;_}0`RBDv&^J$(wB~~h`qq?)E%>ksSZll#2CU=2OpGBI(LS5mZdw^PgQE9Q0qid#0 z{@Uy3BG>J()nz!`2yK2O)F;C`a^ILxtiQWKt8s13yBsMxTK1FoO8M$4=NjLp`K_=8 z?bD}EiHORKJ5uqdV^+tdr!`_o-()HS8bkE=$qH&?e-?R^%l7Gt-utforl8Md31XwH zK3nhYeT@aje3&NsbF^5k+M_zokTX{WJGT66AX405xYze!&?8w-uiGN*YDitCq=GNc zF5xh6|I%NvQGS6R!^WaG`$v$y)ZtXWf&Hbg zYq>+n`>>No_ht+4@7n^y{9Ws#-O~hNI#6FoXvnFr!!I|LZSqaL&_j-oy7KB!wb{kV z#n~yP=w+JPR#=Cwny>EUq8*NRdkp73en2DK2wA#*0}mibtmpfUn6rhro6j95+!zlH ziFvX)#G8KOd$a^OMRr}NmL$;qA)*sUFT@0jvMmKmENS-vMGtm6M66|bE?lit(B(i+ zkG0>PC26nYJw@S5SHG^2-wk^XT9!hj-=*;}Kws+%=fQE%LW%};iDy+wU6EHqgqMMr zX$R9BVEK8G<(TW7moI0LN(&YErx7U%l>UcT$uup3Vh(>jK)15a)$}jz*aoRfh!!*b zeUGkU&FQvl;#vj%8-_}IscPY#jSWFA*!jkG$j^+GcX3h6cepBR{4OTm(#FEU*lv7s z(oI)wb!Yc)<)2KI-=wdq@=F5gS*F;8pQene7*5ZQ8Z+#OyO~mL2O*pM(KNr)KYuQ) zdwY_!4BtZ^d#E~JS&9_~ziDnW?I>x=0CjK%jdLVL5=Ibh7a7@c5X|uP4O4{a1z!z` zHU(vyTI6M8Gx+g$RNG-z!19&OZg)GCnvyJaT{IngACX= zerz@}NKXnqQ_icfB9A+8);TCnDh>x~beJF!QBlVBj>%U!jdefljaSIHlx5XES`U)e znExt0QRH46RzSzTIBQc11%xw97mi|ib#t5**_sT~){VJE{@CXfzc@X1EURhJj^gy$ z!%xh~Y0RlBKbLMOik;Y=Xlf|jyTrFrl&Z_sJrEg>k+vYhFq50lL@vXALoXBwD-F*Y zbajJ(b1RV7U%`(IE4l^;59%O|@NNe|{XQjK)_ypg0*OSni2624Nr^of0xYS) z1Mb&}RG_U66gk_+`WE~~b9T#3-wX~6=6xV}$lP{x^9NqpIMPJn4#V$@XE%CI=72l1 zOwnoX&%=GD{pk}e-bE1Jy#X?WpA(Fh>Hg#7b~as zCBL9(V!Gd^zsu6w`xX|HPbw$jHW@CC^D!kwv5Hq;ZiBQcQ^4RhXrF^=>3RD$Nfm!O zT>F#Hr^HJS%k64Lx@G=*V0o0&cunmvz30|29fIk=+Uj~gfje_b>aXqGL_=X+-8BHt zV{P`7&)7ZGe8qWpGd?dX8!2|fazpyhYHLf!#}eu{3asQng>;j$rY_aNpt6bz`41l) z%hFL^42)N|Bs4e=y-4mqo$K-UA8@=!l=T0Ldb98>9v_|pzF`x3`0pA|+m8&zl8@0_ zbHn#W75}9f6vr2%Bwo`7MDu#7tiWgi2Z%; zKPh$5&G`10)0C*}N+}PwD3orHo4O6a`|U(8g4NOLLE6;v+jan%_9sIRnWNVwp-{7j ze0-Vd7?oI0;y0=reoZ#+GbJ;ALFLR(z5yhoUJcqO z0tVFm#2DsQ7LUiIVip{oqD$wo<<0uF$+2c;l}s$D(#7QULL+-jcmWPwue$z`LnnG$UNp2T1< ze-$=D5O4Qm8g*|(tv{P7fSS_fcmhP0n?i)N{awl$$-T}+$8(gP{Q*Xj`Qg3cK)^@<3IE1Y>OAe4$N>Kq&Q|oN{_kP9d2hUus=|6*UUTrnh(j+$=`fP4d_e z`0*BDP=e6Lp9+Eg6(+n+6kl#;n?$OA!jPm!T z79TI^|EO+ZRR4>9{(o>Y{x5}t0xs^_*x(jEG`HRt`^&=Al$YH1XFYv(Rd4d2c0W0Z zjO5?^(B}dG%0+cQ7GocK@NC()tRr~5$p7i{`xV2UU#z>OUW5DE4Rg8qy|6Lh) zgp#}69GatYu3K1!jW4Bc)bh?(u-V%E264^%`+S`THx*q@m-~F3-8KZqijknyKAi4a zT2_2mbX#2FP1oo7zp(%nUCU?*dE8ou?$yj&yau%|vt_h%ZOlVbeQVwb9Od z`}4-`J0w&-L+|F`)RUKc5s$8H#djEFSRc;&5ac_kPTg; zU-7pWP7h_!n7tpqzxgI1a63E8n!<*1h!rz-`N!PdU50&aSDb)sHC}yv4N!c?>$6jy zyz!Ty8FoOX#Z0kR*hB7;ah#Z*dlmog4R<<`V>BL{d+SSon^CgZ zvP6Q5ko;OdA%5$RF|H*H1WAVy-*_*Q;WtjuOt(*D#GK=Ff}LGjA;)(>MW=3@;ZCZp z0@5;av9hum*Sl%<{}D&U$y=B?n z#{@4z&Yyy!%=9vD2{<4s&lawy9CI@uf6za=8?o0rPN5C)$mPM+`WOPj$LjbHP85G3 z?Z1rq`P)SceuoJZDZmbt4=LKQ35Pfud4ht|hBk7e@UREJFjW zcRcLlEg$eI-KHnf9}|E0*HAyS5koqbgvWp3GvnRvCsRdbHPcdwA7u(E+~(>#ufG*! z*TgPhm;TOtv-&F<^&R4x@|c4cds^W1-HS0{DX(1B%&ke)Ipurl*vj^3{Ps9r$D2m3 zSxwT;$p}5Tr9N(ZKei&V#G*y*xLU-f6tYVe^Frx9#Q1sa@o5mP|CNnmXjWliXoIi{ z3jl}EPf6kB<>eL;MO#J;*VzBE8L(PpdokJjZFBu?Oz))PV2b9HLNzprJ!f6sk>(|X z>+&S)W1Fy_vK~VTZ-~D-sqe_OQQ*iXL#V&P3vIegV_o(%_Sqv4>YwT|C4M@+UNxCY zFq}Xa2yeU1?D*7iKiFt}K+Zww-Gcm&PhyF9{3j?o20|)^NDW9PKp2Bjk|R=izZl5| z20~n-eB8pb#>Gq56W_cWEZeX&JC!3NHndVx-)T;l!@_nA9H9FJQqjl@!vv|2PbXm2 zKA1R9=mV4sjfFB4dA`0_|E;r(76kHIcq*lhs9H#;TqlPB<7P0(w-5*QFszvYmtWX} z@h`uP`uX7uMU%n>o^?MEBfS%Ac1Zp6ccINBFg7MB=?ZbJl$x4iXLmtHrW78IrpE#L zrPnL|>dwT|WUKGFW(0vbNJVe#r%Q8xZ)YqI|FED3fruvF^8_cSJE!_>yX{AJcgpTV zJ&AdFrjcz^aGN?1f*Db<46J_3m(j09h6Q*omwmH)X*hBxWLfX+?7w?!sFLMj8rgb= z-;bHXD4q?0DuUYC18G;r^+ENkwyGhCMw&5{|cDGUmO`D&T} ziV?|Q66jKS#0yF%^;JzPte9=gR+$~XgN<(GV6Hq(s%7VfLmi(z_{=ssI=cOR=YzB~ zrZfUsn_qdk$0W$1AWt6JZsh9j_EJd55dMQ|EO@s_LxCy&v$D-u&hRg`tLTrqN~lL zo!*AUAW;qb2{nQH$-T0wRqct|2qv%@JZ4V8qv3W}PvDvkBrJ!)#f+=)C(uCL1xg%G z+&p5H5z%iCetlD8X_TH=W+Vophp3+@HU~vTMT&s;Z=QUNjkQop7Vtc`1WWkiyvOb zpLx4=4;v3XqVC@4s0+VrC9HhSCGaFSDxETaDEtRwo~PN*lWFV&apSDY=24bO!txa> zEt>koioK6gLT$904_KZXRamTRT~ziS$f*v$9DOG=2;^e#q@>>AnT&fsY_OqfhEsR@vOeu4k<+&2Uqjz)XKhTv+sTuc=Jdvf+ zaXL#7Xxrm3+Ru+qqzPn!TBytrWfigohf zpoDA{OF>H#n7>i(bl2w-GZQ*?mS#^T_~wT&%?QtW8~Mpl`Pou z;RVz$4Tt`2H*v+HlEdK$1aiy?c_JdC!d**bK4svM%2CcEPkoBZU#-!ygDyPq*)E)|$ub)u7I4%ajftkTo-V&`J z23lHKjiP{rYad9ke!y+!(kRkCV3)I^ck~~_y6WLG-qX(JQ zUCSCZisv~aqlvCDy~^*muhIP;V4%HS;4Nmnx`BYtCE>_^8R8Rk(1*gdfQRmLDtP<* z`|l;*FDxvu4Gw6s>0YMw4-jD~O31st)t+G^zyb|eR@#SeI{S((F8Baj@H~9FuQeV= zPi4^bYLxW(MI$ND3Ul7d_>J`xeW3VT7ijemHSa8q-SP>YY4%p$WXQH6X}s0wrS|s) z`yn^{m9}Fwt=QhVdExqcY@CM^yPG#Rx@!51p}Y<-k=ih@_0vr6lne{a2k)Xr8JnK% z?C!p)4Fzy>j%hzQ>eVfqACa?_p*5wWXesVyhm2qz+EsHentHnx%%}1zkryH?lTo-X zBJ1Kv#G(guD1|#~6!dm>HeZe9!K|&avNGwN)ekGNsZjbWp2fvQ+)XSi9`x~43^XaN zkP&eY&A)^oJl*udqkzq)&k&k;NW+xuS-V)?-=MFm<9MJEY`zR`3tf-6={RWrx-+J~ zaX&CFH@7na_+d5gB?}M9pI!YkFDGzH{%Mo{P6yKYZ9w12t7*VfI%Rp$$Qbm|7q^#qS{@nVlWVvb}p638U>h{AONI3F@43J@&`cum6cH+4vfWgpH?3{ zqI*Ml1{`NJUl zhAd^ket4-CPG$#UfL_H~8yk-bKQ;QJ&6q~LyJcczbKiYf{?MQAcz{jMAeFb}c_K^2 zQCax~nk$KM^g+kldMnkg26vZek43TGu{o;DKVlOGCY6r5OJWh2EY5TuEip!D~`9=kakgBxAlKpR;% zDJdy<8(=H}UFM&N!TGVVsj165EIP#HxmCyeS$n8x`uR*DgDJP962q#Oe@1HX$h(ZN zLb^pTb+t=a>y4Cwr`$2Ncy9FUTxa2mH>@NU zvXS@0zZ?!KxObxv9idw(&A*zaR<4sep+%CqXuyai)1W-uSU0gV{qyz!+lI_HLSjj?vj1E%38XO$7(JVHou)f&6 zyv%*kZyK@+4jbquA^u6^v`+Cs8A}Z<=`{aFA{mpO0q+9X5Tg~CIs6BpXLWk^jdgXq zv`|1e4@!6dWMY8SYqmwucZQ~9k6KQn@E@|zB_f|>wX299RdniGz3zQ{A|@lbd<+7O ztN{!BSIaJDBP5o!RNM3V)C`&|ye*1J zR8Er(2zCMt| zp{A9aZ4e6n@FXk`CsfDb4Nav*c_-4hdR%T)1>*?g!M$8}G@G)!9wO=lT{bH#E7|la zEe{v!N}ChC)^=K8j-$dPFC+Hw)mpo_6o#Wd?w+u6-p)SIY=J&sO-@DhgY^X1OCzRl z=?OWn&_EMXF7kU{hRQ29;H;cXmz>S*pZ@@}Lt3NmB4G;^=7+!Gy~%p&F6tG%P%aAc zD*v-0{+C{%oZ1uX$q zXQF?$!h*2n>=2i;8NLA9+8TC98lUr8{o6~uL0tp$TCA!D_PYZ1(vV>Nrxgm0oBOkA zE$~%taqrEZpM+2jorOP}eVw74LY}7+y1`Z)Q8srgZ`qi2^A{>H!Q0KJW% z6|J|qI*f%H-qcZ*7*@OXvX&xFnZ=PitfkH6pRYToedfGoPje6z!(r5d)_Px~eS?gj z1Ukh(pIrlQra}3yAA>}FL0@MN_GgvF5ZfJlB~3Tcp`1FC&AT^y5DyJfpzfosybEX=L1+F4b3MMN>~S@7?1bvMW&Us>buVAP9Yz)*X?3t z#1A?e;mgC@BRm@TMd>AKw~8MofEe<2XgP!Jezf5*sIMGbow3&vJH;gqLSVFNd9kXT z6Car@sLDOG?F)H9MJ|o)szuH~Fv)is^X;^=jr4m4Fv%N?yXONIw$SBURF2pVMB&7LT*&9Qgvy_^a8~lFE3~A79cK85|9=B88$qhv7&d z=kRp~_5G7RXZBcW+wk+zF8$+jN;xSzg}0wJoeCb*oXFgy zkw3iq5*e;%B^Y6&btxoj|MK(e&ub@yjFqEleKqH( z(FLAGC@$oEStRhPx~fX2AmpaqNW|=-Lh=EzXNcjMdSpeCPc~A6UCLA$AHVPrQ%>s; zKhTTeJyyV*65qIBZ3ne;9Ad1FY!Q+#M?@S%B7jBuy#=*Z2VUbdGuPK=TkOC-nJbwA zXPd)GOH)$|V|t3O8;8luy4tCU|DmfiQ7V{ z?g3zH&rkJ!v!)!WxvaQG{UQu8EFAa!D=2ymy;b02vpou#eI;1?1BC5c@DCnCZ{JM1BY=<^*!;4&sR`WX z_Ym+D+&im2r}_E|>}jm^be)htAds8$^#*ha8Dt1Pn{FZZJxc<&%-sS`ie0a^%-<|! z+Q32|mEX_NG-0Y6XzU7wo=-iM3;zD5?T$-n|2**C409@y_nSctyk>KtzAKwag^QQ( zF~2OvAC)~+yEGE|@fwWb3j)QT+%H%rrFj>UB@wVn|Fg3VP7OlU!b^ghP`_G~o0Q`}=4La|J7KA^Y*o}q9-83YQ{BE_=f`YSd{{oD1 z-_jQ~r=nZDMRxC$w0OZi=0906C5TK+)!*cnI(V?@O?Vyt?X6fN`5j?4lo{ZXq;z-- zZJrhbFG&nVc&_EiD5rH;y^jPYZ%uLmIVWryLY=1o_OpJY|J!1N2d*EH&j`N-?U{cN zcyUOar2-iwBhAs|^N}irmWC$919_np!CUn>JWW(k=+AFX;ZwvFU0%bTsf)~B9ZB%b zHemeU4vO5Ki+kuHCj)Rd(}ck0Mn=o>hBsrE4xT9SqnbN}GHNgF?z$!th!YX;la3%l z07)qexxJt&@kN|Ko-Q0$E$J&r@&F+*Jn0Wssy^)YA}NlT2AFcQg>R~6W zp9VshMt&RVsz3zszYzR6^$-d%JM3GXU&s3d59V_=2ySceMMa3invw7BEJ}S4C*9qV zbS*c#g+K}rj;np-d#ucV*S)l0crIY@v;@LEbu|!DDstY`+$^35omEzJA!kpXmy~22 z_CX{B(R$S$MV8QbZgwsWuwMtFjIK(~rMovHrd*iUo9~kT{I@tudwYAgSyNkvsgOPP z>3!5iMztnGCcohlq{_r)%i&HDrf#@Ihdf-Z)=bvEm;4bIAVL9neGa~7%JwbD%M|gM zOT*^owM9UwPa@Zp#gUcWYqL$>SB7^RhRx?=^0{VQX&3g8?Uu#Ml{G>Ux3^XBo}WL- z7L!WT_WnSQx27jbt-<(gCY+j$k#?;%btuC3jC zk}B3I+A_X?*hz8#i=QlXufi;3#K40aiWWm${9y2{1gdUFhH%;AUp!;9nxB{YsqxFn za4NVO^+(kEa^Dlaa&(8xioEL(M|31lO#wR>_j9)RXfgcsT*L1;SXxLzUFe&mZlN3v z*?^C^v%EefqZ3K-2@l@hhFM%`eJoZ6*VWu2AvbNDk_?}!eI6co3tb=XsCMqS^cPV% zm!1wc8P|EOktuEsh4)|4!fuQhLy`bD4pl>H>~WI(z`y1MQCJ-a58ED zJl%ywdwa$+8lvma6!_-j#Y)^FyxWk{b9to)4u(-JG%Z4=uclFU&`M|nt!rtX89&(g z8a~s~cZCH{bu(eZ?AEoBac(2IHn5q>H(!L*ogPB9*#mxwbH@UAvqg;Q)bR z=KC456ch|9y405&S zryG{2c;791z_I{zQy`%RdW;T0dR=Dp4xptf)C;8fSW|fPZ~aRrzHjtHk34U7x@o;_ zAE=5i%@2DYw_*JlN}>G-D;4(ea{UEE?37$_AXjmo($VE*Du>=p={O&rZ~s1@hR?=i z73_SEJOsP1PnFuI1Di@&X|lhRxy1rNJ%B%O;{h_?Qt*Kd$qaB#I=#j(PQC4_f)6Ns z!OE@|bYhJgr+>JatyOgLXUJ+`S9w}IDQ&oj`)`h@WOdTm#hQ(+Hx;1WB!-o5h0+MS ztTLreGXl<|bwc&cTk+1&fR`BJTYyu#4|PDGd;R&J-?DVwK1qm7gI9+!GVuIP44-5C z=Yj;@|NWQiWU}NolsBplOyZUUIi-c4m8Xf;g68yxfq)#EP7zb6d*XRHNj;<$AN@WS zE#ejVRqo;T0a9VWsWr$h!Ls{f!=H2SfKV+xQYPkKxH{1(D4PFPS(ZXOSOCW#b)Trd zBr78m$05R8dl{(?&T4gU*iR^W+sN6HS>VksNiAkz0CblkCMgb7VIx~E8pr4FnsV#; z(@?tlm2H3S-EZsu4}|gSgOGU*Ww>V=`(ZTZu?cC2>-V#)y_Hq8ZwQrl@2oB31@f2^ zquM!r;ZN$GRFuyN1tcU5fWG>WA&`z|?q!Q=+YlWP5rQHfyit>-K}| ziL#Ec4#R!S_wJjrsotVqO=w`?q?4iHL+|9j`ikNgTu&Bd?w53xQO-geNG136X@G*x z%crlFq|AY;)IDZ zuCuWx55$PsBkp$6dGJ(SkNdnqbK?IdExjrfl>OShi@Z$kX!|~LT>t5jpEMvS>c#oj z$@sOjy{9ODCr(SLNrV2cXcN)-gFZ>_TqO8_mU*t>$~#jn;PHAdmdD01!eHuHJAH~R zlZAZIO!T&$re-P79S!t*VJJno#(puxJw5^x6BF1^XbJ{v_C?-YUS2-LCFkMiAI?Vq zUxA@Ir&XH{7ARi!N#N_7-`ROs6(sko9_F`Auz4H?#3TQ6==MJz&27HlQ@|U%q==I7 zdaujsGP|c7Q_56K%s^1F&%68nT$8mzP_c6J`c1(9Q`c7qRP}9JBL<>`NVkBrbV;jp zH%N58u=!XW}#FtPt(k_Pbr z<8%|AbCzXtKRyHJ#{rXFAgCcTZBQ@=5A&e-l{ugKGN*s8eIb$|AB-3oO#%LD)GGk(mw zzH{dr-X833RzHKWdnQa%-7Dd*8Nw$`L*3`0&6U?&UJ3p^^%#6qS6=hTF1J#J@7RC! zj!>#(*~2XMGZ@JsRISyP=$AKKk==rzqFU*kq2~5L68)Ld`LeO;(f1Oc6KKiEJ%J0= z_w+=x+|Yvcm4~S|Wq&TbsbWNxaL(z;n6#oEf}g$M%(rDNW)^*=1S`#&Pg5Eb-dk@@AHwTi~3z=?w;?L-m25SmWcMyE{>a;^U6CY@$q-|rUY8=N#VeXw8sqq@MF*3sdvRC}?V+vh3D z9o5KUC!r$JlEoE%m%~PlMGw}nP4?|7A{HN@1mKqqM)vJh4il}y6K|y3U;0}hyz#yN-x(UaD(_lWw=T*)X?4<4@exAoxzTBDJSdxC4mmk$E!zKjzN^?Z zJMvN#l&x7BgdqVvY29GwHcXXNHIzyy2axZFpH+C@7*w?BR_WCh&FWw{etDYymD(x@ zK!1eT>LZ zDv0XFyruXTj~XeSxr;B~okmT}Rnn9# zuvupA@RfdEeJ4^?HZr5)jv4fkW18``)Rbq z$7jE_WrhNoU>@#%I|d1XOb$P}s~?%`9du=pG>=8%G#$s01TM=yJulZ3C%XybI11n{ zUU2zbH~A=3TD{~SZkcYpoT?FhX!v7qf+%$Zr62eMn#mc3oB@oZ3fr{hT?5XWxEZ~+ z9e&xW|CJQpRq6>db|KjMH>6Av16p-%{q*I@P}?W7z>v);(}@PsUg#sNpG1Vb0`z!g zBv7oUgLcEAmjtb+p9B2dEP%l#W^(HN)|SieG^?2f(g!W4llP>gG>moU+b~~WUzY3h z#*8BAq~Z)J=j%%|6sRE0)^wip@Vjom-dAY6d^3m3h*!^d>TH`A+y0#L<6+e!yJ1i7 z573v;Fc1>{Jo+$O+E1C*HUR(e?l>E`IP}}^0ROk$Zjk)anQeu_os}sBj>LkC z3&1jXUxNUgB_y37L(#9!OM&y-wDi+-vc|aO^XL@wuG^5kPGlpd2eR;csnS(U`vkAg zY#Y}cJR`fUPkT(aK?+Np(l<8ilA&|!_>C5+TFtw#X~4`No>*cYyK7Ru1z7}0mw*H9 zSd13xV|hwh3ag!9KM%>X#mP*M=ErpAY~RtdiFpv2x>4&tlbR663mF-GlrFnLZc zmJKj6qPF$U7pg;9VDzJAol)oSt4m>W5)YoF%R@Dd5gXfA+#Kude081iTyIpuC)}5| z>pXUT9^K>k7W72)72&$jM?m}hNONNyzOm>jUB?l%_Rrqzsohuu#2>3GEiVt;PndN| zjrIn!b}%s0guSnpI-}I^I?tzZunm{`P$pD86rWH&hEmEXs<-?_nPKe@zbLA%UupzB z#81Wi4uNeU?gv&?p$nd#cFN)8-)D{Z%=(S)j`Sn{<08W<-_18W65A4bnI2Y|_Fu2~ zs-&F_pV4~nM`4qDRf9Jzg)YHQxhOO`p1!ML-|s&qlrXaWHQ#r~op-_Qp~$||h9c%) z;(rbY!i3v_OO@$VRqZMaBBxTv(@H=5cHPzKywsgC44V|){ z&E(=?Wqk+6e1XL4Xk)CZs)_|*h&45?G`hJ8LKUH~<@a#vQ&PZ9)a#VHNS&xFoT&G& zt*wEfuv1f0!MQM4Qc!Wt8Qem~kU;!WK`Bi4gUDmbZ?fNo!`}0Mxal)Nz3jJI%PkGfZZUxUz1hIs!P zNd@zN`1}aY678{zE!zxII0Nu|HJ>rcZ+tM${fh#1t|=?Cz%z?!TPg^M{`yh=I(Y^* zuv4O;FN`PR+(@>o4!qb?zRLpjPes}%lLHx~JhQJi7W6Ndj%i_(6PcUlg=i{3;+NJeLSch%BdHfWKTAp|hbd9;?yxE`48`Dy zsh4FpIUe6FMA%2~ixijBL51PT-fW}}EbqmW<>26aET2er`t=i5RG}Wb!QS9@meM+f zGW-`1a>xMEBjD}IC9v&RH9Jh`aKE#mwXklRS(v?s1q-l$)h)~DCUe9GQ?6gqkC3e% zD$+2T9g{sY8P+!IUP>mbvAOX%lC~^2;Y610_;|_?1w#i4+Gr{pr6<=0W#h;D2Xb*m z-utQ7M`t|V!-wZ_1Lr8$*Cxffm$7pPC0zyeMUzX`gPI3hNBwAMLBa@c{c4x$t;Xw9 zKnQKv=FXl6ZZsY@^&ji43O$R-D04nbJE=PahjK`6a9#}%UiY|iO^>XXUFz5~(bv_K zj^sP&Z+O?fRrO65Tp%jKaQ$#x|KhGzMy379oB}ZqH_Zhm8X5_|Qy~DoFVBwtviN2; zHmOpd5KAhsYHguFC^%-`zV^ADW;OBADOV;=RoV_G^xK?1rb`EE`!_&z!1mUx~6 zG9-iWrmPTkCa1bUUpvtb2pqtG!q7kL8g5g!ClV4DO?~udr`(PP&;0_A8|N(dzh?@1 z=T?FoXX<(Nf@8CvbNW8{jow4b)pRCDEYglUkdoG%??~`N;a9e7TS)wrc6z5>8|%N$ z#_GN+WKx>9m$Lh_~1YyKt* ztDhW&N<%CaHWFg~#d-r&wjfy$B3j-~;#TD$7YT6R#K#Dd6%`+f91u@?q8=P}Is>=L zMH7-fuCSLY-wBKrzE{A1PE8#J)Dbk%^)!Ej=+Y}O0g@YnsP;eVezYuP?f`?E%3msB z11c`aD89<7L+q0=;l`1>Lr4XR;mkQaW z7bvl}%85z;R_bX}Ih2of2IASU85eVMpY!>Vv#C-wk+w@aVcX8#XOrO!Q{j};gczaL|7L{VEJT^6B8<9YBmHY$TLl=e z&3no=PkhxtB&K@LE;#WtNTK{6wSCm-e_Q?wQjpQ+>AsrvuoW)JOjCD$^)wpwIFNV{ zMbIPuc&i0>m;kyJTp@Z>Rb#9Q3K{>F;al}w2*u7DbRTb3``v5{{hUTAX?Fhlp~D}u znQPXv9l{>t>;hriHvyr1>kxb3@5o}-{pI!9r4CSJ?rnNIa0)8Mtf3o5Fw^|%l{dH8D_vO3u@W#s8N%S1^ zKWWF<6tY!K*Wk|F0HgdjaUo6lY8tcs9;~?0RZvEBHFY<9EZoVI?mlV*=4}A8>6G44LhTFP{Q|QH1|UympT#eGYOqSts7_g56;zvqdKcL+bVeHVj_Y1EF=jCk*W;z_b^~97Y!fE2|lGnKOz7$9If_gCHE_n*rx@ zsC<*XYgN^qN<_r$un5JDBy`+I69vIbueg2H#UUb>{?%U`OteL0@H!GeXv;gOOE0}0 zHD*WB!oFw|Qm?Ib&E4A#&V^q+5u#fPL{CoUOnqXVd3oC;XfWvF zq%sgV4Ut9top;7(-*lK5A{(8!ERhLs$br4#DtH8GEK(fD<6S_N;&w^a)+-v^vACDJ zjaeunh!z#ez4Uvw%vTJjHL|G@5T$u4jbL&U@P|z}Aj$gfxG}n}ZmD;ae_bf#3@U=z zLbn2MBH2GfA70*{)&{jJ$QGRpq%_dqnB2Q^lUSxdbpX{W8<~kMbd`L6nq3No8Rv`s z(@;N{qeE4t#n)|DHzXpm(-W&QD_2!Sd-m>6{GE;D4vez!>F>wE{Fn_c`apjdYpYGG zg$AL-`&3s^vheow}XYX;1888w&EQ=4UaP<;Pa?+^9(SOQ986S-@b{2eU*SjyETC zm;<>Jx`u2st?|5x5}prPT9B^ZH3m%WIotRa$d6Mmkc=xKjqm7yWT-XaBue2KdG#yGc1{e%qQx#D|qfn$9b!~u8OZ1l?%72F;Ff+>mt z&{h%tHK%@k{)*{2xV_x?mjmXn-?akG;M#Yo&H|uUQ$BboG`evDg(Xq4aFiTUBqS3? z8L6(-FJHcZ{UeuhM*95So7NCq$C=iS4#|3Fpv_|ydm;ttiXdO{?@YWbCX-5I2rzAq zH~8Qke9_K_n<|343VCS+;7?f=6buqN&5uCeg7iUCw6R^7k1r$}94>wok43LgHwffp zNKMZ^0!Zb5(=DkG>=;Tvr$oluiMpx^d7H20&0r~SLz9n?e6Bw(G(!my0r-@}NzU0;UEADqw!Jzd z`oXyBlw}nI-{YB-7**dBw$JxjSfVg1dVK!E83i$_d4~j_s*d*ZM@YX|`P2UJD6mMH zuwoGlEZG#(m0CC2&_`;G8AyK8f?W(7%AZV-V%)In~z|7hdLcx_~B754Sl>%kndMA>xjT2Gq{ga1~ z+=rSfZgM7%Ohi-!%O_|DKpunXtfq=n5QL8PGQX(Q4Zt7#l*ssf!UGXiV-x0j>$4B_ zzfW4=bOqNYkiqeLG5vz*V%Fg-ZXJ(Tg8YK0<}B>z+ol3|N7#;41T5?yKkQYmRI4y` zrF2(PQ*MUqfeWJNeYrBGeK*i#yl=&n7ni_3Buk?~^C5vAL%=7)GyUX=L_Q74-l;oC zKHj6HDChOhu($A_H&9kurHLQ_};oPg+2emQWB&aT%zZ11Nv&q{z5+F zEg+Cg45MCgtAySj*%mBGw@_7A)vX$_jt$WoS$d{XiSL>C@ax5ZnlkpHh^6d-x|Za! z#>!I3yi_?V*k8HGdLRX*X!$7(D-b56%G$}TVxQVdchT2RW`Ms#!^{F~ls!uh-DbA0 zliY~_E;-J=E+s9k#*=RXdJqy1HuVzO-=#Bz#*U^BJe-1=7*vowH+ z|GNFdf9PdoyWWvIOy@b^0smdlq(6WeRjucGo=QYo@w8Hyf*fL|z`fjHft3NTE~1<*})pbl9*?8l%9{Tz5Y z8kc%Kl-`^cY9AB(2J*C9F5C+K{6?FqX;x9uMfR-(&f%yKSsf1YrQ8#Gye-F%CQ+8P&l1~<$Xr~ zbVr#^b0}YW*z+g0J5K|$n|riYnE@`Kyd1lD%*WvV*vv&_Ty-Bt;s@il{rTP@eT|)P z9oKn{(~_BRX-EKmEAv$lKRkHE-Hmc2;cdOtK*3B!>AU8vk-j@!g%VuZho77Ur^tZ< zH;^xiMm)_Lb`Ma^X@mh(7}+jsS`l#s{oB3g`{Z~<&j4&{?GT_L6Ur>$8^N;(6?c1V zVS8q7xVY+LPp+#>thZKPdEsmJ`oJJZ7H$7mnb47|BYE z+tl(jTPe~SS5zZPP;HPs-`G^jk(GFw{%n{jisw?bDmikaO3D`sr5#`7(CbOKEN= zO2CoIGcb#iAS%SD+dm(c#OFkOdImWWF}1;hcYKmQWW4s#dGDk)w}Cgy=QHD3_2hPq z@d}X$2-ib~o=pj{m9E$hL{ekALgZfHxmor5gUBVB2kR=ObC2TJ>B=P4LE0;tX zhL;oC#XKm}Yoz7k)M;qWf}q^0e3je@oeq;|hVOcf?U{5SnV>GSXb=(=JsynyHEB3j zQdys_)5hteUX;F{y;U+60B1i+DxT(LLX>aP=Ps49vHbda$>qPsWqZZBuD_KiQ@*l= z33h44$`|+di5R3xAsu=b#_FZ)W5hjvlpldWzv~{G@#YJhp_lFzF*v0O(hP+^-J(F1 zE||YJV!>^z$gj|xsa3(wXFdLci@&L}su3|#+#q@jcrlag+_t zEt513YE~@9bkd`&ujvo8MZx|g40)L2`!w7K?z~q0ZW1?cmTgG;ueef;Lr5Cp#TXdR zT_}q+W~)s*w9LnPp)Lu6fFE}Y*_MMV4g4XJ)R6W{=RxR($whQk4(m_HZHcwz{`tI@ZBf_H5ey^(fJGq1e`6g6DHZD!M3#Xa zsFAs(Avd($UcpuPPAPG2vg*~Aa$LTN2u~iJ7cDxJdKr)V?q4jkSvILJBBp?7Gx-8D z-7m=Z2Rh;)sx0`5V#+_>3ks8AMlf4NK|Ts zeQ{?9@S<2~B1HxL6sQ+5IofL8H5;pQ!~Hz@Mu=$axkTEmqBqmElZDyFG!a1BaNN9< zktmyi8{KkF5FqvZp#GwnO}0G0`OP%^q}2WtU#yYKc*`hw1Ks4YNsV(sabxEMOJ9YB z(_>BB!Gvm7?77>}70xIzC9T99?w3c}T*+N}WJs?}=O(Rx^ZHTythP4g@IhIkx^}5e zw$hM&CPDl=qGhQBGqu3L+yY-S7s*u7`V5)G>6oo@>9X#P6|17ktJ+Q{bo-*j6w&1u zSeJmad-;b29KPepOupWg+>A$te@{)m$5(MphnjbY)kRzrt|H2rqWXfCCqudByx_UT z%sE;YSZoU*lWMes$<@NJd<2BGO8~;QT(!4Eh_4Db?-X*Bt2Yw4WLJlee~Bk z@fsG2Qmo{L>f~AH%wk{#Z&_kuo}sm=AWpS(d39cMcJJ^d_53XOwZFhSf_4-Y;I8j<8W*1r%hMZC`&9a z!X*jftR`LQcrs*$um_KuXk~QReL-zGIn|7g@?Cv#^(TXPKb0;&6XJatB{d#X%d8`f z#PKH+Hb*r!{y`!S5R%)-NUZ+I-b$1T&NOtigU`}dD)vcbpU7E@!49OjVkMFo`z$Pg z2RiHZs~toz=i6itJRla`!D@Y)-{o&O`k|L?JSF;UeQ-wX8%I%6S;gep2JKXl&=|vp z9OV+|QMkJTPs6i_9g923o5R@s#TtTv#QJ`{ZzO!vV~BE_HvPDGRx286T?xB)7b(7; z)u(@$rhXyTn*l0Tc-Qt6tpD=SAYwyB1~3tbl`gv7Nb}HoYrjq1!ruKEn7_mx>M@UE zF-gDPoio>4qO@LFBd()es!t9RklgoJ5W;eLTyWD+}pr% z>v4W=pIgj8UZv8a#%sdfm6hHC!7_2$;a$;<71`fKsWwTL+&neuVc}V)g)y8T=WFhL zNElq~H~oeirB^BLYFMCT5^l_X&>{RbE+?XD%C|oGur=n1fL?{-Q*MV)63<= z_Xe*G>bb{eblm;pbF7(0Jn8# z%@U2PO2))~Ad!kHs2T%us&74sUmo4=5fk> zmGV{9yS3D8B@fTCEM*=$F0*=3e*{rgl@)ZuO*%;uZ1RMZ7_9B=MyP1 z>Amz0AAH7@_o2u|>@tLw-55sWzcU(HBBpjWque6mzkcTb6X^XlE2q@Zkp)0%Im7T2l%`9CrNsZfjX&*B{ zFYB2Yo%D$MRcXrT@bB+V!JR7sy_R0!u4Xpdx4bt{uYZ+9oYvK;!yx`ivC~@xi52~} zcb7|_=FGDnwe2(a-w90S>6rs%!P1jD&hLk={d$>k*{xgHujOtv z9im?(wim#|%QfE~sWc?!Y^bqU;pMz9;!LwmmD18PV71|UO7E@DhutPfZJi6!TbkjR zz8wzoldKN?j_3My;6?_+7}ByOCQ9aCR3G12CZBflcfe?0Qt4ZllHz&BhpyZyS?9{X z%CR4m&hf1-M7=b#hm9f7OpνI&&~e&)>d_gjqoW#T-FSqj?wt8ZUf7tc-~3LBKk zv}R&;UGv;U8sga<6ZN0a^|#7qhLv#AGU0z-7cw7}YGe$2Hljf>hcCH&u3q^fWIud0 zbX2v-OyjZ@84}*@ zFw^WhoJy00Hey!88B(kZtWfW^`a6?P`_GA=X|N0y=p}IT^b_drWu?#E$L={mL*iiC zCC>5S>Xk2WkfS+%3fpb9JPZS=VARBOuKrc;iuFrIoj8ETg2YhanJA@kMkWAQ2{C_L3gc2ztnY%y8u=jF+_Z8iamP=3 z*&`9V{Ghsic0ZSTO-Cz{mI2l#V*al_IB zRIEU`go++)?14`p>#1fX5`xkmBy=|FfHM#W{vf}CWSlSl*peKTZ2AWoB6kY7>LX+` z?oEw6Nualn2g8hzukYC2va-{toz&b5O<3t+n$YfzOrQ*;zsZ}Vf}YFfSmebjdEV14N6vkBu+8Ou`pHB3GOw13Bpywedy^NhqiD@;uwwJX}Im9qjpwpJTV0c6q z98XQ?-nqeIWRXW#CvUR$4Q`a(VekNI(Np_=!)A@-jhbvSEtwVM`&#Y5S>?J5uuo_s zdT@AU!8Q0aGW9;Xf}MF5{Aj+?iyC zth{ahTSt;6Atc!l!luuw4nO9n{AkmrH@ZtW*CWUjuOM!n58`q8S~#t|&E{gj4@q1Kjws45(@P zMz@dj?%VA~yF@MQSHF}d98Nh%Cc(wP3(5LV0RkCger$35DDA{NyFKOJE;~51Y}HMa z?wM^WA*zeb>05>>$Zk#N7`v^D^4c45B?f~2rINi~igyA3X+EY4AmF93;RqLB&Ia(d zC}qP!-XVhwijG$30v|r9o01Z`8Cc+lHk7N2x*8$9)WE86+F6ZwVjkT4N{w_O>rZe8 zXYjcD9gYAp&M4Q%_-GFQds_&{VrTXDWZ^N0Z()AcCZIehQ09823>eOGC5GR$fxG+b zAGj(Q^2^|D>6y6!~-!*v4a!hHg=J(84@o0n-xOrwSe@c=gdgDtJlau5A zN_36>*rC3SkBD|UPDy?pq-y*{qP&@E>e9Z|)~V(Bd3 za%c!=IslWAy39SaX4er9-J#nf%QGav!~(682m+6ro(-NtI0};49Y|Jz)Z=u+bl<!a!Zm+oEIIwfC) zQIy2~?R2S>Z71uuqL+=DnkqAaqrEZOQd+b786^IXrOEEl)i^9$!CKqRVxPoEC<25# z+bujzGVxwx5RF|*N~ZZL$Raum;^f>cqkoSEttW~lSTKUe+njlaI?kpC)R=<9`W|5` zs2?4*!6M#B-}SO?e!Z^uHA6-ktA&=GxiJ*X20-<-Q;r;0i#Uvxr2SU3haNPMNRwcJ zKC~|%7AX@4s!z2pa;gNH`=hpC3w_ALJ_Vx;bhpPD2P|1rOPxyXXKVk5j(s`7qCnL# zdlE?Dr6enzBmMcvs)`Z2H~#p9QPxcR<<9I*ur#i81TFbYDEmmPLU%#&Cw^?%xZ_6J z=-FPOk2Rus7TqeEyK!2d+mH9F( z_vt~2d9B`J_Lu9Tx#uyYzyx2AmdjE;p8}%m*DamzDxfYz^<8?vAL*`J(5_UV3{@m| zgF8DNY(QBfDui|PyaijB51fns_hOER>73jTBi)Rv@}YsO#2KKZwq(bD0@ipJ^8!*v zsBwnX;=v7Tb^KoiFc6JV4(#_~ZSIRpTTvS%wH> zpXJw(b8NwzGhm&n_`Dci)NnqQDea9M+v#-nMEJQGgK6Ols+ISYCTLb?wsKs`*Qgxf z+9i9%M;Mv#&i9%_`{1D`)4!OROPd}5W}x$@$riKiBcbC19qUTXzC1q(p)X%l&gcxZ zcBrCMD-pVM=3W5hFjVHZMg*9<0-t;2x-W~tl=eNs&q};&L}eobY(C&?XyHI9J^Ddz zMuEAL`)_ms^1#G8!Nl;coYJC@&SJ~vau3kln}7I=O9;AxHWaVO{T})muX;d({uTGJ z-~S9Gegy)uHmP0ev)Pcb>?uD*7n3VcuicPN+aoqPXHsccY5Bmfcv?6r0sJzUizST3 z=y*%88EWaxwm(fC5fCa#aoagVCL;nS;7^nks}bbKxzoS}I4sXw znCM^!+Qa`Vf_X2lp5&brv;6r6?&t6e(!jqdgT>}e%c-p3KYpoVAfBY*Q$(6=BP-R1 z(p;m@AJTPT_cnk{_Uw{13M6@t2!BW->Rk7i9HsBCvPC}>y+gU+x$ohDptkovN6ve- zJd^N73kIBQQy9j@kWe7Y#!;8^Gg95brvm;@1$1m97JLx~pB~+fNpSVI5>M?2eD4;` zdkd_|#N|(#3&xy1!YS)|{s7hbZv8&^MR^eTb`c~9zFbpMPWeoJ&49IaJ_sNY`@Xwk%SmD1p?-mMf|XMt zUfSZw?0&j0%scOi`=_Zy-4=?|F*R))8Ep&++T_@J_QCTiqufgBO1c!l4h>j0?=%ij8 zEJsNT-Vlgk%g+64+#|(b<6Pj!!q~-s&tjQ76+`NC-~xcCJv>ey@O2@26bo`|2c2{KI6GD(uQ2N@3E}h}gle^OPdr+g!d|(4oO>O;t z%Pl1UmBIw$<=txJ3zT^mum>*q!4pB^sBJIt8ySCO_+F839X-bvBWaK~mTwivN{xXk zR%TIX^{{$|o90b*;tbz#3oCuzQ~8>1I)*vTV*5cEzx~N)O17* zhcU6V(JEVa>p{%ZRi+7<2DvZ4p}?l|2cHt7jeAMMv?J2anW$6OCq2fn& ztg;^k;BUK)CP#26I}VVDY}02#b)p$sKwNK9MZI{HN&7~v|BJTdTYi7FXmcoSVJl2T z$_1y9qX4a1OZrdnsCSw2r91VOOw^1|K@J_y;3F)oQLLAy-RWK+6{DSark>&xM_Ye% zAOkdL+kI#X-g0fC3~<__+=vG|*~5fh;KH(H!_zw65xG(C6zSzpFAP_~(dv@* zEOcj0qu#FqZZdx&%G}&UmSYQ!j-#4j9tUg%*|W|*RMl>rrE?dAEmlY5MuT>Ba9+6> znc6&CHPY3{BY&$l=5|w%wh=fXj-)wcyR~VCim&jf6PzljuoLTZd?LvuD`rsXwjtGWRi1URpIq&%XnzyD$Zpcaj}>5k3^0!WkK0%Lv|6dDt{r_nRVkraNBi{|+NM%bz3G%i zcjci8s)#7&3jC)&Gl|Umif!D0gPgxi+Uq$Tp2#@t{*g%|fN z;XH^PTqRw_ROpoD7&RQDAmmnJ$bmJmdO6=rGa+#m+dMb<^m>t}#J09~LP|7k&TXe4 z!S`m_=w-BsT$}(N{%y~7@99fPDF<)Hy*o4OIz#JqpHfdXN54nU8R@~b#-t{0izF3l zbUEMMsMYJb5GNw2=0EsE+IO+ljK7_!8~hAQkY{&ISDObCV|BX5^AKXI_aaeVQ_<|T~1&-B$cU<79H7;Rl4e7+D;W-&ufQI*Kf#Qud2z6PFEdN z(vB8az7{Cwr?d8lk}O4_iNGZ5BE1;RmWXm6ra-ic)cDT1d4`glmj&xOtm1=Hj6UCa zs=vmYQtj0Ox79vraG4{TnK2?qtYABPoixZFrMKHuCpoQv8y;AR(ZS!`;|WaTXw0?0 zZ+FXCcz@KyaeTYZ)YN5c(r4AlDm!9lByNo+l;v8}zW;N-Epy1(TxLq3p6Y_zYHe}c zJui{+07;@_eQo9DNn*2;6xdqdj4IR=m}7lr9rJh7KX&UWH)6#PZKrj@vJEiuZkq;nD#4?w>7}Vho_h^k?)S*% zo`xUDfO}GRJmAx8=6&4sND$uHkMgdC%2sJrkYziY32z;7sUmiA$2G|pWoNo#v~=>V zX1#yc z=&Ao!1QS9+@tCw~?3W{{W%|;D=i*bCb*kTip4&*pgg)dL=6bi}>4_v@U%IU2x_ z)8;YaU({OjU}e<0Q_YoOSMU7b6k-GNfK;gvGY_mWQ=7RT zNl}}`h1q&NDzw#ZoUo0&$-DZcLOX^eLTMs;6Net=(%ciHOE0=AYdU#>dAQy2qGTo+ z^7H!lPAC2_A*ibO&I+2nfIy1vff(OEoH-fqN^|;Q02eI8YrY7 z-wRhcqlB8PL0eRaPz8!R?{Z5sP2Pu3&^#!KP#(I&LBclD6rK7T4J#80>Xtlj&SL~Z zRJ=Hoy>iccipOxq&)^9f%=V9I5Ces=(JpZ&nk?ZsNAt(m1ZQ^$OP|CV_4NG-zUAVJ zMo2}WBrHPqO=KZr{Ik!iFVfexOWV5$o9Atjqm#~C=1qhO~x zs5cctNj*<158qZ{=(1YVE2}`*UK5$ z`c~5BU^hGFgrJ0x-*=lBWsIX01FTk1y(-1g2Xjot8NbRd%Cm25;U4(pe63r|tC1W+ zK0ZrTKWQMM3=SsnZ5P`#)~{8xa$9oc zZDz((1NS3>4~R}L5u{%iB&hVtwU z1ztsSdxc3qLn}`tnO<(N3D7QMUL*k@q?fs?k=1D4RK?Rn&Q=S&KS|niVY{ zOkOT4DcCkL36!hd*%EP`2eC(SznM@~ZR_lQ!=_h@?9()4%(6vNCI;nHG>Ch;kDBLA zsmq>&vrl*}b}8VYw2J7?5u|JXxI1s(gZe&v=&YHzp0R3bmdYC6fy*raTOxE98(XzC zV@uqsT0YveUwde7e*Ze~q+Nd>_=7{o3l`rXD&r#HRFGcGd-o<@zg&+vMZJO8HE z>Q$@isXEo?bXE1<`|Kw|MM)Y70S^HJ0s=`^MnVk&;uG)32MZ47V-F$z2HM98%1umG z1MXw-gR}VYv5o64spGEhY~>C#b+v@Bc5-&KWOOrkwX}3{vvGDm|J*4A0YL&GD6nnD$2S0)7x? zE1AqH*E%tVs47;l+<^bsCV{8*-k9(CNr&(G$eF?5;-an;Dimp=+9&sug-iQ>Qn;YF zsu*HnB@+`9gM>uObbM|nztc1*QPinuhJGY9O$eWMqTsFzS?FFcSfmcd+D)IxwwtvP zB#}^X6QzL)wTVt4?+O!4dI@iC%Ynz?{F_FFgt%k2>{mpD<$86d*TWvt9u^i&^3YAJ z9x7CqOzukJ$5jTjO})H*)bcbfR|ExER5O2Rm3!-UPyp{vpk%wdySJ_-nP0fmeW$G_ zar_uJ&p>C0YqyC0a>waDlOAspc8lFTv+X#49>2CQ6P91h`l}^G`4PrMC88_xH&PcD zTbsE?&4RDyYo?(H_+=_Y!>QQN*x75x^@GP1*gT3Pg3oPKxQNfH7XNTfqFr9G0-19+ zC#nbukP-K%VIGX5C@uRct$uJ1q*6_cy%WS6^B2^ywGlcFfIbCx#a*$o;K&$Un;*lc z>xn7Jw_RN1ZQ5B_P*@dFNk~elbuC7jDcSmGhk(cz=1df!HT6AFGb znZGr6KS>Lz6&J7$6PJol&9C*(p|f%3`?!KcV?p|xgbOcbZesbzVK&CGPP(PV^60hIGE)OB+`kdNo*W%<Jtki<)NLk#An~WV~Eu zU)0CmkDq$paZ8Q7;w*9N)kKq|q8P-zEHJQ&iqdrX|G2D3oVEKYc{w2R1rsI9g+@fc zTUl9^%-SUl1v)D$C9kIHHE+KKy4lbr&b{?!K9qq&1UKhOvsdJFbWIgY*J^Q82l0OF zU7q^t>&Fra7~PhR z$1x*9Eo%I2VfU;=n@Hn8GilECrs=pvB;B#oyaqG>Thc|Xl2Rp8PN8#E^ty(RHmii! zfxz*a9^yy+ZBg%duea~&+CUBgLWTUx--iy%8nTQpQQ<6radET4nb_4(#(r=0GCHl$ zW3}!xoM)q;dZ6YN?Kke?MSsDdz{BB}C>@Z6Y~(obbm=y6SZ?8NwVzhDp1OG2cGCVv zLaG-64S`*qNHXl2=7KFRubNfFYkBo+&595po2C5| zLnN!;tOy_rj6H1#HttmSe&=EGiVniQ?ykZb z2#esC%Nzs0=9EW0))qs_tRK5WS6x4sJyUIPXLzG+uJM<7E`HNR6CkLx)(JiXrPP1P ziE4-}3<|FNMBRT9>J=VDIj0(nO-^PQl$4MF`>!+RFmVN~AwhcQkB;vyYh|_K4}Nij z&C=u(6FQ%ysl>5I&UpN;`bO_oyPJqFU@-!&U>-!O{{9{@WJ{*%Z8yXPS z5Dq1*rk^>(}{ab05>JCJ~qP*D;P{O3GO7aXb($E!!e6f!B-E@WIe~A%Nx^T31}6W zs}}CBEotgDcQT4FmJGGFV?F$+7k&5&4}?pmAZ##PEGue&AOAc|Qc(z+h2ct#?4!fZ zvTJQhsf^afBbIQ0k#95&uTVh#k$-UI^4VlbBCJupoH=kqDA{l3uROA2Yu|Aia9Pqz zJCn;XLC~nyN)cp`nBqEDp?f_ES}&Zm`Sw5o-0nj%>I}$k`s1B$bCeRZb+}D(a^vm7 zrTJ&Dl&YUFGVXT%jmCIgyi$w$ZiNl~cDGjGHwO{Tpy9}OZhR*+rf`twDp0#P-!-hy(Gb;>uIcRh2S+tRODyeB@%p^n-C#nQi`ca@G7`t2OtCY zRb~ON_B`$fFf0_XJa~EB7Vz>Tj(Tu9T9p;|L|CV|5g>WZKoJsW4Kr|+#LXuHzcjB5 z4-YTPJDA?d$o<`XHVh-ZF;|$#4t<-uXiZs*dEcym5@S#^YKStJ#tuecZK!NpGz3gm zKt@3UF4>f3^SpCh8DAnh=;kag%t#okLj;vx{< z5>e&0W4KS3vCQvp+(K}ZbbR-EPP&i~rFw7j_(X4l=>-Zo7B9i`%NdH}M&>!KWYFuU zm_=J-37Z6!0x@^qbgWLhE;-!9J@MK;`Nx%kpxEU8aJKy4u!Lb=5EmxHT9E9vLHvFX zE|KHfWg3T3eV0{9TYP>Ge^deOsXG?Bdzw%o(ll_fEaVq8BaE?FI%S$XAwv7TmF$3h zF~l&1#YAynD(B}H+8Q4Y%@fDc34793pTf4Xy*oOp)0Y@;569BR4Tw-CgPl?`{G3NY z088@^Jg&NIN{b-_5M%MJ?6^Lh-5?(>o8~8JC%NB2^ukf=QFM>F>W9 z)er$D*G;EmOgL6(EOEI~R4y6y9kjMU^_M3p^U>!t*D z`@K7Rxh3Mnq|}R4)0Dg-Za_gn`xn_t;-`r!In%2h*FL$gk_Y+E2Ez53!U5|8%{1^4 zD#*x=3aOc&4`8T6w}&r)*9g3!z?9*>~J=xxsHJ!!>OEg{~RNC165U;eBbG_pev4a z7V9wPN6)-N|N0LkUW#QHmKhrxbGVIF+Nh5E{hg@eeaL8rN;sS&IctX3*!YZk-Abz~2wgELNxJlQ=`8^gaDAFr8l zCQ4P~5vH|pI7ia9)RiipHf6z4Db*MZE5NHn)>Zp85B{-PMgoVs1RGus-zlm|mwb*S zJ4;9T!6kI_9?ZTY1d+U;(`~d@2lwNESZ0+8u^hB!E3?QPj8AskEIN zfwxK_CFGc-H23Xc<-NQ=;BqauBaFJpF9yKa(2gn%9hduSN-gt&JcrW#AMN7Zx#&(p znuh}0aN~(9Qd-YDsO&9TJ^elKzOd2;*U5QG^M?e1$?icb91S&Rtk2eWMXHN0O*}ki z=c;LC!Xw)cQ53XBF&kH)GY#gg@4@l`LydUj->qr=pbm&@YqF{DkYi@n-#jDbUdwA4 z4van%1Eo(04KC=O3C)25sEN&R?+CW?t}W6hdY(l1&e%k+9Vy4gH+_^o96tJfuU2fo zGthC*J+sluT-6tWTRi>94yI1NzR0o8^5duD+g7^sYi4V}$~2c|2>+Cmos0PPipmpC?v!L!;OoSi zO~GbTgnOlGg4kMbiAph{@c2V$5%1bsD@UcH0+#XK+48_mM`h`=qb?mM;Yg5ea@@Gn z-Z%?x-TflRF+@@29!sgAH$rMj|1WQGS{HlVsIkuMeHGt#Zl73`?Qq@ffkby7-Ba>0 zqev3%XHoaE9mSlNLK`73RLcVWtR{M=aY_q6TNzh8Cug0}_U>$3jRG{oGP{MEE#);o z8;>4&&s)2(1N&aw+FP7Y*BR)n)=;0mUIIN6#Caz=KM9|D7A#){XD#r>M4}W;6!e+} z)jQvNJMIY>)juY?0nY#%#Vc*?hQ*k(+PP+aqUZ=e1^W}R$GvfR!a*s3Wy5U2tR5qO zoepbix1-S7iv4k@HV%puUym~yC2ZX8GQ-ZvepZN1uGNDTYvMCOtQ!AeFFB)ZnR{LB zADQAh!>iC83%>4qHWEjSl=eMvOPwi(q*OcfdqH?AdVGniH%Qp`uY=bpp5LYx`e?ZY zGA`h5_F@(?^isd^zbx6au?kvE_YO071MGlh z8lIbzF}GP>6{2(Pds9WT1~oL&!7qEZkqQqyx+$zUhy$ReXI&pQp}}4Q>(Q3|q%*C= z6FPf2U{$!?yQ@-Ik)Ozo@*RtHF0P|hbiO7n^Hq|~Scx&-CWbI^>*k?Rk>li~%bt5c z$&TV1TJ)tc59;{v7ajLUM-)=|(fEhip@>4c=)yv}U2iUR6Wy^~TS0r(?qUkXFvM;B zp4<}@AO6#3OYguU&uXQb?hf}0`{3) z-C^jhFZWMn67<$$XkJ1Bz(7v8+9~&jki%#BOul}kN=G{O0KG2-lA{B;&^6Md~`KS24k=K!|*(Q$Djy5bsC zLoQ6EsGCcoIzhbMsa5NIzaSVQ{glzm^BDxM5|WU^?*=i6WSTEW?c*P^By%FYO1Gzy z_9i9I5;My}9njEIWn(}|b-shMzVVl(Dxva|Svp1DcjBB*l$?Zv&nN~dy{esh;dzq`j)v1m`en)*OcF5-`x-xCL5aQXs`;VCpMscW7G0vZ_c zC5Knyvv^%1Ccs}%>|7hN`VW0mdFp&HD&=)t%q4+#0n=%`m(*)&_S^IP_}fWdfP9Wl z1Nnd>-{#6*pvP#k)Pc7HqxgIPj^{jo*S(W)(bC<+cU+V z-%ULE8KXMhBi7HN+*}W3%V*i_=Nw+7qqlC4=gB4u(aD7)*Ik@?xpG1}it1CMOrGUym#i%`mk;X z|4pGVx>hrzCjvblKuni_i_E)jMag@F7q!G`VWt3Va5xerjcRJ4sWb$rNncQCdw+nA3Qc%=?`{qxREEjNh-P6|x6Pm_zM9fMzIG9JRi)ZqyZ)6qmea~@R z;ogLkkdN6KD8tUzOtCI?dJ>%3mYm=C+s1(E%t2-5bQ{Xf(f|TIm8?k~pU0gtYi_JT z=G)#T?O1z5v6_-Rg;60lwsV;fy@ns1lLy zM2K`AYf<#7+eY&FtJzM;F@uwKE^9R($n=^-PLJAKJ#9Zv%}8(>XhaV3_X<1j;i8e`4QM5PLVC4bbcQJ0N7~RI&V1qXqU#ds(LKKIVl{P@ z!*^{d^>*1n)z-J}UG0XI^zoci+tb!I>JQV(Z?Co1yl13?qE|1_vO?y6SUZII5 z*Z6`lVEd)TjDv}i-DChYCGGY%$PEK~4$<;boV!Ki9<{w`{O|O1BDr*oN}d?>2;<0O zsV@*@F-V5CO3hX_d&ejkqtQS~S+TBbk`NB#Q481(40L&3bq=FDDP_0*{02S7+7{ql z=3yM(tK3s+Vk)ck1zN^aBfBHon=^-{)1Pu^j=1mZ{C5YvbFe{-mP`M%C|SNM$;S8i8oxzHY0l`SrPUAxFVRO*EwE}1E6p7jPF;Bo6VaeRwG zqw*~n7UiP~YAMXdq9IKdc4&b1d@jhlqH7y$(8Zb6X zLR#9~&MuNdHcQYqEj z?J@ClF@LMYI}D)2*4kV^=A`CIMmvyo!FPur-1^-32+}1-sujxBxa}()%~eLFm*S3Q za`#NBQMA;toMo-}!jJH{x|86C{WO`#r};CWw23FKE8NUFM%EAC4SVSRK`$`rG*^~u z#X=DrR+{3A6f@22tmJxNkpBGngBmd=lY6CT6dgNKm)cinBKoQ+{q6JprAO{3BHNV^b=#vFjEXp3nV2B$df9 zO*l{}o8O~*X$h}T?fViK>Z9cV-mHvcn`8@$>-s33n3$N&QXOrzac7ZfPni4ZQZlP~ z-!HY&5}g{dloTuy*%D1U1qJZAl8{tZB6b~Bs9WCGBt|Z-bmNXOp;N% zPYqyO%EIE~ZV0MR#@yT6+uAoOMXmhjOOT1`z&DK-TJ*+;5j>NRGPe83}x`0mhBl{`oxA)%3Mer$Sr`bZ4g?nCzCh=_=< z+M3Z6WB=48PlX1D&4OjNOp9E*Dr;e3fn=EN_4zj6KOC8W*EOVEyIQT)lksx3iR0n7 z@B}v0X3xjZ7O$#GgBfYDzhq`+#^bsJCmlmT8TjUxM5~U4f&x@fRP1yGHE-#fX=Ked&XmL4?w zlL0nAnBf1L?EN1s@ENb}y8`p}P@_CiT$rsvXx)^ci7ut~&=|5<=G1mUT`UieHOc9b zCP`;GI&Y*#zGgLmf&by#Lg2Hqgs|56`#0vq9W&-_-lZJ z6yCgb%5YF&4my(~$|coh4f!3i^E=2l`Ik?tDTDCs$OAUGbvMBFP&0N!$}~c|a&Ly# z=5`XhW$z6+Y_7a3PTg~cxFsoAJD8_)EEfx!d~vEBl2eLkuP|-?(U>0neM>Y}ir)0M z5@W1<$&jMyebQ8#RL4eFwmpF^XRzokw~PCsY6_?8-a2cr8B9fZ#ir!|eucp)>my#L zh?+(3yfak?v92UCe?;IlDHL#ZAb#wzM&`$K1DWELc7aj*6r#;iHt`kog|B|&$V=Fu z$W0r(ci2u=HpAh??@^PUS)H?&P3hO)L;yjwc}R^DP|z~`s_-c~vf?9=u`~Ax;mT#{ zT%u)Qxal`AsmcGwz{Z-A+x8zm$=L(ju6Fxdb)fAyPy3iNl|WUY;JfeS3-=Mko31m8 zb4V4^tm6&~tv=h!0aX3Q6vSCWtlujR4KurWvs^AqdnU3;0qs>GEefk66-vpMcP>gD zFT^wCvrR&CeNt1QYbN86!WpS|1tP7C0*VU@KeqSz>Az75YxMAk(?i?eSoDtCm<0zG z2fm_t@ieQ}J#r|8Qeof>k6N~u7}GJ2A;<9eU=^>$A+1D45*rusDNMWi?z(tl<_xtd z$)XvcQ8`7Y-Pv2`jArydhHUmpALX@oM)nc$+O{2uz6f!yWT_KkS1URAmnjSGDcgoW zIMOK?^faCO(VpxoRc$Ha*1jKxD~A`{^4RCPcW`;?!RBeS{@PA&CC>Os;&Oh$ z$FH+DXY9+p>)8z!l^^~{TFUFfD_I_Z!yuD4R@*UPcO~1G;2<9VwixR7pPt5dWv_Oj zk-1FPZz-)`{A%tGMke9N8&dyYybpcd5wB{DXw0-)h+(}pk@vP+ckbF6(uk^bcqKHX zQNQPL!vq;=pnJ(kHZ@R8P%U~mjq43UoB|m8601r`7e8N4Mwqe!F1!`EtFo6yF08S% zZ{h=D6h|SN&Q`4-Y~y@0&UA7=t3|mdidyKf6rikDDtNA-|A6#UA{ArVRNHf|2P?YB z@72^!&(BjaLgZ(2(4nNx^6^f2+-hUFX0X`blJ2(z3ynpiR$b zAqXbsHdCt%UwY-=Q=sX6%xl;2SC&7yg?@P$_O}~PlW2F4BR5yF=Lb8w`R|FDwK#25 z>whP}+Z%9RZ?poq$Q=qs_v^;&oRsi!WIrd+<<9}OP5=#x&oOO9Y@nLzTaMZO1kki+ zt&@xGZ%?Frr+5Pl`ss;M>Vv+$vu0QRQle3&TZ5Y=L(6(3!@7;v?g5(DL%>Zw9jOZ&;zzr6qm3DY~A zjX~WLsczjIzNB)=?mbIC*pQU(*&L%{!pe)T#VPqI+AfW~Qa|rv|2c4_rs|y^1Z4?N z`^-_4L-mFuny)&4ULeMhUv=I}S)Rq0?HpoCgM7^J=m$ECH|^f-|_(BFZ2i2IL;!ZR2qyoV=vOKzW7p|>d6NuFr`uHE-q|a>#pUNu9llqe{VF# z-_tfyIJtna64AE-pqS+vnskLp z1Zornrsln1HiyOe3@@nkv%a~D(y_|tP9R@OrfcKNy$=DhgR+pq*}X(qKC90u+D4EoU(q<^$)F>YzIf^r zoqKOdz-%vL3-gT@jhc8`DFDRLyu z1Y<}2i{fT>e^A_kP>7kP zuXX!Tcr_N9m&rl}$rMmZ5JPhGhc3QeF9L)@euOB=U=24Zzi2ou( zTP>dkJyafv@WR5o#&ic>ds6i`<|&nf`{W!Y1W#C0o2ML>ptzEbdY!RGb*|+V3D7br zlhYJseEDg%a@-hG_yPDycNjM{TaUZX67d3qxSHV<{W%bx58P%iGh+^`?_Vep`EG`~6$FVzq~|fN8o5waOw3H> ze0F$7r^{Dn7t{nAN3HRukwN|n*;=40Fe z@@WT6KX=Q+)#?Y{OBP!MPdlBJW?vcxjSNatDv_WlG^k{kB>t0$$COZfcMyTu`9qHA zB$%;WiCyDX$ZQldccA3nRh*60{&lnfRM#(Xh2@N9oTN5XoqdoAwNh8?uB5&*-&Ys^ z{UWot8SC@GnJcvh>>a?irzvfE4jEu^lTje9h-+B!J;{j4R(R}vrg(;$Rqr=(j^%R3 zd(G9nFwZjsexW{cp89?m4}N-k#|STPJvp?1f|utTz%I@1HX)kmw{~V_Jggs529FEq!Ji zUxA=HeocqoU$J!)ta3)2HCkZqJP~GO+B4BXz`&n0$2%)E+jDWmLhf79Q*>{)H`6w{ zkelKnpD4r{n3e-e&HP~{AUG9QdM6AsH|1tn(`B#h?*`Z7G-EcxKhWQ_e?iYZu4n2O z+FK!>K2SZ!7l@oQUs%H#dUV`+X^%R|;EuEECHN_{{uat4prhWge&1w3ps4*`Pw;Zg z7D&7d1`|Kk&KC%MJ_7r$%)XP@$+PBWb!*9 z&f7Ae3I-OiJHmv8LJUs8e|Oj;^MCM%bY9yyTBlxUwS^bYOex;=Nq?H|Q)4WLoVfOq zN3rA19DpVtv!MsgT8M~KW{GWq76{rFX$z`F9TV5rEPe03 z^<_7|&RuD(ON{WSb#c;@AL4pS4)+lnzEtPM`YVnJj`^k^a*QNl@JigXw*o!@rq~)~ zaL&{^+-MQe3p@mLNzfVKDhE3wr~;)p6qm3_+5sjdDWEBw`H=IqRl?Vd5F7|22G)wUB8m3VpcLvEiG4Hxnz#kXqdM z+q2O_VB&js9#s$D0;m;e-RI0ZJj&n5)9K7Pd?zUOu4{B0pLMb=U->B$o^dLXliJzs zdc#$!uKZiL&P$q%x^$Zyr}bt`ZmBIXc2oCC!hCq~ zq<0^o7$-u7o7S(}AWQeLLYNs0;^s_8rJjr2l^jZx?hn;owP^_WVEIaI=!CmE_+5jU z_+G|xTPY6|oepY8IUVBb&0XL?eSToG9`B92qGkQe7aXESD7+H?fdu^VucdCR)t==Z zdihlTEQxR_o<|nr35_?pMVCn10Zh}89T`lI)FQEha za9`B;(0DZm@(6PCO#~V{BV>Nw^GFk@Mc!@kv=*&jy3giE3b_BB$md z)g(JC4(3X%RB(K*bJas6l`+WmhV*t*+4ltIUj(kkyY@dA3veHbQ##qvZ7wLT=5 z7k5>%!NSCn0U0J}Ve9!rlQW@!*ZQ8XAqvu^DjO-I8GM$m>QyDwFzo<#*C>iqWR98| z0|cM3^Khq$0w3Eff>Twx-gF328D*H@@5SRrAg6WQ3df4azTxzRg_-?wOj#yEn|eLZ zT=*i}=qZkhjoW{MkI)-yQNYhZ8~jQFe$G$GI&doZ9NhKywRn?jQoJ1|nl6*u&btJdF5 z&HwSUyD>kO=zs*9QbMBmqT2XZUs!HEC!e9^sGhF`hiT~hRKD=~Pg?m)zS!?}yi94|bmCX}}#$)jVB$PP!Y z3EYQC`FX5x$*up;EK3=%lyeg-fy!2mn6i_kqkS0UeBdhOi17F~lO-i{*hjTf!zk;c z*>S_5)J}@ugh|=YI0wVl{*%6=7E(L{@I-vcOyzA2 zn}o#FC2E3D4Wi&c3A4^RRMj)iRItomVuJL^2)p&2zFAI`-s2n7-QEj#M|{x-12&z6&!OUqVfPms zGvLLnC>dL%&oz9&jGy|$d2ZIcFP%9}r|0sShuS}64WxT!oAY@LE#S&MU!{oqAzqf; z^WAd&o9=bMcZ}P#-X3JD)`p~K`dq3noDD?l&Nao?-R)WY?V<4NFziK^!k(Qh5PD}! z7rkrw?9%E#2jQ;lk&$f0a@&#J_1aR!1Ai8E_t@6iwf^Lfc$65v_0H$XD8`Oza5R<5 zcG0@SAL~dB1MhNUG3+U3z5|Y)knV2kEet`sQYs6oHOkyqA%v#VCO^LdBroqDq}&&+ zl*60(c>-=w`ZU^xnH^z3_n|UwVtuKb2?PnWk9?2QELNQPbL+}^sb)%>#4wXJQt${n zL!rRl7=^5j;bBL9xVbjNVNjc}daHJ^j;S%&jmBPem4ZKW)~)(A zY(>}lR!c;#cKcNLF~Np}eWx2P?xkQ$ubSKl`@HQHKpms;H-qLVHQ)wDKpj8$YT7h+ z4kzdW+H$~HfCi-1UF|G1q?|J}ShT&aYe#akq81jLHXd_LDna2+1=6_^`;rDx0-!&X z#G-YIAL4@bw9}5IK@pf-eGHN+&3!;jd_%L8lA*ty?w;?Wj&Gn*+1l@UJv=q}C7g zBShy}DKf;Xe1y1Syj;HUqFl)(=awmU21QK01C>p^G3evqS)EN|+8!!imCebiT&|*L z9WOGzOSzn(8VI5?5>KcVG6QFlt)q7wu6?R^3V9j=dp1xMyELq)$%Au$GadmrnY~p< zzz{w)u6oqpC4hCd0`TYVHx{In)Q}9Q$b$m~adXYWDO* z8J2pidC^)LgGT6{j}r|qzXV|vpO5eA&hAT?F^g^L#Nx6mO?ca2wn_2Evm0Xu+&GUs zZocmzS<7C=w=V8+AifWt>Ryo$6xQR1mivVpYf+kz++A9ZEMcgM#kc*W(eL?0&Z5VcMIoGZtOYje*Teivjy@Xu5Qm?odytNEB+<6}iH z9zm-!Yl(5Jq&rZwubOY>q9%P!*%4FBGj`v@bJ|;LQ%egP8roHT59*uv7*vPV$;z!m z`ds|Q9~9%w`#V}Fi(ffe?ZNq~$L)TXFYMA+%7^eMEq@O`f6>LW5HAGqZZka~1YKxa zq*0_^CZ@*kxWpjZb;r&dl+IWakq_wxHb;H9mfEO$D4G?-LHTb*zBBJj0JtCsi-Yp= zcP6<|$o9?7d&(~WA*F|@8yLYMj+I|p6wU6xRA^krtwyi+t2;btg5nMZ1K$vU*7*6w zZx}tZ?!VN^OAV>Gk0HlMhT}#D--NyC-9;a=(5#M^+RhOT@l&PBCkr~hexQjj>gei2 zn781erHtEWCYN_vos2V4W;n5hGg1ACX1MXFvRIxOTHu;vbiZeDMw zeB7l9s^bJZw7Qv|uK}jJo3P*_z}OGOee+waH#at;f8(3*`*$JzDOH^<&2nB31U<{Y zFtVRRp}otv3$;F#$F8l(x&>mtMIW=g{3P^%VK%#8pXaT&;u%Gds;Sh*JcyX4&{;gy15zP4e=A&0^enD;gkQ zCHXILAqF&1o}xG29;0&h5+&|b8Mff{>CXJQtHliV4-y>49#4a$hGtrg0ys&ucZAJd zlc0is`Plrdq5tfJ+j;G~6q-cmR5al#I$WIJR2xI0P;*Ce<@S|Mgq+DRaHrn>4k&Ho z;pf>p(9QA@=W?N^3oy8A4lDleP)d`mcU@!pX=b9G+kI`DwPWP&STDE7^PeLvjv62r zOM$HJRr79<`*C`f_iF=Dqt;!%EVQ$LfgxbnIEAW*3oT72b|%bLFDT&FS~*X4#3q-b zi!yI)@>|3(|AoUDBooDp>mK>-grJW2aGSSn^WMKC^$g>1gSFL#ONCsYk=!Zd%Vmx9 zD}3~2&Ab92(N(JBU`X(|kbuDJLe0b9CuwVsLaRZ)k9R;qv4nWonNJXMT)xv~xUu=r z9F6>4yUjK8ugi@; zi+5%t+;crbo17%4ig6JFGv=TDVjGfE8`c)!jt}g16BgE z#`}=+X#*S)+V_nV)lj(cVxN+~p;N=@%w-e6!cGD1G`ElP;LWD{bTV!#eg;FDojY2| zWRrRAT>MtJjvqNxkLQaz&l^|`IzNs1^QfgzcB|4{Z}F6dW^i#n?tEVlUNexW9=tE* zwG^n&PLk@&n)CdzytlW~3wD3YR@bgVV*$tCW_MaYW+zQ$vG$X}^Ck%Qb8WOjGnWeZ zafZhbZ^g=sUY+g(mIe4`)W^O@7+4;9JU&M4 zUkzi&?y&c?TcGC}?{wxCwB>Ga&RXD)zg^WxkME``j}0gKE9|t9D-SCh6@qCXBz zVY!ydect(uvd(<$ z#9K=ed$C;p8-d*qeF8V{3WF)i;uW7|H(lmo5QF{ha;?8*tljX=vmURc=_kkCmtE?? zd2>tMIiWahjd9vQer}n$p>ts_fn^$QrfF>1qCgQCAp-8ug#F63>Is##Zwx%o9FQh4H-ej%lEDpq_sS2mVB3YQ?ObP=-93t3Hh2ZbCON?;zCk%HAc)Ke{rR z{ELhHztv#M5xDCA>5&q#{4Y4v&&#@IClpI9S598`PU?DLb>IQdhWPb=LBe4H=S~rA zbx4gStntJOq6Rwbj=@Y76v_st2AR#+ZK`oCT(8%8SE*<{@Y$ExDFYP$nJ;DxwdVPd zkE52JFqkG2SDs0paevKu#2Zg7_#oK$D$z0-j%JR(6WS$ziKdRVR1fW_;CAjFVx0xZ z5Rez3)xz64!%D7jF|B)1IR&%PKektT2kd^DTqr!%F$w1zbjy&&hU41F3uOIJmH9II zQ@y`YuRpeBw~C+YWo$J}H+eFnEk2_kC5o@xgHX|x&kM5U z5scC1)?%uq6U0eq<1pwHG@Xx0DJ!KPRKo&H4|1$WIx4kW&bP>pXw&6 zEfHCxc&pNtd!%!4CxLacEG!7eb=9G}h4}k7Q{TFY=pO<2z8?8xdyj^lX|JwcoB-F* z;i~^hN6;1FH14QI2Kdio=k}PIlPHhxI6ylljkOg{&M> zrFW{?2D4Aub1z9-KkyG_G6~Q9HsPXINao8iY)PlE_0O`%&PAiz=e-k&ve5jo)Lg~t z(Tz7Igt*(a>8-$j31fJm$rW=lzR4C)ccX%KDIaNbq}PSO-__)8EW=h1>q9rb)PSma_dD>#rcwZ5cSrLRG(SI_fNb3MH;ValD7VuSqLk<>^T$eM{?!W5 zcx*Ubn&I?pIvT`^jiihA@OxLkCLl3a@2@x%JMiiC@%D z)Yf*$F=B4hShu0F!?n8XlhApuH8-W-`?83g96+r9sa~Qw-Dn>$K3W}caq&E{JLyrU z2>S(3(ZLEO>#bmvj*5X(gDwVx5}0e zlFxJdUP$c_ZtjX_9$D+syb=#iED!6% zy0kU9RJMP zfFg}%Ge|&}JsFN05hz&=q^f@oJe7gkydHA-n4q9mI3|9c4?KLW-$s4IWILIi4a5%> z`))+-bV3f7o2gW+I88wJ0pmY^>{M@X5b$z&w+|$M*-CeCT)I+cW$Jt*g)sq>QFNA>ph368S_%POiQV_YpZ93Z|Wixw;MG=I*Oo6~cc@A0myi zNc^Y}LLrm&qDyVd8jdHdk!I6kAY^5MRLc}_5wK|^ zMV(g+i9UclY{r7lhr^1;?*Nt4e!i=>R})benl$_H*5_=!vp?_ib4^1-*YI%EhvFId zneij?gkAlIku6NG{#d0MphQvbejEIPbhv$!5KNo_JFMjfl1dyB%2N5Pm&_B}6 zGqsv9lElKtyRFUZX(wVbpYk8cv&%%J^aTx=jT!RJ^!goaEx7|t6vcrfd!*z%HtSJ>uvk;onu6?hB&Xw zvdGBvA+#ULqs8i9AB^jfu=aB9j#F#b7s;2{+4_GROOfYRxlI25_5xHuq`asgofA}H zR7@sfa_2`Ny=A}M%5QA$NKNid^I+ON+&DtiDf4jb`uer6{sFr57wajfyb@w@!z=lv zV-`DEX%)XW0@neWDeuJn#`pd(_@YHYKj1R(dnXtiZJM>8Dj7zH`HCH6$ec<&!xyHJw>Dk8i_q5NgG!w8Im!Va+;&WoF#=DwaKZm#pT z#hD~ZP1a2?xG3L^5LGrGy>7?p5cpR7eh-VE+9vuO(%Ag|U71IZ=d8BoK3IEkWy`YT z?UX+UNoTN0I>&0Dwj2)slC_f|r?1l2`eNkSx5?{H-rG2_r=e8P%e{tJT<9sgX*A0F zdMv-~Z38DIcN$^7`8+swfPf?SR5})P2d&&e$eEK|O0@Dkx~^dFP&7HiGnOMydOJbj z13t>orI#{50&CA`k` z`KV6i#T#R?f#IZ#4!N@{aT{%Xl=KQO68KLGxzRqdSqisS|yY;m2A&na%zRZM9>j#jDjL{#( zb+RNvXLnmY)HCjrcU02Ffg@^~Y%Tij?-hi#%`%%T%DH$URz&7tNd6H3GMU;309?3%T~40R7t9lOC4Xhv_ZzGSdATb&>2!c3wI$EiLkO&zDHH|& zEs3Q6gfSJm<#Rmre@5BGVYIiIUC?+{@b=_MM&aS?v+meOIk(65RqQ~#Zh3IT< zqbrD(HiT{t8&P^V)L5k7K+KoGdT2jWCT&9WHOY>lMq*m_c#JWG^qU z|MX;jbV6aBGCSXfB0gZl<+WkCQ)0sPltsi>P}DIOMCMNieLKYI*RLXCq}pK&U><=( zfKP~bxbotYhFaZ}3`6>a=Js&b{a@u2h^k3R_f4xlf)FCa0Wk8ac!vsRNNntok*^TU&{Etim(hpyo<5prJ}@r5;9- z*WmF-@Nj0eNE!$|zwIT=E~djSysB)>%5*T+)&}z8o<8yq0k*c*_HeCUv&{WJnUtd+ zMk>m^i+4(RN?_c$-rV7qu-Vo-nIWD-_A?Q|Uo8QVW2{EJ>Oi;w+tuD*3&op9dm2Yh zt@y0$x3|MC=a7m>9a<#5RL0W>0-vLqN@)}w9MKHSU3(dUM;_nf(3$(=keBjXUbNBH z)FoAw8h{*2WwO^`^kX~6Z`iSd-ctOTxCKqRyf14Gw^bN+&*us43;44d*^eSzh;F|f zvjtt!d@*z_Z?$TjP6i!sqN}2E{Xh6o##p@X;FGwW6do~IWN4Um!?d)u=9Ou>7PyIH zkT_6BpRxb^Y&f1-YvXT;^uS-v3c}*tLzkc+IpP7ZxM1rnipBT+;T=+ST{Ys{w}IEUD6a(Vae>-C}#a2 z6`eU2XnKD+Jb)@VFD8>nrg)C_CmfYW+yV)6?9=>@Z|;q;rC>&+xzXF~q@>Y@xe4-V zLdgTMVzLSiV>^?k6Ku5G! zrPKcVg-3--`Xq0tG!Q)9s=)SiYbOijLsoTH$0)C6JWa(J9rnb1u9Vpe96K3-|Fun` zpw>O1x8q4VR}8%BFrK4-tVAKK2P+sc{N+5Z{aBE4l6P#-Rcq5PpQ3cw*Weyn1G;rN zyC^FUiiAex24Z7nv@b$kvBT7zB?AZcX)}-PYGMBWdK741)v&&jc`jtMCFd3XECRMs?yFRmr`mRLm77%SEb~V&pvkZ)*m`P}g#ri%|)yHz1 zz3|02ZrY?Tvz88etuGFym8zH-X6hU;ATHjF=oALpvk$!ys%btrulxQfJ1=o|+RX(F zxgHpdz?Eic3ui#(0{U+32QY!IrXYCn78!M~4RMHYP7W#CYuS3YY31P^4YmK({-b(< zS^**XVIW);<-?C^sQjGVi-$@p;4R&TLzDN!MeL(XG(f z;lI%ypN#m39x&S2IbnB82EvXa`t-t>@z9A$Aq3RkcfPUdnafp}gIu$}035@0)r8N> zC?j*#JPq?`eg!fU)}`~PsCN(dB{MT|C8>zM#Ydy^YyN#;yi7?Fa$DZ}^85%1w(L2>Z^C?u3I;7Vx!$I`99fO0pD_@s_a^^XFE z9m&EUozxvn3B~iNQJ-xN9Se)a#u{HeXI;`A|oBWAt3?-*hGmg-{ zs&Kc^l*G4;uo+ZoxP-rdcy%dHdvi0Pupb`U@Ue#cpLa~+5F1-GXeV?z4g3Op3Q7An z*NasV*s-=#Ug4_Ej3+G2x`yI8T_{H)=9hK3J;>$raB=lV5hKK@qBkciq;^%Pa_Ip- zleg0Jv3ce&nKKHeAk|3&e)4P7a|k9dzl@k5028+!F$ zmj>3fUp<{XQAD+P!7DJDUOY7~RzR_o^Z9)P|5qMTAvXXeB}~9)V&01x6|t!*ppZ;7 zf$I1ja*zX0)kKzFLGjbOxU6I4p{+h?J z+mEpEO7?FRKsu_r`RmtmY(1xsVE{^?zJr3MYNLYRw{a`OSOM1~oY&|3{hi^Y_PZtP zv@x?auVa=%CL#cmglS9FzTH6^+G35C>q&%v{pxgd9(CIk_aZTVaCRZ^d3ZE8i7%`n zztblzd3ky=5||m7aavOI5Jg7f(Td;aulT!WF*OgN(fW&-lZH_d>vQXCRt=6)jdcZr zMwWOm0*CLD3l=u^;dBwo<>jUD!$z=_l$72s5xh8kHRERio@)S<^0M*eg=|a1cl;qW zB@x)nMcSuG086C0;1OcVgq~Pt1v-CCM0Q5|_Kjct?tC<4&__$u3uy+=ez&_e*v8=Y zb8fX@Oos!COi~%R4tfzJLq3}KlQ%#d#U#ZCJT`qr4-bz=O$wx5b?j!buuomgm4#No;o)I8 z1O)xM%F=lnq~rqm3fI+WsYX`u7LM@v3b=foROm$cuY)=?m;s=pImkf`gOUy@NDcdc zUpDJFIhB{^ms$CVeBRWNOALVug+-gb9~}r5g31baEf#TV->Z}1(xS0M&p2W95kQF6 z;t}!A#%|#3nTUuJ$Sa$rrR4%xU@nJw#KYTrrqt1-_bAkaGgT+%Io4Kt9IWLN;xNm*W9T{%~aUI=@vN7hs9L)GOA#rF_%BvchYdW#?aE;3g_gW`Y9oQ8XY*CeY};cIKtU zjPFmT)W+_f>~BrTd$IJ80E3b`q~0C<-sMC}3N(9b7pumet|-N05e|^ES!+mGYLs-i zzo2)6a7W3!Y^n*b@Pz6f&6RJZ2-4LLf4xS4(s!!;`>_wskD>E?F&1U{1y|1LnKE6K zS&u(Z>43iBp`kCTCp4@knl6bmbrGm2<-IAZBzDN?v;r)|;Na^ls-3K~VoT$29b`pX zu8iVjFLqhPA4>R=v+{<#nUmb4vgo_vn@36;R&kX}%y`^I4-)l>0HdpmFL;zXw2q+X zCoD=joa2*$n5>seSpX2RY>1=s#Xt)vFuHd_S63oy+T%WJ>Mde#fus5nd-8s6|=I zls`Iu?7}%(iq%qE;?jLbGi)`4Ar)Q`DLr0~Kltq(aeEq;TXuG9XO#@~I=!uvVkH2p zUU+j)fZLg#em5>^vx|uRLGrtUyE~ovGA|l2suUU#Am~hR@*5}HGiBrk)&s;#Z{ z_LfP#?x(vI82M5DpUfJ$6B`Tl3p=sWLkJZ7Tk2`UZ~G_T{Yco&>}4PbXrGvq6|1R4 z$cIjt1QVSRks*&GGX@`AX~O-rrESDx;ny&K>bN_24J7+yk7nDK@*rd{Jexz?xXO`X zg@rkjtZHyV%jAy$E0Rop#=Qw~r%8ur`>v+N(*$2dR;#Gv-^sb=)fyg;{dK)7H|ctR z+o(P-M<~p!nVK*L?(SUWU??H&U^-6X+ zoernd+PTf!v3K#Et2soCC4vx|9?{`o`#xTC0uegAtmVUg*Xp+>wbB?zqesMa;tLF- zRFjK~hDCH}gk0@y;J`x%!SNFAJDJFZ)m&t}Q6D=zTmS%bu}cib_i1CUj;1l!@5wlh zRfN=887(CkQ5ARh-zj~G7P}WS)9WCV&8`_uJez&j+*EKKOr2Ki!k1}a9~k8q=u3{a zd8Yf(k&B4qS=wo#)INM-oS64`{&9$9~;I(CedjfoeUGCQVn1YcrTKRBrj6 z=PF_lEknJwc}n3iwnqi*Y`wT zwmU%1aw;K6?dw36faN<;u+&jbjIppq!A^o(CK$*+Yb zb_bac*0X}Bju+Y|YV_SPu$Lpk=zJ!M?Y-k)roNfIBxN_-yyeW;BEN7~iuiVw^*6Y7 zUCCGSeWz)^zdG~Bbo!VGz(tdGRhMpFZgqHIznlH>p*_C*+41@Q zdIH@9*+BGH=Zw2!o`Vsww^@hEKzu(5f9k(^P2tC@;r$05X;_iWE`zf#3)=e!!oGyy zt#{Mgl^$-Vsj1qU+hp*=goJ;ne`~@+M@9PFB|Ekks;Q-uBQTLTwV3H8^9r#|sZaM) zQSp4u&^F#nQE1xdv!S}c6w3Q6j~R4}!%HNDep2muN9WW8ml)u%|L>!I6}E#i|I5cC zJv)C>`mvQrQ4@-mK_=8H->jb~cLpzdm4lCVL!`nDEimVHTD{kQ+DY0xIvIb=XdCDC zS`xM805+{JSIz7Bx_>--iYB73*qKZ|FEVg{JR~qY_@qAqSrWYs!o3ovR zEUD$lpQ^varuYO%CNr?zx_ySdZo-Cy>%y>jQYMKm5O&`A=Gbh0`m*yYF2cZtn7mS@ zz&+P`{ik|=exWm!FF7sbOV~z9_~+A@;)+z}ZKFHZ7wsB%5i$$TpEV(PHeWLa;b)Nb zl(6V#?u=BYFL@sgYCj(zW&;j-T;dq_uAPtzTnR>>@A(D1_0W8CC1w<^39e-PFWuK=Q5{be-{4}rTNTNZ^$uNH& zX`r}V#*b!7x*s>M-|h=>Rz>_?vn}IlG{?Nd2!YN&$jt0tgsp&>PJ*6&f^vzIF1Ywf z#O~6<5-bx4%!0xRB%bK_zicYY;Uke-uM#NgxH!x;E_!BvqNcqQ+ybi{lX1U>WF@KL z2+3>93gdd~Yca^L;i7%W2nDfkXmp8An`&~W!NRIeD`!k!I8>u3rz|Wu=P5B=tC{m*6-<5Lh+nq(@p`AXl+(~X7z$T zK#(>G3yD&f6kxxvzCakn>!a0eMa-0)d4UW60o#AQ;I)+sf6M%3>++$IkPXWXCfdZn8j&7MU$ z=cq>TI;*2>7p~V!1puK>p~1{?3M|5D-!9n0*5nI~#G>Z2#Tjfl!9jGLq|5KS-Ytaf z7rf7T3h`-#6HRI(keml0A#BZEF^wcExlt4`hI8RoY)fx#w+E#=-Tm#OzwH}>&>^Z z$YRfZ?^XTBNn+86ez|Y4ds3FD_9E9f**KGb6h^YHAIw)k6-$0cNwCI zA^QAHSs=o;d-z4ev~_qn#4_~!HaJp$AB>~zgMr&1^8TLauURb2@l&~vY?tR5L}qmu zwL59nG!-!@egchA2En@gSs8G+Iv>-U&Cg?(Ke{<15#mj!_7>Q zX)$NgyOuor6pHcG#r3oLoIs_d%2JVdIaMQ21FiZsnn5iU`(g)cpvgsYfepunXv!72 zdeMNViq`2YQ*&+cQT1*FWzuKa0x^of&y$&#}+;}++g?tETcyJ4H z$<58icSfTL4_aHZYIKlu`Owu)m$dHBq&wr?eUv_e?CpOPU;@e(Z8MHUhE>3JMr(zH zqyDeR`Xb3cbseaeZhTTy3~XX#KfJh)dm(hKC_+Mv$4!1PII)j{vbGl-oD{jOX zZEz+jA`Tp0#Nm$Lv1WNR>o6t%ZHycY3y8?>v5$(1hQtw!J1X_VeSH*9ZFFJK4yZi-2}1{yvhGK1 z-v0@tG;-YYGb{;GP6IQ6I>;y3ws`vZ3j;yAs6@!1HoGES(kVpFEzkVHISb+)5S%V+ zd3YYx%z=R)Oqa$}w=#}#LLShw5vkM>ARfeQ&4@T1w_#Z!I}tizln9i!$)wK3{}DH# z2z5wjmzJHaec8ou%&bXnJs6V>>AI(?iz}z{a#rL%07TyVXDgqob~+rKv%m7NLxW?9x7iQj)p1W6!Q1*>_Ls1b*`M>M3l4a`#`P?ONDJ48LC#u*5(%CPXL#=p8ZUw=A&vpfmj$2K`i25zBU;Q5=qw$w8lNa6_be)!i_5l2*k5 z3B2DVW(FV$(3KeUGoV(%z=XsQ$xTPD*Y5A>dp%$G;vPS&E@fnJa8PZ?JMuiQtCp7= zH|o@CF@wy_O&Xr2|ITJ3Er4qo1wN$3*tKM?aF}KAXL}={qoWIph&Z~svNZBHabZ&K zpHw+*E%VTaw*`~C8s0*UsmmdfQJh;L)a82PJem2H`3vY_+2b}=?{uTAPJ9m)8Y15mxh5gKE&2uhYOwinx|ar9 z!CaTMAY``+2#TjLc}Dh1RqDdGqx&s{T`0Esm-QFJ4+4Nt_?~A6HSi zppdfsKkni;TLDff+&*>auJ@n1(9-_TnkbUcWPT6f|D`l4pT5IPYNjDsUhX$QkC6Bv NC#@`1C1Du!e*nV4`?>%C literal 73676 zcmaHSb8sbH^lfb0wrx))nAo_(aCmSaARvg+QsT-WAYi56XFLqpcMFqqO(+Nm6{44_ri-$XJBfpn zy}8wIGZGh12Qv~g4=ZyJ5RdhvEG;*Jwj^<2T~rIic`aV}KDid` z=B{jASS;wTJiXZQ)c{Aly8h%a=laKm4rxZdL)w2JF=>8HdHphk$P1fZ8SY^cuhC%J zc~5xZ4taZ8Pq*Lk)9y?*PyjZ%HTP_z3NeM&*<&9n*gSe|71gXE2uAO{$NV}1T=GTzn$xv<=G zH?ALwD+D}wx6cTdF;FO|qP9oEUh`UUTfE ziD|5xXy;0kA))L$B)_48fj|aBdAX2nIWfsJ|;5uX3 z7llYn;&a+UOXXj@sj4b6g5ddy+Vgg^7~5u8nil*X#$f>@#c^zZ;l)`pG^t^oJ_j*UvX> zb*)CS-L}nEw%mkY)?ul0T<&R0a@^jyE4nJ*=B%%ikG|Hdugy5M7`6eaH|hsR%G-8( z5Y*CK1I9vp4Em;^1nU##&Fwf{4Ahxx$FNa{br~{j(@ym`STP%~E}PsNzAc-=>r;g< zl5P*e4Oxk2U)&59rtN7*evKR0>N=n1DGrE*G>aMQ4l!bljKx?U=0w53PpMvcf`Gpp z>3{KfFYBWC6CLgR@24x|u^bNv8bayEQho)QL0+6u8tr4W`%BB&eZOufy}*o>Ub!!*1NIrm*-2e+jZ-H=3T8Vk{s;sO4bWoT)n1V5&MYw3c_9*-~+}N?xU| zu_^P>?P8McF((YY1B}^sO&KLb&nOMbg{7qAUPuj}ENdllXs)K**7~v;##f2)^A82H za{Dzp5a*mKBX|~NpX0jK1QTodWi4MG3EqsnJ~y-PZV-+b9sZ>S=ziYG5{6GTbKaxd zC2TBS4p^lYkzq+jO|hhRNBk)}B#>D%rQIIr-5~pw);|+e{({z7x%Wqo)tp^kt8F97 zwEq0ho$t_`<8Kh`lUsC!RR@Bbb0orYr#PRY*P+$RRW|Q!QzgpnP)8@Kn`fi@v%<|` zFm$!S>|hp9WC{w%k;?bW;oUocY`vL)&k2%M%R62q4OPZW+*V2s+csp8GwZwh$)G=u zDWlD0$_8mW?$@+7usL0F17Zu#+c9`P;*X!EtnxE~Hxr_-EcjjanWIOA13zMzHn4;dh6C179%Vzy!hvGSOh&B8%=EHjU$F3V4Br z6Ap8JamHtmMKCOj>7~IfP*XAXN#$GfO++$oz%Xv@(&JzS8jMjFc(p;~(yr*=*p86J zwsCo|WgeEq3lrB8woj6oT4&TKM6N_pq#)lu^64>7){!i0aBwA}U>g~uZCn->LrEUB z0TQjBhFH`*L`lP!dBQ(|sAwK1VXm^*114g*A(m4=1LiPD=TfA41K6CAjmxY(Kc&AK z#f&eV`Jial+X5vO;Z}M_uqrnBZ*+s|I`{q#+p4!-$6&zX%WgI2gd#f1f?2vDa8j~J@OTW$SJDvYsckjFHEK8(~iz*n;&U zHw;e}2vSHq&xJeXQNyt1k^BL<9Af0?LNis~l(x>!2cb<#Wfc0pD@NCmEEX|(H5?Us zm^iiJPELg*Q5$`-i@nn=4VJ&-vGs8V3FPL!7ZF$^nQWGWVnV8;DpF`nFvLay4JFl} zGvdyQ-HcKPhYsV{L#cDZXBn&;L&+|M1jJ16G=Vq2u zFSxKd?G&EM82vBQDrW8x(!~J& z!PBWEluReM;$M(=AX=|UWHd*HT(D=bPr6GF)HOuhFRj4yP{R#GvA_vUmVO;5kQNq} zcuk0xgm{Lu2Q$=R@INUQXeVNNk-fE12|-6j_|W5sBWAHUZ~?HP7f>ioNXNBDHe4xz z)`H~lx+d!){too~`H`HIaLMz`46x#mk=$h*f$Irq!NtwCeYpg4l6>_#9Az~^_?Eq= zQqE*GBEorfbthyl)Cv+Y6s$HnbygvDT45}EgtJ~aHxR!>{^?%?5=e|zESTO1YJ^qS zvK;zjwSzJ0?vjpzrVl|xd{&^Lgzoy)?}-wqX=+8Es8=+OGo(-MU{cC#K5V*+Ymc{Dywa!zn#$osR1AXqGOO-% zxKiCoh%l-&-Z7)&MdOIUe+z7(#Nn zbQ*gB`(zYu<&RMj+j4qBHxJ{##{7lLqS_GH%dcxHbp7*4mv)D5Bd>_My**f!EV-dZ z$cJs#q$)_PD1s4%yS2n1U52aAFbp{-2u9BeMB>Gl)rP;nh8AUnSQ+tdk7+PTW>+s3K zcMm)zW71gy@P zSxQEo*vDo$10a<2iGpAT1{k%cmnNxxyPwYPLQEHG-Dk~|N@$MS-FC#5l3C=3t*2ffmqs)AP7jw8m^M5Qu0DaI%6^krI6e2icx9TdRD^aDLIk93Q?aHx}^|+ zCXPt^mB>DXyb_6rb9+aFRJ0VOOZ7M@pC*h(hST-+6`EVa?(e;KaxuB1|MJTB(1PvP zJ^iuK4yrXEE z1$*#4?G&&Zweq>M?)l0n|Au&E^uClk=r4N&l`X!3vKp^lhcX+b##z66wDr!g)dPdC=8kv7*=Wxy!`HS;(cON@Wr#=)CSNM#a=eK?$LW91|W6nWrV- zK#dY4{s+Rhi3tsnj?0+y5K3k+v-08>jq<|nRAQd{s8yLJqtsAR`M^^{gf?8cYZRm$Vw*$8BO+Hm)dXaoJ$sAuuy4vMsBOjK?~`h`N#=dkx?S;E8S|_q7!5ONke80 zDTF@ZC`)7;zj6MRG8^ywY9`!-97yyWOOR*d?oqw=cYX6kt^IfDu7=S4D<%~cCsLcAYo}9 z&qATVn5vQ`|FO%*!gd|-q)S3eWQsyS9Jwf-z`E04k<`ach^8D*Hhwo8Ta$Mh?&h>m zb+}bC3qu31kJbq8fbnAbdlt$o`$PZqixES2#Da#mGC7pr1f2a3N*vD#&p}kBib&n9 z8#d!p$GhpnreyTzm%P{&@pTd1=)3o44*}|4j7N<-at_T;rM&?VaUaQAsKL< z+H@NlwDU=049Sf_$S2^+Cq;;gIJG0OYH%}M3h2f^^KwK-L4G;jO5u^d+d9u; z(?N)?=bbWNgVV2R{i5@GT`vI3^xrh!)R-(u(`@hQ$i_7g++()0*haqD*_{61+4ydH zUEBXWyP6c<*az5K_>DC7IP*We=iJYLEu@ z6P{Y3a)~_t;-gV~`D$om*2Fl5Q46t;!ZVv=rIBbhmW0=`C2qBC))OFvuJ7Q^Dn>O# z4>R9AC5gdS73SDY0wIBnP?Y-xn|#)xVTOPp(jebtn)f>C4r5D)vTj(j+Mc(v0A zTQr0s6PP&qb`qd|^X3;U5$;6(Z%4|CF3Z(BbwxNzawyAQLn(iqdH<+#sE54k5Q*M{ z9Hn$KDJ?=c_=3#Jw`Ly)Zl-YvrrtD(_6; z>o4}sS#b%a$dNQ>7(`pmT9R~af0oi6L|S8jeN#Q|CV&iwF<9qi1U++fKO{qTXo z>n%B{Sh;yX@oU2~U=DkISbFhdoy@HnUWqpP^5N{(M|e1?xO+1GD{K%;j6G1)C>LYd zDhpFS1#am5viD=Na86>oE?_XCjYP4&oT2)1fg8lzB_>db1b6r--Fo7$t>!6de{p~j zG^@hmldd}bS+m+7(=I#~U%UqL=U{EEX;q8tC@XR_e>uw3-UCCP0dNhK513V6p+byB z4rPKEB)DQdsH;5|=>)!MQ|(;B>UCus(%0QZi@f~sb+RaJchwfmuq!e}S4fPmP`Mf* z)mjtwvu;I6x&v(}P&q;Us-Jp{=)E;uVWLdx?ExY`eN_smzMh%H;}Lh^c$dJ48K*fg zxt#1KD5HlGfH8WZ(5~s`Sn5x?)84b*ioJEDvDAN9HCE9_<5;@Y#aPj=jvDZ?Q{WB% zS>N=Udgj3W+9R!1lRX%VQK?dAHy41i$XE~V>Cj?GBCjC~As<(e?r)pgB>?C)kiF4Q z*L+QQ>Ttigte43oi07h-QhMJ#Quy=o4worjD@M9seM%t`EZkwegJKl&I68}z+B!}* zDs8ZFZzK5|euNJcHXMzVNKx`d!8HWqb<3(oVJXxZ6;|p391e=jqpkE3ZnNW}6QgG)+< zKpmVhAPKr7+PCj4li4f_Tk{V3@xZ_B_YIZB3qgY@Xb+U}te5JlATO{UKq0fDYhgY4&> zZS;aFA!!XR_SgLD8>^GKuQgug>h`{(6IE{r>DB?sC6-YtM-P04#Mjlg4c#?MLkVNg z?^rbV7@!1C#v=TFJ|kca2E%?jf>4hLcbvWM1Kx=8M_(2m>w-s5EO$)K!;vd3Tc!Gf zQdVKqBh4exd|zM~eddn3n49-16@g9LkV=OfK+E+Wr{N7}SNqT?Pw`lPzazi%Ae=c$ zN*uWl%Se6rCx&D!ShPIS4@|HwMpV=hvUEuf!HJMC`g59(Of|L{m@o6x{E5=4>y`!+ zK1;bBeo)&Sj^ui_z4cBvDBO=_(_-&oZWZ(6R9OxQ5p0(6zwym%CfD0B+rs+>OI#M? z>zmb6752_U=m&uVF_8Tya;B`ji9}a)fpT=^>Go=zBswi5@7b^}tmda!7*33-8FaW) zZ>b}1ql?Gid2k`}gRrN7jRKf6)y^Kdb*Vae0P*|e5jsX>*&Shv;DE)UgVI{ItP8)F zqy~1yTZheV9^JD+SVW)pFjYX!uc-8pmPL?pGK>n@mF9{B0d=rq4GC&XQrfv(E)q-7 zB`D;O_gDyi?H_`NGe}n?)V!`+MSmAfc1S`~L()HVR!aBqQLNcnI2n*#b&@FapAS{d z!xfKV&M2C1+EB03Ao|qPUo)udBj{T2He)t3;Z~^8+S-S_^sTO^WbtsJJ%*2Y<)C=@ zdjCc`&vz^E=e8euBauDQiC2BV!MucCApfe!`?`DY#z3`nz8VNTbB_9l0QiUI#}<-6 zfmG{uDT2`le6HyAo^Or&%ownN+JCz#7O`7KG9#hR6vWg&H&fyGWHBZ^BD`+t>qdN9 z5Sa>3?2dgfU%CNbx+~#V4IMAZ>t^JR{yfkGg^GO+@8d%j4D;rCWv8KBs#PIQplVVp zD6jRibL@xNqd1>)1J6iH&4Hn?M6RvrszZNM%??xToVTTD<9~fI;8>!UhHer&lZyTe ztsMF<7{_s?T!+OIiwWC9W&2!K5e99dN^hn-VE?MT#>CP}rKe-yf$8enT9+6$0sVq( z2I|T^A9@jt)6u;K!KP`A&*gVNh}LOGlc0nL2&TT-O;p47TAYt=^{vSU|0tRm6D^BhflUr&J5iS zf<*U+IWC)lI}G@fBP;;E#=--4!Ai6uJwj-gvt{m!c+Snde1ckkR{ zu4yx*CUXl;4=3ai9wDsPW(sc1h+J%PZd~8MI;8il=b;2 zQ}BB^aA3*%5*9&O#hH!o66~MnF2k8ap(^s4L(yiKf(FKgZv>odrmMMAQPW}$Se;^K z*2~K8t=&16m=K-nvl;;$=<|hQzr47BNtYw-+o)pY$o)x)m5XNHin)Kfh}PoisxfpO zJ6y9~fOfUWu&0rzVL7WuEms2(ry-rRbN2`Tav#2>;8n^MgP|&Ce2^cD1M*gbZVqjd zSn_o3q$!aDXuA|QH6T+L6~{fUNFe^*3Lrtab*6@yl4eG&3o$Cxnd1#=ZkcPWW?_N) zg(QICj4Caq5K%&JK#WR9K{@@j)<)@)v;mSP&9AWvH|_(dJV)khsCSdif$OuDx)z8( zu7@R0#!J#&<}>1YP4laO)fjEm2TUuwH%}jYK7ooq-4dHQF>lo3yGB3X%d*eXyveLB zIEQD7{osc8JP-?&$`txfxmw45?C}nqbAXY?6PF3MM$AwsQ}p!}!D2_LH6ic2rk+zE zd#MxJx#>_em6vM>S?Xv~;$ZqB7qa)VuK>C}Yr5Nck~D#yK^zwz8`WAF4ctwqdO9%A zM6=$aIr73QPbP9~{_7Ec3|sa?0WjdTG7OZpLlw1J_42f3&uN)x=#gMMdX$zOV17wO zI#mgl13`QFd;lIqhQf=FQNgi;JP?MM9)MQPraS}svTUr2l3@j3(}D}j#759%t~GTa z4Yv!>l9#S&$X2wn*q6F`aZU7t){@XjemuI69@IsN@p120A$$<5n2=!;U!>NBynqRa zD8J^@-=oT}iPnEpFRBiR5Rj^Yag1Aj@h?k|J&}|Ht$_k}wExR3EFG0qj#;n4}nUl>Ko|MX4%3dO`=g_bOX#7l)lMm+ zgqq=^OQ4+iC!E1{Xkoeuto2=V7D@Tw=XjO!f1iV;Z>u1y^Yf`oB`T{RpcVPK>-^tO z1M6)wnzeo^)=NdTL$FS_2R*%31Jq3D`s7bF)%l&2uMmNk>gNpf3f2!I;d6sThK@Jg z@YXp28CLkW6&nZ4qp>gT(L&pM8t!)ia+JCQ^JmNFX=%n+r2R`M%9QF0U|TYM7Lw1dDmROj5>4#4%vg>@(Q=OZV%?v-%(C85{&)Af8b;R3lG4nH z9ln47evD3SeLNrLwI7TyyGV*i44ncpEY1%PWrFe=Ys*D6oJ8M)G!b<9oTn&md3R^M zAN*y`Gm|p-&f{vH;^}@Q1L2vFj{sfKQkpsw?i@;2n+1kdq5McHAR-EnAq}+6q=_s78f|?Gp*_h5syth1LYz>_ zRrtwiMsL@NIEB&Gmq{u91^QjwnUV62z923`N5jHdV7}}tgPbD-|SLF2oxmOx+%o6!VvPv;PgQlPj~Hj9YkTxUEe1`W?P`~n&q>3t|ypX#EIp&N<<4Fd$ovT z`l}e|gvOpS!HvNWKS(y7_FxMRv@#3kl`{o zL*gyP%YgN}E{3hT^w%&wvbThF*O)yz^781TnR)!OCmYZ!p%g_PMTH9(OIX*YmOc1% zNyKeHH&QKlzLJ6)aZxkp?=%wO8|#mT*-Q;d%Izl9*a2y!ldTY|L!NJzuOgSbBQprg zHJ7P^B)n=1caic4$rCr$ZeddBRpmStpe~g6NP8Y03qF+9fsPu7pnoXYy6J zk)X`}V};Gk8Z^khQYh6jomIYq8VOD>70_KII;s*vFi9^>J~{k?^)W@}dvz4vhT?>W z!9H?d8Xl{(wj1K7t0h*Vn5X!H6_Oi4K_n8B-`;#HM0n3S0Kdkrn}zQQc)1|RjAmtn zB;dvL{gRgEtCKXQ?XNYTCG{;YyYMTNC!I;g`R6B^2-yqe5hFzZVvmVS(rN)otgTmEa?(`lBfin1bXUx#q=}U-{MCef&Hw27uW0@8t_Q-IjCfz z>_Kdf?i3!H*aY=8cXNLW=t2bb-ZK?S#ePBu_dz_`ACfeBJss?Fxuq zQVh|F!$EVHHL)nYEspX8%f?s3y>$cz2-&ak=koXJoAKkaXO2)SL|6*lLGFF`Gap>V zBOw#w%3Kcg;~~UXYvIqaN*C)Qk%wY2iPrvCb|)M{06Z9p<1W=)YM{Z6b{DP{8E;!l zpN)IK>R~dOKc;i)v3}5Mhe)65 z*sc2!o639kFVb#)aE-9gzASN+?!@`MC|RxQv5Fh53o$YC;IlK#TV9&Dn(d8ao`P?n z5J^MRQHj@3@D)5wCx|G!UkqcW+9}A%u{*usN(V89#v5yVQ#QH4i|-oV|GnY0h1=u( zRYBr0Wi(;FLd)h0x{RBlJ67tY;`{qBC}SB(aS-5t$G@(UPPy0tkn4$>`#AJR|K=MWCE(7)Z< z#Dh=;{r(Li{x&Ed-zH!e`rASXf16G5K4A`)R;C;FQt|H#nZhr*Z@<3+-H{Q>vnAt+ zu5NB5)xJNG+k9EY{D|v0jHK@Q^8cbDB_$Qj{-<0f|8@QZiBIHv+XtW~8C<=j&+}{X>#vRgvl(%17Z< z9aU8EdNZz%fBH0P1AI-RqBy_wxwo$gxlZ{sP(Wmfh(|cE4|e;4k&mj7#=gEC6ijJ( z`~JT|_X7N|@qcbB5d!)QY&SF)FbM7qMjpiW*m+!OcndWY-)b5tNJxa~*BEqpxgH)k zF6SgMDVT9uxVw3Fk4{}_;(L2RO>nw9PJ5=M%i<5j6}Lx$e~5%$<55jE$IZ{j+13#a zk1)<)n)Xpp*DW2^RZdrJ>$zfcHtBx8og9Z%d&@MHUGV`g8kc@=s?0Yv%&JJ+@K5IG zRaclQEMrjG6?WNuZ1I~O_Gjx+dUKJzf$qX>y6^bj5P49uydN$41A6%ZTkbnea9=q& zL>*gScO%61@2_#!(H6pfpH*hsTQU6g$|@>PUY{oMg3Z=TlE8*fqLsTZt?#%)f-yAq-BHw+00+_ ze<~Apy!8hX=XmV)g?FobJ>DNpXjE#>Z8*QiDF`PeCDr@9-fwPhzF&9PZ+CjqrPAHs zwN|-oc^DP`@Gi7#f|FAVT$F0k1eI*9LFDnnY*FKo!(FDJ4UmtDsK5e z>Mn1|)xD>jAP^AUpU(!q=L#qvI$!&dJ-)_3?(5QSU|d_SuZydfFJKnzGYAs?x(E2R zRH4DF(=1!1E}7|GEku7Oja z+ZfHdV;5w%*Ft|=lAWLbp3u*Wu3xs@W_saT;9AFAG$8gw-GhwlT=}`x^+R&GYV;Ws z0%X|zU{lQ}(b2+(b{Dbz(%nZUkWsD4EoNe_)3K(fN$>lNgtjg%=?%YT% z&YUln-;iHPiNW!GP{UOUgHTbAys!*ft5b&U>B6`)$&d69ChnX6#=Cf6S5&O>=|lVN zVa=Fj{IOPX8*NjHp+{>cC1YH1D;(&kT3hG4Sr4&2ja*rGXG*ZyR?B-}D5z?%+59P9 z{wn3Y)!N}csD~lv7x4GC)NalC?&&sM_a^sk7brRvzlG$)yD+2YMyYx!qYg)Vy*H7@ zOf2lTdF7_SVzL$WJL6PJqjiYDCC%WE5I4(GoQtA}$uu^F9;)`@!BBFQxlVW%W^+bo z(;~x;ODg_@s;KQVm;J9=1{M6V5}5x+=O#Zk=MwStv?kUuY(%^Ej;?JVBwiK2JwHj; z;A9Ack>26Bv81fXT<5>1V$T)F{gvqp+%!2mfibYrS;%R=)f;syG^vk<*|^BR+D3Js z+s%Om2^cH+@&#;R`_=4VKm%KPUSs3iQ+f_|_}Kgx+JJO~wv}JMfF0r#Fm)d=wGPqg zvRZRBQWtb?>HN!YcoFTGYqs6jz(3Xth1K~IQ6=Z+g4+^S8Wx$G&kdYcRu3oQql{tO zWi$)`z|w2nNzUxOMNIX+NZQ)YKloQ1oCVadaO~f3r*zGKma7ok)ANeW^3BfFO})Ka zY&kd1^QQzh8kaG&C0VPbLJ(1{+P=F}#U4QX7szPkSq1L5nr21@9E$|#EAAY8eOUPOuGFz!2n143zR2z@Hd z_NIIF;xfSfWz#da+U7POnQt^%nfB@2>^WXQ_m>f!a{J2FD*A7ZlN$Y&kvgtyUo7?Ja3dHXij>?s1Vd^u$2|&RFfDdtM1QdOla#cz8U%NrhRz zlZTb{ZYX#0_A9!epkQENfZOr*H+)AGa`8=N#rh)G8k3{mP<4`^mKpbT&7sbCeZO5W z1W2o0icv0req&8yLTDBXSG=ZT}xd z^uHT>8F4-s%_f;^h9#Oa1pa84B=;l%Tk%96kiE0p-BG_n^$~UC^mj94o3oNLi;EZ> zT!X07dNK!p$w{jj9KA`<4m@IicT;T?ExfWhWCl&=Qdq&$i>xYpG;#jJ=Hp9y+lvbJt(cGYgJZnVpF$89DjTx>2GJAO~8m}!UNgarX%f$Z}~uU-1h zVa5%erFlw62Ul~)*6`RyD0x`g!g)2um08v>@gDgr3gzWn-x2o_mrY&Wh%;vfg*Cd{ zeKS`O_PX-$^0HDUtxeKI-FGa~>uKP4ngzjcf79JJQwrpgr%;%;=c6Uzzcv>O7BXum zUY&uS{s---i{5kp!---wV&b}9y-#p$qo6AoU|g|PR5g`m<=m4YnH@zjM@x+_QL)?p zAOWoiUtB8ckGGbz6YDBu?kn62&Ctv|FKTG#PAD%c$6d-B`5bOv~U;_qygU9)RT_@r<;xiHma+uvUFm#gPzq0D!$T0cRLI< zscrGJtCQ%u?9#zXus_KSn|tL{MIEHBisjl$BECm;;!nn2 znO68$`&sVkV~wbD$RH^3eZq5`9vg{B22zz(HV-bA3S`M$-}6H=!?@B}ln^2HO|35F z>W-bpo*5rD;7)=o3&{RUly~Az-yU3I^5ruKURl+9GTnx21a%hnyA~}v4suP;+e-3{ zdN2R0Sk+!%UOVb3o~^GbFs;~}*zL+lD4MC#@h)Pt2f6{W@P``PoTobITmpx{K>|GB zzcf?0-ocD5_7GeA{)2H~wi{>(1E;4=nU#(vOWTb+B-@+R`4z*^r_%BD@T}_(kpSOpJ$NApqiuRcdv?#!;`)-aErukZ|nxyHJy^n@ZdRacRRNei5ap?cQODdh@EVVbDVZS#ka<5KI^!3 z00RlY&vx2m2OAa(lf9ztZ^{9B$h5glWH{t4G(6g9cw~`-fox9p`B%l?FC>$#P*&{o zktAM!=Q!LhPv79NDR%27^qn#3MAUb5;5U7vi9@uA#&=59%Lt+O`Txb4fQz4=sSC*Q zJbrigc`Ms3#Qe^l4uh=hf}V4mF-Pzg0*w8UIP^|KHfGP$m3^*| z-ObBDUi4?djKBkDk+Ns>2l#Fla2I-s*!NL#C!yn}`{D-ZHxa_D3j)%L84T25B>vh> zvlsFKUMU>aWU!O}EK-dKE=U{Plj#BnJ~wdttu5vN1Fj{3-n+^(hMS>%IoR&PpRXlA zmzU&e1-=#kFRL95YK0t+GwxVq!36IeU%<%0bGOUes=#}9lk@9>PS1O~q(%ksrC)`e z;vgD&$LpaFcLX4uvB%_H_ZbLHw0QBP(mD%3?t1$5a9vlY^jaX6*Lv{m-QB)dQ*F}P z-1PBy)NYTA`0RxCc5Lr)n%4mth?+=o=f3lKY7eg(Q+U{zZa@P}Bn9FUP<`XRf_Nj~ zDbAq#evfNmA)`^eL4YVz#xk^L)BoV~59Lpva$A5V8aA&SLi{-Y@Ie)1-`h3%T0sHakXc zqRn*E>m(I|6X&Y7hDj@)yR>f~)Uf3*E~=*f;%t)H+I7~nTN48FYo+CE7^d7rUfcTt_Rp0xwq^&O~gjT`3vmvbW}q)#RFc{8uM+ne6N)4Xsy3vp@udh8n^4~IOLYn8I=Q1=;L z3)_#55+|I*0YRXqFz_C^qJ-roQffa*$LUv6X2f9k0_Bjwk?ww$Gn3=Dk=}3OpM1^r z)E0~dC?Lctd3o`j%zpxE;0SX5{NXw#;~p{d`_?VqT@QVA;m&_F&Gu&3>Anlp#;YP2sCjQPDFI zy9)Vr0=CWA*X18@r72)kHruA!-upvkZaSZ~{|?}qHTrKquOOdbVpONc>4<{wDBnE? za_#I?I1~3ff_~SY@~-t+d-mx)1IupsNlSrKdCWCH4%7~t^stD{Bn-(K(DnnjPw!>- zs$~G=uzU_rli^%{et-Vg*Vl@EgTVc%31bac&9pa#Jo6PY@-yugxqa?F{xu3jel8&a z50e!U&C8=6a@E&b&(}e&Kfv32+vjfEjN|zD1FzAAa%{`>@RZ$OUC3hkqqIO;xcqhH z4E9R|`Q*rJ28yCh=ex|+M_hPrpSznyG0jW;Jtg~tkfJX)VLJfixQ~z5PhB$ZG@g?r zac7I-VHsDJVXhRPr-67OMH-Ay$lUj*?yzBBZ*+8YV!y*g4SmnoI!WUAg+=Q8f^dFF z`3L0)R91-x<!>=6mc6DIxpE8tf;AM4p9eozgnz|q)D8wVR(zIp`|6jR5RU0Zo1 z&WS8a1nPl!&_Bfr^d;DZxg}yJCc2iFBN-%QLCfC%8Bn5+b^j;C7#J{<7>uAGoY)v% z^|LggmMfVg3f38=Y*vY!o&!l`<@q1ThiHj|p5yzHS=fHLX&voFMV@^@Kh-b1-OYA< zk0;aj689MN{)pv86g-U^4unI$j;H6u))_Z@ZFja2>+BE`o%R6PA*<`^B$H=i+wGm( zJ!fdVX_)QDbw0=oOz715Z$~MmlMYqjZ;-?WA&m=_DG`wQ=amuC(3oH;xz^|BP0L@*39=V? z&@CR}*pDfq#Rqx2++POChlY=HKUZRSopoC5b%5D7?$JpuDY*jPW!!=nlE?m8`@1K0 zBY#!$P$Wj6e6s1cC4^yP9F5^1@$m@c6sG2^8T2yr*Z!Cr&oGj%0zbgPLRt z1URQMatpHFw;e~9!oJ6kMKajDC;#L9d|p;Eg`@O7H8T>nfD^!(xy$+7$6xwOZvuPj zk{Ivv_BI{BC;xf<@3Wrg@yXTkA)zCY72xjfJMZdMyAQvPTUH*g@R%*&_yJ6hc`&E+ zzaakFzU}?Ag!Fr& z=$A9#T!X*|2>3AuU#)j6z1d|thE`&;*l^=Owm&Givc9#+h)jrcxnL?g5l;cGzIf#( zleDI*YItI|*r_r^N;`Cr>iP^O2JXcJ>uG`0ldWxP z=i8Gp&L=a8-e-3?b8*Q0*SdeSKL+W@@CXPLE0)9yRq1AO`Q1kd--thJC5X_%Uv>nW zd0d|ks1=BAtn517(=%AT9&;{tTE6&>h^~f+9LLkBX&@*w({lvEBaUaZF^UXL3aVpb z&b%3v>!SdV&y$%g4%?lf^y-^)E7VR*sX*7Yl|S8b;&5R?{{KBf>FaC7&ic!!{m#YL z&_j*y`E_OCpg5%lJX{eEi&LA$ZvSgEHnZN#^YF;Bu%88i+Q=lw6Y>ONCh%aTg?a3> znb`L;Z6`6@V#jmErbfr_L3u$C;CBu!{MHBj^n0pIZ`gOQpr$U5nESvj%hX^#b!H)J z2W~4I@d(#Gp`CCX)f{{CwCs-XH>2jhBqG6MGmMQd8eA+XNc}Pka^?$wfNj~Jbf8AI$Req{4cRS&0%g$eLbx$5OifXJ3h}ki7!@#0urL%zC@RE0QOkHhRNB{)V zz`tX@-F1)+b!weXsJLy*4=*dreXp9hP(Aw(%hB92Bx)piB_}btLF^JCAeoEDWQ_ki zjMyt*Yv8kuc5&7@S^;9(h?WVlF&iju8Fct`5r%uwSpG3$ zgbP!tU6i)ef&b=G2642XUPCrdm&H>AqrqvJ(f_eA&`fFFi?U)9?Ij}!tFQxRI$#*i zUT2$LUoklmHUtb@O&N_9tu0Hwj$={(_~ zM%+hlsB}+{H+nI*PVm9|TJbS5w71=B<4xSaEnydv-Fm=DEPC&$1kR9$*Kig>r?+&T zSw8XrC23T)<(Xwid#QIbx0&|d0M_6)fB-calJEh7s&(yZuCZ>U{76Pn zhD6vjQMlg5+D@Bwrnyv13Re%D?D=5A-t#$;ULb4G!{IBdrOAjeucSWlM z#X;~If#lN0Q#^RZ1!C5`-66AO6LUcP zEA4wG)!%G$Y$<%%^B&Ks_&w!G^5&yxuDqEw-ruW~JFgtcz`^x$xw>360YJOcA*#w>ngk=mET(L-y@^u66zepGX_av*407ml2!LO=!QS2llzM6quEvQlWgJhgSjKyws5N8jyPftezfRkN1y6{truR zBMGK>{q`;KHXOdUmln&%fESv=X+~9;SFFY`$qKMOK;*F`ot^}q(ki?WalBZFA5zX& zVb-oQ?jN@h+)({*FTgxkYKotjF9QnD9$&x5{T*DXm-8y)Ds7+d^6697mj5hUC4MTL z$e%JDfd~<*V*rgsME2<=6(C^MtcO z!wO2^0knHTCBSiubqK;|HI~z@$}Lr^m0oK|Z6xNS|42n!JI`F;=l4uL>sj2!4dk^s z*K2vvGNB)p<+9I#F({|Iy7zG)q@UtX`(ziq@u z^mC@#&B8@jC%5kk09+KK%DAOf=AA!wTl)B7Dw=FV~?o5Vd2QJeAsb_D|Ce z6L2*I#Y4yRTuzcc=g?sD@NKlQLhlcQZM^cunW`4l;_97|CwC;pw~JcPMHQQoD4oq+ zcMc+qPmBm4om?Z}j)pPmsoIM>#x{;(W?TG0+PK~+#*G)*acM_dnU6ZRDzlb#&hd%k zb+5I*1hU-hbiDVP@hw{Gk`06HP|VXedO{$*A*6+~z4R7#sdeTG`3d2ehIahS#i6F^8TZD=z9%f z3fIfQ;ro)|k8w)i;wIk_ z#1&*st7v06k*ak0`u4tsv3ZnTCX?xZI9e!Kzy8W@5xUo}m9lobo&HB89X{aSokw3( zb}mO+_va6C;HzK`o1?5!7Iird{IBvJMS0SNjOcO?i5!5i@!}3(?*FZlmpR`7V}zSd zZz+<$zdxW9=~!7=Ew@ikPj6*-*x1?G-7Rb2Fq47FDJTfXG;^|d=xi>(Fve7xul}u1 zb_iwMlhIe7`twK0gzNJjV;E1MwXF6*!K%B}l`)Euy12M_LTfd9VOAsO^t&qVJxt@W z1)JxOTjtcAH{5fKEXJY=Mun{<+1Uf;Y`~v8`ne2*nBfe9XRTg1gzkleXF!#_>=pjD zl77+!+4*k>E8CsmYBH8u1kr^asH^P=a7nx&S}FR|(5j2~Q5kQe=TocZ!=%B_it^g6 zv~Cni;*z-*{o7Z32{$OpcpocUN~#;$+x~QZJekZ!1rNHwkxn2?G_Y8bBL1^)1Sjg! ze1+v|xLZ$838G)7nGH@t(d>ArwI@j63Q8=C@7vP7XStJ>N=53ec~ry zy?h9mJu4=SJ|wJJCagIkbedq9cj6 zj@E#Oa3%4PL;%N4xyk_?n59iY6LC! ze3{j=IN!{sDI9-2{p?tRw42MWdH*LfT>%QT|7-I2s@0(OM|)Ij^z8s1cXv=%^be1- ziUKLXMN>8$Pks509MqhAg0Y3OZS4{fmu0&1i;bW?89tPZJif2J6%q1*;+L)ui z?P9bT!xoCF&l!BpAy%`PXY;_wM5Vk5?xZpW0#!40x8L>UfvS!oIW4({CJz9Q z9omYQl%@{D#4B3{mSw%+=~5T>5uacptHFq!QKlW2jIN}018>WLA1b?x)$+H%n>+Qi zbxHSP#I={^^h~yEW;ggGTGjdQN{<}$Op0lmdtg-+EI=fBH4Z@?P5`GvOT<;8m-7nl z?kD5h5o`dp>^7G@?xo)=t7O`IPrK#NkTl1Zid0qgr73J^sH(1xJG(ho$5fZ>bc$zd zXcE!ldBnqaD4CvAn!@Tx2**|tgjGj%hzEX_4SO1 z`IUm|ga2uym_a>$;qvU%Zd0^K`?uoFib-i9qrY_R_}O6}TLVrloK3c^vfFrpOG9)tdLX&6Jr8&9Lt4|6a-q9MDrd`gcor{*K!n+jaN*`*FI#VXVp|Em+Tq6*k6uAZvsk@ z^NGoVA(fSheGL$7%MI$is^jzdkdTf8N0ZSJU9Oe@h;Owl`ol>@ z&kgNXVOB*AtIEmgRCI^Xe)Hzvkl~ zYyEgUka|9UAn(&OLvdFs#M zy|q*;w57wG%*xBe-rnA%ur<5I`E=m#Lrl%!XnQdeOZnHlbIgOy9LC+`&(%v<`Du?O z=zOy&T~#V`C({=wFzN1ubBUfGE}Vy}sGx@0N>$pZOhJ1wypN(va{X`k>d0rg2TBOWxlkeB^&So0|H1Z?83&XO$%dES0xu%D+A9!duRu-l=Hj~es`emu0{x;=r>o({;z0A?g&)v zg@7VDe7!_I=fJ6V`SQtSP%NT%5run~Sl~_pRPmU&B|UAd@kdsDTsk^BG$J%cWKumSa9LlUP5Xf%7^XzzYG}0IqM?oou^Y^5`9WFz2~+p4*q8l5+HCFXH^Z z8^--Q;;9hu`g#^Dr@bFY_Dz3&lJe1B=sght&8Om2VM+Jw$Zame?uaq9_HAB}5fHTF zaHZ{)!MKr@+-rFSYV}%Fh$hh1cJ+MkD;RF=RqcjA2?qAwuwc=k9fZFSUH>L=h|n=9w(A55CdlSAV(^(*nG1J=W8Qc}rfSu?3K33z(2zs6DcMlrnfi-_Qjs4_$ zy$k(zc(>7tKyI|s?8d2zH*OBwkR|l^A)O#>^~v2KXW1qE>^xLFx1@&H!a` z?DE1vJ%^v(disu7CLB;j4E@N^zzMO~mjo&7KYSbjdjam<#hjm^C04g5Mb*r-7M+Ou z2~haE9n_9%?OShS*={3;h^aC}CKxXS6i9{kCYf|RwO)NN+_@SNCjlT}Vl zy0e#mpU|E9qeIV-X0=KjKB8Hak3#`0dvYixP1r~h1yld7Q&jua%#c2ZPlq3LcV!~; z4L?Ubo7F=Vbr|8WDkfz2=4$oBs^R?s5%TnT!LJI?#{&1n?*j#qI3Eg}-wD96I~q?j~#r=ihAI z2KOb4O5}}EMd}JW$fR)C&i*_zP6FpU=?c3{7eks1cYgDMYeSpdN6-1`jIMJ&hT-5& zL0(;AL_$@QhBDiDMbqh`n|z$UeP}TN_}k~Zc(tJsyr`_FDb=P!N_48Rli(zequ=IY z?v_oYG~P_ueN7VdAl-0%LVDWD)J=0{ zm{on}L%OqOw?MaK&e%w0dZ55VN-Ue_oD^XLD5lGxL0`ejKg zGs;Yf2=cFgk_885$;c>`-k>gcMM@-z(dXyWP|-$)pFG4M6-JZgQiTk|+N$|gAC`=Z1tU;ZSi5m~ z+E)0M2#r}B=s?9WS`o=$Oaqj}d!@avK3i?9P`EK!ZMewR#D0F-vk0~s4%5tGzfW)t zxL`Pely+%NUaiQe7OtD3b7OBwfJKQM!)3&tJx8ZdVMGpc9O}T=QNl8^%wKllOK0gx zX-~=egf?_Q^v=QF8OO{IOpeAi%^F!bskXKK=g;!;QF}h;mSh4kr~0}bf4a@g_2J>E z(C=`!)A86vFT{|}q>)+S=Hvzgo6uCr-uT!-cD7|>hWz%vVdT}=d1mYzfCgFRxsqwM zVXf0}Ca?l#5=hxU6Zl?7Nag~Y|96Kp6i?}X4(-6rEzg{jN6mWV(urBAaQL0`(Ay2I z(d4CWWciJ^qQIubTxdZ^S^0F>P-pQ)A79e9cGQuO^`7_G?1qqF$B{AT8s0i>t09AsSLvMSQYSPMpAi6xl>3O8w>$#>B4aETH*;Jp`ljE71RdnnUkr|6?o_C3Zt*i*6 z(-;OD|F)~JGHzcKpy12LtK}FI>Ut|=B;>Uo9~(k@#9m9)*rjJ-&O5fDU>8Y$9liWo zmLfGJnM;;A@43-)nPOQp>d`cIBW3qFhy*yLR=VwLPxI_);!uVVk7kOXRezP5$=r}z z7$=9y6uPsDWaxx*!P?gozpv@-NTU6a!x)4lv2;k+x(#yd!pXfCKyIxi4~<@*I0pd* zyy94=oO(QUz7*ZTfh%FjcQY8*ro3dNe@rd5!yKX$rVm6_5&iTeZp@fDq$>dBentLu zggQ&S=RH|LPEXj`kieFc_uX-?5QF-O+yMm1RV?-9_fF*HNVv(6zOVqLh3St0A*T~X zAKryH&-rJ=`{B@3r~Gdvw^y^m2^1eWU6+2=IBopxu0|9R7Zhs;Pc%4yiq0tC#PyiV-qn|UI8tVr(6b~fLp<%kxC;Cy)N#Nv!$5B z?$<}Ne13BJWh<4^Df%6R%mj32vE}^~G9+CJu_Z)M*QOg|8%mF3!@%m7t#x;YI|1qTYpxw8QN6*UwZtHzn=;)s`nj!3U zb7nuNSn8v8xp!aDHs0_kuDmaFaZD;8%;&xPbE8*%6Xv;2w7qk1K=S7GPK#ZunVp0~ zlMYML`~i?^7n>e78TB8=RTYJ5H$!|p<-H9vH`0JKlp^BO@p`lX-OI|)2ae{EB;H3* z7tl6DzUz9_g~MazHsu!>C>$(0|yKM7PA8=DuAlv{bn?@`lqTjein6T(Tc)t>)i z3-!(6Qltn()xtJYi2vKlP@wnu?|G+7!IO2N9WwzvxSd17gbjYJVv_fl^TkFFxJu|^ z;82ch$(0wTO6sWE@fZB7I8Cc`JG0#&7z7#GTwc~t4}{n|q+*A@$F@>!ejP6luF z?`KBYBro1t4bF}#W(c|-Cb@oFO8Zk5=bC*{GGfTLb5M)?S{|3Ua|EwmLkm$6qeNq% zLOYtLv3uQ(!q~snLA6ZRJF7;@BcVg7cJ`}{KCIz6V7j$4>9DO>R4cYc`?kQWH{#L4 z^jX`k;%?^W`q*G@2;dBnlao_JhuD|9Ex*ve-QB91w2YcKChqUIq;?ID z;0?eV{u#cWJ+ajrYf8(vD3@M@leYpK43Nen$Q$3@{_{O_ME^}*-kC(LO1|0<*Mbj; zMiGu0LwC2r{LyL-t+RjT-HM->fenvFk&5cnGy9R?7zyAm6~Ti#lZW0D(%R;s$A^jy zGdkdIk^M70M(@nBUf$Z#`Ks6(D&f z+Kwq64bTE->mGTbaIZV-V@&zr^sG%v@g#T1Zr(al;DIq~W(;4{=}&6<++Nttfu?8*aK~pnBt9#r@&T9h zt-S?2qiuOfZl)Jb>dL#Ar$j@CTniSBO>+!MZjYRgO26;sj1r7bYO*Ozm-ZGJJkPQRfU|mKygw z*2=o$Rf}z-D=@gGQRNGnVTNa|`$0_d=RM3DbKCII+OL;GjAudu5Bb3d>gnCBU!(5T z+w6B*-rkOsf4fu7P+Z{NR{>7@VPW$Hp`i3q^~9qivs2KZg-aWt`(jhNta!5K57W@F zQS=_Q&x*I*_&7f{l|JqI-Qu!pI(+db|uUD}5$^5@_{26m$#G#hoJ_twy3nS)u4hifw*X|NLY#lwz76}fE+ z*Jga8kW*0UxrQ}EtroA|y>eb_~m0K$ulFJSYF!IE|F7-m0s4`Ir>Kt*lm(x zC{UzLC%&|Fc=XILgywvnJ=Xvm+O8=t_Pw zrezMG{1fB}9KF4_MYX*5Y=i+~|Gj(_2%zptc&6q!iyIy9U&1Tr{$fqy)F548*Mx2W z$upwoHODyf=3myqNB?{AgErPU5pX0nsw`Mml}&L1#>dN6Agwe=>k>{?u0&1qt(AJD z2L<)b!f8J@-9>3Uchj?Jsrx zylxQ}(07@7fLG8CKkr7+*f^-IO$=FTES=hEN#DPi+r5!4#GP#LYO07J=q&aAhePOy z;4M>7Tna-0{+li-(l*lSuHx}5kdJ!wn@Xl*QkYsBPtyJ3A+AK%qD@FVm&46TG?mY= zOg0u0Ji$dFoH>Q^t$@4A!~UBCM+cf{iLeY$x)oOu@0ED)^A!#iJ1EWQH7~x3?2?v*;G8yR9@xUNTWxuE$$)f3Ol(_~3e4alf^_2^N)UJH z?pG-~iQ}yLN6n!FL;awP$5p?5>`(-=`FMIQ>akR-?311A4WZ@Z)*j38-&swC`gv+7 zRe|Bi$`ZQ*L>7V@BY`fuVtvRdDNEXDbtD4guUsjW4ar-1C)Fq>iW3ukJL%Q*U^@S} zelJ+pZ?QafzkJ;&4Vc%)>EmghUjnb=0|317^5#=j5Z|>YLm#F zq~#!P;!d|p`2(A0klrB4qu62UmIRX>mQlE4NE{g(JnW20#<17tI_Xgoc3*4{HDl;! zjuBgdBg9hS*!K~D*IW0^?9D_xFsAoJ z{eY0Oll(F*s->>|vPy3Z0w)#O4Re2{k16<2>b>T=H*3YCu9EP$Sc|Q}S>!HMN&>Z| z?$IC#((n$@U_%`R2;NoRD|#Qt1VGwi^AT?rR60VL z{7GA;2Ht!rhDL(9DrY8H4+?D2j;DLxv(r#yb850&6Yf>|_KEy80zaHE-wdn{EZaPU zERF6ZLC2S^UudQ7cDB9Bi~{IU@p#vB1+LC*pdt-g-6bBZRFZa*M0iCUqg7}`-cR+c zja-#%0jwmC@e%Gn0?2vGmTh^?z?%rk>YZOpZ1zV_h5}q-$`L^)VSu$qX(=SsR`_{G zkqdvQ3Ne+w-gFsdvW;vSVWNQ_I0NcVR248G)NOjulIp(#2Q*r7@M7xGc1X|pfil0O z-xh(+Xyq_4faR~669M9s>|wdK8F)M!`~NsI{_{qI|K$<+fAgXLX%YE{PyNn|?(Jdi zOY=dr%9NgIyQn|j(8&AKQwFATB`3;k_vvadmYNvZv_}MdOD4XUBmsfZq<_p^|aZjPl4WlXT$)4 zNtB&CIEOCO@D`l5flfepUqiO6ZS4k}4lM6R0ot7m{{IMHDn&NR1mN#%b_smEW5%?g z^bH-t-Y_47HNA&vTy*yLv|(9Z%Z&g z!?TH0;MuBqcw@^pt)Up-cx_tQA^oGoMVV_WNS@@T>=B8gP=!_Bz`SCY>B6L`_QWnm zu(sBr30WJsoWr2RKXcs*Zs?(IR>^ZKG<>mo!}$3d(*%I~jhO~6nLNYB+#9qXek;}T z!6sgbroR_ZZY6dFuy1?BPHvQNsQq#T!CeMuN!g^xwhC$Ca7NE0d0npDR0|lAD|TMq zs|Cl=+PXTFmtU=|y$+#UD5$8m%ggnX?oG2#LG&XbWhWmVd3=mxklR8>`h zmmQsXI}&4CI9NQ%Q?eP`JnS3zifP&du|K?VsnfuW=tTABKPv51#JSw zljN70qlbE-VCGX2+VtEP?cm)iLIM=Efrq{18;P#}Qf`#-D%DqmH)`v>qV_ic9H0cG z0-n?skINr|P+L2@BM;c^JM52g_x`A_zX=}alcQxJc*7=GB(1|iIod28PZwtq8P1w=Q%*9JrCfGeIwn@jxx5|iH}P58s{ z{F$-=;U-D1p7;pT zQe;4{6ovgBfDUpOjjaaJqkAJ8h0`O^u=Nm;5WO)BNAksH2hQ246cZVpNR2?r(8901 z(Uzfd?ZLs=Te0m(6g?rhTR4{x?7rfI9oc1xE^37nH&6`gGNJ%}bN0JCA7HeWgXr6n zf6+X$^XUc!NkJ57vF%r5(*z(2{RcF*9*fK}IKdF{d4qJ9f%o{9~oq~`kb+Xsz& zm1~<@SLh-*@OM(DO})SoA;OZ(`qitwtXCoMKU`)AFtU9>HTu1L+2!?ND5*YlgB`-6 zR?*epQEPD==c%s;f+t*kAB~|Q=c4*DwB)xEq6JpE$*(U~+50=Ni3axza2 zLO-phtygiyA9C3>`vA9JObXM<6at`GN*YxKD15exm5MVXe|0XuLpr>gqQCspD-Ma7 z`IiLGrRfXv0@($RvZY4>Z~gVb`YV~WVcLEBHeRWxh()dZw236;*shVz=o*~E2dipP zfsus*DRJ}8v-+RkCF)7Xf2Cj>O`r4{gm%h$W?lg0$ zBdUMZ7B`BL)@xkY{OYTQ9{6?s+p(RfrQ4&p)7E{LNC=;$z?i`1^}Y*ch>%w&3rui9 zA*d7I4!nF_-1^8wc5~_##F8Q4<2HF|zx;dFQOKw@Dsm+|Te;pxFPjq;Sme*W#SLC5IknnW`^E=H*cjl)z^SG0_V|qI)6G&pDilt{WaJe*O!SUoREBF3(}NTEnfu*Vn)~pJcj&=| zo&71*ZLn+w8F{Kg?R~y27k(7hbW#e7EZF_ytib6Ne<&j?vt;+Mi8YpKP(U))nkk$e zow5!Kjm(!_hOP2*T-Mhf@VCz?;c;W2I35J4=ib2O{&L3BViKP|V7w2r|0RtkLlz!O z_mYU%4LeL@R_kWByhUy5HW%K~SVgt=R#q4mC9>+`tnTc5zVWaN;h)-oaUblj_DkMY z_*|QY?%hVD%)nF~v;SO@vLz2B?;dXj>a;_dfwz~*!qdPbL-Pyw3KPN2*3i?h%c&#E za!?*VT5gRgYA!|C9qe2=sv4>4ti56+nV$&!Ew%rJNXq~FgDy52a0!p+wchsPRNSw{ zC8g}q4VvGtw~4n8xIJ-4leMreJS?gz>S--GpydBg~fD;GPG8-^B26lS$RDSIUlx}+$orMb$#agFSilEK- zwz`>SJMH}T))1p|XSkjfTJ$@G7Y?5(D{nh|see_eDGK5}io$&Sd%z;}c(?QMqI{&K z(IV`d4rA*3j){qDmjL|D+n-b~HgB&EBg-VWhgL%@Rg?xiT$>lm@a5BlI~Y?WBU<22 zXN{o+Lv$EQ^+7M4TBcGk6j}Qwbjp8I*q$wpEK+UD_oys!ZW2yhzPE*I1TR5rS)C4h zO|Q_O-TE{g%L~`<#!=(aB6*3ng-bGVM{l_nhyKPxfe0KUAn8+lCqr|y)G ze^#vc(nuq(s^;@WR4I>%MfLq)Vd@~<@j1g+fiLu;goOdvV%+jHPJiw&h9sUf?3(r? z>>RUWAM7a8D5M;68v0!o2hy?u>LVeVtlK&GNT&?Yz-Ggti`d&Mfh` zv@{uIY7rd}2Y-zC7V0-WVYDYn@h)O+{9vj*@-R$V-ggG_!(5jxCl^R9Q>vKAjFXg8qrwITRnJI{;RqC`e1b6mK(JlJ7^IN(1$-os0 zaIPJNKM^Gh=6?fhd8A)wSr(Q@FQGcWrHdAVX;tg;kOG#;%o)aJ(!vQh8L=17P|Q6) z)GsVO545CuS&kKT=|bzZYqCYks^vB%{w#v7K_ zQsN3LUvxXAmAZWU&2|sf!?eoaH(@Ff(wF&yFXrumO6q|h-0{Cl0B_<&hK4TU(DnXt z!OHf;y=8=qY~c9|JoyaaVzTu_l>kKCu#^1PEObn0mOtr4@GzaExb)fZatzXrle2sM z;?!;18AHV&h}_SF6&4Vpj^ti2yvyV={Grssz?gzRDX7PQA&cahT}DB#^^sJ7` zJX=wY`+~u19VO%|B(dU>?+LWQIXLuaN&|TqSOa)waUx=9#{qQ1`zx|&W6iV79thv* zijL6${o<~VeeTvl>Gt_|TxQe}JP@(Y8~903kqPc^G;$Tc)r%Yar~>wZdHjsC3t?0QEBuHM$0a;GH7VzzHBIdvRUE0@H<+vKqN5zcch(3jL1XT6lYkj{J%Ye zU^T&>M~}`XMXhgUF|}mBA`jr`p(-4)azx7x%|TZpLIw?dR{|6B(x#lY7z`EvDA2!* zcH2WFX%W3r1HvDOE?lx}(5$@sy1~y(tXQm+(l&9ubb)nUw*ZyC2>f<@7oabNhuLt&(R_{`qp7fEfLlEkVgC^?}eNS?waY|jid z>qfVxxB{`zW9>S)<&~441)y~VMxz_Wrn7e!~Gl8#nE zr_ZadE{_&N)0U=3BGj=X4_FpM8?nw1mMcUf58&j$Rw-z~^+yQd?fL*bdqwIcDcBcF z?0G&O8g+3VdA=IHB$^Bj<^%_Rff6_mi9Dc$AzUR(0==KlOfEYB?KueYq8}}R*lSCS zm*fFm>MxWm0ECwIg8l;<0$G6FBq>DsJLNt_3vGqd=39=&$eYN2BZxFE^I_up#T$zV zi5!+BntUfJz7#nJZDap^`9afoWfaiz=filV0W|4YuMh3{U3vA{fayj%XU>|bB(qV|7wX*H`Ldt5 zog-A#t#lhoin(?5b@vRWW+}wW6Y0mC`32ugR{hRYKih}x^O9Nhlkzubtb@$QDAD|~ zj!69mBz0$;b#03+^rj|}|1>tX{_K{q{Q2|iq_$;NPPXn031d*ARViF&J>IHRf05r% zU7=3>SC35TOICkw@vs`;Y^CnPA)cRlVc@D6wc8&N)-N*xwk=TSy=maGN!P8B$jHmf z!}+HA!otG(de&GuY7EK*aDhs(F^9$HI)4+*0*g7w3-WF<|FGkAG|E8V76Dgh+UlUO z46nt;7@-=K{ycg|Ns^I41RxTk?P>0a1zH+s`Iu5v$8@}iKDmDE)CDM+gfPo2Baazr zb-vl@NrJ*^b*9$FZ_+X42X7+<$ltuw;Hh^${5~Lge}+a&WEdtZ7P6Z8-UGPfAn={# z#lAw3cl}JEuZhIP<&Ha(#pn0+5o#RoB4}`AI%}-w>xR@Uv+65YEqTQeCTem4vPqef z6Jt3f_+5zhto?WEJe2~__tv-C{ICd_`OP;VvZa{`P6HEdBkja)69uAYK+@;%4rnVa zE_toxq&qWD0(dyH8eDSAD|}5>{F`s3l&8KZ$GNa>cc!DS>0ebhohXT+NrUY0k<`Z9 zT=jj1etj@nI9zNgY@$u%ux9z5CYi^I6Y@HdI&V4AqQ@x2cmPKSO#gLWj#{;#KOOok z&2f-RUZCl+0xQwt_)NuzEY@*eq3u{v8bqFtgrM*Z!BQAl2K0lK$d?D(UrUo!pMi8) z%dGvoQ`T4KA`X;lzj_d=y|Ype%4w*<*wx@(R8QePQB31TGVaqpMpKHF$&ObdlQ>4g zw`!}&L3KIcXo(B`twvO74zJ^>&!-s?^tkByK7euo-<@lGMI#56L%&AM=o`6oIo!`( zxx35afrnE#nrUck*>r9k(`k(%ide0HgsT%A%{M znvwHe@VEKb zd0(9;#m6u6KUB(W9`I`hwVACBiPeLG)8HQ|vYWHClM6QOH}K`|i7N7u#JxPFdVYU)HLWXPyyufEslKg+!Zkf8!Ool8gZ)IEj- zdWky7=w*xV*F3@uD{knO{mS`tdY^Dyln$R#E2f^rk>n|`t=?~mn^qqmg5 zD;0d(_`X38QQLN;58ZS?wwN^5)9))Q4lSS;Hnk_qVhH_BM;%)22y&M5c+Mq+&whm} ziiO0d{vpgK9KCI5TaX;&_o6rVu(>V@q)v;6jH5glO1m0+jrcA?Mtn@|WnF?Cb-a1k zGh#Gk_x+3|AvpDF2$_82GlXM3jjg3aS436QbxpVHmA5|L=g{E;7WjHK7+4QyuJtuF z$;B^df_~n6;E!HBUOFwq+DQDeENSHuE-#2PLRbj#$?`$u)>#bXAA*s{$m~JDCgcg^ z35{&>@67B>6q^mt_<2(VARXc3DHyiYiE;aQ`^LZHG$Fwn7(G=^Qyor>3qfc#pv#g@ zD|wHfifm)sUg)Q!CIAzWQIbFZrh})Zt{{^8CON0bCP@r0|L*XyIg%}qzGPseFkTNT ztpWfG`jijBoGFSE5BCsmFW!#-f|*T6j(tPNac6p7nqm5R-Zfz`Vz$63WCz;n)<^xeV%RiAyya zDq!RTZl5;!})$# zpxE{wE4C!w@tD5e_OfAVzO%dX~kwmfZ zyw?NJ+K4cAXm_k#s(pe=Ds~-;nGSFa7cV?7H;C<@1%O;>b$tDLKJ z3It&fh-gaWMC-xSHRP1?lNAE6#%6Ogl@(TffD9^v!0(5kdtyx{Cw{b#NhpJ*b zSowv}*CMg38S9ZaPnGW&v+<^vs&3iG^8izl-U!T)z#%_Kdc+B)&#kk7F0drYQU>6F z8;0?_pN~?iJllfcfW#2;@M2%Yq?aa%*|AW4$Ai3}4+LOh%yq>nDNCT8Lg;>-mkPSs z2zhm%U4W1m(9owIZm%rNV!fjJt0PUGZ;={+C0T4S`+n<(1vXjycN0f56_~OSITAT2 z0PP8#jb;!3Hpvj4@r6UUCvGzfT_F{=hOj8{0%b-rl|&f zC0o*Ia!0B3Qagp4Rr?v8iXQkrnq_ghKd1C6OI`NA269~(z zovN^Lo@{Pz{rPdm*$eZhwQv=>6w|zxMyrc`QyliEbji?6?1v$a<}acy6$`F|Rhex` z$1m*C9Lax_S9Nl`0zIO;>$N%2*y?lp-`I)p!^}mboR9 zM^v@8E{hQw2GSKuo zt5xvLOV&Lmfp}lN*}p0iI&c3ES8o{>M-#M-E|%azse=?6A|*T~%Fm*Iixc;eDf~PRd^d)Y_=B35+rJe`7I` z)Yw{>`@G-!&e1)Sgf=>1%-Ocz0l0+Esb9Smnh+>M+OMuvh5hEhYX_bs11=VSUwv6%-Asv!zj~CsMIClMj$3a?t z!&K45mp?OpM7saW1)y!}+XAz)BY+ki!y9WWw^TH{+*~-h!&d*(2S-uRj`Vg5F`P~XT z&m>NHvLulF6Iw47T`zo9539*xtd}0?+qrRGR@ry{0W21(7z&n?J{|URZwBwWpi{O~ z!ro9xNR7{{F-l~A>Te*9e-97U9m%0%@!jq(iZ=$#ZBt*YVqGMJD9`?*H+PN@pD8~j zu*iV`z{Nk!zC*n~IhtxI3^QtyI9lWI-|slQ>h*s+)2lQ9=*a5_Kq~&b`19<)FP#@n zwV=8?`Yjk(70l zS>legF}1ryELu7c!ryPLZknwJ)RnZTceyq>cA~MJm3O=%qm_yHI)$k8>sQs&8KEl{ zQO(y;2!7~YYv_Qpeh2hc5PwxdK=46;4l)s)l#dn0soO^76d?b0#g44ZZ)~%~_xk{|+}b<-_yC{J@ApAfQ*{ zyv#%}KkF;2yxnZ<%xPVDtE}IA705>pPhFY%`;oH*9@J{A4|x-f!Nm1sYh&a&mv!Ux z`6@A6XgH3vh0*ePiE*qbME;AK9ybGmp=uXrRPpu`nCCH}w2@N>xW2OUjq zuRUb?HyDD>|4su`%PVTgfdx`=`K%b-{B*IL^#6feH8nJxKkeNa=q!{xpAD&}KmM}9 zxq$7)o#1iHw5Yk|b}T?!MPu&e8mmiFSLP5mz6gA4SovkmK2lo~<;9$a;Qt^b~juYRc+ z0UY(f>{s{i=l>`OqW;rX9AI(6UoUb^2q3K*;sTlw7c)p6Kq3Sqh}QCa15uTX?rLB& zT*-PdoN_EBJvBJ&t=J{WqD(|o*50wfCojMI%1ffI=@M;;;o<;et)Jxw7k{pg=)C0g ze7#^!Pf>z*IA2A~f9qW6@`Q(W3~0zPnp#(7+2OxxJ;OG2D55r>ABwl4vWuG$vw!xh z4$njuxL)HgRF{^STx;kY6Eyx{#-HmhKQ>Z}3=<6|5gb4Lx`;GnB{8nI>)D!Z9)I9a zg`#6&3tgTB31yV`Za50?TX{BCyB0fo;vTj&u=&`_tpbafMI{OL^+YpSGpxBg*u-d~ z|4%PAPObHM%dLy8DohY;L_dH0IhuY9pdbs``!^eefC>pN=%C4-VJAgb5ANV%UkTYOmIq&GzAp--NRXJ_x;UUlo`oC3O!d zW)_Tk5lfM6+(6%S3?JNwj6R&y+1cAI<5xyrA)ng*y7mEs0_ zaaeB9q6WM0>BEN6kp(t;RSd+|Mvu?DZLKY@J2Be`L%`ufTv!_u#^pOEq9wPEjyx(M zYXTLEtwnO2ZH3Wl?97)GE38Ulf2D$xnaSJD+x8l! z)zJsn(ELM^Nf1y{*@29zo(2Av4&Db9I!L1(GXp~!pIt^iLky?HkkzMijFQhP(gQyo zjMlQKAvPulBN^AxGCYIPU}M9ncI(;UtEhe(zD993@5T-Qoj{*3^u7M1+va_(Pr!Gm zW~e`(l5O_Y$VjXmslS1FL?-haLA1*ggse3LQ-Y+xwvTjsNp|D9RWD@ONp@l{#>89F ze)pSQ%kg1uhR3r6!G>dD?Yie~c2YPOUhEI<1^2P64s*%IU|W@v55!@Oz7aKk!yisg zdiZRg)p7^J*QQL-Ch)>cPS=fz=6_|;#ix0m(aP8!{~L!m4px@f`}%tAGhCBDbeh(G z*%R*hX77Dv>9o9fHygUzI@UEn??IxCrqkYf=s0oWd0nyEN^UDfD;d|jsY-)wzOpIi zzQJB?q&{PKJeDD;9A}&A#x^>J%=0nsqr17H-jbh~v!jWH`Qv88&PI7LTdA$BL!i>G z>&fO4p2hgM1+^0X_HOmb*RSMxNXZ^(VdV7|%w(DBe&B@_jCe&x6T=7Zm2$LSXIS@} z8qLj4nMv`&KQ6sCzK;QW_sNY}{x36aqw0K8SAq7UFrhDV<38#NjO5`ZWTBGVBrQF_ zUT+^hxMRBY)(&FEI*HX`r=h@T67rZGG%;jHkbu!qP)T5n!me;XB(eC5$>`Bk61|)T z@=IyJE;bX~vHkO9Sf0c^62q^yWgPPIhxRtr&V^1=rYbyJU-l-h%1T>JV1T z12ggUNJ8TEz}4OWr64h}EK81os{IBQH~xbCtj)%Hd`rx(Dgoo|cY~o_g88rnhb!FO zO_{+51J7rT=72+YU0rX2bj8%Qx_bK+zQEA?dY1&h6po)rvN1cx6NG?+=PKz|7_A%Hv&ZuA_t8W*zc z)3x2t3l@xjBrjnx4fEOVi>M?lzYyjKJYk1Je<{E;y0wd*K1@p**1P^LX@BBv@!ftQ zS@r1?@@oHcxs4a!+d7cx=wP!Q;q>WYpnjX2JsL_~RADuT6>?2U%`o?Y5o4w6en7gY zfP}2|Xv1V@Q7?n9dnbYDXSkOv7|!s?d$93Jeg9&i(3ix1Qg=AKbQ>{?N0QA+YNh!s zfx6|e-~?K5vb{A}9Zozm0TmK5-O|K2hQ4pFahIQ0?An?G7ni)rd2lHnns7}>phq!o zyL?G?Xr^D7CwGn{1^e@sl#8wD-Oh#koO!?k{5K=O%$6gEk1ntof7|eqWf4@ZT0;l@ z@_W_HLO=Ml%yxIuM`#--r0VIjV;JuIWz=y8qyhm~osR?s5lu2CnY!QsGH}&z$ zVR{yNW-Gr=ruw?5L4nZ@zE2JKW)UWxuJ<+&BKFmGw@10;&lxcB)sXLmrotKfxf_wx zhMx-O7Q`zZmIyew?E9ey!g)LM+^(I6f8(M?M25;LIUNJI`Z>a5LCx7i(O_7D9S%$#kbnFIOpP;Q zdL{MEDq^agQC11RZ&0+}JNNxT%gAewrh69;y?H*$oI!!e{2i@IDU#izTyg(OI8z6iB0N0hciitpl5oIw@m5hjXWYg=S{>^g88K> zp?2WKF8*A{Yn)-O{oGJ>)NS}{Nbls)$2JC6?R1v4rOxr!60kx# zzFUu7p3Z|(cP}{={yd%I&-nAcr>z!H_kq8ATMi8RPeWG1fu5`jL4JQW!t2bmR}S%0 z$BDT4@31~PM>$)I^jOuEbej{)8Z7YJZFud)_}^d}UY&`o{qvknZztc!#$juLG4?<6 zVDIxvjkyGMSJ@F8>t2e~KdRqhZOaj6z3;r4Dq@c_QU6WvIbGIzzW;W;$7MSDG2j>0 zPwUl9TSt>&3*ZPIS{HW?s#A_M$C=ZV6#v5)u;?;(FDNu)q(LNw&D`spN{T>|JsW zsQhjKK$p-FW_FR^rvWz{|9`CaKcDhPUv)Tt+~F_L`bVr+R}wQEFa~o5P21_0oi0mN zo07+3Ro$ik*A*R1{xRyG)O_UHaSzPXAK>vX=U)a-L>@g(R>jPE;ZsMI_jMbx)b9pq zl68!uvIBj!Dh-;@h0F{u=5uqz_O@~*j>%&M>!M3kvfo=yWR+=_cz3Mg@C?TH#sjGh zg>gMP_uj=Kv%)q1)Z(Y2hMk$*`=flHF29$1@;+lCFyKV%n$OVHy3o4=em{M%+7NU$ zvFq-{Pwei{1RBgn!kMw5P+n1es3=Hh<>f(^z9-Z`QOv0 zIMUBMBRD!@05(@Rr3&*|J~B&`R0vKGZ?VmT9T-EfOU^S%e2K3pKgiJaoc_E9-ST34 zn0{uSUdTO5&4oNPpppn^4dJn-{Enr2Ra`}M&wf>@Z(}*BY?0AC_KT23=Mxtwjq&nU z(Vn$sZ%u)X1*&3edQeiGt(Opaba?bTZsew~C6j-0|M>dqHk=CUHUw$R?^FH*zuo)1 zMp0yF^Y;LF!TluIZb=L?u^1~hI1X^f{JpOr$oG~EXMGEFHes+RSm1v=h$8TcB)o>t z|4;PY8=nOW1a@AxD~lMw^@#RIdp&30#weK$u~72MtNp+YpVy!V#G>oi{?R$_EcZet zKoMo>`Smv%s@A5R+sFKXMb}*WmpW4d)E@IZCuoL~20UmE4~oS-2WHuuJZd?BEqg=$ zT*V9P+?cMt&BpAf0Xz-}Y2aF`Qy?YKG?LWiJlV^zNEm+l?L@z-X!t4;vWaNYL+` zAOJ+oYQ&V75CXS1To+YlV$_c| zYS&oXJfWQKJITpa><)(Y|5|gO+wY@B!C(EKYAPzKDMN5^aeY1S@8bj1fSBm)G||7gy{Gd^iVjIq3n3pZ%Ck|61MzV+gvG2CPp48L{Z@h+k77a zo|~_0pl(}Y(Ct{u6Y#?Y6mp*0FlW+Yxn;gq`m&en@OTLZcOBO3K@XWXBDpcN`Twnwx`uylXqV>k0!KVrH114P|A8jg8HB|6Ls)A6J`lbo2iB zvsQfpUvLzJ1q|2rX_(*sety#UZe!Xe_2sOEe15*#mo4wKW0x7D<8G)nR58Q998C|Mr)y*v<)DwS zCHGj{x}gE~fByn~d&VO6!&6@Hc(3Qi0o2W{$a`zRy_5+IMi&Y;p88{q64%t#$!d3M zx$rDRI6u4DC;q)=6d(FrHu$nthmtD#v>o8TF}mhOw|={`lYIQR<)X8^dRK9}=KE|E zZ})tOb9s8V8m>bVqx)MxU`j#CIX~v4<979E59qRqAw>Qm4)FpwW^CE_a=f)VH)#|| zY$PwhRbR_~=NxNwJFEsAj`&8jyg%#yVhM8agq1X zxF?^+9r!#uR>`4vvJ)n`lee>)sz;Ef)0VyY>+5Sj-Ice-egbv!lYL;a?oOHi9<8Dr z4ISr)a{AmHRT(q^xr)bR9sk=<_T`sBvFCFXljdiPfTzCcqS2SDrCibLvdK!l%RUU8 z=eb9);eGeF3LUU<#{=_8wTICiO6Y&Ec$R)Idyy;4%m4h`p^oa)!41U5|1xuJ+4+){ zn6LfcQ^$3Rfr-~nvVncev05#3dsMnff6wPMm`i0BwQM7=!=>8JBu}B{R(k()2 zZkr|e#4X$J=IN%(PF))qK^wT-@TYzl<(U=bYeqw$Zkp>YW#M|3OG4=0cTwCd2;ZKe zLb~9t1Y$`$<^(z8OaXj2K}$ z&AXQ)OR=_-R#lOknL+!uYnOtL`nv8Dh02+$WM1Jeu!O3C@I7^qpO;#_n2x4UQF^D7 z9i3w%s6yAvfkWG*pa-&Y5zA9K5TJ@Vzt`QB#4}Q0Y_@|eH?qz&3hph}vO>53Ue*W) zY9EjCC>L5EhY~eFP|yssN-ws`C{9qIO=Rr*#ggd);X<2HA`COrZ(LvIW1Zna?NcJx zPq8y7wh|0qZWL^?8?Civ6WCjR*V||Z*_9l4w;v=~-0&6+Pi0O;bZG9hzSUfDa4emB z?Ntm`e{KJ@%5B?j}4=I{x)WlX?B3sUEcUXS zXi(SqQUSJyVaU>j&*bY!SGhmVyqru=y}@{TCSL*VuLs^=X7}_7-#5+ctkPZLD;1=K z?urJ-44FBMLiF*g?caa`Gv0O7)B=<&-{Z}j*oOX+UZeW?P@Qo>ZK7{kQnBPu@!zpS zlH&BShgm1=M&F4O6eR_I@8waZL_z=!5F{_BfG9#S;kBfTa6{}28bOR@`3yvfDOUO* zQ#f@kW!hlK4-G397$t26IeBe576Z9*4yqvFjw~1S7;O2{e9m=4M+$hFyr^=_;n1z& z;te`>$FIZ1)(>cutsKxYM zJf1~>61O8uQJ}9kAhvb6Mi=C3&uh#&e8La^s2fH*-Aldq*ji3AH8Wo>SADYk@+(eS zM|VECRGhXxgjaOkgH@(498xM$5`Z%Z5^r9P3_MO@0`Hqd9LefXQGTA)GSjU-GT-z= zvyeZ+x&iiH`VL52mgh+?0Q+D?Ss5M^vkm`21H|*HH^yl$JAeb1 zZ_Snr(`5Sr5o8vXkBKQEuthY&fZ*5~3Idp<-NVELF`h8-gD&oW|AKyPhaFhv+@I1a zmgfe%v=H0h9kKhLM?>tNmkY$auWCox)*5W~D)s8nwcY-A8?R&+BZ6aix?A{YoG!mz z_I1o@L$&iu|DHX9wgt$Pmg?iKV%_@krB;IYitKlDoEOq;J3JSKtjYd{(wP!OyMX({ zl(;6BfQan17eUMMXWe_RIBq?}4~)k?*EM^qMfOd=aYT>4qCSu>TZs!}OD}DyjfBSF zw|Cpo_78WzZvk((?o^>4PvA1YTs3Fd`~BMTG<*Ge(q9+Lw_83Bi77~9Vpao%Kbdei z6Tg-lTt0MAz5l)m%b;o4+5R(=7_K#EJA|>E`FrXfU0A~AkK+8+eqpj?4b|=vI*g+O zd8`3MO1AjPJ60adjF}uVG{3!Xh@^^@c!k|$IzJ6~ zww8n z){e$iLQgyOu&slo%$<}LnfbEYcVY)Y11})--lzyt=UyNGmA$x34$46s%_aC88PuGC z|K%YlP3T{;aJn304~X=iVkolYG+#^_r8eO)|0P{$p#=)D_{J~+1}=Pr9ZtFWNNmy> zf_y#uFl^$b-w&5R%L73oQ}7;dI~wg2Cky3sfO49>71F9~zhZrXoiT*u%WumOc2@WC zE9R~6z5mMvzyZgW*n(xm5u+g?ZAm1eC{3}J_5CUQ%A{seZn6Lt}xy$lSRx!tx#on(*dp(LkrlPNvX zffY1^_p2`t3tc%j3_@a^V$b`k?5$_8d*3nh43xA^}AVp%9sr`3^9?*X;!l%ZZp+K3l+fM*|=#Q zZuZ|emN#EW!sKIGqvUbfQRG~l=ZManUSn!!48w)x4S7yCVq-z@#zsBhg0xIL0?M0w zx(L&}cata@G|xL%+R%T0E;Uuii^pcJmc8j}<0s3~crPLjv-$R><8mH=LT>&h&V^Jn zmdCi?(q2g5pcyPG6_l;Kho4|U^jb+$Q~d26itSpqoI;kH5k&`Yk&(_r%b{I|GYn5l zMaD0(;rPd{#FmkT+a82j*7E!zcBwd7X(@%$C`cF_zIdV=AQf+5oGWV)HMwW@87j^* zfh=L1{2;<+Z{RIlteHEAGlcTCsH2S@J8!z6wJ+2x-ejdiY&bRvHm4oQe;kcw1Qw=A zk-NPLvc?_<2BIkPf-=v$MyP_Gp)2Y%zA}BcgLOj?HUbttXiI-A+G1M8L1@jr1L6R}$dCu_U1haEtAr;t68<+c&p ztv~eU6t^+DU+O=882AJL2j#`pBj0F+JR~-Mj{S0yR`&F>F}I)v)mJ-I>*e7~u6TNX z$6J`|I$u_hy+fir_nba-vwRERIIcbCHE#s*_Or|(k2qN_3$fgd?tuQW%<}Nhc{wpI z`YI!OEYv+AQ1SUEKpEz-D6XZ?S4tx}dj1)%oWb4S#hwrUlo3HVOU^W=Sk!&|?su(i zziJOI9b(R`W{4Hpa1kr3+yJ(GEQ3A&`Q0~vqSHf8LngCwJAG?$92uSz$8YsGaL}RF6Q0UbHjyi4SkuLmETo?sg zJkC28C;fn+CT}}hA2NW06!9&)9)Z$uF>KgEgMiZjGgR@{hv~0l97PmS%8@i$G@G0s z;MG|av_XWiv|8~4wiCFFMI;eKK}cR<+eu|f5;P+y#VXrUOfg@Xu4qg*XQ_JAMzop? zI87PeI0LHvN``4D0-Im%LAKM4ZObTMw~z=( z=rLA}a;m-DM#G;>F=_12!^4gIP>He0haYzYa_b<42jWyAUYA*toNl49s!oSaet6*w zWybcSiDd1Uz|3q}*u9+q_t@ulRbS1yV@wEj>Eny_`ss04TExfe}bK zPr@=murTF_10k~1;@v=1^;p7rVXnvgQ+KR{1*dF9d z1^`T!j=+-98##E)nl0V3*c>T5)hAGCAWqK`@qyFr7@OLWBsjoECINZx#iO3Q} z1b(fee^wUQmnq|WV?9;Z#5cQxPMWofvSa!&{&CiMKs!q*HHN*}hSlWSF#)f6|$(Y^y*DZzUp0S1>HBQ#Qgeb$=s(XB8X zdn<(4I@kE(8k)m-Y0mHeoX!sRoUgYP!G3F+@U^^4j4gymnK+OjELq{$=Ms)vSP))Z zxZL`HG+@;{G-@^p0S1HnL5QC=VuAg~8_#q>%>9$%7^W-~329;bLKX#qJa|yV_76E2 zjjtJ_hv#p;!SJUoW0&V!+c!=2dDhd@mKLXXGthpavbKH^UwoTIk7kxBuc-&En|r94DMn%X;;EWWsO5H18Fv&^CSh2@Jt&n<}-oitMl4{Ktx zUr^ve(V6bD60I_E`-YnFka9BxAAX7}0&GyAETs~bhAy8r-ntAGRx}za4O*fmtc2WL z6=T$TN>5NrhbUOltXoi>XME@StshyeBXhD6@&VeLC(&G4?KHW5R0FriZ(fvOiEf@P zK8x8M41^UeUGG9MGa_|OBv0OvSh%;|s8-Tw`*Yp38Y?S)h8swuu%FU3Zm!Vf(3BE5 z#yo#8K0gGirJ1Jm+abbxG39K&v($hs2>O|Ea2ihszX2PeWu)MGIw9gG&uyllJwp(A z;^nXxK zTyAMb^$cL+41}IF@c|U&xyPc0Z%)90BmG4duec|vg^3%3rYJGx;`Q`W<3@?%?&r`p zw`aubS5o0+xss5KBWmT}Mc6rQm9PXZe3K4>`D){ichju^`MH{?p|wWBmEz(KgDGIi zaV{qth~HO}V{eV^X|^`Lt0FW1^9b!TW)v)vQphVGOI|E#`;rv;K|ww$s$^Ki$jHe- zX)mgmE>$VPXYF~g4es&Az`p5S&N`R3d)H-7HHM?=pS`@umlL>W?-8EngO5d6v9g;V zr#BlvhbRaoZ^GI_;I-Wtkr5ba)D(DA2e-~!@!n9`2Opq$wX?-y*=Hg-;w$ACV_sPO zo`1X+xPGUUf$Lb-tAKX3FMn_o21|rE%7asrme;yM1|BU6PM-Eb|JS?Y($a3+6uop_ znm}dW^$zjPvT>|FNW<-M*&l2$XUK*u+#kuq3Td>3q?9FD8BAkqX&SOg7X^RQV!RCR z`;e<>PDCrEF5(}+k(Eo19%g8|)Tp++DsH?Q5{ZLyNuY}MTglM}?jDB@R~c2UpajhR zskEmzGO=Vb?I-FH1n}_`z9p7SWNGq=e7z<6w+2q^E-d4o6zr;up!+oZIR*ilemqTw zGk{B3CSOKjls!Yh>&D9>QO=MYvscXQ6Nj+Hd^(OU3m1h|DaG~;LNxL>n!G`pb1y$O z{A*7U)J-}I`}j%npBbCyUg-z7_dLa4wSaI>$K}zFEE)4n5_f-<*ONb30)*H=%Q08f zqFvlfK$(J;QJhu=@A9b4JijvdB}oaRRrtfd<5fu8W5>$l-(^+5n+Mv|+@kh|lfR8Y zGJ(7{G9!7fiQdwF^LXDYrB;%3J2@7h%gzD3zIN1i z3nb+~{x4};(clRv_k{Z*I>5kOI>;|HzcuS}XoY|>`fX)?G? zgT!a|JWWi>6jImlPi9@JE{s$uKwm_Z`zNv{$eyNM^}{9L$wPLgg~{+r>C^T;GH5b5 z*=S|_Xhm$=3^NO?ul%f_kf$ck;O2t|8V-83uX`A~;ZMfNn9Ap#e)c95>|*Rk3x?&z zj7f|@WgGb!!Ua%$L@-RFrtN0a*&h5PJgy+MmGU!c6a7te)N+|FO#&B95u55)jXWa2 zIS=F+$bs~$nG?(0cP>Tijt#z+V?Po z4ElBLvfi{}E@oQX_=N(ijC>}xCJ9>!?eRl*P6{@#0S<{)(?W&1RfRD)9%icDpC7L= z&r?`5mJ`tDA1Udd*ir|pG@91>QJ=+CS(4?D=pv$vKdnHTj+fT(<&hP+qK97M8oS)w zNI66hM9mnZk}XfY_F}sf`ip{pYH3(O!YH9)J`QAT3vPIK)goDbyLn*-9!b@%v<5X? z>xfj?ut?w!H*jyUVbCX};F0cajX8F&_b@+Xz7?qV#4;%;2^-q*Sy9iRES@t>G{rWM z|6078N29Pw(`ccnvz6_jon8L^@^9Z`!AWwp%;!OY#@5VRx{(gaR&MTYC&p@3KL8WNRBq7HWQ= zt#-bshPZbpKlqnjTD}!!*g;q;w#$6het!P$n1o%FV!8C2Oa~OmnUdc?f>nTy$!;;i zQ(xFm$c=R{Q8eOu)SgV3Vt(Ki&pjfCy>~4$&Vkj-2V3~vh`iP|no{DI1T2m7twS>sR$7+m)i?uM2{N4YX<wb6P2%^{`z+ z0=@8x30$KEqFlo`IG6LVenc=RxE4cjGq24gr)U^Kj!c}_vcyylvU1cb?gLkOVLHXp zg4}r>!r+$JjE}{v`?~FQJgUnZ-I#g?`(a0HJSe*u>faH**2n0t1h;lheEo==6rL^R zg{DZ4=|U4-pSu5HoQHu)voMM$CQ|zxXo-Ld!=91%GewUZYaq^MQ~=Ap;Xnbom{^N2 z11;19eB&*QmmHgE#G1a-KE@e^?8n(aKOc*QN%CR1MlH=6J_z(vfl(Ze7#aw}&fgQ@ zhaU9Y7H_*&w=ex@T!L}r_h}OD(O8sxRoTGg{*NTaHG<$kbC(S{rE6cT!8FgY&69>xu_y-?fZVMCWytLr#Be!WgnO@v-Oqc3F#*6YF*G zQW|s0?w(|Ks8U6rq+9Im(s(sZZFlD(0oQ?h2B%su9)+3}IQ3@QkU_OH__8*_BB4aS z94nuOLK-(nSOGc2g0bie)|Yi-`sgi{6#OxoF;2BQrM{hes=oK1KFlT8{$pcL5n+Qd zz-yvOqwf&L!fu;;Pf_?m54k^W3q$>rdZraBR;-35|F~9KYq4e+5}(q{1WLCOH6rG` zoenpQrb04HvzlC!2!x05onDeNLIh#!vB3M0YZ`f%GR%3mK}W;ky2>OCMkO?J0mNF4 zu@EhB-a&GrzWpad<~^^mGHpU9wJGa{y4rv4iXFzc4CiuX)2qD_29j;prneSd4ymNK|n0wav1Yq3=8E%+fIn8y;;(eU7e+_L?iD8NX+d z4m;pYO>Eux9le)9NKh*xHc9Vr6}^)_Q^xbz=L?cu^VCQtip%1KoJXEA9bJ{HU}OtC zBchwpQdYW6CI{bRw*oX-YvNSL7uRD;8a`xmBqgmvM?= z%CxI(RJ5V`y09wp7eZVY6}0ltQ;NUJG-*CGF$7a7L`)#2MCrXBu*kqF#;Q#E@|B=0 zUnbH;Ll0$!o#>}*IV;NoM*uYIlM5srb+ zXN#m~8rvJ;^VW1XiS?@8BgfO$Y8QJYbXQ}bI6Dz zMo{XXlaQGk#FVJP8IVGa~MLohLe&kp?l#pB=ht3%iO zsa}Ng%Bo`mG2!>%u5j{=czFNB&Yd$AB^_U#cFdS4co+{h!cd=ylwnd5*b-BM*0hl^ z2jpN(;d2T=j$IKyP1?_L>@K|refp1l)tj&Q10IN@>2tGA&*Pq#s=%E{lr%-&7m-`! z(5laZ&vPyqH{&ro>NQe5@?bgl>u z@G(EaFL3M>a?PSGmJ5RRct%rAaV9+`_aBuWRnG-E}mjt5OQa~Z51Yc$D@-Kg9=au&{ zU97~v71B;o@`Q>pmYrY3*MuBJ-wpLAf19-G4y@qdxW>3^8a-HQ9EBYNSIhicfbIQy z%n04>Kutw_xx9Ttxn%N8S#)sIs=-u5LpiD6mL~e^cKs$>wgkjBe$=p4jq|AE9DLm( zFtyN?G-%TeOh%8`x&`wz*h=46vx4nCDhT-+gDUVcJ?^`d%@SqIoI*A%!msk_9B`=3 zY;`tw)|%m&##U7HBPNIn7xN7$X6pA{a}w8Noqbb9)rzDuYuwT5yQ4RtMK=aRye0hk zC%ZK`P-dg8nCBy_&eee`c>ru2iQzts>4F^yc(iGE^6trk#}a}M1jSk^Q`B+PCB6h& z8__Se{$A<{uen`fWR74!V#pt`5%7Ci(b~=H?b{NFMTOW|E)%1*+Y$+p_ESCRkY6jXee-w`x=-G@KE>mQuG1<|w=gl+r|BW$j%(j?dB;ANW_O+JMYh?Z ztJ+DNyL|KaN}=2(ZLsGwW__ACcq#R%`5LqvpUl7zj?cv%9Qc?XsVG(NkM_NY@Fj|@ z;x)VM6Y_^zw4~FS$Iso8`}N9jQ?aewP4k3R6cMD=8OEyxXeI?DzL!K6HkwPQf6}Da zBT}^emxOOvhx((WhN4kEx|XIjFIkVOv`A7vNp6PM82L9Uleat-$4uexu~~JjBBwG$ zM`<)gS!oSi1;!k>I#h-_Sas4%9_`|SXdY(X!KtYFRBB1)Ev*bmv{d?R6((&WixI+H z+x7Mtky{ha6`8$%29Ok;BDI%nn|#WI`0UM#)c>(I8D!@O3V$-+ zZuVYA?o%m5(8hsxiK$#UyrLpP)n*u^J7jHab5i)WL5br!d61oH6sLGFA8t5aw&>MH zjHgg1y!I)@oS|n_!)%~*JIzWCsr!w&)HybyO!<&PuWR&&GLAP4wIqxbxXH+vQ)QbJ zKWK1@w8U8x<$y%dJK!%n15HHy<05;uBC3=E>Q6PRWr>P}_=~?vsd92j9=|M_9-HS$ z!7f|B%x>Kuu0Fvfa|hf<1}tCgl2a+v>QkFi#kOn+gjM5bjdE!SvW{rX@JK{#3B=TZ zeRqbML~o~by!JYI9*?>d zCy<)ce>nz?RZ9;h^-fZN6b&Q4^xeYyG#&kI^||edu7bg*x;uHj(djP7l>I39+gr28 z8)}17qi5Rcuh*HkZ+)6bmhS%?x5ZbwI)B=+?6^=2Ls^1m`~lLC|0-fPF7j6Wf35B2 zPp$YprPvL!5l(juHg>qWBar(X3}g7N!|h$K^C&CNXeo$1{42=WL!x}(TTD+URGxX4 z<1Jjzx7s|>LtxV^d_704=(vwUPV@go+)p&z)U0J=8TnQ5xommg(`zO=Y{PgJ7CH~W@JlFIT;PCz87 z`@Xd3rrArg<>4=)M7<_1Otjsz^OIr3oYzsvZ#1yG0iKj2;-F?&NoO0?A{PY3axuoayMZ zNGx@~BTQ)p=|B2a@@YjFj?_osSS%EmqeTkpgbv}DAtW9y!%~-<5z@16qGIqe6^wB( z{678?$^2nmRq0JJ+xxn@j#(}v2VZk>i&|HAHb%d$`Nbz>`qQwg`!B|C<^~ok2D4YE zoo9!m#+-wPi3h*cL$*TUgQUx}%S9Q=qBP1sl@VgkXdzp%lrH5r)a!nY8~zRtY4UWj z|Dc;Q%%flj!OXr7Mf`O#?>kdi+fhHu9Em+!<=L6%T@^|*Sr9TWdk_?wZ_GcDKcQhA z7ZZo3=k+n7enEK7?U2|Z1Cd6D!6El?m;12m@Y*2!;vBt-H|8we1?<;XjP|kC)^APK zKBKhk;kV3Wo^Uix+8b)E8D&Y?*;0aoLs?PiZ=3>9RO-$`*Lm!&W-jEXM{h8r5=YAb z++LJk9UJ$9vQY;6QNEN39PvgV%z}A++X;7kC0&cish&{n|XRf;dp)Pl8rF$kJA8*oEsWP7m6? zHu~S?*tIp?ta!-Y3OhY|?LF_9H-~7`Z*-FG;Xj9&5s(FUyj`zm#@MGFetUASibxs5 zNhvi`|M#ynr16m{bxWZ5FKsd!P#z%w`kFykTi4RD-)6u1)27vKsn(-blFry`rrE+P z$Rcv$ui8g`<$0DijT+aR3pDHh+>C^Zfe9CM_xU%b)`YMO((fyEG1o_vl1L`B=hPG#Q8 zK(!Fun)dD)9va#n4f*j3ZDAugN-QR?58q_wETtR^6WZmzFO+)YD$2X+U3~5h?2eAKZ!rGB zz;)IUL3fC*Z$vy!L7+t^2-~8MFOhq90S4(`w^Q>}xyfT8hirYpW1u(gDWnDtUF_m_ zPTOsj`$e~r=AZb#HIE56I(p$keosh?Zl~4?J za_lvR9oFO6ZY`TMz!@lVWa$@EfgtQ+}+)^rMMH^t+=}r zXp2)QUc5+<;O_34;%>!?26vL1{?~o)T6f)>4_PO+&)Fw?&pb2p%*=R_{y39*Q-H*n zT@Lzw#`f}I>oSAx>3vMw`{mrcjGWV-jZq$x7@u3jrMgoxKN_PQwRDgPt|oq#YsOis z^RHf1=95)S@pM`eSJj%r)p4JyJshWKCD2y^yuUr0}p}3kS4didI@6MzcEiyn1sY}vGB*-X=SN2Ov zQ5bU}P%Lyvrj5ZcDyYCOt}vaJO;QY3AZcp*Txvr=0?}rcb*!rV{@uVjH@YS~aD6#V zkY_B0ougluY^C1Wxg)IK<&5OihBr{O;Udb=soWyxI_-e)YK=HNoREU5cpT$ueWc<) z_U6y?ku9CtmRzM^mpEfGzZta^)5Wxm5e}?;_L%eoBNepo?U=K?lZIF05kpR!*2F{| z+BuYhSi_CPkbuxyjTpOPdjO@a{;aoB=t|eP43|w+$#Ic(+YUFuSC@wr9L1mZhr z7IghRQAfr37JbA@wHCZ!lD45zxfy_`I126%zpnXThNVk{?F=H7cc?AQPSh;mE>77B zD(kPzx4;a=MUq}uS&+L9$wktLVf&5y#;s$80}At|LBju%_fqi9l}>#L0q;$zwcwuS z!|Q>!8~)}2_y{-C0gB#QEK0LPHzIAd=4GU|u|8V)C1jC&M)|AR{XB#i^Qkcl2HAXE zEA~#k>%8)YWb3a5^_N4k9Th=C5hkDyG&%#}o!b$k4s$s$-FkYG{Q{m{ZMn&lH9%E4 z=&)+XV&C86L8U_DI4gF5zQVBg!csS8f3bT&V6wtBlX+E^C9O+9i*~Zgg?Mt6p{BK@ zJA{;fm8xlsc0hm%)_NRuY;N zcJY|?%&(%c$^;+KoT%F^-&ck+WKmlmbMgjvHVe0JX~dPwgGyAsz(m+QcqqsI?_bE2dbWG$IExt{#C3@ilCfcyIam{xtEomqX=NP-%!_wpS z4eeMgKSv>&NFm*gMMf-t%vjvK!E@O0^5T;&)wdq&^W)_ABX?50nMCmyN zL-*`a@OKh~M_kT2<1IkoKbFK{`?s%tPL{rU#jD!d_v1Zzi!{M|1I0LAE_6eMzM8Eh zjobtG>ZmKclzhIytBTba!*$cQT?bKWxLi5M961u5Bg4(#FP9610y}0UujXp)cHl6> zhMz-MOoZy?iObDhXxLDxNQ+#EaIqRH0i=iJXIz z90~{+#E47c8zWD)pQ~zTl)=T>Z;iKpDAbAcr5jianD<>j(qB(jjH%qNwSY7}*V0g3 zN_!43d~ZqH7CfSKs|wuN>95MqXpE^w;kNz!QZtBiBfd%dp)&u1=BvW4aPB8uo-c{u zu-8o#5M)Ju+YwuRUIdqVl!u2+@Kaxnm)tlW{_LH}*Vh6GWiAOQS6~4M87bIq&x7yJ zMAck*s+@%R;0$0wfUoooOhJJ9aK__Jrb~NBjZ0}kd6JgHQG|uCj=Vg&W3hc!9A5u` zK{XlC7rV9yq{6yIV~1ged`x<21=(?gfDRMDQvC1=R2e>~8yyw#$~@*utv*>}_QreE zlk>7Pi-oTg%byu~o5at-@9MWcM8-(5j4oy${d}RSCDifQE~x#-M<~5Qvemyo0va-& z0B^tPPtIyyYsd$mI2aU+3eykS1nmI#g3&D7~zQ%0bfWX_w{zk}+ zN!yc-1x_}k{Blb~f5nPL)TWr`IkF>7DE^K}Y~4jD**-J2A+ErtdEUjAIHut5zWYq< zYNbz==HQiSZmRvpv6s?1bzR(L2m2WFs8T;Qph(srO`N6WHx|}t#jf-@fO!h@i_Bp*aQn4R=Jvcn%U;^ny&GKd-S?I@f(J%{V_vei5A0o(*ZTL~qkFXq(#D6N0kaKE3+zKFO2P7h|%T4n&_0 zC==hCdy7NOkc!L@{z_&+ICsu->R!maCzL3w3^)u@wzqKj&KER1SiP9*AD-HlZg*^S z7IKnQwdmuX|L}g{_^f4&m{X*#cu$A$#gup^K0PS`=-iMl0pFG|NV}n1MEYP=8X)O~ zHS{x1=daK{?Vd229wJ1To~<|R&|ZqIKu<6xO_)gU*%$rx#{uyy}?+Y z5;A2K2{_m{X$0r}^$GDB=Daz++7f%Bz)kPVkRapUSvdb%oaA(ml zi)LDIWW2MK_(&Pm(dkH*Rvv8N`1Pa@UNj{0okMjAtU32Poo$fV5e2=`=c_V1!a2LaC#MDt+IpAMW{ zx4fM^k}BVjKC$OG5)M!}Ea|_MwysVlT;j(>u~K5*HYg_e2xfmR=#(7F?`0`c{DbiF z%LhoTG>yCv#%j62`@D~1T3Clm-ih1#+6K?WB@$XEI`5lWMw(8R1zD z*4G7wvY&X-`F=Z_riH2^(>gHr$hH0mWns=344>g=_(+3^1Q^kY2427sPPz`vSMaL= zgyvB{@i*U$J$%!F7U{L#@#j4vb$vEZ4h>ftjphZ%3oZYTHln5Vvy(Dg86k$M{)zk# zDX|A?Ug}(_Arjn?N3X)KN;1{+ThHNBAj{0T)&Rx_{wb_+n>@48G(NkxQNuO8t`z6FEd<&KuCLY zWGc4BLk9`Loz$85ehRb3Mhyq*pm2WU5*fqB_~g>}vYNOv;`^`wc{+RD2#ihf`NQ|U zbKldx`%UM-j-q{pis`aShg6b<@*WJ?-eClGx*9gpbb9U^#cC2K;~Mxr=YQ~-ni|Ye zc-8-Yy$rP>@Jwal`2DR$KVPsJr_|N%vhcpHcgxw6PnX*tC$TtOfwh3ti$Olyma%X- zf3+Y~dM+M91^H>qD6i@fOqH^!ojuT?f{4PWFIwva>w7jyVJ%PP!HtvhMM?{Bb zD;0v@*E6l2x*Q6KFIHCb&Hu>&?b*0s9r}Rks#tCFL^^+GIxa4Jf0!%R-dk=BXM$YI zIIoLBDqG$iHL3%TmCeQ%P`{fm2_#O4)nmj?a$AV_CIadvE(-`^Fh-F+u;dp3?0#Ki z6Q5h6O5AUK^<8rx?uI3;z}`J7H@yk6^|Uv0SKzXkk_Vs0K8N7wBlQrE>-;m|br?HS z*g)LYU5-T4eE@7SOe+Un6fvxWEFNAgxs0}-30J#ajyYYne(Zadq zs6Q%k${3(i{|rUeDYj2cC&!uRkF(CTu{Kozaq}T`J?H09T!IYqiC?d1;-VtzUDWaV z`ALRkX5BW9Q(_JU>3$w!rgy3_*4mJe3V22M%_)i$7f!ZX03JXR21}84D7TzK zbO`!?AASP9q;3Jw^MCBzllCgbz}AMjRix1X=-i>w0gY$WaY#75Xf%`Mq@g&{KXKwh z4LMPQx}va>nR|k9sE2+SnpB{MqJ4DSpl(~4vqgkjxI*601fpWztEtWDmaw96X3*oD z78JOfcF{HnDxNE4emO|`tKNQ(zFSZefM$}dc1No8`~WUsu450ppUtDBqIlU+4?gOI zhTH*RUlTgv2O&N#Ar=R#8wl!#edbq4a8D>y*v}0E5tJ%ZA=E_vT;2A|x#|M~)d zI8uTqN1i>+4(nm`O9kDbZi;)|@OA%gk$d@nMus)oH?O+-y&S{Ops<7X&6`|0`S_q+ zIx7F?i)!F5EFtKT57_#o=L0-~z^>P!eg~}?8IHF+mxbL;KsfB>>8>02=jsXibX8In z!f07lxWhK}HU#dP{w8k-agu+5rO<VhKs;zwT z?Hf$un!cX7f5Y3d7;>2ces2n}e!HKhdPszbU+PKS;7j@c1(HA3Ha{;7!_UK3L#{cf z)}N;HLY~xt*S>dWu=B`PoW;QJ`5e{c{?~t#p=;s>Y0AK-rzfdyB&739Uqsa$RY&#q z(j%SC4yZa6s^4=n@Bxv-o^uDEQ+4|uf$|2EA9lQZE}<7U5O_)mkw1AlL}?ap4$1ZG zKX5-s=)j8CK&s8VLgA49yDnG)>~DhUokaE1*M#5`RjKoRc!TTa>c(SJXZKS(v}1>Y zNj(E;*@7rkhX|8(@zQ}@M@+2dd6>1H?lWd;6xVD}w&D+%lk?SM;Eha={-0(*fX z^npb1&HsHZgav_lON|(}2w$lCWRws@Pd``SMZBHk4$`_ko}v6_f*JG;rv`6B-U8V_ zDb3hiIz@V-NS551L|(yNmP7AAL@%37lQ72c-42KrN#VT+Q(Kv0G#b)>rV2%e+UPRe z1qy`7nlT{hS9CEtETK5;3^-rj0;DUyZT1pdRisFVeo*|z)2F~9+-=zjTo`K-h{H9+ zdRLBgPOUqEQO#-WbR-3zU*Q&cC_|+RdRpCtEklBDhc_e)5#IS1ZyVDRRagv1_+orANdZwC&El-!i^xpKS~s`RPz^G_w9W{9dF+QaZnpAWF+ zM5Wpc{SP92t}gY6a}u=W(sDH=UjhyAA7~4Vz5;Op_YSSpEfB1ol$j1@e*^P4Aw(?A z`&d<0lR%c{o4HE0HZsjOzUV03xm~8KmOTu1|@k>EEH=Uin@^IdN{TBX!zc$VtcpMW~yz1?W_WF(9SZVaU z=&Lz3T6Xi%xRDwrGN&%>%dde&+k9~`!hfviwu^1;^}*uGwQ>YJ0`wmceJA->KcfvQ zj*TZN>pH(GW<5AK*r^~`BFP|kFA;CD(YyTj+4EH9Kn& zzc!6qAF8BkCLCC7G-K|hAB(XbhET#$v-xG;brD4tBa|mixf+FBNEneCoN}@ZOdTA_ zOj|kK$h8`#a%JRCDZ^%%e0CNKsM9*tY@D{@YPr?=8zcl@NFI7GJ`ej9Wz+CB4L|OTi zN4*}itc2NtHdE)|Aa^?83OU6Qt3B}2i7z#&EjMnt_^t5M#I=gH`7CR|;{u0Ib^Z0+ z4ioM7A?I7Lo{sWH$aA@W@b11|SDzDRpbC?Lw8`RKkg8DE&2BBU>tSD>D)8C_8nj3S zAEkmnKS`cP0{ym#r0!!;C1JJLus--j<1p1`hyT@0NNalT{ZQX|WxsSba%dLN1rAvc z>HS$fT2Iv{L`dSLDX{5mBN#_lP0U^0O;gH|(<^+and;j-uW{pcxDOlF zHu_>tTg=<-+pjNzL?+K?JIzjFKCUfEZ0FBde))Yk|Ke|A(2lE)u2gFSVD+4>)YGzI zCF8f>{8&hc+Dq1%#Yd`Cc^qFkT)ni}(1PYdp7XkG78bh$f`40>PO?tr>a(vY^`~ln zc71|z@I(BH0{|#h>n*3=O-gCDZJ-|OZ^JHr;blqTTBm9jMHD>zlEq1-ShiV!gY~}3 z2Zh3dDBeOF)*^cuYDj)(!wQ-gz(z6O2|u7t*Ow*5{^v|4Q+t^Kj~D$PpNXR?%)pF; zr}rh8t0Y7AYg1V3-P=QQ3uk-wGno>{`e)y(Nx6vjjVfJi{c}Y>33bDU{>;tR=ad%t z%r8HqH0#FTZwhx2lNA=~_#O{cessUQC^^V%@!7EpKGIpu`7@C`OqAZcEG!zdy&UYcZSI_RLx zOWsZJR_T>9qS%PMam{t68J=T#T>t`&u9{feDeSppz9ti#kXqV2zESnBU|jtyO_lm*|l zf=yh4=08s+)^dYCRoQWI@GrOqe~srKuU@h|JggRPeW>DT{+XT4pAkbi#XdgS^}6c- z57Vfa5w;2h?&i3{qq%}EuB2XW^I!u^u+6-{O$hKZIj`jk#W(m*GAi_`(X9PU_>(&2 z3jAT)H~6|yX8&f0I|$~PFu8W$sn!Z;Z`1hYe#44H+}7cP08vPgK16|xze-b&|8qem zn9g5yTABIT5jkyo@*Af{%KJdWQTw>X8;(cLULv3HJXSx6B_M)t5s~K57^0VvGppus zBDMC8JRM*^#{pUO+{w}+7sZOV8#L^&TtGYs(zI@b9gg_^{|VwTEOsVE?xd}5Yjig& z%f0hmZ$I9mWBdLNQDt+{m$M!EbOu|$;zRoO`;gD`z>Ezfx}Gs>i*Mz3{D_WJO6!_u zG9xdz-jE;hBMD$_u`Rgp9s7wG^mdq7ldbffjx&8=G_}es<~aCXuuzeaV1b$M=kd=t zkci#~fpG!n*||nzG*Hz3>xe0p*)%2AF)yy)X!ELM1dvh-ogis6KBq})k?EWsoo@~i z&MghE)^AlnG%_3|XC4D5;MkudDU=ni=Dz|4ndC@P1FUCTIA67N8PFLhv5^g9<&GXH zc+YVHPO8Xw{AfG!SK3I~62(M6pX>kp=v{P%$3gtgD_3b9>p7-6W4^8OlALe6(L}yE zf;3(Qqkw1CO=8wQZi$tRWR_#S!Ml9JjhZWCN@WPs;gvu-awEsAWeV>4g@lpsQ5e+V zjn>k&!;KP%hnH8BS35t`fP#{Y5-b=Y&om@Yo^yW_ZLwK--?+VPv5B;fW*p;PA(jh0 zj3H72k#N=S=`(WvVID7Z$yV&=<__Ur?+=Q+4qzt6*N%T_wLsfa(n_`R1{0Xl> zZOQ>Zpo}|T|Kr?v4T%N|gEZPNaiQk>Pg2jt|MK~zoiXUC=Ona0LA>_hEVxE6`Mg^Y zjiyX@X7Sq0Y~*cy4Dt^^*_1T5HYJMWX1)mSZ_=(s z;{E_>)yl+g&D@3n9(1|mw&A$Ck)%O2^~W0|BT~mS>!!KbZ)UYM@%ESnPK|tfEp5L; zzy0!C(pnN!e20gFJg3Y%#UE#vPryh&dYKJ~y9OXJ@^i&vvixRaKBHAaH~p-kv@UB{ z@L@oaOSPZ)@Eb$YaO}7>O8^B3m+|wos8I6TG+%n;FFMnr63K5#8__{ZG=-qq42|EX zp9|Q(fg1N`XxUbjou@Dk@mF{K0bWKXEboQD#}Y$Vya|QkaRCvV=52T%KBv)l^o(2w zfAxBgXKl*p|7Jl$!;1lwqA>!nSOCk4fzq4}(*6oY?;UE=d#~PT;K?Or&_}1*`xh5q zs#Res?~?F7gVi!~T8aqc)2u)wlA~9`vTshOzKP6WQS7;o@z(_f)XH~|zM-^5wvR0# zq|P})y1PhJub~m$vH69)&{@~;dZ|*u zRhu{AV$d6i>lVI2b^V`2sz;dF{VA1)@z)B&6W4CIKpJ*|Z#WpEGez;BZbgk(1BQy( zV%iJzgP+mKZ*>fygmyIqPF1X|=sf|?Bq~{V#mo`3Nngp$y92bITe@N0eKb8%k+n`+ zXbx(zQ11qlE~6Y5zwaq5ZpzKt?wAYqNM|HC7jhd9^}jrP82xUPCt3Re%|uG`)GPVd zSejw@>WOHTCPBEOBF$S4r8r#b=sLCPb2fMMS2zsx=wcaDZPLgZvot^UUh9Ci&@{Vk zwrIJOM?7Rh-*{`KGNki!g@(?EV<3IQ1I?&%oX{JGMPLDTo0N&-!%4^->~c*BC;HWa z!IHI15jUX&CWJK^OzMnhk2DfE>%~Tmwh4LL{aNJ`XHz~MnfSS)$!cqVc@`va+dt`e zyA%sZ@(hgh)m912Q7gyh1gsZ;g9|G4) z<@}NzTWgrnl@W1r}RkwYmz>ljBJh#sUjaWE919B@k80pSN?CH z4CZszngrtG0pcgu+QDGUbX)>O`hwDNwk)BH3u!}w45fP0L$#{rfY@~at%8yBwu?S= zU{VH$el|Q@CXYPKl-OTT`fyDJzxs+uE%z6l4$1)rA4c8B`^(w4`5X5NwpH_Lm-X!N zcxP%Z%;NHF(0QD4^wu^kX`DY+~Y%Mhb!Hs&byvu-I}HnGd!BoYbEyH&3)Kb5<_ z3B`UH0zM>A1w>jKARP^JSC+mbZ*(%gFLK)oAC|c(eneeNRDLJ4ARg?Jp-g$7e6U zP8Zx?5lVm5#87|}wSHj;LJ^U%aB8S!S!vZVd0ML$)mtx{zi|%6pThUwVe4UiB=+-faTAp-*}hM-_=X2*1w#Z7U}g9MO@} zWz+w7Zt&0D7G30%+|}3Sf1Se;da6=a5LiI8E^t-A=NY=>>xGS=T3@$5+Up(J{x4o? z;v5LE2&M3?zV<$-tz501b{p<049xwD?fnk}pS6d04#o$|`${%&AeQd+dwEIk#ZDt^ z%C*NFcW8LKNw{ zlOTpyNO8ouy~#eFwXcys%z9BoPVVi2d@=|`)G=r>D{C6p*mh_q13ODG#oUEA6|Gd< zDQ_-a0M|C@?X6lj)Uh!N;On&$X=4)C-=A9-IsF4}=SHoATRsNb+DuvhTJfCq1Os}v zqj#9JEO)mLGy2}edF@YBT$8b9Wk4`Dw=rz@m)o);8W%jO#Bv>`8rL~CJ2#^GlMFb~ z(`U_(Z?WVO(Nvq=mL?pl1J*@N2$LKb&zi=L(y}5+{v>Ij3|kz!t{F1$z9+`rFpO~v zE{u)wsn%u|@%50rDsiaL*H`*>q(&vS?p-XmX6e&4Y%Lso;#68q=7R{b_gUNS&lwZx zv2n(TlHhDOHU&xxc_EWq#as!;^F`O@TP5Ru8)HB8E}U`0j76il;y>i%U=KSDP;tvG zF(Buh0I{Pv4UDsM{c+ni=Iht)r-dZ3e@{C=5QUj>4G2K8gq+QWJSA}{?nxM?*P`Q- zQN*G}tsg>TKKs|IIuoT!#KVoGaPs@1IC+7^ z8Y?_Bk<|LDX_&jH^P6E9>uXEVUgl%#rOS^jABaChOH=oK_$XynofK>j44K{Yo^D0| zI(&_AWO4oNMWyQ4i5KhRCSQv^nAi^dBJYB6cj}j4{lo;kWO5BYHsT_dN-pXK!x5!( zFS9nTi^U-Vs#;1pV!kdO9)Jm{-~tTY;QFuaA8|&Kflq^cQv+B+a|$-E1OhLB!R{+0 z26_TB?|kK%;xb%wP-2Rd+Fn0@VYX1fk0C>!MF{R<^&}MX&;a=7wvn#4K9BTgh#q#U;}O z-%I)b@bBhM93?eSq{t*I$NVI0rLEMjBTzPsA=pGZ*`R92U^jiM6omiq5+~1ix3_GY zuK#>{Ck{E&Wh6|uk<8FKx;@cMcQoCd8yt-ErQ$SnEGHyvS$sFoNN965e#N5f;1lBO z==oJvQ9L)Wqk(-hqs-Y^Lc_6^o`{M|s_Ugbfq2!{Ft56nT_RJtIE06jqw9JZ($NxY z;3q7fMxq$d0iUhzY>B0m@|)0|RPBIowJu8DDFt8l<}AlZjOKL%yJ1>+j$pGEU&p4S z@VQ8-Hlx+YaP?E8uDfmH`Q8CkATaRGvHN-@WbbTJ{U_1i{^@qCTL|z7>BaKM#UpRe z^!cNS)$I6F`92h8*(LZex+~q^ivp3-%gbz)a?R-W-nsDP5|V@)t6t`JXter04ebO^ za-Ht5rcsF-Rw-^|Wo|yrV6=m^uCR$Ju}&s(!XHrrS?%mY@yr% zGk3Ga+kY9Bm$OAzx|ABX0ioLkja6M;X_}>(CYk={cC8URN5?-w%YzT$pwBUtJ3dfw zJ*Q*~+>Nu$kk!}oCUs%1?`uYQ5m+C5d$P@%gbm%uDa>?GR;t{Xoaenf6}!?2BxOxc z$4djZje$__lH1>%0M4W`3t6jjO|or|?iSfqfPPG^$DpD0v?7p?>s}$Y%i_6v*<(Xh`bH`V2M!d@u9Qg-m>eP~$#3@)635!BBLaIt=bwLxs!-*meT zRKE!0R*${g)79_azx%Xz*4EZGH7!`yI=Q5hl9Jlk*dU%QYxN%-8ygz75XY?w6maIP~=KJe9qx`PbWTW`WP6@@bDp*l9`LT$1o< zRH^6Q1gP$5`IF+8b>ESI;}`goFLYCrjg7-Q(9FK9>#BDX{uhswnI7lY=v3;?3C$&f7NkdyjvNL7n%yN;jP{L1gvqQN zTpWv?HQi0UO40Jou2TAj=4MOX)uS64Ws*NByBqbN?t88R--+BV8c2n}<(mOdgxLIZ z2zJA~$pW?&+)FD*nY^@o>s?pf>g99-sB9QJol2)xpgmWQN<~#|O-+y;vK}B#r+20p zBwYt+Hfr^R2Mg2!6H@)-E5YUY56e%AYfk2}6Ql?3&18;4^gg(bWsgre%K&k>eSMs1kCADR_K0~UZsV@8bd7X*^LlS{h zC3=DdLlb9Bf;7!kZQA^r_w(}=1>8l<4!mXhtgLJXIu;5#+OjkY4wdGL3;;yK_^3vG zc9qB81kC=Cx(-`N?zKfmPO!FFx7dp#Z$^V*<^I=*QtXlY#0yt4KkD;$?J73Jyz3mJ zb!in>C2bRIk=N>AFgP%m?@c!gi>xNtk#xk+!XipLl?K!%s`y^#Jv(lhj00;1ts^Lv z2CNm$oT`%8*f*xVFgK6K0sWMeM^IAh^{0)y)aG0GfN8)1&G9ccjN{^ zreWD;o_C$UU5NQEmXZ7-sLxTH&Qm`vs26AVD#_?9vuW=ctL#oxO~4upDi(ipGe`%( zszKFex{VN|&>n0gNWpUt{O>fKjt+wDp(Bu}U9aytq8z6_Tdx!0w2_;S*b?3Yv<|mNDd>O zm&{l)ZQ!b(NCudh#ZrHNMF@U*3!p`8a-~gpefRxzIm{Kl2ZuR0pUm8yiNgkiz>lGo zH}k>s<9TaF#-<9IgH@e@cMFDqt1CrWYkg&FZyiv$W)e%P1+gV@`CwlX7|hzwJHX98 z&Rvw0*&0q^c82yGPA7pZ)zgIbd?>Vqn>cywz0=}Mo8_yY_UZI<$MZJ}1B~&tAfY1I zg6pXgGiyJ0v*h#E23Plm18DFP1cCbB*A|tk+?&L@vk}BY7$m+?HZGJZD1v*uoh$Q$5Ycv|P|io(HiyGGo4#>+bN+czXznb)jts zi@YD_TGcL}bR^YCS9LxW+I)Gz?t(EnE79iT;dbsmPV`AV|Fuf9=z?S8KT&k+8Xy*p z1+h&?2H5u$u?&!=nBzFL3+NF9vO3o_kh-{qO32nKMa<{tzdNW) z@nLyuG$IQ;TkHfLvU#)6sF6DMyXnv$8I(5(&Es|K^7p0i4!aau$K-G3`W}(HXzEoT zR5%|j+wImin8s;@q9qSL$g8l0eleKVMGu_0YUtx_OtK2|(>vVC)|$_bdB5h;rfU>- zeRc?a-X{_IgqT2SQ88e01Hg((3q-rZ!=*uyrA(o)E0@cDWH)grSkJlv_1Y`FCv9Ym*R?|={EK`c- zDc|al12Le4+n(4aWy__W9_;ZlCjpv5Nr;3*R`#su`}%Qh z1y7{a z17ZBQOkKmOhYnb3HiVE(nJ}=;`_y_9t;#hT|N5`pb9aqUa`@Fpvgwpe1!izT>1<#3 z%TA0G?6&di+Z!ls75aQQ0~dZNPZNzVSJt$&u<_}tDo!c`S24<}BJeVvPO5I5zCNw4 zB8Z^Q0b+`fggP`sE&MWl*s{DKl{|JK79sZbhh{J1&Fq92JcgeVr3VIvEUALHyIQ#6 zGs@N4DR&wcNK5D>K*qQWMn@la|Q3MJAMLsALw;2m2zW#>b_M*h1r~w_8S_c>LZkTje|$Deka$a zgN1<-Za*((KlebL%07qF0JqA*FiIko(yI`F4y`3e+QVS@a%-!+XMKW=E!E@{v(k}g z-pezWSE^K@nr>{O{z0JMNO@}$a_nM6!fn!aub`ZD5_2jnsiY~7MTFT z%;%?Pyn>qdh9&nt%>&Kfo*-xIPk#%|#D7q&J!VyRKVMS8%i+3MPwIuGT$Uk?#!_d&(7>RV*ut1bw>{mg-8F%jF=x3@k1B>`X-<8G%r6@DG=B%* zX)XX>S58YkF8obkq}pf=wB^4|n4Q(Ks-0eLUFO9@*;&XJKs%FFQ)3~Iy9yGILc&IS zX859f+@jTv=le*Jc(QuGmXF5e*Vy!id5 zgBy?24b1`$8{sLB2;R|I`FnN{Ui4?)e0^3&2Ud=X+jsim#If^zM-Q3cB*8xH2Z@xF zL}?h3Di>27;?A63x&{NrU;S-a^~xdZ3C&JDL_t02_rCe^S#AnLk+c0c!1!G3}E<`3>9%)~!JV^A#({KFB0 zy=cT=!YV&8xa^MRrFuH5Ut~oT<^OjiY(rN^@o5TMY<5 z9ZZ5o|0iUWsgFEf5to^VlXOmXwu<^SVInN#C#s$ zF4=hO1KuAUuK>;9&P+VkpPwI^-=(%CGP&x)DkZ|3d6`>~Yp>T^Jx-!s)!!_Ql1L%Y zitY2Gt=aRox+HC?Hb9^owoIg__OM>LLp}^j_OJdvLKyQ}T#ZibfX;)t-fM%s*;kl% z>QL)Girk}p^`VNB=|D&TE9&c)aypywF4J@D7`u~53TsvQ8?%^Lx1wtv2& z-oZE3L!QZ8DHkarCE-CktRGbwlcC>@pXSPMgJlt4ce+Vh35dAiaXro#aXcIyyQEH76YkhLev3nah9NLJbvo``p+Kb2MA|lPVL6N{xxA%8c}3 z3l#|o=@r7Y{r@=(o&37`fV5@5-s*{p`d?G|S5$1;a}*?}D_6NtXG~Q@<0vFCg|IlO z$Am(uShy$bdXYTO{blUfAi1b!_%NXu=>6KV-!w}yHDQFNx%R`O07*f@F`ma}<6Fcp zvk32jgm7EvVpp1!#Pb0#m+XG>!t~nRB&4KT=UwA27wxNl+ci_Ncp)UDo?^rHVi;k2 z`M_E!T--DO3klK14;jAemoj4Q$}&gabH$0*7KHZig0jlbOJU3MeDFu?`o3%Uqn2;9 z)5hpSbkzMw&7vIr9*2e0EK!u$OYeCGCAkM8t*DalUN7pp^=+qMaW#EbbL5@x0|fh0 zcpovA5&Jm=!d3B*wq}dW*~^9Yzc;gNP@p@_h=s;U?vBJPbM1aCgsE`tZX9v}Sn7Ar ztvn7`4||sA)n4hiK)Eb z9y53aV@`BT-Ro)k{!+&dUF(59rY>S^R+}*=VUKSBv^g!Z;mI&v;D6@jpp#s;rD1pSbo(fx;A|%L2#E)LhFQa;Tf5(-n+Cru zHbaVs6a90e2;L2$*sk!^GjzJeUqx$|W{+l9X6f-bt158`YS!2-{i&rw0C)2p*_WNu zI`(ngjqAVFrBVvP2t13tE2UEeU86{%6K_T4Y5lF$yMEfiUHYC0u~&zAwCcMdBENBy z5paZ#0JC{F)yhdii(&fUT8tJkjt4sqbfyZG7yrrb!|!oPSN2HxR9Ekj`~Q#x!`a-1 zD&-ww)D?yXB&)wS)JjiZj54t-1~cMdM=)>@-u-NYf}&f}Ha*D~83xUl+&vYd~aLrkmzV~h+Sv!viM0=Ac-u6)RUaZnA>8u;ZuRQVFPa5Rgt#%rjW5k zah_)XNbA-Fwfr(F&3_a96*L`26CI^MN*d)*<`cVaO@Hv`mxc|_nfrbFv%%!E%x6dM zA2`N302fDZjkX3Z6=( zGYy&Q8J45p<@84=?{k*dF_5ytTfGivqVbu0R&L%QiPy5}Rdw7f7?HKBuIXTB!E3w! z-_jhRu(OOn5fKp?85xLYeRf@#A;P_*`z-RGd7#k+CC6vUn!Uu?y9cA4bFbR@)zm0N$#UOi#99KtK03E{JU_s z7d!|~F$=q7>#nT0k1EL_x&I!i>e?fJZ4YU?5w^Ybl|b}_fAlbGZTtiw53TgVy6`&q zH7UkkeYFz?s)_WBzaxgCoD|ZyTispQv(?l#%AS~M?Md|vzhA0BwO;M$uk+=Qba1?J za}C}E)eQTy2C+9Qq_b`8;V<5+=I#jxT-%AnnzZ|1l<>%9d#%ff5c;+h@EtSUXrt6?*QqAr|$Rad*4F%A5g^eOMx9GY1Sfr$F9vpkS7Y< zN>$NaM%w8E^1o3CTXP(jx2mnsJupu&nn{nEF?}69y}7lby7)S6CQI-L4`ZM`jtk$) zk_rp$usReumA~bL<8`$(Izg`4Ctqe?s>WdK*4VTkC2p^yn2)dlX1CJ_k@M1ne)yu` z$^&$n`Z!+Z9NleVH%m1h7bgXs-I|D>l%24*qd-C;K2enUs4e+xXtR3jt=2C8h(tL? z_M76_vh(Q7m+f&W9&~8Rp%Y6;j7=BHmoMcz`uT5oe3_G|9)+e6ZG<)uJ)H9MX$Elo z-n1gyHZ-p`UlHW}h%!9k>?If|iuQXXD^re&S9frHFDa5|?zx=dp3sVGoEepz$cEVT zL0&;g3Yk%4)=P-vGNt0~K#veEQ@=w}()M4_z-he8?&p|E_t%ddP1(+e{yOPDx(ANhNWX`k+FvIteKHUJMI8h+l7mWp)|x zOdw$MZ%|UIix!mIdlJLB0LiuM_KmAQ9lZ{Ux z-kBLwCP0Al?DHKvle?>W1qSC~QRBWX#wN#VFfw3iRu-3I)U(p#4EzqG0Jebfd>lZ! zn>Sy6O;6QzDHVGdo0~)hxXbv^;W#T+Hlry;jJYs3NBz0SCk9p<$|gyJ5JMmPScm5k zV1L@HJlk)>tRO**>4S~)$ifjd-DjokUp>w3H+7KMA^zDUSyub2+jD6>-8?^ic7SlD z2iG`jzQSwtO!5SW7v!1W9~$ER-J0r%UXBHfwpr7)=b|v+V1iyEe(}Jjn5V979=Nq+ z7C(r;Z19YC#?M_tzZz07xk?n}OQQOYY-U)BpZ|J4%XOp88$*+-iO&ixVHW!LVkK%V zUq7@ikZN*q>oh2=H+bK>?N6A#L2L1(7`Zz!*=2M9&jn|tAPPkQ%bCVEqBi099W_l< zGxM+hsa}!0ULyYt0IM_0aH1(b^s^mSC1&F=T9)rkWFnbZNXM_PUe)Lfu_(2v9aaWMzDJ4WjMcZm>ehr44 za%CnT)1CM8;oi?SYo0d9>3!JRyzhZetPOJ^aBb`cu&!`^Ztm6B-n2BrhV%YglF4 zpQA+ZdJu}Ct=(e}{T(tALW!QBiQHWxI?V+?UkoQFC;K7-CV6>!1g|5}nm`CCtD~o9 zRH^%q`1lW9=449fS2i{_2Hu@9AUL87Iy&wu=0*rF(MG#3^#AJY%)_DF|2{rQws1(u z8WM_8XzWzhB9bE8AeG8KVzSLp$xe>4?_;U#Bs4V2v1KVswqY!jWo%;|V(9sf^Zd?r z&iOrmJ@dz0xXj}Ie7)bV&-?S8`?jckN;6wnLi6o6Wo4l87_D+PRY>`RE@UYv#>U>h zOmdHzx*|KAh@l7Px{Jgu-eW|S?0Ii3j~Q+`3Oez(Jgl~s<-J2)F&??MMHd?zJLU0# zH2z%oStBQY7n8Y8rf^VGYUb|XewW(IO@%s6^Wh=gkFjUL2$Jo{7u4 z?Vx!>BuWSFxO=1@IGsb$Ayh^ezR7^;`5OHl1Je^Cx}%3c&jSy^z2^0Z!(6iomdT?0 z)DW6I8ezy9pb}%+zsr@2DugLEl|nfVwUQ?d9+#ZC zC@PsPr>Zg9#P(DlBFeKZvYt#Qvv@fvw?t|u9c7?9pmuV~F8`@_zcv919yf{EUl*^d zT6kfuBZJ)sFNN1$G1xPSC8`vTbIGXP|0*1*LY(w2Vj#=Q&B_`-4J*p9m zw-<_L>Q2@vRZ{w`tByN4{OEY8oD-0UP*#}RCHd~LZu3C#S?(N9_P%P?_B2)3b7dJ$ zZpNEP7)fonFg#qJ+G4uk@yB@o%PPNIE_4F=q^9NWxhm@O@9YqVu*0Yz&v90nvR&is zVlz~IVoKSK%w6LX0C=yf@XL>WDMx)No@_~TUAkQJu-I%aYo6??h9GXdTNd{BxI^4p zSgBj+1GmAiX5?XNGHQE8g)I7sg$+{f6@oK{dDx#Iy!yCRHX&ZZ!Tm*u`M&zVMTXh0 zoY&k(YlIg(@ABOS(AJ}P0vz-4g2yMQ}F6o+3ju|&jt-XDfz&kEmH zJf(z0*0_x^qUL6Ds~|BLi-P$?zuWKcwcHTd+X8RA|{>N1q!(1pe(52e*BtMSBRCG*R6eVh92K+TAZgEf6d499mfd*NG^{skd1~F;!pl$Z zu7%9wv#=Kj(ZCn~+r53N)cKsxiY@-~LO5{ZK#eJnsc~Tv$2+cS#)3iy>w4U`U%oa- zMXs1lf{Lc5aCYZyiG7I%U&kGU;MGl}h?rWTow!h)KXqqg`W~pY^RJih5%Arn(5SFD zd-=0rBlMp=`-bG(E4MPfRGaM0s5k4Z{w8!Hm}vhZgNF-)E#>9}#>j=CTByNi#*vK*YG z7@ZE~JTMON+VpH#iC+Bni=rC6#sC>A2(j;QU2Xj3ntMN54;@c}_DPsDnyj^ zK??J{69-nhQr}X~Erhf%+v4ZcPq6aGlsx`?wZR}YHMN^iE(*2E^;{D#JLXHh<39yH zt0*N%aAw^LTfGQ@JXYw;H%c-|R}t$_h;8onS{kX236LY-K+nbt78)r}Xjk|20OyID zl4pac8|dgXb#@x-=;+Au+UTtf^*)If9T;rGHaO{#1%RH%+-nvK_PMeiuz3+875ZQl z%|sj5;H|v3rb+HXhe6xRbkM&uQ^D#g7tVQu4igX-ZU%4T!bF%b9r7a`WbxMhc@Pa; zXyL>UR=W(oUnS(60~Qh@if|is+J*5RhJtnZy0ZY))0&@e&v<6163&*k|6RilsARX) z)CHQ|=!9g2+lByvL&#p(H=q8<2;ZOubBH!OiUk6C3f64#8vI)0DW?Bu@R#tY>qAw( zsp=Eeyj2)_@I>Ls^EjBtd!}`B1UX$X`Rm9Ck2(sQC6vICM9d9&aJ;?w(1b?0wx03<-KNB1#dM3c~1a~;{ zm{FLWaI34XE=`LQ|I*_1&)JEdoS-f5Tw(?w_L6*V5K!&k^w{#|nLqWo@N=k3a_LP& z!n4fi`k9#XXTOgR=PfK|iHi%Y3Tl_&xX|Y2-81W_Uw}#ky~S0%Y1e+z#}9GPq{nI1 znsy)g?oxq8+|I+C7d~uL-^3L*UU%DdN}@8SpZ@~jOb!0TJkTl|jIo>FV^{9H;}TcQ zUKNcj(fg-99~CD}dJh(YTUi!{P&Ezrh~AE~)kFoUeS7}ri=nk_iX>7+CTWZkql9N3 z$hj5q&i+jBGY7whA0U!e^4zCFrdxvW6&#knVj!I+Eis$~Vr@~vi|uF|YQC65wUae# z>LL-5*fG+F61^d9ybGUkPgNZ@U|sxy_ZBI^$#OjHbRi)_gCz-@=EVVWsaq3Lw6+=} zrXkWM`o+1gcR#nM$2NEXvE)8`m0_W>W8RDT2}Y{S&2BvW&87`@Y69rBg2a)(v>H)k z?9)~@nJC7=s%mL%%Dpv?RrBpN2N!bb4}f$ok<}VPf`H!*kCVSXC@@6|KcZ|oThA!& zv6zmj{mT5+_MJEwzrX+~hNnE;9Tlr{2(JK9gGYPln3xsR>;{}}`GsuQM%KEr^~v58 z%hOh6#yvk@wNuk?+QQ9JZbk~f@;ODL)|cCDBabwNP@C5#k2^K+#oA|Ox{ItTuaaXQ zF^zVUc9G~z!kZbe5HjU)Nj-t+ z?Q~D~^zrfvFzIEcroEU#qQF+vH#3T|qz^y!#BbH8#zQ;g^%Qx7LtH-CQ^W?~R3O@je5saPc z(5t}JA0|-R!w`?B2k;TI-txMkYD2%`oVS|?SnCoXXLa@%;!Kh?Q}K%*WK~D?^1Qz6 zu^{jAILnU_MYY|(_VJ$F5_z#Tj2bpK<@uBOWGzxFMpxhelTpL&_6C7igckiuKO~9}YQ)Yyq=RG|7rD&y1p(TP`YKD7s{mpgxz!%21(j<^oa#mQvp*lNJZO5`rC$HRatTC&R*BQMf~kdT%FBpmY$QD9rH^9; ziI27R79Fr0zU_S4aKO6&Byun*{bA6uziVt!_op{SpQooaAz6G|al@{yl@d4}%3R6H zQLCRtuT8fiNP4|iZfc*7flyP3GX0KNW*t@2YW7;L@rG#DR}7LR&!y?7E)e0Q3uZX; zv=n$RaWz@(H`bFstn%-e8kXIMm;3>p?H9wjn(yg}YE=Tm6AQ7A+tsy-x8DFweK@cu z5R0VbWA;yMwgaRNg)Z}eFAnCsf$)Stpz`oQcaw5<*3wv~&>iN{9K$!?OnYh@OcQn7 zxr6=-;l+Ny{z35GgU@&46WL4gt^fMt5DyvH)3NQ~&`_~iP*mR$4 zwt=&DMb|ztyyFFGk@hHK&s~D#O~MA#L2#Fbcp!JZ1yR6rWY3xYZp<1{0t~op|3&&&20bgQrN-Ws z>*t_>Cz0A>`uaW~=NjT;e$9z!A%pz={daa$=QYzr`#42KX7?miJ^@)eMdV`&eYEoZ zcB~OUPlRg;2POp0$`pE)z?W7d{~LM!^i6h~qNmRknCM4heZDpRTqh-RtRFeB6N8=W zhOA7Ca=RWC*yw0GA=#~om!&y#5(r=>l7rHVSxePyeIYQXOWsH%zF_ZI8rC#R2)hG^ z|IkM5jBYcY{0Ro*+}q8c(m(nDi;`Qz>Ttp5rc`3p^@OPfOJ}TbDRczy8P24Pj)p1F^Zi z37!Q!K!7rrpI-y668dp}ZcbWc7@+8t0~C#>kVl-U>MwaXW{xc21vbonqcOiG#d)!% z>$4(9RzM*zs}T*U2h^FDs?)RbseA$0n9iuHV?xRWw7%<&z2oS=pr5hyl9C(UC&DiD z!wwxJQ-~g2k(YXa{cwC@2}YgAYLXJNriAmNt~5_7JSE*gOPN0TyOTWB`c^7Z%9j~0 zyfdy9W`?3!(L%xvPLJkt`AGd59H7BPIaB-FG@9V^GcVh{fks!f`LDMOObEolE6+@4BcK<_>pCNMCIYFlA1q#A<4ZF{g8i@38Kz^ zcb>be@8!m|lSNG0y?^>j0?FZQ26o>dx2>{CKSJ zzye&q4rPfRj3glMofqZ#H(7$H>I0x=AlPYy9c2wg?XKN8)`s&)eh!^2X{lU#kzTKPjdjkZ8T||Xb1%FO`RzfROrvq zfddmG=m?H$I6jbr-8p@(&`@TvJ;OY3^89Q42zsNhc2a4TX0$Ft*&w&{@rhGlJ55JL zEZwX?vt*LRJzAHbA8~z%C^Yx2M$$ltm>|hZFfL;M$~+5BT;X~MB?Dj_4Dt&092K^O(?zyEU6A;AilFh|q?mt6a0cV*BoSJ%jJKhyO_i|LQbnja>S0#{ee&@Xl>Qz!K7Ka^-)x~SP{@V`Sdt<*tlTKZ5# zOqO%8xlWkY4GC2ggY{`qymaUfN45X_o#01bt*c!R1#x8J2-?R%+w7%dz zd)Yvk71(%N{2dL>tuNs3-&7Azc(RKDRv`wl5i~it~{8C-GQ=M zSl1qsStR9#!+5_{TNo5Vk<}MbP&%zY<#+J#}f}Wfk9ihWiTv+Id~kSp+_4m#^;P;ctBVeK5{{rr@AwElES`Jc5dPP(aCWWV8c u5u7+SdI-=F=$2k`c=A8EeM_SN diff --git a/nitrokeys/features/openpgp-card/gpa/images/gpa/8.png b/nitrokeys/features/openpgp-card/images/gpa/8.png similarity index 100% rename from nitrokeys/features/openpgp-card/gpa/images/gpa/8.png rename to nitrokeys/features/openpgp-card/images/gpa/8.png diff --git a/nitrokeys/features/openpgp-card/gpa/images/gpa/9.png b/nitrokeys/features/openpgp-card/images/gpa/9.png similarity index 100% rename from nitrokeys/features/openpgp-card/gpa/images/gpa/9.png rename to nitrokeys/features/openpgp-card/images/gpa/9.png diff --git a/nitrokeys/features/openpgp-card/index.rst b/nitrokeys/features/openpgp-card/index.rst index 1ae0febf92..ca2e73d4ed 100644 --- a/nitrokeys/features/openpgp-card/index.rst +++ b/nitrokeys/features/openpgp-card/index.rst @@ -18,10 +18,10 @@ OpenPGP Card GPGTools on macOS Desktop Login SSH - IPSec + IPSec Hard Disk Encryption - Stunnel - Gnu Privacy Assistant (GPA) - EID - Certificate-authority + Stunnel + Gnu Privacy Assistant (GPA) + EID + Certificate-authority GnuPG with Fedora \ No newline at end of file diff --git a/nitrokeys/features/openpgp-card/ipsec/index.rst b/nitrokeys/features/openpgp-card/ipsec.rst similarity index 100% rename from nitrokeys/features/openpgp-card/ipsec/index.rst rename to nitrokeys/features/openpgp-card/ipsec.rst diff --git a/nitrokeys/features/openpgp-card/openpgp-keygen-gpa.rst b/nitrokeys/features/openpgp-card/openpgp-keygen-gpa.rst index eae5a1132b..7a13bc982a 100644 --- a/nitrokeys/features/openpgp-card/openpgp-keygen-gpa.rst +++ b/nitrokeys/features/openpgp-card/openpgp-keygen-gpa.rst @@ -12,14 +12,14 @@ Key Generation At first, open the GNU Privacy Assistant (GPA). You may are asked to generate a key, you can skip this step for now by clicking “Do it later”. In the main window, please click on “Card” or “Card Manager”. -.. figure:: images/gpa/1.png +.. figure:: images/gpa-keygen/1.png :alt: img1 Another windows opens. Please go to “Card” -> “Generate key” to start the key generation process. -.. figure:: images/gpa/2.png +.. figure:: images/gpa-keygen/2.png :alt: img2 @@ -28,21 +28,21 @@ Now you can put in your name and the email address you want to use for the key t **Please do not use the backup checkbox**. This “backup” does only save the encryption key. In case of a loss of the device, you will not be able to restore the whole key set. So on the one hand it is no full backup (use `these instructions `_ instead, if you need one) and on the other hand you risk that someone else can get in possession of your encryption key. The advantage of generating keys on-device is to make sure that keys are stored securely. Therefore, we recommend to skip this half-backup. -.. figure:: images/gpa/3.png +.. figure:: images/gpa-keygen/3.png :alt: img3 You will be asked for the admin PIN (default: 12345678) and the user PIN (default: 123456). When the key generation is finished, you can see the fingerprints of the keys on the bottom of the window. You may fill up the fields shown above, which are saved on your Nitrokey as well. -.. figure:: images/gpa/4.png +.. figure:: images/gpa-keygen/4.png :alt: img4 Now you can close the window and go back to the main window. Your key will be visible in the key manager after refreshing. Every application which makes use of GnuPG will work with your Nitrokey as well, because GnuPG is fully aware of the fact, that the keys are stored on your Nitrokey. -.. figure:: images/gpa/5.png +.. figure:: images/gpa-keygen/5.png :alt: img5 @@ -52,7 +52,7 @@ Exporting Public Key and Keyserver Usage Although you can start to use your Nitrokey right away after generating the keys on your system, you need to import your public key on every system, you want to use the Nitrokey on. So to be prepared you have two options: You either save the public key anywhere you like and use it on another system or you save the public key on a webpage/keyserver. -.. figure:: images/gpa/6.png +.. figure:: images/gpa-keygen/6.png :alt: img6 @@ -66,6 +66,6 @@ If you do not want to carry a public keyfile with you, you can upload it to keys Another possibility is to change the URL setting on your card. Open the card manager again and fill in the URL where the key is situated (e.g. on the keyserver or on your webpage etc.). From now on you can import the key on another system by right-clicking on the URL and click on “Fetch Key”. -.. figure:: images/gpa/7.png +.. figure:: images/gpa-keygen/7.png :alt: img7 diff --git a/nitrokeys/features/openpgp-card/stunnel/index.rst b/nitrokeys/features/openpgp-card/stunnel.rst similarity index 100% rename from nitrokeys/features/openpgp-card/stunnel/index.rst rename to nitrokeys/features/openpgp-card/stunnel.rst From 370b2b988f67d49f56643c16ad1229fa6c882991 Mon Sep 17 00:00:00 2001 From: Marlin Date: Tue, 13 Aug 2024 12:13:11 +0200 Subject: [PATCH 31/33] added applicable for table and fixed toctrees --- .../features/encrypted-storage/index.rst | 21 +++++++++ nitrokeys/features/fido2/index.rst | 23 ++++++++++ nitrokeys/features/fido2/nextcloud.rst | 4 ++ .../features/fido2/passwordless-microsoft.rst | 4 ++ nitrokeys/features/fido2/website.rst | 4 ++ nitrokeys/features/hidden-storage/index.rst | 22 +++++++++ nitrokeys/features/hsm/apache2-tls.rst | 4 ++ nitrokeys/features/hsm/dnssec.rst | 4 ++ nitrokeys/features/hsm/import-keys-certs.rst | 4 ++ nitrokeys/features/hsm/index.rst | 24 ++++++++++ nitrokeys/features/hsm/n-of-m-schemes.rst | 4 ++ nitrokeys/features/hsm/pkcs11-url.rst | 4 ++ .../features/misc/automatic-screen-lock.rst | 24 ++++++++++ nitrokeys/features/misc/ecc.rst | 24 ++++++++++ .../openpgp-card/certificate-authority.rst | 24 ++++++++++ .../openpgp-card/desktop-login/index.rst | 4 ++ .../openpgp-card/desktop-login/pam.rst | 3 ++ .../desktop-login/smart-policy.rst | 24 ++++++++++ nitrokeys/features/openpgp-card/eid.rst | 4 ++ .../fedora-gnupg-configuration.rst | 4 ++ nitrokeys/features/openpgp-card/gpa.rst | 24 ++++++++++ .../hard-disk-encryption/index.rst | 24 ++++++++++ .../hard-disk-encryption/luks.rst | 4 ++ nitrokeys/features/openpgp-card/index.rst | 24 ++++++++++ nitrokeys/features/openpgp-card/ipsec.rst | 24 ++++++++++ .../features/openpgp-card/openpgp-csp.rst | 4 ++ .../openpgp-card/openpgp-keygen-backup.rst | 4 ++ .../openpgp-card/openpgp-keygen-gpa.rst | 4 ++ .../openpgp-card/openpgp-keygen-on-device.rst | 4 ++ .../features/openpgp-card/openpgp-outlook.rst | 4 ++ .../openpgp-card/openpgp-thunderbird.rst | 4 ++ .../features/openpgp-card/openvpn/easyrsa.rst | 4 ++ .../features/openpgp-card/openvpn/index.rst | 4 ++ .../openpgp-card/openvpn/viscosity.rst | 4 ++ nitrokeys/features/openpgp-card/overview.rst | 14 ++++-- .../features/openpgp-card/smime/index.rst | 24 ++++++++++ .../openpgp-card/smime/smime-outlook.rst | 4 ++ .../openpgp-card/smime/smime-thunderbird.rst | 4 ++ nitrokeys/features/openpgp-card/ssh/index.rst | 4 ++ nitrokeys/features/openpgp-card/ssh/putty.rst | 4 ++ nitrokeys/features/openpgp-card/stunnel.rst | 22 --------- .../features/openpgp-card/stunnel/stunnel.rst | 46 +++++++++++++++++++ nitrokeys/features/openpgp-card/uif.rst | 24 ++++++++++ nitrokeys/features/password-safe/index.rst | 22 +++++++++ nitrokeys/features/piv/access_control.rst | 4 ++ .../features/piv/certificate_management.rst | 4 ++ nitrokeys/features/piv/factory_reset.rst | 4 ++ .../client_logon_with_active_directory.rst | 4 ++ nitrokeys/features/piv/guides/index.rst | 4 ++ nitrokeys/features/piv/index.rst | 24 ++++++++++ nitrokeys/features/piv/key_management.rst | 4 ++ nitrokeys/features/totp/general.rst | 4 ++ nitrokeys/features/totp/google.rst | 4 ++ nitrokeys/features/totp/index.rst | 24 ++++++++++ nitrokeys/features/totp/microsoft.rst | 4 ++ nitrokeys/features/totp/nextcloud.rst | 4 ++ nitrokeys/features/u2f/2fa.rst | 5 +- nitrokeys/features/u2f/desktop-login.rst | 4 ++ nitrokeys/features/u2f/index.rst | 24 ++++++++++ nitrokeys/features/u2f/odoo.rst | 4 ++ nitrokeys/fido2/index.rst | 8 +--- nitrokeys/hsm/index.rst | 6 +-- nitrokeys/index.rst | 14 +++--- nitrokeys/nitrokey3/index.rst | 14 ++---- nitrokeys/pro/index.rst | 16 +++---- nitrokeys/start/index.rst | 6 +-- nitrokeys/storage/index.rst | 20 ++++---- nitrokeys/u2f/index.rst | 7 +-- 68 files changed, 665 insertions(+), 88 deletions(-) delete mode 100644 nitrokeys/features/openpgp-card/stunnel.rst create mode 100644 nitrokeys/features/openpgp-card/stunnel/stunnel.rst diff --git a/nitrokeys/features/encrypted-storage/index.rst b/nitrokeys/features/encrypted-storage/index.rst index d5b1903614..a72d8adbb1 100644 --- a/nitrokeys/features/encrypted-storage/index.rst +++ b/nitrokeys/features/encrypted-storage/index.rst @@ -1,6 +1,27 @@ Encrypted Mobile Storage ======================== +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ✓ Prior of using the encrypted mobile storage you need to install and initialize the Nitrokey Storage and download the latest `Nitrokey App `__. diff --git a/nitrokeys/features/fido2/index.rst b/nitrokeys/features/fido2/index.rst index 5fa8db54b0..d9c003cc58 100644 --- a/nitrokeys/features/fido2/index.rst +++ b/nitrokeys/features/fido2/index.rst @@ -1,6 +1,29 @@ FIDO2 ===== +.. section products-begin +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ✓ + - ✓ + - ✓ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ +.. section products-end .. toctree:: :maxdepth: 1 diff --git a/nitrokeys/features/fido2/nextcloud.rst b/nitrokeys/features/fido2/nextcloud.rst index c6e5224a59..0d3eda183d 100644 --- a/nitrokeys/features/fido2/nextcloud.rst +++ b/nitrokeys/features/fido2/nextcloud.rst @@ -1,6 +1,10 @@ Two-Factor Authentication And Passwordless Login For Nextcloud Accounts ======================================================================= +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + These are the basic steps for registering the Nitrokey as a second factor or setting up passwordless login of a Nextcloud account. .. raw:: html diff --git a/nitrokeys/features/fido2/passwordless-microsoft.rst b/nitrokeys/features/fido2/passwordless-microsoft.rst index 61919f8be2..982945373a 100644 --- a/nitrokeys/features/fido2/passwordless-microsoft.rst +++ b/nitrokeys/features/fido2/passwordless-microsoft.rst @@ -1,6 +1,10 @@ Passwordless Authentication With Microsoft ========================================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: The Nitrokey FIDO2 supports password-less authentication, where entering a password is replaced by logging in with the Nitrokey FIDO2 and a PIN. diff --git a/nitrokeys/features/fido2/website.rst b/nitrokeys/features/fido2/website.rst index 5c16e09070..a35f009d74 100644 --- a/nitrokeys/features/fido2/website.rst +++ b/nitrokeys/features/fido2/website.rst @@ -1,6 +1,10 @@ 2FA Website Login ================= +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: diff --git a/nitrokeys/features/hidden-storage/index.rst b/nitrokeys/features/hidden-storage/index.rst index d5d4ba91bc..5dbbe8d800 100644 --- a/nitrokeys/features/hidden-storage/index.rst +++ b/nitrokeys/features/hidden-storage/index.rst @@ -1,6 +1,28 @@ Hidden Volumes ============== +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ✓ + Hidden volumes allow hiding data inside of the encrypted volume. This data is protected by an additional passphrase. Without the passphrase, it is impossible to know whether hidden volumes are present. They are not configured with a default password so that their existence can be `denied plausibly `__. The concept is similar to `VeraCrypt's/TrueCrypt's hidden volume `__ but with Nitrokey Storage the entire functionality of hidden volumes is implemented in hardware. diff --git a/nitrokeys/features/hsm/apache2-tls.rst b/nitrokeys/features/hsm/apache2-tls.rst index 87174fd672..eb7269a511 100644 --- a/nitrokeys/features/hsm/apache2-tls.rst +++ b/nitrokeys/features/hsm/apache2-tls.rst @@ -1,6 +1,10 @@ TLS Setup With Apache2 ====================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: .. hint:: diff --git a/nitrokeys/features/hsm/dnssec.rst b/nitrokeys/features/hsm/dnssec.rst index 60a10d0b2b..dcb64e2ad3 100644 --- a/nitrokeys/features/hsm/dnssec.rst +++ b/nitrokeys/features/hsm/dnssec.rst @@ -1,6 +1,10 @@ DNSSEC ====================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: diff --git a/nitrokeys/features/hsm/import-keys-certs.rst b/nitrokeys/features/hsm/import-keys-certs.rst index 633a197d5c..758d5d0161 100644 --- a/nitrokeys/features/hsm/import-keys-certs.rst +++ b/nitrokeys/features/hsm/import-keys-certs.rst @@ -1,6 +1,10 @@ Importing Keys And Certificates =============================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: Generally the concept to import key-pairs and/or certificates diff --git a/nitrokeys/features/hsm/index.rst b/nitrokeys/features/hsm/index.rst index 7e9f651bee..bb8de27a48 100644 --- a/nitrokeys/features/hsm/index.rst +++ b/nitrokeys/features/hsm/index.rst @@ -1,6 +1,30 @@ HSM Features ============ +.. section products-begin +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ✓ + - ⨯ + - ⨯ + - ⨯ +.. section products-end + .. toctree:: :maxdepth: 1 diff --git a/nitrokeys/features/hsm/n-of-m-schemes.rst b/nitrokeys/features/hsm/n-of-m-schemes.rst index d9813edf93..f309c6ef01 100644 --- a/nitrokeys/features/hsm/n-of-m-schemes.rst +++ b/nitrokeys/features/hsm/n-of-m-schemes.rst @@ -1,6 +1,10 @@ N-of-m Schemes ============== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + The Nitrokey HSM 2 supports two different n-of-m schemes - one for secure sharing of key material/passwords and one for public key authentication to control the access to the device. Please see `this blog post `__ for more detailed information. N-of-m for DKEK Shares diff --git a/nitrokeys/features/hsm/pkcs11-url.rst b/nitrokeys/features/hsm/pkcs11-url.rst index ef3f3926c2..348a3d94bb 100644 --- a/nitrokeys/features/hsm/pkcs11-url.rst +++ b/nitrokeys/features/hsm/pkcs11-url.rst @@ -1,6 +1,10 @@ PKCS#11 URL Generation ====================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: diff --git a/nitrokeys/features/misc/automatic-screen-lock.rst b/nitrokeys/features/misc/automatic-screen-lock.rst index a79abdc700..9d2537c60d 100644 --- a/nitrokeys/features/misc/automatic-screen-lock.rst +++ b/nitrokeys/features/misc/automatic-screen-lock.rst @@ -1,6 +1,30 @@ Automatic Screen Lock at Removal ================================ +.. section products-begin +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ✓ + - ✓ + - ⨯ + - ✓ +.. section products-end + .. contents:: :local: This guide will walk you through the configuration of your computer, to automatically lock your session when you remove the Nitrokey. diff --git a/nitrokeys/features/misc/ecc.rst b/nitrokeys/features/misc/ecc.rst index d399f0b140..d9e9e5470b 100644 --- a/nitrokeys/features/misc/ecc.rst +++ b/nitrokeys/features/misc/ecc.rst @@ -1,6 +1,30 @@ Elliptic Curves (ECC) Support ============================= +.. section products-begin +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ✓ + - ⨯ + - ✓ +.. section products-end + .. contents:: :local: RSA-2048 Becomes Increasingly Insecure diff --git a/nitrokeys/features/openpgp-card/certificate-authority.rst b/nitrokeys/features/openpgp-card/certificate-authority.rst index f682a51efb..01fe422880 100644 --- a/nitrokeys/features/openpgp-card/certificate-authority.rst +++ b/nitrokeys/features/openpgp-card/certificate-authority.rst @@ -1,6 +1,30 @@ Creating a Certificate Authority ================================ +.. section products-begin +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ✓ + - ⨯ + - ⨯ + - ⨯ + - ✓ + - ✓ + - ✓ + - ✓ +.. section products-end + .. contents:: :local: This article shows you how to setup your own private certificate authority backed by a Nitrokey HSM. This certificate authority has no automation and does not really scale. Other open source projects can be referenced for automation and scalability. diff --git a/nitrokeys/features/openpgp-card/desktop-login/index.rst b/nitrokeys/features/openpgp-card/desktop-login/index.rst index 4baa5d42ca..dce913093a 100644 --- a/nitrokeys/features/openpgp-card/desktop-login/index.rst +++ b/nitrokeys/features/openpgp-card/desktop-login/index.rst @@ -1,6 +1,10 @@ Desktop Login ============= +.. include:: ../index.rst + :start-after: products-begin + :end-before: products-end + .. toctree:: :maxdepth: 1 :glob: diff --git a/nitrokeys/features/openpgp-card/desktop-login/pam.rst b/nitrokeys/features/openpgp-card/desktop-login/pam.rst index 31858077a4..765b9444e6 100644 --- a/nitrokeys/features/openpgp-card/desktop-login/pam.rst +++ b/nitrokeys/features/openpgp-card/desktop-login/pam.rst @@ -1,6 +1,9 @@ PAM === +.. include:: ../index.rst + :start-after: products-begin + :end-before: products-end .. contents:: :local: diff --git a/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst b/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst index a9d1370518..4c3fc15965 100644 --- a/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst +++ b/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst @@ -1,6 +1,30 @@ Login to Windows Domain Computers With MS Active Directory ========================================================== +.. section products-begin +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ✓ + - ⨯ + - ⨯ + - ⨯ + - ✓ + - ✓ + - ✓ + - ✓ +.. section products-end + .. contents:: :local: 1. Download and install the latest diff --git a/nitrokeys/features/openpgp-card/eid.rst b/nitrokeys/features/openpgp-card/eid.rst index 1cade29509..a735aaf824 100644 --- a/nitrokeys/features/openpgp-card/eid.rst +++ b/nitrokeys/features/openpgp-card/eid.rst @@ -1,6 +1,10 @@ Login With EIDAuthenticate on Stand Alone Windows Computers =========================================================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: 1. Download and install the latest version of `OpenSC `__. Please install the `OpenPGP-CSP `__ driver **instead** if using Nitrokey Storage 2 or Nitrokey Pro 2. diff --git a/nitrokeys/features/openpgp-card/fedora-gnupg-configuration.rst b/nitrokeys/features/openpgp-card/fedora-gnupg-configuration.rst index 3748b2e8ca..82bc3c8ef4 100644 --- a/nitrokeys/features/openpgp-card/fedora-gnupg-configuration.rst +++ b/nitrokeys/features/openpgp-card/fedora-gnupg-configuration.rst @@ -1,6 +1,10 @@ OpenPGP smartcard with GnuPG on Fedora ====================================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. note:: The following instructions require the Nitrokey 3 to have at least firmware version ``1.4.0`` installed. Please refer to `firmware update <./firmware-update.html>`__ to learn how to update it. diff --git a/nitrokeys/features/openpgp-card/gpa.rst b/nitrokeys/features/openpgp-card/gpa.rst index bc694f6f80..d98cdc6c04 100644 --- a/nitrokeys/features/openpgp-card/gpa.rst +++ b/nitrokeys/features/openpgp-card/gpa.rst @@ -1,6 +1,30 @@ Setup With Gnu Privacy Assistant (GPA) ======================================================= +.. section products-begin +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ✓ + - ⨯ + - ⨯ + - ⨯ + - ✓ + - ✓ + - ✓ + - ✓ +.. section products-end + This document describes how to use Gnu Privacy Assistant (GPA) to set up the Nitrokey for its first usage. 1. First you need to install Gnu Privacy Assistant (GPA). For Windows you should download and install the `GPG4Win `__ package which contains GPA. For Linux you should install the GPA package of your distribution (e.g. on Ubuntu: sudo apt-get install gpa ). diff --git a/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst b/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst index 6265a41704..e103e6d15f 100644 --- a/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst +++ b/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst @@ -1,6 +1,30 @@ Hard Disk Encryption ==================== +.. section products-begin +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ✓ + - ⨯ + - ⨯ + - ⨯ + - ✓ + - ✓ + - ✓ + - ✓ +.. section products-end + .. contents:: :local: VeraCrypt (formerly TrueCrypt) diff --git a/nitrokeys/features/openpgp-card/hard-disk-encryption/luks.rst b/nitrokeys/features/openpgp-card/hard-disk-encryption/luks.rst index e4edd206e1..83ee3e4c57 100644 --- a/nitrokeys/features/openpgp-card/hard-disk-encryption/luks.rst +++ b/nitrokeys/features/openpgp-card/hard-disk-encryption/luks.rst @@ -1,6 +1,10 @@ Full-Disk Encryption With cryptsetup/LUKS ========================================= +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: This guide shows how to configure LUKS-encrypted volumes, to authenticate at boot with `Nitrokey Pro `__ or `Nitrokey Storage `__. diff --git a/nitrokeys/features/openpgp-card/index.rst b/nitrokeys/features/openpgp-card/index.rst index ca2e73d4ed..d112eb9796 100644 --- a/nitrokeys/features/openpgp-card/index.rst +++ b/nitrokeys/features/openpgp-card/index.rst @@ -1,6 +1,30 @@ OpenPGP Card ============ +.. section products-begin +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ✓ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ✓ + - ✓ + - ✓ +.. section products-end + .. toctree:: :maxdepth: 1 diff --git a/nitrokeys/features/openpgp-card/ipsec.rst b/nitrokeys/features/openpgp-card/ipsec.rst index ffa37b0a6c..7aafde6a26 100644 --- a/nitrokeys/features/openpgp-card/ipsec.rst +++ b/nitrokeys/features/openpgp-card/ipsec.rst @@ -1,6 +1,30 @@ IPSec ===== +.. section products-begin +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ✓ + - ⨯ + - ⨯ + - ⨯ + - ✓ + - ✓ + - ✓ + - ✓ +.. section products-end + .. contents:: :local: `Strong Swan `__ works using the `PKCS#11 driver `__. Basically follow these steps: diff --git a/nitrokeys/features/openpgp-card/openpgp-csp.rst b/nitrokeys/features/openpgp-card/openpgp-csp.rst index 9f54987968..c1c8272e31 100644 --- a/nitrokeys/features/openpgp-card/openpgp-csp.rst +++ b/nitrokeys/features/openpgp-card/openpgp-csp.rst @@ -1,6 +1,10 @@ Windows Login and S/MIME Email Encryption with Active Directory =============================================================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: Please note that this driver is still in development/testing. Please tell us your experiences! See our `contact page `__. diff --git a/nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst b/nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst index 0c319d71ec..09bdb1f739 100644 --- a/nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst +++ b/nitrokeys/features/openpgp-card/openpgp-keygen-backup.rst @@ -1,6 +1,10 @@ OpenPGP Key Generation With Backup ================================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: The following instructions explain the generation of OpenPGP keys and how to copy them to the Nitrokey. This method has the advantage of providing a backup of the keys in case of losing or breaking the Nitrokey. The instructions are based on the command line interface of GnuPG. Thus, you need to have GnuPG installed on your system. The newest GnuPG version for Windows can be found `here `__ and the newest version for MacOS can be found `here `__. Users of Linux systems please install GnuPG with help of the package manager. diff --git a/nitrokeys/features/openpgp-card/openpgp-keygen-gpa.rst b/nitrokeys/features/openpgp-card/openpgp-keygen-gpa.rst index 7a13bc982a..4c7a3b382a 100644 --- a/nitrokeys/features/openpgp-card/openpgp-keygen-gpa.rst +++ b/nitrokeys/features/openpgp-card/openpgp-keygen-gpa.rst @@ -1,6 +1,10 @@ OpenPGP Key Generation Using GPA ================================ +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: The following instructions explain the generation of OpenPGP keys directly on the Nitrokey with help of the GNU Privacy Assistant (GPA). You won’t be able to create a backup of these keys. Thus, if you lose the Nitrokey or it breaks you can not decrypt mails or use these keys anymore. Please see `here `_ for a comparison of the different methods to generate OpenPGP keys. diff --git a/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst b/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst index a94c90700c..b44bf2940c 100644 --- a/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst +++ b/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.rst @@ -1,6 +1,10 @@ OpenPGP Key Generation On-Device ================================ +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: The following instructions explain the generation of OpenPGP keys directly on the Nitrokey. This is done by using the command line interface of GnuPG. Thus, you need to have GnuPG installed on your system. The newest GnuPG version for Windows can be found `here `__ and the newest version for MacOS can be found `here `__. Users of Linux systems please install GnuPG with help of the package manager. diff --git a/nitrokeys/features/openpgp-card/openpgp-outlook.rst b/nitrokeys/features/openpgp-card/openpgp-outlook.rst index 5ee52144fa..9fb5e72b20 100644 --- a/nitrokeys/features/openpgp-card/openpgp-outlook.rst +++ b/nitrokeys/features/openpgp-card/openpgp-outlook.rst @@ -1,6 +1,10 @@ OpenPGP Email Encryption with Outlook ===================================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: .. note:: diff --git a/nitrokeys/features/openpgp-card/openpgp-thunderbird.rst b/nitrokeys/features/openpgp-card/openpgp-thunderbird.rst index 3a612fe667..40adce8072 100644 --- a/nitrokeys/features/openpgp-card/openpgp-thunderbird.rst +++ b/nitrokeys/features/openpgp-card/openpgp-thunderbird.rst @@ -1,6 +1,10 @@ OpenPGP Email Encryption With Thunderbird ========================================= +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: Thunderbird 78.3 and newer diff --git a/nitrokeys/features/openpgp-card/openvpn/easyrsa.rst b/nitrokeys/features/openpgp-card/openvpn/easyrsa.rst index dcaaeb869c..f5fe0c04b0 100644 --- a/nitrokeys/features/openpgp-card/openvpn/easyrsa.rst +++ b/nitrokeys/features/openpgp-card/openvpn/easyrsa.rst @@ -1,6 +1,10 @@ OpenVPN Configuration with Easy-RSA =================================== +.. include:: ../index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: :depth: 2 diff --git a/nitrokeys/features/openpgp-card/openvpn/index.rst b/nitrokeys/features/openpgp-card/openvpn/index.rst index e875e8ef83..2ebab4e8ee 100644 --- a/nitrokeys/features/openpgp-card/openvpn/index.rst +++ b/nitrokeys/features/openpgp-card/openvpn/index.rst @@ -1,6 +1,10 @@ OpenVPN ======= +.. include:: ../index.rst + :start-after: products-begin + :end-before: products-end + .. toctree:: :maxdepth: 1 diff --git a/nitrokeys/features/openpgp-card/openvpn/viscosity.rst b/nitrokeys/features/openpgp-card/openvpn/viscosity.rst index ff91a2c592..e7e92bee65 100644 --- a/nitrokeys/features/openpgp-card/openvpn/viscosity.rst +++ b/nitrokeys/features/openpgp-card/openvpn/viscosity.rst @@ -5,6 +5,10 @@ Viscosity Client Configuration with OpenVPN =========================================== +.. include:: ../index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: This guide will show to configure `Viscosity client `__ to connect to an OpenVPN instance, using a `Nitrokey Pro diff --git a/nitrokeys/features/openpgp-card/overview.rst b/nitrokeys/features/openpgp-card/overview.rst index f6e1ace837..e962caf9a3 100644 --- a/nitrokeys/features/openpgp-card/overview.rst +++ b/nitrokeys/features/openpgp-card/overview.rst @@ -1,6 +1,10 @@ OpenPGP Email Encryption ======================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + There are two widely used standards for email encryption. - OpenPGP/GnuPG is popular among individuals, @@ -68,16 +72,16 @@ You can find further information about the usage on these pages: SSH - IPSec + IPSec Hard Disk Encryption - Stunnel + Stunnel - Gnu Privacy Assistant (GPA) + Gnu Privacy Assistant (GPA) - EID + EID - Certificate-authority + Certificate-authority GnuPG with Fedora \ No newline at end of file diff --git a/nitrokeys/features/openpgp-card/smime/index.rst b/nitrokeys/features/openpgp-card/smime/index.rst index b04ed2719b..3075d37a45 100644 --- a/nitrokeys/features/openpgp-card/smime/index.rst +++ b/nitrokeys/features/openpgp-card/smime/index.rst @@ -1,6 +1,30 @@ S/MIME Email Encryption ======================= +.. section products-begin +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ✓ + - ⨯ + - ⨯ + - ⨯ + - ✓ + - ✓ + - ✓ + - ✓ +.. section products-end + .. contents:: :local: Prerequisites diff --git a/nitrokeys/features/openpgp-card/smime/smime-outlook.rst b/nitrokeys/features/openpgp-card/smime/smime-outlook.rst index a156b1faf2..417b8291d9 100644 --- a/nitrokeys/features/openpgp-card/smime/smime-outlook.rst +++ b/nitrokeys/features/openpgp-card/smime/smime-outlook.rst @@ -1,6 +1,10 @@ S/MIME Email Encryption with Outlook ==================================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: Prerequisites diff --git a/nitrokeys/features/openpgp-card/smime/smime-thunderbird.rst b/nitrokeys/features/openpgp-card/smime/smime-thunderbird.rst index 389231f0c4..e70c3eaa38 100644 --- a/nitrokeys/features/openpgp-card/smime/smime-thunderbird.rst +++ b/nitrokeys/features/openpgp-card/smime/smime-thunderbird.rst @@ -1,6 +1,10 @@ S/MIME Email Encryption with Thunderbird ======================================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: Prerequisites diff --git a/nitrokeys/features/openpgp-card/ssh/index.rst b/nitrokeys/features/openpgp-card/ssh/index.rst index 1838196974..327e42e966 100644 --- a/nitrokeys/features/openpgp-card/ssh/index.rst +++ b/nitrokeys/features/openpgp-card/ssh/index.rst @@ -1,6 +1,10 @@ SSH === +.. include:: ../index.rst + :start-after: products-begin + :end-before: products-end + This guide explains how to prepare your SSH server and client for use with the Nitrokey. For configuring PuTTY, see this guide: diff --git a/nitrokeys/features/openpgp-card/ssh/putty.rst b/nitrokeys/features/openpgp-card/ssh/putty.rst index a32d7458a3..7c89381fde 100644 --- a/nitrokeys/features/openpgp-card/ssh/putty.rst +++ b/nitrokeys/features/openpgp-card/ssh/putty.rst @@ -1,6 +1,10 @@ PuTTY ===== +.. include:: ../index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: This mini-howto assumes that the Nitrokey has been initialized and contains cryptographic keys. diff --git a/nitrokeys/features/openpgp-card/stunnel.rst b/nitrokeys/features/openpgp-card/stunnel.rst deleted file mode 100644 index ed470bdf10..0000000000 --- a/nitrokeys/features/openpgp-card/stunnel.rst +++ /dev/null @@ -1,22 +0,0 @@ -Stunnel -======= - -.. contents:: :local: - -`Stunnel `__ works as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. - -Stunnel is able to load OpenSC PKCS#11 engine using this configuration: - -.. code-block:: bash - - engine=dynamic - engineCtrl=SO_PATH:/usr/lib/opensc/engine_pkcs11.so - engineCtrl=ID:pkcs11 - engineCtrl=LIST_ADD:1 - engineCtrl=LOAD - engineCtrl=MODULE_PATH:/usr/lib/pkcs11/opensc-pkcs11.so - engineCtrl=INIT - - [service] - engineNum=1 - key=id_45 diff --git a/nitrokeys/features/openpgp-card/stunnel/stunnel.rst b/nitrokeys/features/openpgp-card/stunnel/stunnel.rst new file mode 100644 index 0000000000..47d6b653d2 --- /dev/null +++ b/nitrokeys/features/openpgp-card/stunnel/stunnel.rst @@ -0,0 +1,46 @@ +Stunnel +======= + +.. section products-begin +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ✓ + - ⨯ + - ⨯ + - ⨯ + - ✓ + - ✓ + - ✓ + - ✓ +.. section products-end + +.. contents:: :local: + +`Stunnel `__ works as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. + +Stunnel is able to load OpenSC PKCS#11 engine using this configuration: + +.. code-block:: bash + + engine=dynamic + engineCtrl=SO_PATH:/usr/lib/opensc/engine_pkcs11.so + engineCtrl=ID:pkcs11 + engineCtrl=LIST_ADD:1 + engineCtrl=LOAD + engineCtrl=MODULE_PATH:/usr/lib/pkcs11/opensc-pkcs11.so + engineCtrl=INIT + + [service] + engineNum=1 + key=id_45 diff --git a/nitrokeys/features/openpgp-card/uif.rst b/nitrokeys/features/openpgp-card/uif.rst index dc6309ec80..288fb50dde 100644 --- a/nitrokeys/features/openpgp-card/uif.rst +++ b/nitrokeys/features/openpgp-card/uif.rst @@ -1,6 +1,30 @@ OpenPGP Touch Confirmation (UIF) ================================ +.. section products-begin +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ✓ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ +.. section products-end + .. contents:: :local: The Nitrokey 3 OpenPGP Card functionality supports touch button confirmations (so called User Interaction Flags, UIF) when performing cryptographic key operations. It can be configured separately for each operation (Signature, Decryption and Authentication). diff --git a/nitrokeys/features/password-safe/index.rst b/nitrokeys/features/password-safe/index.rst index 80a4d37425..4c64bfb12d 100644 --- a/nitrokeys/features/password-safe/index.rst +++ b/nitrokeys/features/password-safe/index.rst @@ -2,6 +2,28 @@ Password Safe ============= +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ✓ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + .. toctree:: :maxdepth: 1 :glob: diff --git a/nitrokeys/features/piv/access_control.rst b/nitrokeys/features/piv/access_control.rst index 5e4e169bf0..fec07de9f8 100644 --- a/nitrokeys/features/piv/access_control.rst +++ b/nitrokeys/features/piv/access_control.rst @@ -1,6 +1,10 @@ Access Control ============== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + The following access matrix shows what authentication a certain operation requires. +-------------------+-----+-----+-----+-------------------------------------------------+ diff --git a/nitrokeys/features/piv/certificate_management.rst b/nitrokeys/features/piv/certificate_management.rst index eacff91273..d8ecb46144 100644 --- a/nitrokeys/features/piv/certificate_management.rst +++ b/nitrokeys/features/piv/certificate_management.rst @@ -1,6 +1,10 @@ Certificate Management ====================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + Every private key has a certificate associated. The certificates can be read and written. The size of a certificate is limited by the transport layer and about 6kB. diff --git a/nitrokeys/features/piv/factory_reset.rst b/nitrokeys/features/piv/factory_reset.rst index 72c0677025..587c33596b 100644 --- a/nitrokeys/features/piv/factory_reset.rst +++ b/nitrokeys/features/piv/factory_reset.rst @@ -1,6 +1,10 @@ Factory Reset ============= +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + The PIV application can be reset to factory defaults. It can only be reset if the PIN and PUK are blocked. diff --git a/nitrokeys/features/piv/guides/client_logon_with_active_directory.rst b/nitrokeys/features/piv/guides/client_logon_with_active_directory.rst index 6181f9f321..b1caaf0108 100644 --- a/nitrokeys/features/piv/guides/client_logon_with_active_directory.rst +++ b/nitrokeys/features/piv/guides/client_logon_with_active_directory.rst @@ -1,6 +1,10 @@ Client Logon with Active Directory ================================== +.. include:: ../index.rst + :start-after: products-begin + :end-before: products-end + This document explains how to use the PIV application of a Nitrokey 3 for smartcard logon with Active Directory. In the future, this manual provisioning may be automated through a Windows MiniDriver. diff --git a/nitrokeys/features/piv/guides/index.rst b/nitrokeys/features/piv/guides/index.rst index b28244ef94..7118942771 100644 --- a/nitrokeys/features/piv/guides/index.rst +++ b/nitrokeys/features/piv/guides/index.rst @@ -1,6 +1,10 @@ Guides ====== +.. include:: ../index.rst + :start-after: products-begin + :end-before: products-end + .. toctree:: :maxdepth: 1 :glob: diff --git a/nitrokeys/features/piv/index.rst b/nitrokeys/features/piv/index.rst index c071dcddd5..7d2c0768a6 100644 --- a/nitrokeys/features/piv/index.rst +++ b/nitrokeys/features/piv/index.rst @@ -1,6 +1,30 @@ PIV (Personal Identity Verification) ==================================== +.. section products-begin +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ✓ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ +.. section products-end + .. warning:: The PIV application of the Nitrokey 3 is currently considered unstable and is not available on the stable firmware releases. To obtain that functionality it is required to install a test firmware. diff --git a/nitrokeys/features/piv/key_management.rst b/nitrokeys/features/piv/key_management.rst index fd79795b25..3cd237c493 100644 --- a/nitrokeys/features/piv/key_management.rst +++ b/nitrokeys/features/piv/key_management.rst @@ -1,6 +1,10 @@ Key Management ============== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + Key Slots --------- diff --git a/nitrokeys/features/totp/general.rst b/nitrokeys/features/totp/general.rst index d30e91208c..83f83da1e3 100644 --- a/nitrokeys/features/totp/general.rst +++ b/nitrokeys/features/totp/general.rst @@ -1,6 +1,10 @@ Two-factor Authentication with One-Time Passwords (OTP) ======================================================= +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: The use of One-time Passwords (OTP) is called very differently on the various services supporting it. Sometimes it is referred to as Multi-factor Authentication (MFA), sometimes it is Two-factor Authentication (2FA) or just “authentication via authenticator app” like Google Authenticator. Most of these services are compatible for usage with the Nitrokey Pro and Nitrokey Storage. The following instructions show how to enable OTP on our `support forum `__. The procedure is quite similar on most services. For a list of websites supporting OTP have a look at `dongleauth.com `__. diff --git a/nitrokeys/features/totp/google.rst b/nitrokeys/features/totp/google.rst index 401bc1bf1a..41bef000c3 100644 --- a/nitrokeys/features/totp/google.rst +++ b/nitrokeys/features/totp/google.rst @@ -1,6 +1,10 @@ Two-factor Authentication for Google ==================================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: These are the basic steps for registering the Nitrokey Pro or Nitrokey Storage as a second factor of a Google account: diff --git a/nitrokeys/features/totp/index.rst b/nitrokeys/features/totp/index.rst index 49f95f9cac..bf3d3e0981 100644 --- a/nitrokeys/features/totp/index.rst +++ b/nitrokeys/features/totp/index.rst @@ -1,6 +1,30 @@ Two-factor Authentication with One-Time Passwords (OTP) ======================================================= +.. section products-begin +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ✓ + - ⨯ + - ✓ +.. section products-end + .. toctree:: :maxdepth: 1 diff --git a/nitrokeys/features/totp/microsoft.rst b/nitrokeys/features/totp/microsoft.rst index 28ee7b7c6d..a12f8d5dcb 100644 --- a/nitrokeys/features/totp/microsoft.rst +++ b/nitrokeys/features/totp/microsoft.rst @@ -1,6 +1,10 @@ Two-factor Authentication for Microsoft Account =============================================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: These are the basic steps for registering the Nitrokey Pro or Nitrokey Storage as a second factor of a Microsoft account. diff --git a/nitrokeys/features/totp/nextcloud.rst b/nitrokeys/features/totp/nextcloud.rst index 95f8990739..43a23c32a7 100644 --- a/nitrokeys/features/totp/nextcloud.rst +++ b/nitrokeys/features/totp/nextcloud.rst @@ -1,6 +1,10 @@ Two-factor Authentication for Nextcloud accounts ================================================ +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: These are the basic steps for registering the Nitrokey Pro or Nitrokey Storage as a second factor of a Nextcloud account. diff --git a/nitrokeys/features/u2f/2fa.rst b/nitrokeys/features/u2f/2fa.rst index b3942ad803..538bd25367 100644 --- a/nitrokeys/features/u2f/2fa.rst +++ b/nitrokeys/features/u2f/2fa.rst @@ -1,7 +1,10 @@ - Two-Factor Authentication (2FA) =============================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + 1. Open one of the `websites that support FIDO U2F `__. 2. Log in to the website and enable two-factor authentication in your diff --git a/nitrokeys/features/u2f/desktop-login.rst b/nitrokeys/features/u2f/desktop-login.rst index a431d1f0ec..10bebd4024 100644 --- a/nitrokeys/features/u2f/desktop-login.rst +++ b/nitrokeys/features/u2f/desktop-login.rst @@ -1,6 +1,10 @@ Desktop Login And Linux User Authentication =========================================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. contents:: :local: Introduction diff --git a/nitrokeys/features/u2f/index.rst b/nitrokeys/features/u2f/index.rst index b1acaadacc..7ff800ee8e 100644 --- a/nitrokeys/features/u2f/index.rst +++ b/nitrokeys/features/u2f/index.rst @@ -1,6 +1,30 @@ U2F === +.. section products-begin +.. list-table:: + :width: 100% + :header-rows: 1 + + * - `Nitrokey 3 `_ + - `Passkey `_ + - `FIDO2 `_ + - `U2F `_ + - `HSM 2 `_ + - `Pro 2 `_ + - `Start `_ + - `Storage 2 `_ + + * - ✓ + - ✓ + - ✓ + - ✓ + - ⨯ + - ✓ + - ⨯ + - ✓ +.. section products-end + .. toctree:: :maxdepth: 1 diff --git a/nitrokeys/features/u2f/odoo.rst b/nitrokeys/features/u2f/odoo.rst index 4b30f59aab..aa7c189a83 100644 --- a/nitrokeys/features/u2f/odoo.rst +++ b/nitrokeys/features/u2f/odoo.rst @@ -1,6 +1,10 @@ Two-Factor Authentication For ERP Software Odoo =============================================== +.. include:: index.rst + :start-after: products-begin + :end-before: products-end + .. only:: comment .. contents:: :local: diff --git a/nitrokeys/fido2/index.rst b/nitrokeys/fido2/index.rst index 7fc3d361bd..afb48aefef 100644 --- a/nitrokeys/fido2/index.rst +++ b/nitrokeys/fido2/index.rst @@ -22,10 +22,6 @@ and the product guides: or check out the features: -.. toctree:: - :maxdepth: 3 - :glob: - - FIDO2 <../features/fido2/index> - U2F <../features/u2f/index> +* `FIDO2 <../features/fido2/index.html>`_ +* `U2F <../features/u2f/index.html>`_ diff --git a/nitrokeys/hsm/index.rst b/nitrokeys/hsm/index.rst index 362e806b74..481d00c9a3 100644 --- a/nitrokeys/hsm/index.rst +++ b/nitrokeys/hsm/index.rst @@ -14,8 +14,4 @@ First check the: or check out the features: -.. toctree:: - :maxdepth: 1 - :glob: - - HSM <../features/hsm/index> \ No newline at end of file +* `HSM <../features/hsm/index.html>`_ \ No newline at end of file diff --git a/nitrokeys/index.rst b/nitrokeys/index.rst index 054b190b2f..889f34963b 100644 --- a/nitrokeys/index.rst +++ b/nitrokeys/index.rst @@ -6,11 +6,11 @@ Nitrokeys :glob: Features - U2F - Pro - Passkey - HSM - Storage - Start Nitrokey 3 - FIDO2 + Nitrokey Passkey + Nitrokey FIDO2 + Nitrokey U2F + Nitrokey HSM 2 + Nitrokey Pro 2 + Nitrokey Start + Nitrokey Storage 2 diff --git a/nitrokeys/nitrokey3/index.rst b/nitrokeys/nitrokey3/index.rst index 9f4ea5553b..3011f84f17 100644 --- a/nitrokeys/nitrokey3/index.rst +++ b/nitrokeys/nitrokey3/index.rst @@ -28,15 +28,11 @@ and the product guides: or check out the features: -.. toctree:: - :maxdepth: 5 - :glob: - - FIDO2 <../features/fido2/index> - U2F <../features/u2f/index> - OpenPGP Card <../features/openpgp-card/index> - Password Safe <../features/password-safe/index> +* `FIDO2 <../features/fido2/index.html>`_ +* `U2F <../features/u2f/index.html>`_ +* `OpenPGP Card <../features/openpgp-card/index.html>`_ +* `Password Safe <../features/password-safe/index.html>`_ -Additional features like PIV (Windows only) are available in test firmware releases. See the `release notes`_ on GitHub for more information. +Additional features like `PIV (Windows only) <../features/piv/index.html>`_ are available in test firmware releases. See the `release notes`_ on GitHub for more information. .. _release notes: https://github.com/Nitrokey/nitrokey-3-firmware/releases diff --git a/nitrokeys/pro/index.rst b/nitrokeys/pro/index.rst index 557c0aeb1f..851072716a 100644 --- a/nitrokeys/pro/index.rst +++ b/nitrokeys/pro/index.rst @@ -20,18 +20,14 @@ and the product guides: Update Factory Reset - Change PIN <../product-guides/change-pins/index> +* `Change PIN <../product-guides/change-pins/index.html>`_ or check out the features: -.. toctree:: - :maxdepth: 3 - :glob: - - U2F <../features/u2f/index> - TOTP <../features/totp/index> - OpenPGP Card <../features/openpgp-card/index> - Automatic Screen Lock (Linux) <../features/misc/automatic-screen-lock/index> - ECC <../features/misc/ecc/index> +* `U2F <../features/u2f/index.html>`_ +* `TOTP <../features/totp/index.html>`_ +* `OpenPGP Card <../features/openpgp-card/index.html>`_ +* `Automatic Screen Lock (Linux) <../features/misc/automatic-screen-lock/index.html>`_ +* `ECC <../features/misc/ecc/index.html>`_ diff --git a/nitrokeys/start/index.rst b/nitrokeys/start/index.rst index 0f3f8297df..845222d319 100644 --- a/nitrokeys/start/index.rst +++ b/nitrokeys/start/index.rst @@ -24,8 +24,4 @@ and the product guides: or check out the features: -.. toctree:: - :maxdepth: 4 - :glob: - - OpenPGP Card <../features/openpgp-card/index> \ No newline at end of file +* `OpenPGP Card <../features/openpgp-card/index.html>`_ \ No newline at end of file diff --git a/nitrokeys/storage/index.rst b/nitrokeys/storage/index.rst index cf1893e2d5..f8fdf12d4a 100644 --- a/nitrokeys/storage/index.rst +++ b/nitrokeys/storage/index.rst @@ -17,21 +17,17 @@ and the product guides: .. toctree:: :maxdepth: 2 - Change PIN <../product-guides/change-pins/index> Firmware-Update Manual Firmware-Update Factory Reset +* `Change PIN <../product-guides/change-pins/index.html>`_ or check out the features: -.. toctree:: - :maxdepth: 3 - :glob: - - U2F <../features/u2f/index> - TOTP <../features/totp/index> - OpenPGP Card <../features/openpgp-card/index> - Encrypted Mobile Storage <../features/encrypted-storage/index> - Hidden Storage <../features/hidden-storage/index> - Automatic Screen Lock (Linux) <../features/misc/automatic-screen-lock/index> - ECC <../features/misc/ecc/index> \ No newline at end of file +* `U2F <../features/u2f/index.html>`_ +* `TOTP <../features/totp/index.html>`_ +* `OpenPGP Card <../features/openpgp-card/index.html>`_ +* `Encrypted Mobile Storage <../features/encrypted-storage/index.html>`_ +* `Hidden Storage <../features/hidden-storage/index.html>`_ +* `Automatic Screen Lock (Linux) <../features/misc/automatic-screen-lock/index.html>`_ +* `ECC <../features/misc/ecc/index.html>`_ \ No newline at end of file diff --git a/nitrokeys/u2f/index.rst b/nitrokeys/u2f/index.rst index 63dde7e9ae..cce321a267 100644 --- a/nitrokeys/u2f/index.rst +++ b/nitrokeys/u2f/index.rst @@ -5,9 +5,4 @@ Nitrokey U2F Check out the features: -.. toctree:: - :maxdepth: 3 - :glob: - - U2F <../features/u2f/index> - +* `U2F <../features/u2f/index.html>`_ From 1b096dfddc1a0cf64a9d3b39e6020be428332caf Mon Sep 17 00:00:00 2001 From: Marlin Date: Tue, 13 Aug 2024 13:19:13 +0200 Subject: [PATCH 32/33] fixed errors --- .../features/encrypted-storage/index.rst | 15 ++++---- nitrokeys/features/fido2/index.rst | 15 ++++---- nitrokeys/features/hidden-storage/index.rst | 15 ++++---- nitrokeys/features/hsm/index.rst | 15 ++++---- .../features/misc/automatic-screen-lock.rst | 15 ++++---- nitrokeys/features/misc/ecc.rst | 15 ++++---- .../openpgp-card/certificate-authority.rst | 15 ++++---- .../openpgp-card/change-pins.rst} | 33 +++++++++++++++--- .../desktop-login/smart-policy.rst | 15 ++++---- nitrokeys/features/openpgp-card/gpa.rst | 15 ++++---- .../hard-disk-encryption/index.rst | 15 ++++---- .../openpgp-card}/images/change-pins/1.png | Bin .../openpgp-card}/images/change-pins/2.png | Bin .../openpgp-card}/images/change-pins/3.png | Bin .../openpgp-card}/images/change-pins/4.png | Bin .../images/change-pins/App-change-pin.png | Bin nitrokeys/features/openpgp-card/index.rst | 18 +++++----- nitrokeys/features/openpgp-card/ipsec.rst | 15 ++++---- .../features/openpgp-card/smime/index.rst | 15 ++++---- .../openpgp-card/{stunnel => }/stunnel.rst | 15 ++++---- nitrokeys/features/openpgp-card/uif.rst | 15 ++++---- nitrokeys/features/password-safe/index.rst | 15 ++++---- nitrokeys/features/piv/index.rst | 15 ++++---- nitrokeys/features/totp/index.rst | 15 ++++---- nitrokeys/features/u2f/index.rst | 15 ++++---- nitrokeys/pro/getting-started.rst | 2 +- nitrokeys/pro/index.rst | 1 - nitrokeys/storage/index.rst | 1 - nitropad/qubes/change-pins.rst | 2 +- nitropad/ubuntu/change-pins.rst | 2 +- 30 files changed, 186 insertions(+), 143 deletions(-) rename nitrokeys/{product-guides/change-pins/index.rst => features/openpgp-card/change-pins.rst} (61%) rename nitrokeys/{product-guides/change-pins => features/openpgp-card}/images/change-pins/1.png (100%) rename nitrokeys/{product-guides/change-pins => features/openpgp-card}/images/change-pins/2.png (100%) rename nitrokeys/{product-guides/change-pins => features/openpgp-card}/images/change-pins/3.png (100%) rename nitrokeys/{product-guides/change-pins => features/openpgp-card}/images/change-pins/4.png (100%) rename nitrokeys/{product-guides/change-pins => features/openpgp-card}/images/change-pins/App-change-pin.png (100%) rename nitrokeys/features/openpgp-card/{stunnel => }/stunnel.rst (61%) diff --git a/nitrokeys/features/encrypted-storage/index.rst b/nitrokeys/features/encrypted-storage/index.rst index a72d8adbb1..469934c1d0 100644 --- a/nitrokeys/features/encrypted-storage/index.rst +++ b/nitrokeys/features/encrypted-storage/index.rst @@ -4,15 +4,16 @@ Encrypted Mobile Storage .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ⨯ - ⨯ diff --git a/nitrokeys/features/fido2/index.rst b/nitrokeys/features/fido2/index.rst index d9c003cc58..e97bb27a1c 100644 --- a/nitrokeys/features/fido2/index.rst +++ b/nitrokeys/features/fido2/index.rst @@ -5,15 +5,16 @@ FIDO2 .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ✓ - ✓ diff --git a/nitrokeys/features/hidden-storage/index.rst b/nitrokeys/features/hidden-storage/index.rst index 5dbbe8d800..19c557a539 100644 --- a/nitrokeys/features/hidden-storage/index.rst +++ b/nitrokeys/features/hidden-storage/index.rst @@ -4,15 +4,16 @@ Hidden Volumes .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ⨯ - ⨯ diff --git a/nitrokeys/features/hsm/index.rst b/nitrokeys/features/hsm/index.rst index bb8de27a48..42c7c7eee8 100644 --- a/nitrokeys/features/hsm/index.rst +++ b/nitrokeys/features/hsm/index.rst @@ -5,15 +5,16 @@ HSM Features .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ⨯ - ⨯ diff --git a/nitrokeys/features/misc/automatic-screen-lock.rst b/nitrokeys/features/misc/automatic-screen-lock.rst index 9d2537c60d..720a371e87 100644 --- a/nitrokeys/features/misc/automatic-screen-lock.rst +++ b/nitrokeys/features/misc/automatic-screen-lock.rst @@ -5,15 +5,16 @@ Automatic Screen Lock at Removal .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ⨯ - ⨯ diff --git a/nitrokeys/features/misc/ecc.rst b/nitrokeys/features/misc/ecc.rst index d9e9e5470b..c6563c4d6b 100644 --- a/nitrokeys/features/misc/ecc.rst +++ b/nitrokeys/features/misc/ecc.rst @@ -5,15 +5,16 @@ Elliptic Curves (ECC) Support .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ⨯ - ⨯ diff --git a/nitrokeys/features/openpgp-card/certificate-authority.rst b/nitrokeys/features/openpgp-card/certificate-authority.rst index 01fe422880..b20fe58ee0 100644 --- a/nitrokeys/features/openpgp-card/certificate-authority.rst +++ b/nitrokeys/features/openpgp-card/certificate-authority.rst @@ -5,15 +5,16 @@ Creating a Certificate Authority .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ✓ - ⨯ diff --git a/nitrokeys/product-guides/change-pins/index.rst b/nitrokeys/features/openpgp-card/change-pins.rst similarity index 61% rename from nitrokeys/product-guides/change-pins/index.rst rename to nitrokeys/features/openpgp-card/change-pins.rst index bf0b570629..bf3126d3b0 100644 --- a/nitrokeys/product-guides/change-pins/index.rst +++ b/nitrokeys/features/openpgp-card/change-pins.rst @@ -1,6 +1,31 @@ Change User and Admin PIN ========================= +.. section products-begin +.. list-table:: + :width: 100% + :header-rows: 1 + :class: products-table + + * - `Nitrokey 3 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ + + * - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ⨯ + - ✓ + - ⨯ + - ✓ +.. section products-end + .. contents:: :local: User PIN @@ -11,7 +36,7 @@ The user PIN is at least 6-digits long and is used to get access to the content You can change the user PIN with the Nitrokey App if using a Nitrokey Pro or Nitrokey Storage. In the `Nitrokey `__ App open ‘Menu -> Configure -> Change User PIN’ to open the dialog to change the PIN. -.. figure:: /nitrokeys/product-guides/change-pins/images/change-pins/1.png +.. figure:: /nitrokeys/features/openpgp-card/images/change-pins/1.png :alt: img1 @@ -20,7 +45,7 @@ You can change the User PIN in the dialog window now. The user PIN can have up to 20 digits and other characters (e.g. alphabetic and special characters). But as the user PIN is blocked as soon three wrong PIN attempts were done, it is sufficiently secure to only have a 6 digits PIN. The default PIN is 123456. -.. figure:: /nitrokeys/product-guides/change-pins/images/change-pins/2.png +.. figure:: /nitrokeys/features/openpgp-card/images/change-pins/2.png :alt: img2 @@ -33,7 +58,7 @@ The admin PIN is at least 8-digits long and is used to change contents/settings You can change the admin PIN with the Nitrokey App if using a Nitrokey Pro or Nitrokey Storage. In the `Nitrokey App `__ open ‘Menu -> Configure -> Change Admin PIN’ to open the dialog to change the PIN. -.. figure:: /nitrokeys/product-guides/change-pins/images/change-pins/3.png +.. figure:: /nitrokeys/features/openpgp-card/images/change-pins/3.png :alt: img3 @@ -42,7 +67,7 @@ You can change the admin PIN in the dialog window now. The admin PIN can have up to 20 digits and other characters (e.g. alphabetic and special characters). But as the admin PIN is blocked as soon three wrong PIN attempts were done, it is sufficiently secure to only have 8 digits PIN. The default PIN is 12345678. -.. figure:: /nitrokeys/product-guides/change-pins/images/change-pins/4.png +.. figure:: /nitrokeys/features/openpgp-card/images/change-pins/4.png :alt: img4 diff --git a/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst b/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst index 4c3fc15965..4d2d489f97 100644 --- a/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst +++ b/nitrokeys/features/openpgp-card/desktop-login/smart-policy.rst @@ -5,15 +5,16 @@ Login to Windows Domain Computers With MS Active Directory .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ✓ - ⨯ diff --git a/nitrokeys/features/openpgp-card/gpa.rst b/nitrokeys/features/openpgp-card/gpa.rst index d98cdc6c04..867ee0ac31 100644 --- a/nitrokeys/features/openpgp-card/gpa.rst +++ b/nitrokeys/features/openpgp-card/gpa.rst @@ -5,15 +5,16 @@ Setup With Gnu Privacy Assistant (GPA) .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ✓ - ⨯ diff --git a/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst b/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst index e103e6d15f..75a37952ae 100644 --- a/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst +++ b/nitrokeys/features/openpgp-card/hard-disk-encryption/index.rst @@ -5,15 +5,16 @@ Hard Disk Encryption .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ✓ - ⨯ diff --git a/nitrokeys/product-guides/change-pins/images/change-pins/1.png b/nitrokeys/features/openpgp-card/images/change-pins/1.png similarity index 100% rename from nitrokeys/product-guides/change-pins/images/change-pins/1.png rename to nitrokeys/features/openpgp-card/images/change-pins/1.png diff --git a/nitrokeys/product-guides/change-pins/images/change-pins/2.png b/nitrokeys/features/openpgp-card/images/change-pins/2.png similarity index 100% rename from nitrokeys/product-guides/change-pins/images/change-pins/2.png rename to nitrokeys/features/openpgp-card/images/change-pins/2.png diff --git a/nitrokeys/product-guides/change-pins/images/change-pins/3.png b/nitrokeys/features/openpgp-card/images/change-pins/3.png similarity index 100% rename from nitrokeys/product-guides/change-pins/images/change-pins/3.png rename to nitrokeys/features/openpgp-card/images/change-pins/3.png diff --git a/nitrokeys/product-guides/change-pins/images/change-pins/4.png b/nitrokeys/features/openpgp-card/images/change-pins/4.png similarity index 100% rename from nitrokeys/product-guides/change-pins/images/change-pins/4.png rename to nitrokeys/features/openpgp-card/images/change-pins/4.png diff --git a/nitrokeys/product-guides/change-pins/images/change-pins/App-change-pin.png b/nitrokeys/features/openpgp-card/images/change-pins/App-change-pin.png similarity index 100% rename from nitrokeys/product-guides/change-pins/images/change-pins/App-change-pin.png rename to nitrokeys/features/openpgp-card/images/change-pins/App-change-pin.png diff --git a/nitrokeys/features/openpgp-card/index.rst b/nitrokeys/features/openpgp-card/index.rst index d112eb9796..11b1e142c0 100644 --- a/nitrokeys/features/openpgp-card/index.rst +++ b/nitrokeys/features/openpgp-card/index.rst @@ -5,15 +5,16 @@ OpenPGP Card .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ✓ - ⨯ @@ -48,4 +49,5 @@ OpenPGP Card Gnu Privacy Assistant (GPA) EID Certificate-authority - GnuPG with Fedora \ No newline at end of file + GnuPG with Fedora + Change Pins \ No newline at end of file diff --git a/nitrokeys/features/openpgp-card/ipsec.rst b/nitrokeys/features/openpgp-card/ipsec.rst index 7aafde6a26..add74577d7 100644 --- a/nitrokeys/features/openpgp-card/ipsec.rst +++ b/nitrokeys/features/openpgp-card/ipsec.rst @@ -5,15 +5,16 @@ IPSec .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ✓ - ⨯ diff --git a/nitrokeys/features/openpgp-card/smime/index.rst b/nitrokeys/features/openpgp-card/smime/index.rst index 3075d37a45..122582d251 100644 --- a/nitrokeys/features/openpgp-card/smime/index.rst +++ b/nitrokeys/features/openpgp-card/smime/index.rst @@ -5,15 +5,16 @@ S/MIME Email Encryption .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ✓ - ⨯ diff --git a/nitrokeys/features/openpgp-card/stunnel/stunnel.rst b/nitrokeys/features/openpgp-card/stunnel.rst similarity index 61% rename from nitrokeys/features/openpgp-card/stunnel/stunnel.rst rename to nitrokeys/features/openpgp-card/stunnel.rst index 47d6b653d2..60cc589bc4 100644 --- a/nitrokeys/features/openpgp-card/stunnel/stunnel.rst +++ b/nitrokeys/features/openpgp-card/stunnel.rst @@ -5,15 +5,16 @@ Stunnel .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ✓ - ⨯ diff --git a/nitrokeys/features/openpgp-card/uif.rst b/nitrokeys/features/openpgp-card/uif.rst index 288fb50dde..568043fabf 100644 --- a/nitrokeys/features/openpgp-card/uif.rst +++ b/nitrokeys/features/openpgp-card/uif.rst @@ -5,15 +5,16 @@ OpenPGP Touch Confirmation (UIF) .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ✓ - ⨯ diff --git a/nitrokeys/features/password-safe/index.rst b/nitrokeys/features/password-safe/index.rst index 4c64bfb12d..31eb0e69a9 100644 --- a/nitrokeys/features/password-safe/index.rst +++ b/nitrokeys/features/password-safe/index.rst @@ -5,15 +5,16 @@ Password Safe .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ✓ - ⨯ diff --git a/nitrokeys/features/piv/index.rst b/nitrokeys/features/piv/index.rst index 7d2c0768a6..28bad4cf71 100644 --- a/nitrokeys/features/piv/index.rst +++ b/nitrokeys/features/piv/index.rst @@ -5,15 +5,16 @@ PIV (Personal Identity Verification) .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ✓ - ⨯ diff --git a/nitrokeys/features/totp/index.rst b/nitrokeys/features/totp/index.rst index bf3d3e0981..4e053eed01 100644 --- a/nitrokeys/features/totp/index.rst +++ b/nitrokeys/features/totp/index.rst @@ -5,15 +5,16 @@ Two-factor Authentication with One-Time Passwords (OTP) .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ⨯ - ⨯ diff --git a/nitrokeys/features/u2f/index.rst b/nitrokeys/features/u2f/index.rst index 7ff800ee8e..921cd6159c 100644 --- a/nitrokeys/features/u2f/index.rst +++ b/nitrokeys/features/u2f/index.rst @@ -5,15 +5,16 @@ U2F .. list-table:: :width: 100% :header-rows: 1 + :class: products-table * - `Nitrokey 3 `_ - - `Passkey `_ - - `FIDO2 `_ - - `U2F `_ - - `HSM 2 `_ - - `Pro 2 `_ - - `Start `_ - - `Storage 2 `_ + - `Nitrokey Passkey `_ + - `Nitrokey FIDO2 `_ + - `Nitrokey U2F `_ + - `Nitrokey HSM 2 `_ + - `Nitrokey Pro 2 `_ + - `Nitrokey Start `_ + - `Nitrokey Storage 2 `_ * - ✓ - ✓ diff --git a/nitrokeys/pro/getting-started.rst b/nitrokeys/pro/getting-started.rst index 8dc0038b9f..d3cd78b115 100644 --- a/nitrokeys/pro/getting-started.rst +++ b/nitrokeys/pro/getting-started.rst @@ -34,7 +34,7 @@ Getting Started to change the default User PIN (default: 123456) and Admin PIN (default: 12345678) to your own choices. -.. figure:: ../product-guides/change-pins/images/change-pins/App-change-pin.png +.. figure:: ../features/openpgp-card/images/change-pins/App-change-pin.png :alt: img diff --git a/nitrokeys/pro/index.rst b/nitrokeys/pro/index.rst index 851072716a..2cec20a8ae 100644 --- a/nitrokeys/pro/index.rst +++ b/nitrokeys/pro/index.rst @@ -20,7 +20,6 @@ and the product guides: Update Factory Reset -* `Change PIN <../product-guides/change-pins/index.html>`_ or check out the features: diff --git a/nitrokeys/storage/index.rst b/nitrokeys/storage/index.rst index f8fdf12d4a..dd2c5e6be9 100644 --- a/nitrokeys/storage/index.rst +++ b/nitrokeys/storage/index.rst @@ -20,7 +20,6 @@ and the product guides: Firmware-Update Manual Firmware-Update Factory Reset -* `Change PIN <../product-guides/change-pins/index.html>`_ or check out the features: diff --git a/nitropad/qubes/change-pins.rst b/nitropad/qubes/change-pins.rst index 1e44e361cd..177ab7edae 100644 --- a/nitropad/qubes/change-pins.rst +++ b/nitropad/qubes/change-pins.rst @@ -1 +1 @@ -.. include:: ../../nitrokeys/product-guides/change-pins/index.rst +.. include:: ../../nitrokeys/features/openpgp-card/change-pins.rst diff --git a/nitropad/ubuntu/change-pins.rst b/nitropad/ubuntu/change-pins.rst index 1e44e361cd..177ab7edae 100644 --- a/nitropad/ubuntu/change-pins.rst +++ b/nitropad/ubuntu/change-pins.rst @@ -1 +1 @@ -.. include:: ../../nitrokeys/product-guides/change-pins/index.rst +.. include:: ../../nitrokeys/features/openpgp-card/change-pins.rst From 232e0a9f1a5fae10737103f40af09b74b2753b3d Mon Sep 17 00:00:00 2001 From: Marlin Date: Wed, 14 Aug 2024 13:51:42 +0200 Subject: [PATCH 33/33] added css for products table and redirects --- _redirects/.htaccess | 180 ++++++++++++++++++++++++++++++++++++++++ _static/css/custom.css | 11 +++ nitrokeys/hsm/index.rst | 2 +- 3 files changed, 192 insertions(+), 1 deletion(-) diff --git a/_redirects/.htaccess b/_redirects/.htaccess index 07027bb405..9b30326452 100644 --- a/_redirects/.htaccess +++ b/_redirects/.htaccess @@ -15,4 +15,184 @@ #========= RedirectMatch 302 "(/[a-z][a-z])?/path/to/old_article.html$" "$1/path/to/new_article.html" +#Nitrokey FIDO2 +RedirectMatch 301 "(/[a-z][a-z])?/fido2/(mac/|windows/|linux/)?2fa-nextcloud.html$" "$1/nitrokeys/features/fido2/nextcloud.html" +RedirectMatch 301 "(/[a-z][a-z])?/fido2/(mac/|windows/|linux/)?2fa-odoo.html$" "$1/nitrokeys/features/u2f/odoo.html" +RedirectMatch 301 "(/[a-z][a-z])?/fido2/index.html$" "$1/nitrokeys/fido2/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/fido2/faq.html$" "$1/nitrokeys/fido2/faq.html" +RedirectMatch 301 "(/[a-z][a-z])?/fido2/(mac/|windows/|linux/)?firmware-update.html$" "$1/nitrokeys/fido2/firmware-update.html" +RedirectMatch 301 "(/[a-z][a-z])?/fido2/(mac/|windows/|linux/)index.html$" "$1/nitrokeys/fido2/getting-started.html" +RedirectMatch 301 "(/[a-z][a-z])?/fido2/(mac/|windows/|linux/)reset.html$" "$1/nitrokeys/fido2/reset.html" +RedirectMatch 301 "(/[a-z][a-z])?/fido2/linux/desktop-login.html$" "$1/nitrokeys/features/u2f/desktop-login.html" +RedirectMatch 301 "(/[a-z][a-z])?/fido2/windows/passwordless-microsoft.html$" "$1/nitrokeys/features/fido2/passwordless-microsoft.html" +#Nitrokey Passkey +RedirectMatch 301 "(/[a-z][a-z])?/nkpk/index.html$" "$1/nitrokeys/passkey/index.html" +#Nitrokey HSM2 not done +RedirectMatch 301 "(/[a-z][a-z])?/hsm/index.html$" "$1/nitrokeys/hsm/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/faq.html$" "$1/nitrokeys/hsm/faq.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/n-of-m-schemes.html$" "$1/nitrokeys/features/hsm/n-of-m-schemes.html" +#Nitrokey U2F +RedirectMatch 301 "(/[a-z][a-z])?/u2f/index.html$" "$1/nitrokeys/u2f/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/u2f/(mac/|windows/|linux/)index.html$" "$1/nitrokeys/u2f/getting-started.html" +RedirectMatch 301 "(/[a-z][a-z])?/u2f/(mac/|windows/|linux/)?2fa-nextcloud.html$" "$1/nitrokeys/features/fido2/nextcloud.html" +RedirectMatch 301 "(/[a-z][a-z])?/u2f/(mac/|windows/|linux/)?2fa-odoo.html$" "$1/nitrokeys/features/u2f/odoo.html" +RedirectMatch 301 "(/[a-z][a-z])?/fido2/linux/desktop-login.html$" "$1/nitrokeys/features/u2f/desktop-login.html" +#Nitrokey Storage +RedirectMatch 301 "(/[a-z][a-z])?/storage/index.html$" "$1/nitrokeys/storage/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)?factory-reset.html$" "$1/nitrokeys/storage/factory-reset.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/encrypted-mobile-storage.html$" "$1/nitrokeys/features/encrypted-storage/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/faq.html$" "$1/nitrokeys/storage/faq.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/hidden.html$" "$1/nitrokeys/features/hidden-storage/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)?firmware-update-manually.html$" "$1/nitrokeys/storage/firmware-update-manually.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)?firmware-update.html$" "$1/nitrokeys/storage/firmware-update.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)?2fa-nextcloud.html$" "$1/nitrokeys/features/totp/nextcloud.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)?2fa-odoo.html$" "$1/nitrokeys/features/u2f/odoo.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/linux/desktop-login.html$" "$1/nitrokeys/features/u2f/desktop-login.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)index.html$" "$1/nitrokeys/storage/getting-started.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)smime-thunderbird.html$" "$1/nitrokeys/features/openpgp-card/smime/smime-thunderbird.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)smime-outlook.html$" "$1/nitrokeys/features/openpgp-card/smime/smime-outlook.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)smime.html$" "$1/nitrokeys/features/openpgp-card/smime/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)openpgp.html$" "$1/nitrokeys/features/openpgp-card/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)openpgp-thunderbird.html$" "$1/nitrokeys/features/openpgp-card/openpgp-thunderbird.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)openpgp-outlook.html$" "$1/nitrokeys/features/openpgp-card/openpgp-outlook.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)openpgp-keygen-on-device.html$" "$1/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)openpgp-keygen-gpa.html$" "$1/nitrokeys/features/openpgp-card/openpgp-keygen-gpa.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)openpgp-keygen-backup.html$" "$1/nitrokeys/features/openpgp-card/openpgp-keygen-backup.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)openpgp-csp.html$" "$1/nitrokeys/features/openpgp-card/openpgp-csp.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/windows/smart-policy.html$" "$1/nitrokeys/features/openpgp-card/desktop-login/smart-policy.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/windows/putty.html$" "$1/nitrokeys/features/openpgp-card/ssh/putty.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)ssh.html$" "$1/nitrokeys/features/openpgp-card/ssh/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)otp.html$" "$1/nitrokeys/features/totp/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)hidden.html$" "$1/nitrokeys/features/hidden-storage/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)hard-disk-encryption.html$" "$1/nitrokeys/features/openpgp-card/hard-disk-encryption/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)disk-encryption-luks.html$" "$1/nitrokeys/features/openpgp-card/hard-disk-encryption/luks.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)gpa.html$" "$1/nitrokeys/features/openpgp-card/gpa.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)encrypted-mobile-storage.html$" "$1/nitrokeys/features/encrypted-storage/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)eid-authenticate.html$" "$1/nitrokeys/features/openpgp-card/eid.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)ecc.html$" "$1/nitrokeys/features/misc/ecc.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)change-pins.html$" "$1/nitrokeys/features/openpgp-card/change-pins.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)2fa-microsoft.html$" "$1/nitrokeys/features/totp/microsoft.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)2fa-google.html$" "$1/nitrokeys/features/totp/google.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)automatic-screen-lock.html$" "$1/nitrokeys/features/misc/automatic-screen-lock.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)certificate-authority.html$" "$1/nitrokeys/features/openpgp-card/certificate-authority.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)openvpn-easyrsa.html$" "$1/nitrokeys/features/openpgp-card/openvpn/easyrsa.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)stunnel.html$" "$1/nitrokeys/features/openpgp-card/stunnel.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)ipsec.html$" "$1/nitrokeys/features/openpgp-card/ipsec.html" +RedirectMatch 301 "(/[a-z][a-z])?/storage/(mac/|windows/|linux/)login-with-pam.html$" "$1/nitrokeys/features/openpgp-card/desktop-login/pam.html" +#Nitrokey Start +RedirectMatch 301 "(/[a-z][a-z])?/start/index.html$" "$1/nitrokeys/start/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)index.html$" "$1/nitrokeys/start/getting-started.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/faq.html$" "$1/nitrokeys/start/faq.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)?factory-reset.html$" "$1/nitrokeys/start/factory-reset.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)smime-thunderbird.html$" "$1/nitrokeys/features/openpgp-card/smime/smime-thunderbird.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)smime-outlook.html$" "$1/nitrokeys/features/openpgp-card/smime/smime-outlook.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)smime.html$" "$1/nitrokeys/features/openpgp-card/smime/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)openpgp.html$" "$1/nitrokeys/features/openpgp-card/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)openpgp-thunderbird.html$" "$1/nitrokeys/features/openpgp-card/openpgp-thunderbird.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)openpgp-outlook.html$" "$1/nitrokeys/features/openpgp-card/openpgp-outlook.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)openpgp-keygen-on-device.html$" "$1/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)openpgp-keygen-gpa.html$" "$1/nitrokeys/features/openpgp-card/openpgp-keygen-gpa.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)openpgp-keygen-backup.html$" "$1/nitrokeys/features/openpgp-card/openpgp-keygen-backup.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)openpgp-csp.html$" "$1/nitrokeys/features/openpgp-card/openpgp-csp.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/windows/putty.html$" "$1/nitrokeys/features/openpgp-card/ssh/putty.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)ssh.html$" "$1/nitrokeys/features/openpgp-card/ssh/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)gpa.html$" "$1/nitrokeys/features/openpgp-card/gpa.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)stunnel.html$" "$1/nitrokeys/features/openpgp-card/stunnel.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)ipsec.html$" "$1/nitrokeys/features/openpgp-card/ipsec.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)login-with-pam.html$" "$1/nitrokeys/features/openpgp-card/desktop-login/pam.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/linux/firmware-update.html$" "$1/nitrokeys/start/firmware-update.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)?setting-kdf-do.html$" "$1/nitrokeys/start/setting-kdf-do.html" +RedirectMatch 301 "(/[a-z][a-z])?/start/(mac/|windows/|linux/)?multiple-identities.html$" "$1/nitrokeys/start/multiple-identities.html" +#Nitrokey Pro +RedirectMatch 301 "(/[a-z][a-z])?/pro/index.html$" "$1/nitrokeys/pro/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)index.html$" "$1/nitrokeys/pro/getting-started.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/faq.html$" "$1/nitrokeys/pro/faq.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)?factory-reset.html$" "$1/nitrokeys/pro/factory-reset.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)?firmware-update.html$" "$1/nitrokeys/pro/firmware-update.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)smime-thunderbird.html$" "$1/nitrokeys/features/openpgp-card/smime/smime-thunderbird.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)smime-outlook.html$" "$1/nitrokeys/features/openpgp-card/smime/smime-outlook.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)smime.html$" "$1/nitrokeys/features/openpgp-card/smime/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)openpgp.html$" "$1/nitrokeys/features/openpgp-card/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)openpgp-thunderbird.html$" "$1/nitrokeys/features/openpgp-card/openpgp-thunderbird.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)openpgp-outlook.html$" "$1/nitrokeys/features/openpgp-card/openpgp-outlook.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)openpgp-keygen-on-device.html$" "$1/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)openpgp-keygen-gpa.html$" "$1/nitrokeys/features/openpgp-card/openpgp-keygen-gpa.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)openpgp-keygen-backup.html$" "$1/nitrokeys/features/openpgp-card/openpgp-keygen-backup.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)openpgp-csp.html$" "$1/nitrokeys/features/openpgp-card/openpgp-csp.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/windows/putty.html$" "$1/nitrokeys/features/openpgp-card/ssh/putty.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)?ssh.html$" "$1/nitrokeys/features/openpgp-card/ssh/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)?gpa.html$" "$1/nitrokeys/features/openpgp-card/gpa.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)stunnel.html$" "$1/nitrokeys/features/openpgp-card/stunnel.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)ipsec.html$" "$1/nitrokeys/features/openpgp-card/ipsec.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)login-with-pam.html$" "$1/nitrokeys/features/openpgp-card/desktop-login/pam.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)openvpn-easyrsa.html$" "$1/nitrokeys/features/openpgp-card/openvpn/easyrsa.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)openvpn-viscosity.html$" "$1/nitrokeys/features/openpgp-card/openvpn/viscosity.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)change-pins.html$" "$1/nitrokeys/features/openpgp-card/change-pins.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)certificate-authority.html$" "$1/nitrokeys/features/openpgp-card/certificate-authority.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)ecc.html$" "$1/nitrokeys/features/misc/ecc.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)eid-authenticate.html$" "$1/nitrokeys/features/openpgp-card/eid.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/windows/smart-policy.html$" "$1/nitrokeys/features/openpgp-card/desktop-login/smart-policy.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)hard-disk-encryption.html$" "$1/nitrokeys/features/openpgp-card/hard-disk-encryption/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)disk-encryption-luks.html$" "$1/nitrokeys/features/openpgp-card/hard-disk-encryption/luks.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)otp.html$" "$1/nitrokeys/features/totp/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)2fa-microsoft.html$" "$1/nitrokeys/features/totp/microsoft.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)2fa-google.html$" "$1/nitrokeys/features/totp/google.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)?2fa-nextcloud.html$" "$1/nitrokeys/features/fido2/nextcloud.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)?2fa-odoo.html$" "$1/nitrokeys/features/u2f/odoo.html" +RedirectMatch 301 "(/[a-z][a-z])?/pro/(mac/|windows/|linux/)automatic-screen-lock.html$" "$1/nitrokeys/features/misc/automatic-screen-lock.html" +#Nitrokey 3 +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/index.html$" "$1/nitrokeys/nitrokey3/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)index.html$" "$1/nitrokeys/nitrokey3/getting-started.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/faq.html$" "$1/nitrokeys/nitrokey3/faq.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/features.html$" "$1/nitrokeys/nitrokey3/overview.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)?firmware-update.html$" "$1/nitrokeys/nitrokey3/firmware-update.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)?adsk.html$" "$1/nitrokeys/nitrokey3/adsk.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)?reset.html$" "$1/nitrokeys/nitrokey3/reset.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)?set-pins.html$" "$1/nitrokeys/nitrokey3/set-pins.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)?troubleshooting.html$" "$1/nitrokeys/nitrokey3/troubleshooting.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)?nitropy.html$" "$1/nitrokeys/nitrokey3/nitropy.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/shared/main.html$" "$1/nitrokeys/nitrokey3/getting-started.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/linux/firmware-update-qubes.html$" "$1/nitrokeys/nitrokey3/firmware-update-qubes.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)?2fa-odoo.html$" "$1/nitrokeys/features/u2f/odoo.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/linux/desktop-login.html$" "$1/nitrokeys/features/u2f/desktop-login.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/linux/fedora-gnupg-configuration.html$" "$1/nitrokeys/features/openpgp-card/fedora-gnupg-configuration.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/windows/passwordless-microsoft.html$" "$1/nitrokeys/features/fido2/passwordless-microsoft.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)keepassxc.html$" "$1/nitrokeys/features/password-safe/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)smime-thunderbird.html$" "$1/nitrokeys/features/openpgp-card/smime/smime-thunderbird.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)smime-outlook.html$" "$1/nitrokeys/features/openpgp-card/smime/smime-outlook.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)smime.html$" "$1/nitrokeys/features/openpgp-card/smime/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)openpgp.html$" "$1/nitrokeys/features/openpgp-card/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)openpgp-thunderbird.html$" "$1/nitrokeys/features/openpgp-card/openpgp-thunderbird.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)openpgp-outlook.html$" "$1/nitrokeys/features/openpgp-card/openpgp-outlook.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)openpgp-keygen-on-device.html$" "$1/nitrokeys/features/openpgp-card/openpgp-keygen-on-device.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)openpgp-keygen-gpa.html$" "$1/nitrokeys/features/openpgp-card/openpgp-keygen-gpa.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)openpgp-keygen-backup.html$" "$1/nitrokeys/features/openpgp-card/openpgp-keygen-backup.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)openpgp-csp.html$" "$1/nitrokeys/features/openpgp-card/openpgp-csp.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/(mac/|windows/|linux/)openpgp-uif.html$" "$1/nitrokeys/features/openpgp-card/uif.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/windows/piv/index.html$" "$1/nitrokeys/features/piv/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/windows/piv/access_control.html$" "$1/nitrokeys/features/piv/access_control.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/windows/piv/certificate-management.html$" "$1/nitrokeys/features/piv/certificate-management.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/windows/piv/factory_reset.html$" "$1/nitrokeys/features/piv/factory_reset.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/windows/piv/key_management.html$" "$1/nitrokeys/features/piv/key_management.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/windows/piv/guides/index.html$" "$1/nitrokeys/features/piv/guides/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/nitrokey3/windows/piv/guides/client_logon_with_active_directory.html$" "$1/nitrokeys/features/piv/guides/client_logon_with_active_directory.html" +#Nitrokey HSM +RedirectMatch 301 "(/[a-z][a-z])?/hsm/(mac/|windows/|linux/)index.html$" "$1/nitrokeys/hsm/getting-started.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/index.html$" "$1/nitrokeys/hsm/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/faq.html$" "$1/nitrokeys/hsm/faq.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/(mac/|windows/|linux/)smime.html$" "$1/nitrokeys/features/openpgp-card/smime/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/(mac/|windows/|linux/)smime-thunderbird.html$" "$1/nitrokeys/features/openpgp-card/smime/smime-thunderbird.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/(mac/|windows/|linux/)smime-outlook.html$" "$1/nitrokeys/features/openpgp-card/smime/smime-outlook.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/(mac/|windows/|linux/)pkcs11-url.html$" "$1/nitrokeys/features/hsm/pkcs11-url.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/(mac/|windows/|linux/)import-keys-certs.html$" "$1/nitrokeys/features/hsm/import-keys-certs.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/(mac/|windows/|linux/)certificate-authority.html$" "$1/nitrokeys/features/openpgp-card/certificate-authority.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/(mac/|windows/|linux/)apache2-tls.html$" "$1/nitrokeys/features/hsm/apache2-tls.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/windows/smart-policy.html$" "$1/nitrokeys/features/openpgp-card/desktop-login/smart-policy.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/(mac/|windows/|linux/)?n-of-m-schemes.html$" "$1/nitrokeys/features/hsm/n-of-m-schemes.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/(mac/|windows/|linux/)hard-disk-encryption.html$" "$1/nitrokeys/features/openpgp-card/hard-disk-encryption/index.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/(mac/|windows/|linux/)ipsec.html$" "$1/nitrokeys/features/openpgp-card/ipsec.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/(mac/|windows/|linux/)gpa.html$" "$1/nitrokeys/features/openpgp-card/gpa.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/(mac/|windows/|linux/)stunnel.html$" "$1/nitrokeys/features/openpgp-card/stunnel.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/(mac/|windows/|linux/)automatic-screen-lock.html$" "$1/nitrokeys/features/misc/automatic-screen-lock.html" +RedirectMatch 301 "(/[a-z][a-z])?/hsm/(mac/|windows/|linux/)dnssec.html$" "$1/nitrokeys/features/hsm/dnssec.html" diff --git a/_static/css/custom.css b/_static/css/custom.css index a7d799f203..767623efe5 100644 --- a/_static/css/custom.css +++ b/_static/css/custom.css @@ -718,3 +718,14 @@ article ul li { #breadcrumbs a:last-child:after { display: none; } + +.products-table td p { + text-align: center; + font-size: 1.25em !important; + margin: 0 !important; +} +.products-table td { + padding: 0 !important; +} + + diff --git a/nitrokeys/hsm/index.rst b/nitrokeys/hsm/index.rst index 481d00c9a3..865b3a7b6e 100644 --- a/nitrokeys/hsm/index.rst +++ b/nitrokeys/hsm/index.rst @@ -9,8 +9,8 @@ First check the: :maxdepth: 1 :glob: - Frequently Asked Questions Getting Started + Frequently Asked Questions or check out the features:

_U%J{`Z(=y zwH*YwOW;>sZ;Y8e4h>@u7NR_gV{&@-IJgqXG>lcRDpqapz zCoEXO+92uHqz6c}nuA=D$%a0XrDZW-7e^H9+9gEbVc}~@_ml@Fx3pk1tFb7EFUVtb z+gfScKgeT<+bj|zQK2EjqF7G}kt+XZv4(9XPe!5ne@2FhM5sULUt=@rXFhaY1HL;dCZjx^T(N%-cYcC*id`yGK3iZEfN`6Ll>O>3aX~(KxN;Wa zAj4(c5g&H^__!ij4MQxv`aLE9Y=wf!e+m++wRSI{DK#hw*-Bq=(Up8s4`6u`Bc;hy zxNysJkVv)Knn}(g74O~@5>=+?qo{CCMye^tG_*{G7{2^t(spQlir z+h#EZ%V$%^zz0#DhO!{qJWCG42?_f) zd#VS}H_HCwb+P%y6M>I#!GW`ORtHq+yM42%$rxsrH)WNCLH6niIY|9$m3#`{ zsoSM(Xh)yG>euH*{dlgRzWyrqHfWzg^Yyx{yF{Hew7#S?P)4_5bjYh$(6=}(5NGTg zResCN_Jh539+o^e2dhK$Dp0{Mn*ABM2(5 z%Vp9RX#o@1vmSx=r`iNsNMTYW z&8v#jt`9zT)2z*$XAo6y+v(2KRr}{f{lT5x{o~zhwb{f8uqPhNi=U~6LMFyVFHfF~ z-tOJ4;~SEKxz2-ImeZs;57T2NuMAH)tvNeTPQ>A)tQmwvT9*8Wsd8EtK1|0$xzAOj zsb_P)n{?TPrD7?asfbDNE#Z3X6w7rV;Kg1`(`ROG-+mI*enCe>7*0zVh~bxQ(Jb>h z`x`Ue9jo|UW|=>wI6<*QPW@avGVhx2ksT@K;?!p=aUYaEXm z?LVaTg<2e00kF-i2{laLY#ay5aV<+UnBn%-D~|6OYi~>qOsO zB;0sBTmgDII<(x#z!h8&B)_>-qr*r+8i)WxUPug=yx+O;G3!wv;4Yr`hmFccf>^V~ zjeJY~nr6!4ISEgzW=CAIjI^mvaZ8VO0{|XX3x{{zJ_Z2XHLe-6z1yGrh2I%0SI3aKK2V;N(S&c@Ar4g|6Kp&UxoNy_5c6? literal 40252 zcmZ5{1yI{xuyufzLh<5OT8g{7YjJmXcXx;4?heJ>-QC@by9I&;=jH!qzWHWeGTF@R z|ssYm*<&9`+_bOx!I@0RZ>)s?1Xtg0_T^kAVnAs24-zWvAgFM!)Vz8pWjFXA+xo z7pCzV$-e<;4%h&emydUF+Q+UQd|zgoZ8lN4&pU6;^zh5u`}x%K%2IB1 zW`drbJKbm9fm^YynTm65IeuFTkc-c&_h!=5>&|&a{tCVw5-hJqtfx7%qudTdbb%b>1>d^@NpApGvvgD^v0=u#fL&~ zCfnl!lsdLilmE))*4)E~=9}}?==L1uDV5Vx$L;jIt%LclP8@hC{&9=%f|eTl!8f_d zS&`F_J9nR!US_QuR9`~|l=F@gGi+@!>Hhjb?n?)*0IA^akr+mrBX<`&OnI2Tw4S7# z16zIcN-~`ppDz(=w&aL_O?VM@zM0yIL^9~r_mck2DFB0FYmz#a=KIh_Q# zcQL~RZr;yKdOEMrYnOtkX!(g z2*ajDHDc`sh=noXC0=WHnDe^LxUf#nqP1QZi9wWydkz=-kN*@MNoqFj7WQ%4h@>|c zFZl1<4`@2lo-EEmvS4ZZ@|A|RlGYcE+*c=D^Pi}c2l8-8MZ&d)(g$+k$pmMVf6Wyo zIg^!@qj67SL-iqp-~U7FWY^$Zl=scQ^Xb!_f0*~%LCWx22F&uu%1 z94~{><+z@bl;pVIcr9y6-w9a3QU|_7tl)?YVyvs<@z_#_wxkxatQ`_cQ;|t=@xe%9 z0U@uUNmcAZwF3<14Ia^W9t9_fJ`Gv4Ux5zXxiMa`o3W#BY_?=WJrS87bdF;AFLol+ z6wWoHJ~12E3R-VWlC4mRn3l3O9Dt266H14ToHdjqqkESlYeJzD)-O48DO2$yQObMT zA?ETzb*i~|PWs0e0io-B4u^H-eI4cS8Jy^rG;alU%8+$=H7WY4)JpM+OG6bu5hL>b|9s$G4 zvRG>xpHQ7PG~rxsiGFc)IKU8=Bl42(^~ag}=F|xpvSg1USqWtt?}J`VM@aZ+b>noG@%;Cjl^iXTkinY- znH(8o)S($Ac?)WOW;-R~Z+qZj@%Ocr;xL3{s4cNoN-i>nkYu=ph@46`K1&>y%VnHG zO64L#vBAx!yCpe_&)=HXz`tABidz`gT8Q3vSg#0&$FxFRDfqg>bQ2;+ zi_EifeNg1OoCC#YSqccr{t8@f!CKBt#T&>=QP_Mp*K9jZ@xhaTx?rY5#)6^yyDd?wn9i~<(_W_iF2TKwc}8liog(x}#|$0uzs!eF=rv^3Rt+T8Kc zO<a0-J+~0*ZUrQW6Jf9t)&2DG8zQfq`r)?2o+xrEZeS zjDwj@m;;1NjYL(HChpJ~PKL1KD4}I5FOdORSbc8~3#%paQWQMV+a?4nvLFHU2{ys&Wzs_J)*GINf=0~*+&xBxBv&sSTnkTGW>E}QDMkoe}kxTpwON+_fLd7!Z zT*S_Lek>7ce2T+lq-73S8{rl-5=yD=i%SS%(fLVyv$@5XPrP&UEe;n(Ry@#EK2rmu zV%RWg&?u3lR|$h!e~`iqQ5TCyFDVd_N2X64L*%wwfiI3M0rBG3{#P1Hfqqj1ad8&O zhx`d^@gy~|SkcBW;3}H%gX6}%&V30qRQnkpF3EwQRPHoR0fS6*jR0k%bg;*${B^Z$;_?ID4kTm-;z+~4)ozSNnuhOvW zHOGyj{+5ll5GgkZ9?!yLj9`nE0;a3|6S((LTq>THzo7=VzJBrBma* zCmAl<1f{e3pl-+|zcIm?Df$cs$1;j>{K}7knuOQ5B31azmYK8Di_DFLS2L0THF_QJ z3Hn>9x@DUv_O14gYDr3IwSYw;)U(4t-*xY*sjP7ff(J=2+@6Q{Pa(LyNk9U*Sl{4I zShq*Zy8dWmfO;u@IMS2r*T{CMYvEG(S8g@&`P1E(gtSavmHH=n&_pcfmjpaCvt|Jz zojHRoMkTQhIllSRRxJ|P&rm9Xa{|Y%QRHghQg&7nF#D0Rr1sJUn|6KzY`XIiuJK^N z{u!2?D6k$!_rD8lgS8hwKhg(oPe)f6o{6kt(pvN$$Q%x}I9K(3+MI>$*DfQ%?xo7O-a`!k)*weLUHhXQK{w#E?(-h&H6L-8 zVZhUlDIZU7Ql%2*C6#DGGF8`PzQ)CYagL(cto#+$e&Aex2#&l2UPEzI-s9T^1JX`(ZXmvyibpuV#~t3aiSnW%onjTAok(F7kc!CB_R zrF=wZI1~J5r+lbu1{zJV8p=N3KkcNW8CI4wmmxmW^Qtp7Z#Gm~6E3t*KtUN*ziK0n zf3eR&P~E>w9*>p@WUPo;%To$Z98DHl65o&BCW8Qoa?)*|v$0lp8_qA6Csf2z|8sAuta;nzB#sOZ;+NVM<3CA>8*#_Te+$}k zdRJt#kNAe6<_QuV1o;z|9s{x3?Q$3kFNtrYfY`y-cPQ{7R+-AOXF8D@_E43ph5Xgx zj)*GJBtkBGTt~qjDfsksq%(k+ zPhj}~=fn}FKjpbxx7Zsj-1S-DNy3z^P-riKE8@U_U{Pr(i#1p<78d(2&8LYr6A1^w zwgWriz8}IAYA5iO;(u7@$i5<~^(qPA(ArDD2LvvwQ{s_-z#Vb7^!62o%S?9X)d*oA zc#q+Z>X)OU39tQru&atUD*eXt7n4@P-5&Tj{Hc(an-33D{2kh_PX7wM0Xff*?dcP< zzkNK@LWT~`9=vry=+R$rUpUeXbN0*?lS2_9XvgIt%0YmhvkJp$z3(sUKhY+%ai2 z?B_O|I9Z6ZCwJa@5e`ac4u9B zT4q>1*4v#uPrGPWKCgT5+xOeAn}F`Co~I5d?`^+ZH<-unkE1Kt>ofj9!pj<&vH-&z zWG_30PR1)VXht4!a zCYmSJBvlcO*P)wCtn>HlppV_A%sP8QG>2_7Nwoxa5&x7BB7fn)yn~6gR)4 zg7ipkBlpd|th5ft5(7U_#++fzG3=G!N5fMh%G=FtY7p~i@yGbiq*~Ct?=QnflRL2B zJ@LJNUEq4O3;3{8{5u`J>h}Ct!uOLxDA4mK?%i)G9niAWLbY;1H>9!>cvaf0twhCo zUYu~B7#RT+h~Gg ziu>o1noY$>P0DB+N1}}s%}jyy^Wok3UYOMCoL32C+BOD9%W`P8`q>>uviVv*RwX+S z9<12BTF7m28NS>6f19J4rHb_#Q&kM4O(W1O__lr#aD0d*5g+%OH6QYs^Di&DF|meS z-MJKXqx)?Y<|=;z!ItM2e@ zXWhN~jQK4X3z_ail%n9*cX026Docr(r+i~i!or#SgV<)l_bZnD1xjrK59#?OC(Kym zSs`j-Gp?HKz94ML{GZ~tqiKeBl<~a;QUI2uV)2(9OED^UXl{mGsZ4>NdHq^KBl_v- za+eAHQu}z=n5WdB(vX_Bkw-hGM`B2m zfI2u$L^}?PggFEEU5*W6SA-4#RKK-*W~~EGUy1*?wF9FLtU<)0G*Z zpe1@G?=I7&W>eIW*3uXVEoPjw12e>qzmEI*YBc($ChBAxlGh#DgRr`Sv9yBhi}$b`!I}-UBgy01YE`z@y*R+a_;ypg^~^???JK7-4lb7X0oOgU zOw=MQ!Y^}u)eK_OEYQ`B`@>P0pAf2N>8mWW!m`g9CL>Z#n`%AfnAK-B((7CZeh5~A z^F+d2RW4SIJmTk<7X_Oc8eRNaCZ(k(PCMZTyRR$U=6|lxQlA2C64atTX%{&*j+K93 z_4$h=8?@v+Y=Bcr+IGbU*J;h)1Q4fB*O{r@5!jLa=T|jq_T`V~Qb+&*wD8i(MG?9C zT>oPeU>c82@rB3LE+K|n_24@<(hV46lK6+;g*kI6KCTpVK0-o@z% zZhwz38k0h1+*N9A*Pq>K6mE;5Pi^s@VjM2S!Iu72>5>)S5|1us!lUu)=<(R(CVmL+ z3CjeNk-7bK`!wHU$x+ljD}gZl`Qu^FH-P`I8Z{a6WNBCwQ9yrD#5BNbpE%If=1v%c zt0uHjfGCy;Tm5T{l^wQEAot#vmt8kPHcFrqxN@IA9Ze}!IWuTr!yqE%%0C<9 zlh^C92ofpaP9CYP>a*t}d|MnA9*T6)P#q@yWjp?@joy_#zcDW%dA=)%}27~ zHn}}`?=P3z^&Meqs3;V&V*#{#DA`Y^(w0S8A1BbOj4O%7m->c!(eQo0D(+xJ7Ns?G zRNZb~xLP227uHN%*3td6)0^(nvjQQT%mENKQ`R--Y+j)xzUAs0p>c&4jB(Nznl3l1 zfBt5b({pHLS>%mh4N1FmJH`-!2d-YO{oOtmbUcxSGx$`PTMWm#J&`yfVcq^!fBk5c z_o4!|JD%LZ6c{#$Bh@h9_GC}ur0=+z#%S=B)q@VyHi)%rkQ$PEvcqf0p%)|{9r$XA z&nQl#kf0NVEUe-b^AcB1>yT^azvi(wH1n16;t;txxnrNUka$MbvyIlDTwqeMj+-=^ zE!@xl>@aGJ#rKjKjpxJvYv1k@a69EOu29b54kvKhWX>6q9tj0~S zhX;Djz-)ige@GbO?Pbb_yq@RskNV5#iMVKr8nC;64Xlh<)6Ou|owHWv#20QoG zSaYHg=f*{9e&~wZ3TcIKLHRutCp5h9ckX}6dx`9ViMkHu2H z&FQ^jLca@MI7{5nks|J=Bx$Q*yLF2z<3H==-5R5MaG7blbue&Oe_?QI*>O>KSN*X< z7%9XoD;_OD5_zi*O0Q|dkIfmViDRaUPS?;WiMR!h6Q5UBh!#b}i`;2t z``aa33WN(U(Z3W>IKO-X|L+j{u9XcBR)!ksl>YqOU!g6|RJS#WLayKkhq$TGjx^=7 zp(T3Z+@pne`Jd^|<^(T)@q;cqXHZ+lMMwCPzLrnN=6WpnX2U5D=D8=e=Wly?ZL9uW8c%Z8q-Rr;1WN{%b>`(u>n3~%92Y^!M&51O{6xa{=q`C;b^ zmy^vH;v;rLT%%s*)mS&^73&>X@RSPf(POEps1-zk;jU>y%!7kTEULKN40=6fHCL-m z@}gmU48##IPzm~*FX9YcbslBF^L!ra6?2IJzl`4WOx^UakvwWe9k+iCA(YE}i$8wiTTM+U>*%tn0N|9e9HJ{qx^VxnB#8=ClUJ z4mC(9IG}B$qC6!*dwnt7CYrJ}@p%J^4lXoDS7=-rGpKL}MtshB7pn0-_>(dCI_O_? zv}<-*&a+~UD(zmFhdSTpA!(XZ-?!oDMXiPiPqTxH_&F2*re)jZZ)UX4oAGZhdhgkz zK4G&>3nFXGS2pN!uLhSRiE)vVK{%b7**N-j+?H}H3f41aM_Fm1Mi7T|o@V-NK9*HJ z4yUb=0#;qP2W)G6A~HdNt#jxv=`g&+U6|qBab3yg$IhD zK0_sKBE3yT$l6$1F@5eNG$jmDL;?Q(a$EeswTJ>HV0bWQCcPoKIHq`w9D4`ei=$S? zke*XumLnR?$jeur*ni=`S45Sn;V&QKQdU2sQz>J4p&2J9jQqmmf>Fl=`ZscsioHcb zq7Ib5i-BE91syrCbp1FmgKEsgXe6?2X?9u+<@$Ys#lvs2@ywikhFMkU6pCzDG=P~y z6>MAo@JKO^`fH&(=s}>tO0#8dvhX8ixi}_;ZNw6Tlnm1+@A%evAs$|RE}(Ha182<$ z%{|%x=J}5te2Z6o&6$0>s`P-FF-Y_N<*Va+U&T|fiq&Z__C8srzrSpL!9zORArq6K zA-n(giUvo@qhe;B4z8e&SqY}fUk{lZ_g^rSaE8<^-@kjlTW^ zkD)2|Q6Qmf&HAd_)4l}7a(j|P@g{kkNmsmxn-+1gkvf-ycFt4ITywrWvESxp^qo1sYo20Rz1Cb3DQ&r@V^gKGBq+j#QDWpLPqq<9y~H47yduN z^9%ss2S7qZP}zO`V$)3>{TSxUH9NeLY9NfDXgU=!6`abfrHXv-vO?c-b3_$Vfr`C~ zf@RZ?!d$LEllhr{dtWhovA6f%a8N?(KjD1&V`EXY>D;bf zwhp_&-EP?C$1}Nlo$icK0D%7r4519$JLjB1ewy$0f%lB_*93A zGJ;`01N`~?2X=pZBu|-6G>{-*(-AP}3pAWQJw2t;>6~dxtY^NZ(!b$2Q_Skm&W0C` z)Thyyn3&*YH`{^f9$uu5dwPQV^h?XjC4J52-XaYgLIQJ}s&ueq^y8zjYd>e^WfQx;6fe`TPH4kFO2fKyBE4I?tDPu_=W zIaE6)Xtox`rnXg_KMd6g>VN@wP=HYtt2(N;Mu8(NI&JsEv!$ooqwosx z?bSAu=5x=FnH|r zYbY;O0|#MiD{N6wGw15b^<_G1w#-XInZ1H5Y*w#$Rs*ySZlkgjU+?&M1qJU&%$9|`$c)%a2cWFYtYwlAy& z9@g~K)zflv-miCsx6#GtZ*+NH4`X*jhb!mE&d$zEO-&a{*o=)aT4N{6 z?VB8aWvs8a_498|C|4B=u}Bwn+=LZPw-_9qpZ_!JHI&V-)`lZ`!R^B~XvkV+A?BG8 zACJZt2>|e7eCVL~&gU?GbZH%RGLG3+jPwWf#lw6-rlF#-_w@SyQ$$>RWOY?tPEJlj zqHHOPhNa%Js%0!oe`rr+o9Jhxtfv?Yc@9o|BTEYJ217P_%_UQ!NEoIj>zxb!a8INt zHX>eFJ${V@&RU20h?F~ag~r{Caor!Z@M)TiUPD$rXh_@}^hBl5a&6@b3g+P?5cUUI zCl?#_{}&2Ys@mFkXu2DyDLQv4uB_6g&gvQQ6U0HqzZeVVHL&!OboB~sEJXXiF_FQU zQnnN68S^fbGtlZT0&OreNiCX(4b8Q*8usRct!$PZ4KtIchMoQb{2z1O4$oACeq#sq zTwZM7fwBmt>{KxZb0*U{tk#pFW`2>KXPlm$Aro>b>*?ufXrzl3N_h1&vn8_dE_VDu zfmtna`}r0L94WED*Z8`vrT+J_KWB`X%2zac-uT!?LSE@oLYMkr!>M&A&9|IMo~8! zHkc*+H#dZagVUKayNh`DSsffg#2)rkP?10A4bc+Nd_a5}#-vT%!KjA%<`|?|MfuMK zf*%hU8v^~-xN`>m!xZg)j8UjI@FvtuX+OF(pmtn9Xa9^>!kXgWVigxC`O0dRGT7T+ z!N!C`zT<8kxX@8ca2R(L&ALmErMinS3h zh?ItFK$qs{P*7FtpIXGs9-R&!_H+d1NQu43PXV;8cT=YLaRo2fg&Qx`WW3;hA!12# zq2Hdv(l9W~!J-%NqF{PQ4oGk=(qX53F`LAw7dEtNm+?IMi64Sh^-N^djrB(1BTd<= zYoEroYHG|ee?|RvHiea-t_Mojam#m@noRVT5CZ%gTifIq9=D^x&o;U}#EdGtYG=1e zebi3K4Hfh+w3J=KaQO=xPKkK|MXccniN4(YR{hfF1r&2eUNmGC^3GsiF(K{z_I3P}hdNKWP@tR4HcyE=b8Vwr#O$~*=K_(wLmYI=$p zedSA2N=2T~X^?RIO|+Z9Q^oY*_u4kv&Eg zB{hngg)>+Zo=xd`36ul)cN4ve%x8Zv0m0Zwixx7G$0H-m>60~V9i?Jl*SWh-9WqMV1QWi+t2n|q zxE7IL&GkktI)fP&1mc{tC=B@J#zw4NbZO*oeib^yQzwd0GV5C~L+?0F0ThL1sF7x8j(#zSy^q-@@_^xLj?u#vj5x_`( zNOKdw@rTU`-<}+>T3F%m@DK|NOE?T!MM0tM(FdTCp{ApwqoJ{8miZS#E7WdX`Q7#W zm%sl|Tf5_Y0ssyQqZ$3k5-lt&IE_b9`#$@MiVkht>BdG!)6&xuv6#yfMfLqhv=F9> z)Q!!Y@G9@#+rFiFuZ0BwMuQp|{UDb=@j5a8uhr`Rs*F)zh*RJJ24d@pASUh&V*aln z$@5v0E1aACuX*bP4EbsAdD>e%uu;qvO1mGaws7sU{bzc3-;)Tk3Ab45r*a)Y>Yu8{ z1uL|!YP?Hg{A?_-$>@p>~&9 zl`g@~Qg~qxbCLBsSU>S^Mv=%KGc@3O-NbMECmgGXNOgF+jbg-)%eLM8qxW|b&Zb@V zy))}qNp>Ym$4bc20~)C%zxaLu05x6@QfD4cFc-!gBL8YxI{cH0siU1sI30dhrb?77 zqXTWfon=sM?b|6@+xlm(Duy&&SPw;I>xAc3%pjqVnobuV^*i`49;iDlkip=@10iPs zfQKuns@MYE140hbI$D1;>$F0-0^_r{sbX%|>U1YEZ1#^3BArXt+B!Do%w1i-t;>wR z0_%B_6SaGOyJhGI{4IrYzy$#E2G)qqO^A7gg7;4_L>15mTL!{3=Wg(Y`UfX?0t+ap zf`c71Lgy8z0%=>tW_JZ&)amJwH^e(9wkuZ$7fKxR_-?+2UG7^DoRZT>hN+obTYk^X zl7y3xA*-GqhTMt-rFNg=F?TbK){S>WK`ESTWvbqJ^ejibI7 zb^{?UJ@=79<#Mai@KvnT)^MZ5Ng)a7 zco4`Cwrm1ldE#HZu%A+61iZ|OfCB*{`wh=_71JLgs=J$(iHB}zC?+(})*tysJ3&@j3&DbfjWnT;`VODH+`AV1!j}h@?m-OHl`V7nsheW>wJ3uP_PA178 zN~0N^h_62ri?R zzzh88u@TPI9VfG$vvpi2U2phmEBTFY9{^yQ@ikI%>IWq+wU*bFc?|Tjv-hU{+Gywc zE`#avPKvp)x|SUL{KP6_ZZwmo>^E2CMJQ=PPfkyKag3jt;ndj~jQzsB1UFoK^!MkV zHmL5b;lzkplfYS4S67+#y;K_A=V=T+CV@L1V|Vla@Sd63n!h<2f~{iQA?0jZW942O zi2ogrdY1|Tk^}T$!zI_-Df3*Sv7IlWTZ1{iN9#LfnX};8;5yha9$j(dZmxN~;ng$r z|C<=3^QW#`9nRr9B9Ijh4*%}N4q^hIUN1mFMxxnp{~rWb!Hw*pBy52@lcMr@!yQ=B z**X%H3_!?NA_tPsl`Qtw9Lt)>oob&EnvIR2k(pZmZd#<}%8*XMxmR|T$4z}G9)ai` z41h(r!+tlgqJkPPkY(^K`3YmMAk|J-uVGQ`{u~_u(1rRsKaHU2y~Ho7P|tI9a&*|z zoT92Wh;%J;gTlE^Yjpv%e5j6|A2Rh$#zzI@xtaO75g8mheX`rugv>`W-MZ%YGREPq zzq(zXg?CS;p8yV>l{C7Nl5$nq2A1QqDYdL7dlKKcJm+;J(-o1j_3nZ+bCi*V-u z&G?;$Yjzf8ELN&5G#Yxj`89e{a41zYn816;%zScvmXYaj!z?aF)YD^ep+5&79~|)b zz5nxBDsQS#`$E8V(R9?%<@?fNx1p)4@sv|hk&&V4R(S{7AL;0M?ENsuh#WdwJ0mA2 zPfbaY&0r}j`Fagm($LaYEiNv$YhI{(;bN@xkp~M?x zQY?fadbxd-n)X;@9uYFM8ja81^yDVdK7V=zyjnFlIcKJ!ox8tcU7I<+b-UW+7Sj7T z=k)?#ZQhPt^3&-dzU(TGI!w>G;IsQagGQ7}WcXigb_T=IF)>Y^T+p=X!0Th5ul!zn zrmW1a_+J}}i%nyd`B@L=;`0WUis)}|bYt+C``nX;=1nFJwL>8i^RT$+>GIvNY2}EX zttOpks;(6xR1-*fTh$KuWF};~7WCxwM6KNYHg|bzbrh9q^m=6B(z)HL!^0)EIsS#| z^7Pnm^?!Wlm-J2Q)ZY@Clak9d)p6#XKZ}S<-_DYae!ZTrH>)%p!Q?yRM~_B(Q7)6l)go}(RGS(b;44eCdIXMGO>tGeiQ zH&e3Rtg=oYMcfca%u2!buzS>h&X)ZZeEqbT%^hw)Rw*&05rel~|}RtIIhw=5s>@ z%DY6IlLRaxf&0^5Tb@x#(yiaqNg}H_GBAtN$#e!-=z{67PZq^QRK%{{b+Q(ei_mZg zW=(nlU#%=GG&D6Gde5{u-_P%XbzEFrz*pPb75uk6-($rJr!p))_75YEj7E;Sy`T0( zo9+3%@24zn-08 zEb=*~PhZsdJd5pxUCEYA@Y>sLJ;!(TFL>Por!u>@IvtLOUG%W94!cJ^){VMobl(p1 z?qkrK$k$|52)eRl%{sj`QZlI@)g()paSBtkWv_59veeZ^6(at}L^6crU?p6&eX*8Rs2$o`O(Q&7^> z6LpQH{?s)Oja79USA&Etp9cj<=?dJ^h;8Isw9RI_wSZ4uq-I=vGzdzt>+EEpR(o zT3OL&A#uNM8raxe#`3?bH&>h+3O6k@9M4qibad*!cbFEAXtz7p6_gt;md3ZWwY9f< z2FFE3-AN>pC95Q*MdPA>_w{Lgx5tv|=!hgqjNq4^*mNLywh3eR4WAetqxOD&HL>B9 z(^K<$tnD+B3FD(Jjqy;{FRidL=8%>V4M^~+o1h+Fd@ken@y#8n`4xPEj3-kv2ZM5j znj6-qzbc!td-2#!z<0r_a){BRD-nQ}Yu3I17En-7u(T{cS&HRnn_FIfSZnsJ+lnk7 zuYYdW6eUfzrIiyEeR_NJDk?IunYOU8;gvUINYIj9>#?iZcFP)=;D3I6G0GCXYIoko z1Z}>&2FCjMfecT|RdRLUc!^FvY|KwWoXlpj5&7yo79hyvq~25`-2GIg)gcy2y|g&b z2kd$D0V^H*!r9+GTa3p23_J}F5BKH9qP^#+Ea5hfdTO;Tzu6Z@iTw;*Z636bb4`4~ zargEWHM!gmLjnG4WA?Z?u-$~OZ)gziM#*_ z@wU3Drli^v4NavPywRMmr6-ytV49?}%z$&X+qoJEt<)!R;uo(OPKD&92+IJJ*l*!^2|IGF4ja zwpEX5GH@OV$?2(J$AeOZ^mJT{e|M(~rlUU}O%B(uVyP;u3hl@{S?BEMSoT4`wilI^ z#@uyru(C1SnG6FKjL~`T7qJf`zTP>&@;V8l8=V(ivq z5kJP}Eeodgb%I-X>T`z-tF(7PQ}4Wb&lh*+xXwi zLw6`p73}zFs5@{GhodSgsHllQr)Na7UmoEbwrK-DT-__zupWQhWRji-_9Is@W?eK- zTUCve&wT#?=N1+kp#ZZnML9i#SZ{TYhjz4yrE$qNm znzQ?EuCB-^C^OU^>AAV!m0Z6WFR%B*iBu^msWt0|tu8MwqlXRI`j`C&JB00Q2(wzS z;AL0qo0__U6i*u2OFkYp=#@&kJ#JMG{NG_lGPF7kn9H!2&SzfIm1vP-tg~w>7u}`L zXD-+sCTDw{@YL+c+o!z}WlQExS-$6<#eY-8xH_D8<^Oo>C~lS=x90X%lWTIa&$^^a zC1zzCx=d4_n^CeRpJ;P%=aFpj@iQD59c*lD#8{(`y^xcUnVOz{e>m8!al3eSoQc`o zaI;zMoOapu(wND~z{~V*IzG3_wd3{KfBh%n&@2#Mb%-b@uApExp6g2W+Y>wdS#X}Lho7l+&RqEI~6 z_Z2h(86~29f*d}hhtn&*`t^&KUJ{5zP_eOo3_}#LwNJ5gE#l`aeHm!xMlj$e)}-5>1_(jdb9oh z#fbdja%04_Au=LD3q5B=H^DH!_{V^xysFFM?9A4 z^+b6RHoZeu@r_;yh`udU#{QiP+ z@o_RxWYx7?^Jbk4c}Y{%{Qb@5`=;gV>nkMGAC6AGYR&eNIJD7xrS-8^K)cZ+B`f<* zcQSf&IH6Xp{R9cg$k5Oj&&xnfNEfq7Yf8JLgvV4>PwvV??sFwgU2(OdhRS_S&xfq6 zY;#l7Ww(u4~2Ul^ClA27WF+w(trluxX z8F2Hft4)oK?_Sq#eczN%oy9yo+lx~|>+2mMHJzH5-UahUur~iAIfyT)&)(VnWrW%w zwMJV}K_UJ5D08JoFO$zk%ns34Xf%h_i6Y{fGNJ%3pCW=7Bmczt+0DQ&IYlj-!!2RN(eOm!vZv)06%`ayM$-Hm zZixhY^z1JUZbyXoz0h+6Bx_V#J=WiPv;L@sNqeZ_3*tcg$W+57yX zY6TmAxk|mmU?KG52}s0dt&S~KSWs~D6nf9E^I>r+E|uz6Z`d?4zBWCb$!`5yWWd5sTzB2`}_ouY=BI=f7?37YV^O&Yu z3TnFVd4*2L?{BtK?=^1LFWxJlj#M{UA3N~nt(Lg#hxK+&_J$iUo!QN{w=Zb>@#R0R zG-7*MDW!P2N|jSWzs(_GIEiXMYlqZ<%q=Y;LR8VLcG~&nbRDuCvj0KIW~vFU>MAd{ z?DdBl2u0#{I2yDz^MW8@hOJ7nGuPd|rYEvuq5*qGQYzBuJ*uj_{46@xLq%n2%x?9Y z&?80>+uc-qs^8k0Y=L0P7`SaTMGN77>Iy2EC>b0?F}t$GzeQnE#l zvc6tbxa*5;eYzocI)nk9yd(Bflade#N*B;G9nj`}7|$9*^X9yro}TJf@Vfc5xa~%H zXmx`)+rigkS|#k>?Y5u-46MY@S5A>)%fH6%|tP;>jfo?-{1=1Q2geW-YcaA#_rEHBVmy{m#5Pc>iGmkvP)tFVb6+6oSvG(R)76Hut63g4TBg{9r)BEQ1~TeXJY@k2s( zNUKmr@>l=4rPW9@QD*X!^}^Bp(GgY?>r#CDu5Qk`*EQ4~@)#|}OW##u2A3~y>`dN* zq|v;eyEO@ch%9{kVf9F zUQ;@+%kd7kcU48jby1gLwRW_0~-quAs*LEpFvLK zS>@To|LX;q&_X9092$Z|Hyw1cEspY`q@tuVta~=BYs#~(uBNuKI2o)q6WQT3v+CH+ zRDqv+>)_@FVX&E8etwsW$-1i;vts^Tkb5W@tls5z-FzgkvY)w$C~5ADUYnx{{oCrt zom))g)wW%l#g#$q8++Fd>5PDiC@UA&`mFI_3au6)A)$`WwvwXiJM+=ZmP(D4!%WSV zkFKtc-;w0Sd>eYPG|rrL=-K+S3=~>8CFc!2{?PG;j7QK+O;r_jO;tr{MNMf{RcRS* zO%*M+On&Keef>8Vq~ffJ;p5v!@9(iAUJtJtVy2$HzTXQ#E;GKYtWCcJ#UF_HcDinE zbHCZPuG6Zw8147*eu4WrkxEa*px-+#r+T?|KID+)nh(se1tq3_#P z8edm&In_SMC}Jzx&qh#G)MOxqFmR{G$M^h^^W3)+hs|&ht|#aVKlp~r@wIh?Jokdn z{ra+H8yNpKZ&)u3nn=jx-}HRAYYSOg#YMK0NjEj)nWx~V*E4GkS&jqxJoGItIxiH< zfIy%eD_-0rp@ZbnjUG0MK8Q?Ps!($S|H9eKFAr_WNgNCxz4Km~{U>m4pgOitNluL| z_i?w797|M!fr+`*id$!NoSNC<&F8sz(r_#bE+|*P*uACX%k|7qJH0L*D!YEkeG%XC zdaTTAW!m@HJ=9BR{U{dD&dhJ>%GrbkOdL)yw8FjL}=F|-dlckk4U zC>S4?O4D@oXjHriw%D+YBZn4{NFJ8KT}| zlsBAJs-K_>7PZmhvl)zg|KNSMo6QS&d%o{@8@cq^Cdi|(d`acI-O`wiEFa!ivdci4 zq%M;fr~3Z4tp2r2Ln1c!lIPt^R+lkbcEOMdGwB6s5noj!`(e6q?uP!mr~+cUkdM#* zQ1%{BO-0?-D2fV#fP#opML8@4ox~moZ?Flk9!=*=6mu=bCd7QCWOHO~X((UsQhqY0|!a2zYaD zkhKF$Tgkpr-PTz4dClrc06cQA1-{qeP_x|j?uMvmZ{?<DB~)3O{UhM#C~o{T z(7%R9&9*+9fs`O?>%QPNqZ0V}y|HKgh_UU)NfIWEOP>u26-4PeyLEWHXF}5a4WTvf z;NXw|f|!&w(?@*8Vp(hNebJCJ8S) z0$wLQ-Lycj?{D8HL&4s`9W%^oz`dvCq@kIrUpesOk|u-#`yU1uvRkNw5gSWfkH z=|Dq0Jv{}5b>O@OmnY~N=xo;i@x&ag2K5Ow4PIj_N}XeD8-r=;ryZ$}CjQ;xcYjR% zs<*E%E-sFgm5hw6PE0IIA%#iu_QS+cqed<+32))a={G}uN2D%ZatDWG5qRSMN)mkm zyQ<@h8AGUsJ*J(60IeE@e*M5^ zzfn+7S5O!l_wZ0sdMbyO(ro}uz*R}jhgXh-R%+3@AXBTU@$pKr^*H;niShB9fB3N3 z(Gw=ntKih<_`#r0+fq|d%*0^C_GGBZEtA!<8B`1Y6lt_n5!evg&;Xp`$_?padjQgg zsOy4pwZ~?cYDx?q=Zy=YII#B~EA!f}7Os28Dj*Pj+YPfdq0rOA7D6$L+V)>Bf!8hIP`Dg|ReL+TTa3@&0xsC#;9%1!aY<38M@zfS zt|&N?KIeOUI=YX_==#_|_tywK$5w8^-(}9Pv#_^><|Zhv3VT|de?7GpjVTv};U#ug z>Neipdz}B|30WLl&aj&I>3ae+ zY!xm9{k;6K4Kmt^M$tsV?m}JNmnnAAoFiDO>C?}*+kT}N9F4tsvvZ>LLXLw2_m?fY z`#|Ed#v@7&$D_k>RX zaD1$9n>MfcA~@srsA?;yuj!S+cdmjZ8XlVV<8!JhM<^2jjy8&U&ZKDN9(U2F9XRi_ zOh>Soi!!JE5t$Y*D)lt{;N{~yG6ICQfM^u(>pv+3!$uY0r&i8c(H-$6drjY!759po zf>^|V^u%O0*O~J@o6`RnEjwCgs7SY|<{lNmAyRg9K_`>3*T;3(v{oDl#&gY zRl?eNmX|-9lh^dFqeMwEO>?L0(NXld8fVQtS;(}m=Jkzo6+Xg-EzCK8xY}pvuWi_E zuDp1UBrS5S(yoWcqXf03{mAog<-^m-1xu?>X1G}ocj`{Zk#NdSyU5MiGNx4oJ_g}( z7G9qqGmq`dXy|CdKt9p`^?k&-hPzXgD$4tpS5kStVGogBb(X6M0F&Au>k^cBbU-iI5I2<&!XSWybBxRBo;!a0GzH_4_ z=1xu*J2y{-WvE^-CE)>gcUB(0I+dsC^o`|ZjGThPbqbRKgo0USWEj^glr+gskAFM) zAGjwa_+IlIFMBt%?;+dsvKo=$?^yEohjgwz0rb>rx6CIdFi@{M^t)%5!Iw6;IfgoZ zbS3*^a{ToNp97A@1=>)>}K-$UD62LXcSco+;C974Ldk3o4bLf&H6{ z(-~zI1zZ;lMzc~evh||Q3tjJw%pH~KY3<5CKGxc~s<|RSy0YiOY3#}4c_+TsS1h}+ zCNt;C9-q9G(RelHWBdSX`3VSn<=MAhSLUkoALo6{8**iqH zn@NgGslW1hL-oa;TImI4n|b(M53`FOP&FO3uNUWbb+RsHeVbz4#@}=LRI%9d9WR?Y7el>&vBgk=oR@IFIh7jYo0- z1KXQgOGZzpCjO`CT`|4ft4(csO)=}D^Okj2ynbS?@r^GoK)@NW3Ul8IWq5loJ-xNs`QA$w&Q2m z$J?VmrKmTDB8bQi3j~>))9%yqS8=m`?guM|#7*bZK}=?_?;Fviij@*Kbyn zjvPZPmLqD85i=4(MXokvHE7-sv5Cnuo!^s_NDUkQ676=}sqzeW`K(nyk{qwRn8S`Z zcXe}`eqZjy_4kWPV?P@`Xjx?E{^<52jLs&?`FDt2)M`j*S9xFu=wVGjR#*~Wx6)*j ztr0={3pHGGY%L^KQ}`ywT|(;Xx}4!W3+0;!#Wm@_l55`aI{0bZqtFU%Brgj;NtCtM z=(;79kk*T@A(`A**sZoH@7?(FegB^1&6;c_-@E}mBdII;{HG}tzfM;*WBhz9R~k1q zMehG~0zVaDGwEgAdC$0&zL)`_6aPN9KdkSrW&W{@jebwm0s3+6#JJy;QLNjR;y<&qQim zQ3_vq8a#|wMZE5@Zho}kaI$@C()m7Wu!;5#DCH_?SA2p2X}tOpN7S_PWm7o{4|Urc z>!_&dU9sEM;?;pCJdM`M9#{IO$5Vw&znrWp!qcbFB4BylYsC+{Wo4KVH>unhX4)Ns zK9wrTiJHrHhc#LE`%34~ko6fQ*- z0hs-+k_Ez|A88S!gLTDI^NGFkPWheXQsy*k{K(KccC|76fh(+Yk*>|x8?Zkk zM+oUn&z<7*)JtlOx$(>OPPAP)d%i zccyl2pZV2;)I=&3+C4uwyF(ahgfxRztK%)XnP%p8#jj9Dt^me>P*By4A!Us;A{=ne zs(ysrD9y{lF^zQUK`OL06h?qsf$iONbPIi%L~lZj;++;8K(cMrk@BTtYQWO2{#x7n z&Z^v6$?7=Y=ZRdRX#W~B_htlzsAG~(67~-s{j6KHjeKmExAa1Jx=M9&q+E;M?>t*57)jAFFEBdVBA?O6bOa}_1mz!Yy4 z2}_IWEdz$k2GwGSYl{-Q?tEkYnQ>d!SPGGp-|sveX5El8*M{c%qepQz16%C{d&D^W zl;KjuwrU9=)_9?Z21q~#2J;PH0G`mRtI39B*M(jJTF7Ik)*)SR^UdF z{Uau#7gTM6fIl|OcmI;lgVf6w09Z;|T266YP?(`1{XeRaTHwA}m0lKmb}&i8)Wn^Y zG%hU3t^4mo05>iv%fL|6+Y>Dhb^+^8FivBr-FOU<(PYD2?JD75+_HKb(?nYBc zH|NKkoL1wNdY|q{CcBpa+q5|zce*z(0o~EJ)|pu1U_nglAD(^ucaAwbI|D#^*xBDu z0M@rtxcqV~?!o5f$jHbEc}}#RgEbj?#93(5P4Xwu&9K>1!30TV!NUxVc~c`{L1>AwMs;Z}9Z`M&9;g+gGrZAxJ@e4djh>MTciPO{7 zfj0SzvI@N-jZgzXMQt4|JsmBUr=z?Q!T#7OuK6pxmyF#PkU#jvFif%Se_8)wA6Eoa&66 zoE$G$ebCRy=H`jY2fjlY*%z^IG<5S@t#ov>6IIg<3%ZWL7xMu2(o%s3=0eHyp40Qy zrv3=b^3)%rnrF{4xC(w#(m$&#Z&dLg{_$_GINS3MM)g!E`FXpk z_b)_Np)FiquGuGkB1!WXiI_kV<;zXgTzTK8Nz{+~zM5g2i(WiW(7Wq(513Kyh>Y{I zkxv!54x3+ut2|%#K4FuO=m|{D9<MKU_YIpp zy?;xXLbd5m2pQSyyBS04=<__s=OA37u-RgGp^6l7)(4poV17(YjeQ>%a_`&balky= ziZSv-a=4gx;!oz0H@usOvn1I|xTOAo5~ru9=bFMzt`iZRd%!a?fBY^iY%3^PNBi88 zlcNvQH za_7Ru#pUBQtP=BS6xmU;@?3v^^abz;Qx))x{H>NN#QD9iw;UZE3JPA69cZy|XQ$&R&Tsot+?YSoDBR{%f>O0%S=a<`_>J)@+#kB2i-A~D^#>uGo?$25-bY`>LW2K^jODVgN?5`FX#6x!uGDp7fR zgmH;HT03)c<|8R8%gj&i+YuKi)TPNASRa1=Cl&gOfm6 z9hC*47KT0TE!Vt^BxQ2t7gs;tMUq4<<2Cb(&fB`XXJ&G+^%t8jDdYKDKi2NvBqyI; zwvh=k;r(Q9gW7rgw=GcHM}XBOWv14=Awq7$@LF8z9h&m7 zjsM5%bqqVZ<>hjPZo!PaAkGw^E}$w)chTwDa;2l{rrUoRMS{+gIUv;@`^qk`l+OuP z*~$W4{J=_iac~T!(He`2=j-!}`PQ#G1p8(Z9a}V~UR3|HvA#U@jken4S>~57I3c0! zZHJ8Pcd^TR8;*igMJLR|aM%=?yOv=BxVLW;K&UsY#>Wje+J> zb34?Id{8h5sd8!;Q1b9RZMN~P*+yBCr{f)u*F6X>fRRQkBB{Dx>!Zp0^9-g=ejRNQ$WjEo(T~$X%3Chgs5${EK zNlY@jc~pFNwYbJxz+Sj8t1UQeAiYZUs><*zELEPA^@J~EZ6n??`cfKQ86x8w2^*;iLG#%LRmh!@v~B#dMuE>aP+R zSX=pHieD>yBB61cnvFqxRDNrjP8PDq&<-aaLAuSskI~SPo|oF%(FwpSIG8xreskVU zwh5CTAwT0`#%dphsx~;Uo|Sb|A|hHme(c*1FVEkSQ*+^nauplYL|ToH#SzYgCmiVM zLo9i3$wy%%p16&)T_?Ns>4%o>J-@<03~xbB&SMb3Z+ZX0<3<)wcG;==bga|nuJfif z@8+g-ij;ZESEJ^>KX2lY3kwwOc#6O!uj0DRTG+A=d}aES+8A6@R`yg-(5TdGET|j0 z(8^ShuX1nHCIv9Dm4aA8Z6J0r^GBHbf=G2@bOP>TFv4->OO>Ht$c?Oim2RVjW@vVE zbxwIb`{BE1X=(*UdHCZ52y?gW?hIk~MOv!~PgG`iQE9hIf*D=tx0}@bSO$dhgT{MQ zu$MVV%5Ta+KVXUvGr3KN0m}n?zbPNZio(Qy$ z_uEz-AD45*G{M@Kf%Q47dEw{*bbe*+SH7ng*W2+Le_KaGcd{ELw$@e~G(&D(%R;My zI&!7<7EO+v`8(`>eUu>Jrlo9fJw&i!f>l_@K>gwtAaN%4()!ji4!Z!lmZ!Xf_y-Uk+X3D6H>K?d3 zkve~k>Q*I2AKt+lTIKIV`VH!xx+w4Gs!Reh=T7ABv2kI#FbuAyv)Cw85>kGnt^FoC zAvl}-oqMcLBzx1PcGz$LA9T^^%rH5J>~z(!+o{(dw{keS0?pi210)()a>cMtNk{7I782Bh%Nb>kh+%QKGW z3;g{23xHAnRCPxEu(iS?t*K@nSoA5?E_W(V)k)neSiOUrOpJ{iV+Y!(U5c0xVKY@# zxBUrA*EBqvK(W`&Z{i2}hQ7^=JO-L+ap{XEO8HkWCae#o*YT%{dNf81?9|~%woOST z1rQcr$DBx-SY_e^5ArY`{&Lo=X@I%%wD zJM225@g*Pkr0=zRhBP-f*CHD5Gy?+zN&NjyomCAqGRyPxKOm;*zi9L=pT7Mhe&z%L zh2!_lUOCCro5O*P-oT0gS5iWLzm_D`Qq;BDBZFhFo5p zfq}-w=WKOxvEf%0*b5k*;jkUlR0;CFU`3IUGze7k<4jVAmR3tki|0uHzy&t1ROpV`NU7ehoI8hY7CFMfve^kV0X@~mjiuxO6au+!D6z=vNicC&Q z8`bD0+!Y)0dTUatc)@Wme06zw45EV>+SUUGsN@MqAsBE}8kdqKmw_qrUm~{u(!2S& zo{ZTERRW(9onK1dhDEt6Q}5CS8Y8+b{}&g4VHfy#*mim-bw>V#=G8sE)bM!V$_6pN zY5jr|S=vu7vBKvP5=J2v$7F$dfJZT$5JP%;4*2nqp|iMDiEaI63-b`Y>8YB{_2uWI&p#M;e6-(wdKff-rdSkb&VDrAF$w)El|Ol7?y>pnt1tW3W#25W?|PhD?WVc7<)lK&3h2aMW~9q!iM{(+ zLGItIMjh0+dI4NCBB(|J+G+qBk9YsB+V3Q$W`T26nz*B*d$l|3&RW|w*9A0PNplhG zbM8~tj(5^Vl|tPZr`B;o6|J&=nWcy$3`s}k6G{>&B-zGnP`gJfx_ zs^8n>UInyWAIGc`#f8Om-)6rD)LOG{-}u%CuW^aVcP6A~J4ZG9P_seQC7N50_ChFDe2@nznN7heC=r~hp{>7TOc{S-fT7W2y=;`fl53J{{U z6eP+16QusQRABx0fvEq~vi?_cjsLvIzl+1fKa7H}{SZet#Q7mtbir>hs=Qm%R$RMep=rBH8pzDr$ zDz0!VscYO_VnI*^3LYDU2W;kEB^qV`1#dHyB9yhuMVuWUK;E3Mc?;}wrGM8mev;VD4rf?D>R%vc+rQs0+f5Q!|^z=&!-J_Xz@K%No2ku($4tfyX%#29{Vjul#{-bo#0r*1<~* zx&X3eYe|4Kq!&;FA9d~Ij&1&2q`Tm4Iz>8tcuoaW1$j)xdj~-*wzMuuL_U(~z!M$<6Y~YjAE?Iu*rvyg;FlV4i?-4k zAo^R;(wEC=qjMe?54sryZ*Df-2g9$Fv;0VajvARR(osRL|9iFeFX8Z$%@ZWHmtX%* za&>gl4*p{d9I5qLo_K>H16oE%X=qT1xc&3TkB9XqpfcC@oVaM*u!7okc4{kFU?9L2 z`ZUBPboT{I&NdceV#1{Q)odCffJYu2fZLc6R87sNpjFBD-OHIpM5ZJ`68_g@Yp`LE z@%D`4?e-13peaGToZg;NyL;dxJFfRr?AT7!?sp#}D*P9cbKo{h@KwE2A^#StqHFu- zN7zpA8E_&t*s3`R4ZMN_p3jnqF9W^ZkryaufC*?wveSIO@Cg~$!3;h>2cD;*RoyV4 z0fKE3?2}$oQ>oK5k(ZaZx96U@_hZT$esl%a0gSev_p~TE6wRG>|Ij;4@N{i}VLPze z;kP4@OK36U{qV|)m5}fYkT|a*hFP6Elw61jC~~Uw!V!YtNz00uKi&rWI+>Pa7H1ac z6c_$%#2u=N<M}>{02UfwZg+Qg&H7BE&z3Ugs;jItP{X_F8p#CLUG^VU zawg43S?yo#_fUZX?~e5E#byI_75?0*@%Gm6o4hzp;Ns>f$j|@TdSzt|AjHP*<_Luo z09>`lOKWewVQK^lb0qn2!YK1&sx=T_f)ab#*DA%0fCp@bA~Q&#?lVWL70AgXCxD5? z&W-+{%a&C(%{4{tVy^Fg0;A_}~|g3dEAb zQ9Gf{BGkiva7dd%Q)#Jyl#~=FXZLBxH&-w00SseV8$k=Wuv%Jz0s;cSo-sM8tF0}2 zc=bs8g67o>kYvKCA3i`1dw#iGSirQ=i8%k7eqYO&dEKZ_B*APXl#Ke?`in;=lCM5T zMn(ce!}Rp@m>6n9>L0et0KEaf$f*fBF<1O&4^Y_w{(6Eb(&-hJn*(2hrenouYyln( z+PA~XM9{=!9$@HhZEpjluq+wC;fo}uhIQIDqFS4v!yyWJn|CwDryK?tOk9LsbysE_ zu;>E$nR*jda=v^aqa-7eQuc^|3}X{~*1>=Y5x0T0u$uDam5lXs|JFNc9992N+*QEK z#pQFbaudH#)xtx4aoJI=z#Mvr%`6ZpfqYBM-{(2@?OpsX7K)fiz{STcuv)-&8HoHO z&#r6TCIFTc!Nrv~mV6JOUMH!n>7_`94jGn@x2gdy^V$C2TQ`VziHEfwtEEmKtVzGT zP)~h+XO|e5#_YM=UG1U2*Vonn>IZD}my%YlS~gOwd*R?a;EDsSpCS1{qH&i4T?_>t zeeO3EP^R%SxUPXx?t4Olk-q*dAU_U32wytAqHS*qoOuDveFpHO0b_VOwg=GQFp7Kp zUc3tb`Ev;+TEfH44V21y2LOX?l1M6NTX1a8-Hc~;!#^;G>si)-cZ|C9!T&Q6gY_Pp3k@vuY_$4lSTAanEEF@KZ6Ag36+8T|4Zc-XFu zAV(m*gI6cLlgjf(dl@VZIRj^?`$)E}YXv|90R&HXvai9LKt@*H=<`kZorMC8V=TiM z$gZd#cG*GgFGOsiRV_Eb3S=w!D2 z{8SHi9(Rth#UF1sI!^iMl^pP!ESWU^A*Wb1scn()j`ZGRMC}+XBndW-<@)BTAF8EM z<7qDZ)^1&1t#fZYT=%8p-+v|JO9%Q_w5hkjD*}cS#|?q2`uY^27(_ceR~H&k@sd8n zVa4FO0Kv3hB$(?BVxo)_W5JB{@_r2bS3gIAmFdG>e8OdJpAvTGVF59ZxC9G(AIFezq&0P62)9fg2nURS}Nuk`Sui6Qo zPQ}dnZ4i`ZxsAg?hoaO^!b4W?H(0B|k+EXwsbb30md<2~9Y(I@q?=QE$urN|`=7$c z1Y(;f@^q~Dp9Y>37E#z1^6!+1OEKq8Y~6HJ7KK=zTU1DE?CmPe^2dg`2ehnsEC-%6 zVkduPPcN2}h__>+c51izHaL6Vp7iYN_M=qrD!)KHSX=ub778nH1CiFzxhTA@KF4N2 zL7JL?j-n}Pihu5{77}7*B`Yt#GMe2_2ni*}fh^@cKdcXNn!=>;V;N90%mKk`)){_2 z=>52{t~!2F9AygAQw)$`>T#X*b2WLRaaV2=Etf(jHk6W_E%WLM_gk?$uC7@>xn2)5 zq4y|KhL-H~f?Ue5esP5(YoBXW#Yb)E6dHd1RtC^2OCYy`_p?Iwxd(4+s;Aj^@~G58tL4LE9!Zd_zW7)7>l!ei2b0X0liq}nJiXK z6=Q2}7p&}+ee~{R2W1*~EWxR!V&S5YC9!xsxmk8+JN&g9Y0Kp3R^-u1RLy67$at|Z zlM`Rj-m8Sz)b5ducsq#G&w^^KxS>-QLd&Er=e<(MnV0yuj%?%cjCK;wpTv0&PkRO% zZ{caTT-|c9@3v)_8U^-oV-~k#JIr^fvdyi>rwDS3lA;GFfus`eAh3pT)rlQM1?UXV zs`~NFyy9p(|5+=T4UYGU71%}yn>BI@@wHxp;~gLCCD*>q+$!%IB%DvhCLu;Pbm3#` z^;T2{8h!y@yA``faI}s(CpK&J-4Lh9-8*-}K2MKj zJ+rhJqk4`WG9BLAC6n8l{0fs(Ojmsp@I1ejBePh)R&dMVtx)Z+8b}oW6&1~k6U!S0 zC2)KigfQdQN!vxobFyPFKHs#l(zA3iHE#k%HFd2T71u7MwYDOgHgg^Y5X~lwE2T}U zn%;P$Rbcz3Rxnyh*=<^C&6Rw`Xpmjkq!hpKc_t*x^V6fQ+lU6yIL4{cqP*A_DVskk z5IbG>brsS%CTYK{%$D{GuR)yBcQv|c#p{D(7&$~!p4W-@3?lk#x(xL2Mr0H3uwDvR zLVG-#Xs}_L2_uEo%uW==cIykK&hM5PAHUz}cG5qlgN+al`r?HhN6Rt2Jl2?lpGB4! zw=%=Ac!&wEpt+f<&bU**KC7vl&bi#MNY~M!5dlm9%HJTbFB1OoKTcdKYUeQVf?+xm z^z)xgDp#jBXgwSqxOv3m zaAD}rxmn9;?&3F16Pr;MSH!M58aYQvYYHrU6E;F! zgZ=E7T#WgA@3i`co=`NS?EQ6t2cZ?UlT@F|836;h>5(JsodHIN?aodM9|rqn1hzd) z=l`boH6kJc@L;}v1r+fBxz=twvwVuV@#nryM`$Rl(q_PfN~+Sw?BPgB#H3*{ym=G_ zn(40fdACB7q1bpBS-tEx_w zZwN;X3^Vn{a46s7Gpw{50fYp-2fqNiismBxFeYy6r-6wEoc6&gL91LS9JXp8bPL*43k%RK5**8cmgatS6~=@}xCUfI_g%6!w=CCfr@ z4gGn1!a7JIFvaW7UKVZE8=TJ1I!**(-?RrjwcZ25;E55pt%{x8nTE(7NE} z5ghM#K>}9vJTGb3Ynyc?Y<<@&UZ{%=q$C2WO5vrY-G*PR(!uwyce6$P0YO>Uhr$(? zifXzjnR$n{24J{t2z)aqW!&+TOVjb>@%B{spT)%=O1bbXnXax%n6_@b^W52Cb#)cw z!opXF7Rv}=o0jn=cyttJJP5W8Ayhe8ZUv2&p#l`jnX#5Nv&Z2dGyM0&jzJ6}PJece z2nPv38W$~aAq(#J=xjkF?j&CwmfU0_KAK?%rlZxD&`&A+{XK--Xu48cT@odEJT45uZE08Yc|SF%c)6|p-4teM zFi|PiRn(u7%xi%2BI9sz*9l>Q5s!A??*eg1s_7V1Y^YR;jB%D<5kTiOXl2M&r12`ld<Co_jv_9hL?w= z5aHw9>wz!+9&8t5nXqwRlB{TB2ej;j z^}a9coLA(0_f>s7R)AEi?r<)q;D1Z(@hOg)IXB-)6Xt4I#efsEaedK`8i#0Rz!I>_ z?8>wx$%O->-F0g{pFdUv%?M~@@F01|M%IRk>#B^o8c zhaCo=G$Dk|Re27RRpROCGmOJ#QyGjGZ)}k9aHPWX3+q;F`xoBp>v1iq`Co&jN5wwT zNi{Yz%${kaxeNVDCf1x2o8)!j4omHq66v`*{Nm}mD3&j-J;35R@3%GeKj?8J>}=%Wzbh~+b>7h;YI|Kke7&Qb*|5}$8dBC)1RqHv`ubyQt0Dlb=8 zM1)@*L?@&?*Loy9_mNXM-pW(4ALYbvw(!$wy#qmSJUT~fG{)e$>*N|;-GqC3GpwLp zB#+|r@%M$N$-OqGr}A6$zA-ESE-CM5Xaw>9`{^&?LVY<4I$AtCB&X4Z-^|cV!y^f} zviy7k7KbXqwb6ZP48xFDtQC*WitJfWVmMPg!e-mZ@%L)emU+dzbr6#CNMi;w$F~SU z(6t!V zC~{ZVo_TUKc%&AxqW!^sU!j z)}Jd68t8}wzJ1Yj*Q}AEw912IJEp{^?O9$-_jRVFS5X=-yQe(L3%3~``*}Qu5GB8A z;-Yjo8*~?Z(=M8Dw!e?wE^e?q-OCq6egzX6Pl&xIbiS)gafrDLt6yN@Q5QfG>OY_F z;cDidX+n?~#E?svd|v`zN)-U4NNoEX)ipku8nlm(+`F#RV3FI;Jy2I(frDAEgjliq?h)Gn2@sTpG zsba(}=(l}SS9Z(ybb0A8BRFSZ`kg#anr1LQ-f#XE zNUNWF^N?>IiqFt~%8IO85VfQ;JJ;{+Eygs!u?R5U5}^Qo(!+qEc7-#6ecptGTH7gx zgjB+BQAK%q{F1*K&&SiS9GQW^Z8Q6JXg=lP(>7ABiRrMrgcZ2n`}ww#plaFPA*|OU z8M#Fzw`_Uut6X%$*!fLf-=g9S388LpN5in9%QOLfsK&$Hfj>J^H88IcD%P0Bkmb{CCzz^sk6WW(uQ(P zBkYXn`G9a3R^v-v3EtYtiI+JF1c%vh!b+{PeEDDKWxzx{%tTcyTO3~J6(kD#TVO?wt5y97V$oTh>$ z`e1j*)vYX-TgKG&<^w7&7EmUQKJNhY>f@t7fCu=6U(Yg_BJUmlBqSS3bTa{9$7lKr zw2v_b{_nq6I31|iXYoUVgoJ{e=5;7_Sea`88+1i6e++IjFkNmfMYtG3Il45z{o4kl zbjs}_3=a;P#-mw=Q@Awcaj z&A0?4-V4Fxt(b(MO7GNM^JqRWHhQ|c2$c(FIv;T51=L^ExGCVj54U~N zi(+QNoOK^B>UCcn(-080I8N8LPaYJV`l`(9l$Wh@K!LNa|47f(^C!^Jgk}2g`98hP zg`MtZUk;O6UA3;6KRM(~e-2wuTVF;4J!4w$(Q_Z;utm4a47Xx60nVC98CBjShmteh zBZG%fAj{|rH3v6Hy~k$L>4F4oOclO`f~|ko>ve%k?UJAeC6Jg^&`|UFmV{S>_@5F= zlybS%=d#a=cU0=5ix)f=Z(MfS50Z*b3ytmfK!%l#>#efv%u!K~sa>H5u|u$Bh6H|i zBaktRk4Mk2xUqa^Py(c@gWF(0-oIGk?3P_Z*NQ9q`uYNi%jM)g)u$dDxP^EAoTN$F zs#a@`<|pd+9Y1*aZ5a}Qk$t3LV34h7W9#UA7Y_kfyUeE;)p)@$eJpi{gH-cS z|BKOV_malZF$AV--aBCyunc@gfDaFd#YTZ4=QpVb29-lOURzgpD}qQEdwj3u+U%7` zFS!C$P#%Ce zINfVJoTJral=5^?65v{0MVa{T?z0fk*vS$|xs?)d&vNU_`va+EfL9gZ-~)A7?r&$2 zUPd-J#!*wj@Ww`C3fC$g;Gbl}Ax&u4qjnbNchAQK&vovF&pZPtSjIp`qMra!7Gw(i zvGj!<*YROyeoFmb=Dw-en9mm9zX55{X!uMM|@z_lQ0CaxSCFbxID zuj^;Wi&Im7Tu6YsRxlDC{mf}D<9_%E?E@r=3II~pJ19Wl3drZGUR}0*`gA~yTfv@! z=(8d)D389qQMjtY(v@3H`?Z3>b*oR!Pm|@+E!-d?0=|&XOT}ukqF47L47wl zPTF@ay$lA|QU;(siD)&j46b4dyG~Dj*{aJQGxJ45Fi{1l%rRl^Eiu;ob?pZr%=KO@ z?tJc}h-Z8D+ zXmWB#vB?ezfTrg3o_o8N)8uS~+QR%B400h%TQERXkC2lq^W4@Y*HZ(!M1XV7XE|c$ zBex&AlMZo{>zXD0Mdl5ocvH_GAHbZaoM7;a&C>rmozg?dz_2Bn*_txPwNTkdnfSc$ zTxE7@OG`^22@oIxy;SGZ)6e+*-l-xfF`IgjXNlKi0@5-sUGukeGliZh)UY@VUSMwB zm>|cc!|=Z6IJwPJ*ZKOYoip@K{mt`Y-6G_v%?714kRdVr-yu{3Sckrv1_nvzwl~5* zeEtoyQ1e+EHt(K{IKqDDd3eU@3`ov*uKn-;dhv>U#Z91#Zkq|E05j`E8D@4;bCg&kRGoD#S+%=yVuD8cIWe{d$QHBW1p-D!kiiUi>nh&3`{||5kCT4H zr@LG3nMk<#DS1zDg{>B#dN^}0Y$gmZW@7c!Ekeh5fqBqRfD&5pL#RB8-(swf$`R|c z{pn9Kq3{tKBzc1<ZuY{8kcuY zRBf462HpFOnp}6u^KSIlrXUY^)W&UT-DWWgb%fjP8Q z5y;-}!qbQZm7DKQ*c+7CtUg8Mw9lH}m#j2gN%Y3zKMb6P|H+fGWoBeN>Uru~g)Or@ z#fpSutePAl_Zf}(9xX929@%SD!n#?JW-m0k)1**ag_EI1SA&C7Dmde1s222!tbZ_W zOTR@12X6|dxNN1*v@Ejn3D=-te}{2{*txA&k)Ee6(F<9`r%1Tp;)b~awra;_3<>k_ z=4MikS=zF88NosojW)VModsO!Faf9&G1P3MhbbY8O+F14QrPOB}OiQfx}Ru9UOKTIbUw8HCeS>P*VJz7~9pfC;`yQ zhEg@vxo!ak9fA&fL!2QJcW>8tjnpAJ3Tm8U+oPmxCRK;3@@A~vh_Rj^c;-p+*V&xPOPXb8N&VBcz!P@m^V+N1&x1$ zcYiO7+KVpKZWh%%D^U<&y2yCL1m|?c(@vf9>94J0r;3d9#8Z6EkL)99URNN2c)7DU zK;v6vJd*@E=XejF?D|+&$8QRwo(>(hJ>_DNnyIo@CSJ#D^zV?E(VIO$gGHY$2%Xfp z&bT|Y@6k~frRUjbDa|1vw>aE}=|K6N@+0wEP#O$QmfAKGQq*Yp=1(c zkW?EQFj%g}qVqt8a3Qpge|bWD?fyW{b>JjP1wC!4fzO<9H2`~>fXS7dE-*}OPhAC2 z)5~l@TyWF6$8c~xN*%$M$aT1Vp}cDdE$!o%L#pX1~R}maYiOf@53~u1<6zI^j8vs+=Y9*(yQc_A?#pZcwaD63CF* zSJtJLwaj5+vd9P_SI2AGsK1N$_F`^CcTsdlW=Ot!RQ@gtms~&d?OT}yN`;}eiV^JM zyK={iz6%qW`ln-PSKupV?%WQ^K7}~lD4LlY+D&Y;AnK1Qh9S_)@uCZ6>MNQJ(1B2C zZCo%*z-bqQ=x4=k!UAR;)+{62jIS!W*hN-9@V~I`j#B?QmchGEagGz4ABC=QQWa@f z`WJEdv7@I=#0+mj^2c)e%hxh9*qJS+5*|VcPY)~Awu(*S8ETd0=l&9o4eoq9Bye;` zg?~1&LSf@Cuy{^~V#DK!)4>ELaBB@R=EF)pon8E;rRk;&K)utX5 zR_O!py0orKq$@{~S=~C$U0aXtKl0`WKu8F=6`@0_#&WmSe~6tLICOmu*c_>f;)s-d zSW}sy^xO8@o}UVnk@!K&GUOS!fnc1nKEsykzC_2|qJnQ`fURPVIkDv4%JYWbn#bVU z{uqGKx!0{OKV(%yQF-ddXX8B27ljP zDX4A{b@5sXpXl5VY1!5z<(4z4Xq>tiGa_RF$cSHe^2gFU>`$`i)a&ArfNz2$u{GmG z6EkF(_*!6KR$Q3O=ozl~;&0xq+h(~nip|($h6&isY}Wi*_BVT(wBd>8lyc-_zVpp! zW{5qeW`F*27>uSIT>lU&P)E&s4iS4Jn`CXVPod{mNel?Ov)4?g~1 zm7RMy)Z4$uze(w8|Jo_rJ(Uy*G09yn<+9yUD2;oB##9J{A(iCbedIDCB!*xa9ZVX=Wqik3)Bc@vo_)^w{hsIe$HOzvT5Hz&tk38D`F>t&eH+&gz&h)_ z@K=!*xfM{}8|2#imuG=$+z9y*>mSiZdNJ6^^vO?LrN-WO2HQk($BjE;xmCI26-HDK z^Vj%sDuHINi!3{ciW<>DZaPt&*RaHeLC4ElEsDnj(WOCE9ydaIW z${Cf>Uo0X-_&gI|aFJ_VUE|reL<_L7iY&!Fd`+FFBKHwJ6&sBiza0KY;J8uUNqoS* zxL0`p7o$}Udp(R>@$6`d^eP~T_rAs|Co+SC)% z$jBN&xhB8)idWu>{jdVg><{%e_QJgC61en*wmS~fz&Z|@e18BJ4iD6X$iB4Fa-XW8 z=y3Dojn|OUr}1ufcq2n)K77!cYpnlj;g7}$ zgK|OU)h2sh02Yib1Qw($bsUHBrQPUS?dy}P8CrZ+%p#K4Zon4xP3e=_cOjjZau4eM zQ%8J1bZ~B32er;O1r!m#H4$4oU^t{JX_xAO3>f#s5Ib@kZfQBuQb9D5&**Z|!sADCeoCf6t!h zV?>0GVpCHqCjP)HFSKDj+b^!YQG>bzEMs0PaIZjn_6gK>Cu5xOSFM5PjAfu#iv=2- z)dCnSze|(R$UrO)GC4`{NRN$Iz^NX^lBz~P+k4KX^FF$Y*aBQEq)skl&Ywq4sBEnu z|CU1D_DcDNZV#se0eMc(+R(eBe&Z_hH9KV16~PH9J<9wWk>GTv`mf8r#$%|@{;P&A z-~EZuJQ}owV>9q`m~yeDkZ=XC{PJs<7XN_>wCs#zRVxJH#C)L0TE3_;BYk;UO=A|I zq^dWNV${K&4pvQZ4EUzG;V^d_^bK5NrX#{F+o2IGiT8*GU$VFkKj((pCYX-8H8HoI zduVCv-RRT!=~e@fand$H8tGNWv9(-7V6aT=)^7o#zbSupgK({C&|dJNcko^fxxVpa zDDMQwMYhf@;<+F}0Z}G82!h6Pk6s5*>;IXF3Nx2~ldS$fa@xPO^siIjzkLiUybpV& zgKFmJiZVDQD`aPdJ!*t7!2RRP0j`&+9O6p@uWreA@}=D)SEo2OKP)J$0=r_o!KNVf ziS7hL=VIeBwa%S(YWiUfiauf4;QeBr7(P5y&#cYM2W&S{-~2Bw0I<&w^N0b5Wbe|i zU*Z&-zpYPA%0GA_{C%BED&|yO?ejeSjO?>}na3s_Jc3>yvpKbLxTq8yXYPIigTlJW zgJ+UV$w!G~W+3T2!S;qFnv$5GMdHq|p~&7cr>uZHK^oujXwADrjmi(~oddfyqvNBeU?FL<(J8n(k`A_0fB* zJn#E(;QAd=sMN&wwWjytbyUDi0JbU562@L7E-vlYZIEABc#$*xZ8UO$SxevTwsL0j z$zm!cKBqtXQ+*iE>T-{$u(xRc$l<%n7mhrcD-0QL2bZbM4u-QXa=?ld6I?5Y!8O^c zF6Fz!q58XY1Rx&>r* zp~#~iJ^)}Tof$gU06`MP!e!r$;jw>dN2oWK_R_*u;F43*W2G}$&ZRoKW^~c9plwlQ zw(Cgw=~qobmx4o7nKrm@VEXi1@XXw~mkh9x`Wg*86w8;ul*dn8T)#y{!2TyT@?sR6 zNbGvenq{}0RZ%aMK$odMjs67c^7NA;Ergk@GFnhjK$tR1{q0gknzV2{`}oQEjox*Y z4F|=xLg1MQT#X28>skXmL>}ch=*04c>Vf>--w_YRau2ox_FH2F#-57ml)D6q{&c^q zH4BohhpK}r*eH6^Ix%Goli4+4=gtPC*?qr)1T>XX#zD!gNgD)rib0;%)`bb^hzcFR zaSX+QX_is(3$y^wO_?%|YqR1ip=0YH+&BZBwX`o*Ze|O4Y(3=QYtSwE*Ex<1xVtT4 zF$T=_dt{`S{YzOB%tbE^)0cB>0Xjdkn#PmI z8+KYPf!6LbSffI0CIwt&@uLAiM4flkzf09uZ+s#x5Ox&zJn3^^N@B0fRk2-WPdsD< zoa(!`4DBePRtv@QdeFan6 zt0C$M(1@yIRvMfVL841m+bsLpWdQnRg8Ao2+%lxMx0DR7{Q@<{JE|a}mDR`4S&e6b zEjPZu&?dmK0!Z{b7vxfg!OAM_3h~ufb`<#ynDG$ypHK2k0(@i7D-N1&oorsUoBac< zVmpt&U|PF@mF^!jdE`e(cw`>1Xssv02W>-s6fbQLcG8`np6bzrE$`DpFs9EZ3}aw7 z6MEvjlE;HsnY!f!op}CHzlynsq z0#HI=>MmJV_3^&0esPO{@cpXGDoOdGg`X52fT9wzbN+IC0WwB+LL2~6Y1fq|ob3(2 zOPD}VkuiUP3kQDJ>%aNg7j-``x9K{5<)OTrO{xCpFL>QLXM%FweY7pXu+x`$r&mv4 zdt;jXVrVPWsO=v+zsy7LVwxS>A-)ZbLC?`Zp{Ew`?=AJ`1~o?n`lb%r26U4Bz8 z_{WKW&s@DV}`0h|o=W>Q#9d zvnt$sdLB?#v@5)AbC~gw57z7M1?$AD9{I0Hkg$We}$f4Y*f1bG# zhCS+Op3D}m-6G*f03y!c7x=0S_*}q%gso8#xpmh|JYB=iFw=PX@>i=t@jutc00Z~s zwXUMpg*$Y3xY^vXe;XC)4bIAOwfR*FbwQveS`eeTIcomSn3Ntvlj2mG&z|QSX5Qpw zA|kp~d1<}r_I3f&-RxMMBTt2n=Jy7cdcKj0u`S@EWK(BNil2VXajbihK9L@F+dRu) zcm{PwjI*!*_z7oQ_Z?=<%&Vh0M+tA$5z)XWSo8c{7-zHABS?W3IamC9XjAtAum*Uw zE|u>|gJdVQp)W$jj9PY}!t$jzdL1ew+G*?%$7VZl+(5d4?TutJgS?T?EPqC#ztdW* z-{7&&K|gjomj3|5^o)nGLL13Yp~&!hqAb{5U!*Vm8W@~hD}C8J=!%8@B5y2NAd84p zE-#|z$|5#}Z~QC+Wsb(&wh@4ly7H2b_dm+h4v_qeu+l)p2M1lTGEa_jyQwOjI5xB3 zPy3b=sz9O1Iq1A_8o)FbKUyqIPzQqq3kH7SHuro7M;(RI&c<$(3hRw;Viv7qRZew1MU5kyH2D=}_z`a_VXx`*tk$5<|tJ2n)H064SS{o)|}FPD8a{Y}v{F{PMK}r z$LyEQbgxxN3(@5V_I*70dM?^IyBAa02l)+cJwg(Sd<($B{Go@g?^e)KYX@->@McrgcCyd_HuWI%=F@8R zLPF3vhT(4eUeIPxyPxQ@2Z>4bkb|%C3|I>W{eP6N~3AARs8js>CWV5TGMloK0f>q-o97%|;yg1%jH-Xlj){`wEt8YYEGE zIi51IYy9k*Bt3}VLVeuP2lTMkQ}Cw0B{$2f%>VYP426&GM$bTKNby_i*&>k6wD(&q zNuR3(>#?sMF8Ww3G|Hz^x-8?ucuK$!KK!+-$C>9{(aT_;w5-5^f%XkwIS~&mOp%&9 zNP>#GF0bn7pBkY6#Hs545vMvW$Rr~D9FTmzCn*J8gFR=^3uD<-_uem;Nhf=hbnkCZ zC64M`%LBXU*>pHjReZ!)qF&LH*BKLD&=k7EI;x>9F#Njz?-``%JMX}8J;>bm0DeX* zO{8@8bT$axHF$V~^I+j|Fk}k{N0BcMo-|~4+voN}pfsi1C1l@)d+Oja5N&3$E9j!} z1mNTRbof5lVp0S7Y*(nIO9Xvq4iC)Lfuw5$4=QV#pk-vQ z-mdao#Z9&AQ371$g^H#!ade*(hp_c!v4rW3GQ=nnSn$DM-YE<}M0*P{U!M^c=7d}* zifeNZ# zE6#{A_XNC$GKtOs(_XvYb|oP49*%|YlK8W{^b1SIu|q;Ao~JGRY|(B`l5?}Pa?wj4 zrw7J8q{oH&De$KwllLGViXcI*;BcCL`H=em;% z3@603OOnHDv?TGd0iZDGvsqMRaUdl9-zn?t1fj;j?fYNC`rlU*|0|{X+sAOfs9dYB z^lsk512Jl=5+A(L;#2uL$n%-++J{G~3}6&g7h&}M*Qr_@gDQB{8VJ5%LT?jDz!b7N z^MADe%5x>q?;bw7w()mwZqnkpq&Iyy*0}-r!h5xxzBv(yT92g+%A>4p)`kyQIW@|i zc{sbpcc0Bs52O*YItlwxjn(sc(W_y8UbT(J03r0y|ILQK!--Wu5eZQa8!EGi_m zf62}f0B`(KQ|dR%2KM}7=BMG!|4F@9gdu4|zD>g^IsGZ(!GZ3j%XznkE?e|l1H<)7 zqXvicKQB`MmU#>=EK{TAGD9UV2A>0pYX$Bvx8jUs&D_GqWL6G*32?PI?z8f$b!t8$ zyZ?P;x(oe2mzp(xGo`MBD+`WvYG0%z78v3l34~zI5s;Pvos)0det~n{@?Zu=^V<|a z*B#?Ok5vTx1*j7heF2!>FfN{=-~P38{A|CR-%Q$p%`edx%g&rXKX}7V&FrUE_FB?= ztFwHsr_hg@m0OpI1}YL(Djd95d7IIlHM`eIh`-nR>}A#uMe8dLqaLIY4{@VKo8}FT ztmIgh#A-9gez_4@^=_r{r#g>EZu(AZS8Z=MI0(f_wPDrZ)S8{_Gy=#H(D=IzSnLQ z(B(CV-ajs1;ki|oJM1SY-eXF)Y^% zhUe0sEY~fMe_GkY&{vCUNdZUQaV67|SEuK94dok?={G;lzE|Q;3G-X~i@SF0h{8Br zEbFQ4mPBz|0j&Gt@foY?$H5kp8GcRQugz|6U!;o~^XFB3>nj^3_K)R!sM~;k)plYX zME#wYOek!UL|I?|021TxA{Kmgt1&2G0kInUl62a=(F$&che7-+!M@dohizL+ZHnb76M8goQl)n_EvG+9m}Y-lIZwLns^6T0_(#`7dn5r5RPC?Yk zj2P}J*KQQ)Q{+EOq)KW1vIX+2brreMXt+3_KXqZQV^K3 diff --git a/nitrokeys/features/openpgp-card/images/gpa/2.png b/nitrokeys/features/openpgp-card/images/gpa/2.png index ce0060e11108353a9ccdd1cd14aac9032463ed72..b4b18d497c9f9de621f8dda599f79dddee7394c8 100644 GIT binary patch literal 89745 zcmYhj19T<9)-W176Wg{qvF+r<_QbaBOl)gn+fF7mvvpTDG{8&G_2u|l z`i2B3vc!>2p`@#vy=@kgHBIAjtLnWryYD@y-o z9iJ>K+6HJsTYM@~Qw^*`x}4#Oe^jhgaa7Bb@|pUVIc&dC!VnP=iPL*XS|E7JSGn&~ z$wdd8A=vIUF*we|I?D{hF0+e=*7I|8KS1pY6YW->wmMz_M;YPG*(O%L4)T1C6G)6d zCu-TeM$vxO#vE}L4KY8*skL@hXB5T0MW?X0#K~(*cY|9?sjrinkPZ(!egIPD=;$iB z6z^X;Dl{HgV3X;3El-}-Y;eB~$E|}N|57*$hvR-Fp5!a#pvpoCt9iCZ+mEaLfwnpI zo?O)an~_d3^Kp$vdjYLyFgA9hr+YD(q~@pFL;ahp2aL+cK%g3LznE{O$>Uo}`K7i% z95m;P{oH9R3l%PP^7_>Llyz}kp5KX8c}O#Bica~#)peA+6`kdQHv2?6Y$GF+Y(kTB z*mrcRLV4d{v&k6vH#dFs=8Y%dS1-JV7xqS3$^!h?pY1P!OHW`ad@b0nkim|u3)P%$ zj4yAIoJJxHN?gN8)Y`b?YrlVk*Qd6cLr!GLSsN}C!sM5_RJnGwr||#Q%h8II2KqH1 zUzB|;!IT<4t-IlK%B8xgKz z^3+Esj>g+49Qqk0H#-5Mru)0a`+ak`b9(UG-LnI|r#=q~!}qi)_6c%%AM7L_(6XDk zlh7*cQ{*j|cKao3m6o+A*)z%N(t_jVat_sUw0_2=8W(uj?)R9eHC(S^;D~_!{KmFO zf2X%v@~pm1g6_B(CTCqTTJ~UI6lIAy_PU*AS(SzFe+;6!y|8m^pE7B62!FkYYA75w zKxMlMfqlqlY2e9iec>J#-^+vR-EvWu7+I1aUgG7aedgWJIS(^MXn}5& z_27NE_2Opn0+pS$)`-QT8+mb7Zz8>;dv!nGvD9qbTs}-WBfJ$l>_r5Oq1Cq=RF0z9pmx^_{SS`KI_pDvo?`!eO7rxPb(`U1r>18j`eRN5$%BT~a{6R?cCQ-{+i?wX z)zTQcd=#p8Ib*+bLOvD+yfViLnP*T8gpAW|1!9U*aqs=&ZVe0tbDK-Z`{rRJgpU7445b{9*kc4l(e#B@9%Q=;W4sDArL z#FR58z~A!kWHI>e`!Qgqk);Eh=}s2Sg~Ts>hiTW9n=H0>| ziY3`tuCtO_gKl^6G3VgEHG}GEIb0H}Z{WH%@tB;PDf7>oeRU&2XqIjDF7`KPZ}EDVe>x6RT@b)nyRerm^G62Y>Q5jIiW$)hH|npQHP+n)j0Tit%B#LIA2d|dN+S&;UBJP;#fBhxOoMsk{q%({>0?=;4$Kh8V+7S9xV z%4NYs?~Do-MV$FW^(Ys3p7Ls*aDMtwfh}5WhzkNWTpjLcvx1S=Sq=QfR5H7pWo=ak zBz;)la=O4G2_EriO;kQBSd!=@hq;h7?dn_1+IsvfdcP_L)lj_f-H1OJ>y=7Uf(S++ z@n_2E(4DcO1*fESRi}k@^(}$zp+!L$563U0QkkdIN@JUMwcXRl=IV6yS6l|I8`deG zT0XaOof5k#d9T_M3qiBnFJtO+Zat{^4`>)zsfA?F{x|I`$eWa+LCZHz@0dNlBV-4b1W zP_%(at{sThceoVL!ti+qx%^1PlW?g|xt;8OWja}|4{N+L`8{pkrKM7iH`yJ`Z)|0# zX9Et}e!rKPkuC7u4ewL;(!%*Iy7|Xgm7XR}b@zlG3eCt$DkMo862~uwxD%UiBa?GV zEE{gS(GYsw2kDk89aUwI3!kk-6RPUY>#^G`c4}@w;PVC)i#lQ#RkElUDf&XrqVwB! z`t{2S05nlWW9NHUfyh%y9w3Nz-xaY^1ECRxkL&G%Ok)K4J)P0_6rLeXy$Oo9-{(0@ zBqw53Sa#o1V&7sGEp#L%Ugm)m0nSCb!GMN}oj<#uZmtiX^J#Q0bOt6}2+EbtGcKRw z^&EVo@gOLXvb_o(f5u@|o3&TFj7*kAibd{>e)}={JSk55O8L_Iy{5EUQL`~7@pQGG zPI+k_3}R!8s)&HCe_la7=AcXe9*86LY71SPEOC@&)R=g`(Y5jP1T`rZ6R~iuut8aT zsMgSSgE<_!-*1SkrA=3s+)Q{i0G3i4HwrDk<|~j=*OS9Rf`IxuCB04XT&vZcaeUh( z-y2f`;Vo&V4cq3RbFG-BHeYQQ64P>*!sXx!`pnq5HygtHSB6&pc&>>W^EhyaemrA6 z!UNS_i`ulgqM-prBt=g&s1<8idb)p+`sHQKJXg4HmoLqGqDqJ>)j`bA!Y1N;zSmK+SISY3pmbb|1ysaJg#? zDHx*Z*re<37IPOR&QK)@x#LEvSH4)N;IpA=)$u?lin0P?YTtmBbq9Q-rz=H{30rq| zM^%ZvAU{0g^7V!_4q$IxM z_Y!B_!KgQKAG1@nbYNNoQdbzKFv?M?UK}f7x+?K4FHs6dZ}gnnuIh0s6Kq=?lr_7|U)v0oZSU8} z+Af~P63-Vc;WXn9L7WEw%I9JHHW{W~Hc{sF9FbVPv$viVWgafx_eu(XVt&)#D!<#h z_M9oFuIR!&_;h7I?C|0fuI3E=^Bq8ur_ou_%| +&CY3gi=2=8Vb5gO9*wW=xly zZasfMH(~I4qtS7@uy{tx(Ysyg)7EKx43})&26B3tCb9Od+!^=AO`!It%jCqG{W7Q0**!>@6#2lFkPtsI@Y0}JPUV4ssQxD} zH#;Q8+T>X^%lF6MDjwNf@kfKNX`DSUsMqg{T2$ApEsK6a16Rse2VharUY*1UYNHNa z%QqY^cL*i}4IAoeRfSGd@>ciJM(P7pJU7==PmwIkP1hLc-q%dG)VyJ)2RJ)dO{L}+ zyyj2i5HULS=li_{i&mFCv9L>SH6S@8k+>Xpuz^3#X?$YKx9>T6+;{rDZmMflTy@6X zW6P^Na-tyU<>7O7;n}=T9|}I6(eYE{aDm#>nvD@m@Du9xH*4;j;^5{4j{L1T)Q`%X zyI_5ZXw2w}jR%gSK40~KM?Mdf7m{@K8Zn-D@p-bRzgf5nda;}$+4Gh?T2H!WP&uWc z(mzE^_~K1MSWFLTd=*c1IFxgk};DHjj z#)>9Tn^0Sy?7Q2(ekp5C`y8t_Zs&O#HJwNY)lR^VjZYP8VM@7C9olruXgYgAn;rTq zwJY*lw4Z=N=lyqXr;o_Q<1JdBb|O#Tc#MXkhN{yhD$ItWuw<*+`EnSh?FT_>ykA|U zq@>EsbQ#OyS;SNoel~}i7eI!)BxzjFspE5`rasz=(u@vRG^(np6m1fm7VC|ekd~Sk zB19Lw-Qp#N<6iK8dUEM8Ck%cbf%XX-=zjaI3tQA1B%p$Cd^wBZ=JA}y!~39Jg{`K` z7MS0G>p)Gtqybh4!cJ55hU@Sqpe~O)*^^)7`52#+Fei}1)}vHU$Ijmq#P2I6DC~Qj zRofC+O|a6MF`k*3zMW<O7xA;mYslhQ&=vL8~#^qCgZt?70`=D&xFZupCH^rU&QsS*Ti<=294gmiUk$qIWlV&-q%;^p8$L-zFZuIKvoA6u0F&Che^G`-l&KBcE3*F z@n$bXnNrx=vpa;dPpnhEzE@daKpkmgD<`<8Yady69U@fyVY&IN{ML0+{2n=!+W~}6wHAu+?qQwz%zb&~KL#im2YR*yDi|M^B^)E8UW7g}I{IVA z60h-Mr3~4qF)uC2hoCPAQ5q980leuaV&X>$A`((~_hHz{O@)lA@0YrGaCN-U^I0(I zoqTAMDxsMO52!^(wy}Jf7y?G;d!&E$55nJeJ`9&)Zo-9n>t1!&c2fdzkp}agYR}wO z1qyuEy5YVP1TtWE5`MDF&eCJzhOEgR$a0PC|Ay*y3%*JXq$1S*h_GhC>a#yzvbhs! z>q{u?xUhkY=IKjzRlb-r#(*VN2$PExw-EcJ&o(lmH_|@VDL}2Z=FFTYu%K4IJg;5{ zW1cnSI0GfU3%exlIFqVQYoH@Z{~5PP(3K`V^*v3|$o3EeblQWtBNDGN?HS&tefbfp z1I@oX)xr%oPg8oeya-#eVK_lHE?eI-|z&-B_9|$`L{B8D9~|_S!jdwLG3J zf|ncC6lQ8*t?K^(fg$4D3t&!>N*n8~;_03I!;fUqh^XfEvoEW>?3MU8%;{xnc5l=w zzVT8hf}?{Ks*$Z%QY%N(+j;i+<@H&-wEOnniyq;&!7BHs!F&#ZNns^yO2-Fi%Af44 zcfP4l1urXzhKKX*42?8xPa|p|??x6k@!5e!Gdy=Va!KxR&m7OF@ZXe^Sa^!I zXarXSi@w|Q^##X1_mFRIB_KCU*Ep_`O;wW=8bs)y%&B6(H8Jimpd4kc$2Rk|Vy=Evo=s2~5f5PRhGE_B&k=;0`sUm@yeG`{awo5a-DX;_UhO zfRh|9BPE$6W+1AX`HW4@9W+|;Ze->l(3j<4$x zi`>@-qd$|kbuYNpxtdAk>Q?#j`q>B1;&3yodT%%BP`OM5`3ErN_NrR4-87iJ$d0WL zcXfBP63H<~9V}3LidCTspAB)Nf;dGx3Wc22y$1kFMXH>Fkal3J|9M;cIX_a1pKBof zGR2U;1!FbFL_N~+`x&ppi;i4Z)YMaVshQpBDXe-kca8%nA{y$UmDwQ1l;bHGLTy|A zK?gL{2W^DL%bV6&sdp3jqUFKFj_u**WCp(#MK!D4Ty?%3fn}FhyflMHOmx!3fU2#x zwPsbXI~SItSzWt@?of(X{h}W4X8XB`jfVxF=WpLTe8Q_md=F>D$4vsf)D#| zYHz2O3nut|7;yp)g`wj)YH_F4E8kicyhk{Cg;?56Z`OS}uitB&OizLXLC0*eCw>#x zn`Uc_Ol?9)F`Z1qrs-=8yYgH0qQy;4Ck!#t%5HBp1$Q{?(s^YY8KPGHaPSefo_q6r zJIlC+s;>TBfE;#`F1P8ErRdU-+lkGCem|8KvUvF?X8OBL8`V-*;$wDNubduitf%r} zM%+ZnqTZ-9zo~*4v$w~0_1n9CS_if|FQY??`ODb0JCz4M|ziYqi5g9p%*>*t$R%eQ$x_5Yg{NU+q4DX^pKQO-H-Mk((fi~{+pf~HPDR5p7&kS_a z?=8_rh4jqkj&|G}dBXEWs}(zhHLKa`?QJ<+@Aj`Mp?YbK_y;nztY!fR@n53@C$1vR1wMe zbYr3)cUVyu2t&Q|9qx}~R!(CK%Rha};UYLbN7DP|Fj>z?D^!#ke0gciy82)*8ThFK zXK{k1-FDi@#C?Rjo&Sn#2RhhTXWaNdVxi8^h(fuiT*W^OYt>KI9v+{agYpfZc+-VOt>+P()>w6`pJ8w|Ui~!wxYZ`~xB0|KI3I;WsnjZ#daywZBXADSwq|zMrf9 zFRoHZ8KKnNw~}1F^gmb5nP4)F<@drmyb;iahqBv}|3tYNTDB=F&Mud4Fa}2z_!tHP#(8-VjuMxfbK>8O|$z zAh6`fPf8T8qDfPhZ~An*=BF;3QOw-eT~bxE^iSNJdc@nEP@tv`Q?md4?iW1EXJIuV zLWP%l*!$y_K*H6d_@&g8^h;A2FL#0PK}S9Uz$wKLH?W7`i%?H z2$q-1j>EM`;RQqSS652OX0M#Jp=eiiW}{-`n2@g+)g@0a7fwq4Hxu~@W-MSq$Q0o!=0l%!t z-853B!v=td(+CUp63Y*dfqSzx*irnk=&O%prz+^_~QGS{@M=t)?rboy;AG>Zi(3O}8wC$sa>stAa_XW*|<2@=wi7S!G$nu+!jm^FL%-%JS$eZANKHY-qwRq{myzPK8#1q0qb%aV1`%Ijj>jW;)I{6B0?tu zH#bt+4EyZ%!@t~@VYl`~;e zZ>YfA`p(^)Z28$8)yg+-A_JX_|91NkUu?~VE>JkBjRlRnR?@&c)$Oh-^YIFjR{|*5csGNW`0!=f3lA2KO92mkZ;WP2s1#)(LHh|D*eCmi{-_C`5ZI3!a!=>r8h_;@A9HY;Tc@6hre|(NT-^nRi5^&$ z3(Y=qCcjZ$Jj_--yWPr7MBm%tw+2&qnr`o4oMCc(Wo+nn;l_Qh$NKld#nO%!6jkfh zq5O94>*G6VcgJcOjlVJ9Qh*K!BFN=i7zR zYW&^!4;P@e&1+WfgUm@B8Y#~6ilZjcO$iyqUIMeq?cj@BcZ06q1pHnBk>WuG(}Cjn zpTX{jQ`U@=>8thm=glpF9jzH7=vk?m=rOZLZMbk9FRBo#?@N_9vHWd6w-KfcF0J2> z%fW0ILSXD^Zm9p`y%O$f&eR7ck80O8i!h)&rQI%4 zK;GVkmul=d9*A6L=I9Z{K+h=%Pwrk@?1hNga}V7YnJ%ui)H@dY|Io`4AQb51Pff9N zo@SY~czB`0ytjN7!6nPMC2_FpPNKYrFwuV~qE|5-R7PGlT zqM^Fr%L2~Zn%WTePwUYzk|*R{1{sxfA^`GVeXzF7ADU{;MFHs+A4-Q7f&O1EKyUHX zqq4kZ%X((X+5{cSPAw3X*?PZqb@ajDW3$70ASljK>Ob1PtYPhzu!c!SioF>u=nwE_ z00_k^)!OBbx;{HD)($u3m?X5{Ds{Rax5N6glUKkGfl;a&&SgHi+7M?r6+gljl+~cG zm=SlghUDyX%#ooj^t~UYIPvM8C(?Vp$JEX=Azu!y#Z;6MUXNudut{jj1QEKg_aS zQt=?)7}OYuB@m;4U7DLZjL5US?P)<8&vv0!F3uVynB)paHS?6NfX}p5sk;b|Y-y*x zQg%FSkE!>+*F5qP(v)qtV7fae=q;4Q!AQA+&s@QvMW5QV_T;`l zOpX3;w<)dK*%gg03D%L&AkFh=H0+h+l8UT2s`n$C7)@mGg^@RUP3JWIxF_Z{m%)^; zaqSG=QM?$PeP_)>GbHr5-h+DI4cZV2+F*X^!`9Aw?;@>Gm`zc^HTez&IKM(^c=+AX zc%lS^I4`N^>#C0wpF_VXEhO>7MHZA6{Ia+|Tqv_>qIp1kkvW&$pX0BwpCGSm&l&4U z?3D>~PYyoi*jl$SJKAhFfV8{Y4oN#rdzjNcpj97O6aN@do{~2^=orRCS?+4$dh>Er z#|npxf`%>K#p zYOet5EEqnrASRdI0cxwsVSDABuXe9njNi5-wPCeF_n+Dyw7P6Di0gkIbAv3;_KuWA zyFbXlhq)aq9oHRfi}=v?UT1w73^h=GN3~j$OB3u|eXU$CVVBE$Pg_{k-%ZhD^3+34 zfDp}t@~3m=3A_V%-Oq#6k%%+$4Xzy7R}(>qT@9R#=X@M}#q!|3abaAntHD zO1o0q7Mf23oSBnD4G_U>DAf-Que$~I20`WH^=Z8GL2 z_pg%1wSiZp2qJ{#acO0`5%;@#N_TXRX_xc94l)gZD6i?{*$xGDr+0DKp)7BtdGADh z$lnegi{1a{kbmc4ME>darw?3~17rsI=IFqS{J9#e(H}flmc~5|IUM#N;DSp_HRA=F z6c(dFj5Th~SPl92=r2^#tMT6fXSC~1jXh>csF%#SzZ}<7xfxQwLq_fW@oZw+|8NYm zE-Mf#e=KFQDvTkJBL!LYOE^}XM*>6}juff@dC1~OxM^|BYoAG>CVa3(VicoZtpJoU zKSLoklHXkUvh2y$%U1?w0+k__d$|0lc(eS3_HsuHL2F6G=e~2g`JccQ-Gv^uUR2n_ z;qb+c=`kF>eRd3?t!u8s7Q?SNbZH&C&Iw1U-$G%?a3y_aobQ#nZXT{Q6d+aq<>7dn zi30;7z%?!t)x%uqk}sQkn-j1lGTRw6KE@kKI$E2x+J8*~pOTPlPB`;HVYSh$c2+J1 zj*`4kiI|RJ!vG@;3|0ah+|{QOOUaIVJo#$^cslEX&qkNHuWp4Tm4ncy*H7Y4Zc(Mb zuW_}6eJro>Ve6v*PJO&&{)_=B5$|NIKHGX6+PMaH{?P~XcOzeTxug(u{+7NjrPUFb zf2!11@|bo4n(BX=k6ToA3?`PE57meMmq-R*CZ|3emEi{0|MOqR_`(nXMFkq#`4hI% zf5+kyGA8(c1CWbD{}(XEvaXN%KOlIE#{X9=YX>822m7D>l$Xv|G0gmLfnUqA2r7CO zE!>TpIwYYnVi+78q*d=ow5;w7X=&jEdN^PHQZ8;rG4z-W`rO2#xu7#9e)|W2;&LkV z_yPX&5YwnP>;jF*710eh2o-fq-JlS}29g*v5y?@ZH}-30_m|cF zQY~K&LiN<*2@+Be;+J{&2|!gjbHQQHs05r^TD~>D*SXP$?`QM?Mq{OY3|1E^y{>v+ zEA;BIhqHq@(Ga8z(3{tIB5k|hLw^5;fmviATuYd$n_u?oCJMyR^YRx2#OszA>L>6ZaPnj^A*^5Sz^Cx{x=-v|IV zHa5n0!3{=)!)FbvH4<0rHmz0H@|O84A0)XPxC*8HcBp#dKY91)1N*X4(Tae~Cnds8 zgO7N=k=P^m#Z7Oxotn#z`>6CwIbWqf%z0BkCNN;#`HAO5x~ zqxxlFlzzr(XT1JtCb+!)81gp)C%Xo3V9V+R7eevkHd=r6w@ zzcAS5r>NwA@4<&J!yfTZ-15^X2KFfOcRe(veReg%>cTPV`6Qwx!fQmJ+j)Ftf&-mn zWs6{?uA|!g~*v zV!G{&u+R)DmprY{;9FBqC_6o+z9uf@b%>mcRa@^ z2NzrI3Glfgkbqejg3apX-c0#T(c4zLa+o4M@b-z{h5kBAoe$z0o|n8s@~J)W9NL>9 z<|m3E^A>Zg3TVKTegaI+Z}=R+kO&G2>OytAAdG@Xe&JB$yX3f_R|1+Q7qWsSh-m%^*NQ zhzWUEP@5o1I1A~!v|@CfzOMqfbSm2Vx%l(F^Pi)xRGpGWh8NWV++Ta)Tc6+-+|urB zXp373!q$?0t5?~Ln_a^VLCCl|XoNqFXDE_En)Rm`jzBi>a>2f@WBVvqZ-Z zZ_nkbRY7vanc8?fUP1t-aswe?@>q1TZ?wh~`par;-aXF?sJF`7neS zZ+t{4Yne!_rN!*ICUyekGT-sTetL{~Bk*3qUB$IY7rvy|LscY|isH zlp|CeSvM!#=kH_{YidJ5x=iL}0h>XUq5%yO;3cx~r0IBHE=d*9%F>!L>QpW$l(|b7 z6(w1cr{f`ku%1s@%U{Gl2t`pa3ht{I=SBgiYEzRP^qDSHR zYGan7D*x#>sJ0*)Cm2P>V13uxp53{$MnfDiZC67Sl<=@CHnr=62&?!$ zwilO}KHI(*5J3vFVG2_rMMii$6$Mn-h|<9A-YYeTvR{1yVEAaDd64a(V92VCs+&6x zjIt<1J%+V}K>~~SE(>;i$|Mn11n$25XOVfK?%m2zlfel5-$Y9CYpLF07 z*!FvI2`W#KLJLlj9ZK?-+*}78G!%9Fji|23#!!6WzlIhziL!$0RsNC(K~oWtZ+E1? zgoX8rB*f@+geWB35As?}dA6D3KfFuA!jh0D9J-(jY`IufP*@n1no9X{cMN#vs{FOl z^xcP0=yvNG3f%;T{uo21&L02r|K=<{7=v z1T?>c7Jz`ody#N*`Qb}w!WZ;YSM;%hdaJY1P1EFo3&+e~AQO82(+p>?ivZB&hA&9j zbv?qWl$2H4LCv@o-^xNmnBfM7re?lXh{@uhJnhS@n3P?=X&;yywXnt?+SWb1WGD1tF2|b8_ zhycSQeXy>O#*?OQDv{hl8ImizLsA*Ybj-`n3;)Yg{K*4DP8^6%gN(li3{^NGtsOv;ea z&_qk*t}ArfA*vT62azT0;O5K$wASI9^j<+)Zx!_Zd`vK^jpU^f_LPMKA+wd17za6cTRqbOP+;(aR^;yKw?l=YC634lo0JV zyb6~d7<4qDoxFjN{HLDf(%r86GVrn&a*Oncsl$Sf4&0n-bo*O3m`bU;((HC~J}RqQnrN>f8TRXK@PCFJ~>5KclLUSHMfFJ9e|I-4)V z=li@#TI8~OH&#_Bt&Q3A6AIld9WF*~gr-zK85SajE3FoVyosCd%h33-Gv}R}9#d*g zdF0>qyO>~(6{KGl;L9zX8|n806Eh^dDuXhld);0@zhk{DXx^fc{S`5(tW3R9^-EE_ zd>jj{`X_)n=i2xxB0^? z_!%SQi2Qt~lW+;lpt?sI64lIsziibToL}DuL<$9;3acd+7#j@iGFg>k}}_St&)8nxZ;}9 zgXS4!(QQX5j)Q8AFP6T&av;X7j{!ZNf3|=)Ef-MC=oRkFm{2$r+yHeZ~4yjuK)3X4{E# zo6r3h^zp^Pt>ipAz^l?|0HRzvrwVE=KT3DP4N> z4Y5$3hT+H!4k`!{$=AgFS&OJMgZN`t|I?xZ(nl0F@|zPDB8Y5aU^Q~*sYX}}pSWR8 zx&q)kEYD9AG&D5a^7;)v_V_|5B0H`ubz1bl#@$7A)fzsXi=tq*7UF3T41dLH(y+MJ znzr4Gd6(yFH=INiIR$w#=y#1MiP#cm((s%^pNZ*&lG?KgG8rDCJmH;bR(PF7DjJ58 zx_spB3-N3B>CAAb@`wur9xHGV05Cui8o^n=S>wv>{mH9Kz`2oHV;ILL9?!kej zoa0wkKs4uX0O2PyUEZ0@J2LFcAwSjfuHX3xJ~iVfju$tCdOu{8j0#4n=ffo>h&hZH zc;ksBrDTXbAHNYB8dBPwriu-#zySbcTwK@yMf+Cm79IKye7&tmVmQ$5slcjJ%r<|U zR7#kj&=vcY%K3L4_zf{417$kKyXm~9E6U9+gE2AL#|-&0T1#B4)bkn|5+foa1RjBB+SJP$ zw|TSLieBDn$9R)^X6#cbwcXr2hJT1QuGmbh^^`+R7bP8 zZG?1$e@i-A(=Mhu9Xe{yxy$zBv;7Wq)ojn@Z2_e}gN1@j(Tk-usBkcVtir>&uIv<| zkCA&T6Y8U!@>hBY)|#p?s%*baGYUSEU~qZnz9WAzsVzb}`Wr5V$m{N3FBfU)y2VRP z(@k{#Dwx*^Ka=k>MND9M?EpSlBST*@OtM7771UKyp2~%|y|pNRORN+bp3$04*dHc5 zWG_oYc4$=*063fi0A5ykh82wnq&b#NRuo`KP9$>w$tDX=u0<~NtFf#cq&}&(f$U>w z!?ice#(3X$C&1EX@Z7}+0lxq6IyZ3->EcL?YP!IadUdg?n2{oK+D8%(8Psp_u%M+d z)j^HW08ptLvCb87WyEwRF#C&ge*UN|G_MT5huI0#x2DemMxiqA{DT@)Q1)I60Kokw zzN-TQ)Z7lzTpksy*CBdQ#b#cnX{N)hlk}IcjjDAX_e6hV-i@f)**=3wAK+F%9u|DZ zqhvSJ?`lTwoDGcSy!&$;=8qv{obnC2qtQy0#(3qY^+@+$h_U|VssBANF-YMd^j5^x}_ECs2o93o~ZdZ0-yCr1L`0Ocw%a2)`$c1 zN4lqx5eW#moRNch{;LIFd`K14qHSmFHbKc5V4f-=R8e6jkaaYb@&uHS7z!?GO_zUe z(!yPVj5e?@?WpQhMMZVTrPZ!|{mBbk>MCk5KTm`9mknAuN9@m^h<$y1 zP|(n&__uYunkeH0gTt z3I#Yojcl5RwlEn^UF~BsB`PTYgMF~?tAy=f<-Fvp$oD%Tn zB~yRR7CP)&ecLOk2xxOYmHPw+Ra|k?{^x)^QI|3_%m-Skv9T`SpbUcI*~fc(k?Ln; z3`8hZfrl*u%c)Zge1|UYs_%SwY?7{2)770!7iFmxBQx?CvkM7g*(*$#fe*ZoG&4|1 zw(qedTGtIJ_*9wocre(EnJ_jxBjPK9ya0V=65@`_P8R!e(B0x#0TY3JNjX9|To?F> z9iaUy1k%r`4R3K#dlz8bkMr50(mQ%6YEgwV_}a&+=d;d%WOHOKt8lj36ihaBWFv;! z0reWgNHW9T4MX8tVkj8e_SbhJLPD4TnDp1o`op8iaV=BVH15kack%LhWE`Ba+Y#T< z9Qi;SA9+-+%gY~T%W2{Od|bjHM4>%+AF_9UT(AluD59@whx{n8Ws})g?$Y1tj_}BX ztlEFxctOQWP=7%{5#6vte|bZ{3L@DL%%K1!kbkWr_@pHN8H89~8q1*5*jpiuemZ z;2Wt~DOR95#&b`QDwHQss*+!j!7h^YpT5LsNm7GZS9X&@S>(*j%*`3MIe9A7Oe`$@ zb7Qb(DMClb$3?XNorgGFv+`i_eD&>iim7b=mn4xIhm(_&L%YT&G<8zM>8GyI<_52M zqo(#cOv(TC5vx2HUuIFMRz%@&ja{>u^o_{Q#>W?p$XB4`^g1GZc=$#&wpUE^Z~3H} zmC3&-YMZOHD@bI$4M^b&Xzh5mOS}-GlEr5>4g%}`K;9g>Ka(rAc zV?Mifl}t`X$VVSjB3}?55#v*WR#H-+qEw?V7!?&gGdDlx1^RCW1Q}DPk+#RqY9)|` z0THw>7v$DMrPf+2&b2Ph{M=ms;2<=lIK}w*&EXlXm~#$EIr`P<%lR2>r_{h4*oawl zMmyx7)O?ZSW{e6$B5(Eb&;R8DAPlx!`ZS4LKEcJZdoo%yW!J+}8)YU%XX6!D>yfCE zujd|dUvqMMaGIsMRk+_#RC>49(clZDoY2tM6(=uqTXz4W3LD9A?+fv@?b#w4%#8He zy7|uy%Oa*)rn40!nS3eHJRzGs2J^URr3RkvjsW1wZsYUly~n#+J1VJ<794F}@1K?> z2z6xUAYGkmH3l+d<$HvzA)X)l$G1PRiZ%yhhpXbh-srb5qE*bY|_x$ zGE&}NZ+v`W^K@)>HsS`2I$!FK9rv3{6LwWwYo;7qLIB{^!>gGn5eI2oo6ER~3IQ__-ahVHe0+U{|#->tNUC)@V?;0d>tj?+&OtE&mQGln2U;!|YX zTFPmEnEI;x-$$R9?Oh#vC>QNt|0SS?uB)-Gm%^YosoFaFwKZX$k5uZ@Adry5j~`^y zi;MEeDp50XmSrMZP8!GDoE~8&-d-b* zim_Gbg;LGfn2ynCGz{@RglyLfdT$>8A8&6N700)=`$7m1JOuXu!CgBzK@;5Ft#NlJ zxHTcTTX1)GcXxM}#+}pozk9!D-0|*v&KUQ@;kA>*zz;NGKo?XG3teab6eB^t|f1-DK$0qva!+gg9XMnCjzB; z-Ih;f!Xr*{y++O1E;MH&o_Rzv@55Lfok=7T+g>e72KK+LV!!Ul>WC5y&!&BgIGztH zdhNBXs_W`nLdghoG6UFi?5DSJV-~kH$KuDUs9}!dbR>=~A<(NH=A%&hXM7sIk@7d1=qn2%2?SBoORAUNx zl6^X_FqWs@Tf1FRZ%nWrTJl*w=k4L?}JOO!3N54)lSZklX_&<a;C-mCH!iO|S9&*J zXT6Oo2xhFY^%_=(+hVFV-O$S`e@=maM7@Wd%QNZi!d>GUt84TsRA^(;BrafEQ*jD6 zPAi_e?Y~J?<=N28rY?Jk33kG0tlpF?nk63ky_z3dbxBo`N0RqeW^C#oFU9>SE+QBe@ZzWd?rIGjOr5}&?Kv|yXJ>S6 zTIKBhk(+=Or7f*CIA~Fn1}{^-n5DSfy^B@eA=7Pucf3$YRN7G=+)qYK{f?SSrEs0` z--_c33@sxym#9jw`gq$*?>CM&BPvwT{y1G=iEhbIT47Ho+D&TFa4m(zYb^eRh%AuM@eplXQCrj1l_TII-mcMh zyC|ySHT}^CKtNB}f^fj@4}*p=eO*2jdoyyPfntNBdE#|+b*j5rjyD;;zg{bBrql(C zBuPh4$XhtY7eY7av#yMOlC%;HWkW?zp9U^mj1r|8U z$1)svrkM%T=WW1=M0qO$Qn- zyMpwlhT~Tr>qV|=2RRm7-v{F{7Ci*IZC1p|si{NsyMxd_LC`3obWo#3RG1q!I9~K>t8f}i>fO|_1eFn?^pzUD?H;G{w1kfq zCsdkuqk^<~JFCh9H`X-ZWFLYf;LzL};xc0>@G2k3=DSfVEcT&a7iZ#xnldAiH=k@& z?ET-(q_jj;_t#Zh_rl#~@b?y3+tDYYCs)g>1R_xIaCXP{KR4dv4q`<0rfGH#5$LJZ z(_vk;oBZLT@@i`bRT5|?RUCi90iEbcUXYHZYK#C?GPyYXLp{hR_bM1ix3wdPFX1=U zCTt&}$B0+^maqsGT#nd%JoQI!*SiJ^%$5#>Bh2|?1#Af9tS`97(s)M3Zs^qOPi@AC zQe-WjM8?L>2RBxu%dOv%#}z(+X})g^CFibOoQf&73pUMv*K?Q<;FYc)d%(L2Ij#)a zPGGDCHek_l*X<@)6wx#Kz*y0Xw-?KXXAnbD4`o7LcVB76Ww{=~aBLKC=omXmeJWo+ zsOqlX`|By8V6z!8q&rqa^39|rfj`|a3LSg_9mP1FC)9SmD_(V6+;_cbE;`=Z%++8= zsBA5r_W*3asB%L{eKI4SB#K9OKgIWG%w>Q1rN3@; zKb)5HfCehv&eKwu+qxoix#g6Qr^OFJxtwLs2WIh+IVVSh^0?i3JyCAk|605ErV(1L z!O>6`TPQi=if+51!4iF5@;b|SF!{PLrQ^{pI8>r_EId+oaB#+4y0H0`UeOErBHc3@ zNQ+hE5nf<)9b(lAb67Q)>`fPCXTFbFw2CX423OsX`s>N9XmL>A>-Cu{9Gk&lIG*AD z=_zN{9DH{Ngly1j)P(GhX8@UkZ*sCgn>tgvL=M5vHa?+(^Fb2Q<{QeNt^O1<+x|Hl z7-VPhYbKa)*}IJ9kE0sf3%`U_oGpe@T2bRjua)h{JaWx*yzcqR1yq?&PVNRy_8(di zJkpY%JA3ZEpIpXqpjJTQ-JbdFw3781r75=a#L2CR>!_M*)I>VJI759XL3BNfxV!BV zI^Ev!{HCUn$3{CL?3m6+&yXEgDWhY@SyXqA;8;z;X+Y|+(P)N|!-Z33qrO>B&Iu8z z9kqkfxI)`6%YvxaA9?eWQEstyxXTAm9A48^gzKV;wX)*=T6{bLoTZ>mx=_G5_tI$g!Bn5< zD0z6tXXf4&E|f!~Hti`rx6rt2?pM9p-R_gluB?s(%!bya0-|0yyuh?~0+ft+eoupV zBm56`djz=n_*Fh{-V*WjNqaB9DJ1`HAfuqH7qvtPFlu+8Dzt@$cC7xn<40e*=LtCD z8F@IaM~HHjDv>}+?q8XMief~6)sn=^xrUbd!980y{P{a*d#Q8S_jgsAg+YoptT2;C zt?gbu9>8JF)Ia;VJd&WA^3(v_)<09`4bpw{gyPgb)S7zldIdvLH4EhP(TJx@JR1?i zK^o6avLWC)hZH%%MrpSi()Y9 z8OT^9#Fvq}9IOdtK~whqw)Z00;1HIAndfD96+3O|)sGlU!<vmjR=BnwI6FVJo=849HHQ>_71qR!5>`^|wBT7oLZthAT z$?T#Y^++luIlj#Ex*~nF4$z+Fvb0K$9E#~lSL;a5pM7Y|C%W@OP=0m$V(}r?pM>oHIsc$u<1ZQ1X&L&ypZ}EF`hEG2>n}hr#t0`k?WsXk zDDuybhl)xX3Mevd#@eA#jrKgm68+g`w3eUv{)Y8WIA9M8Qs8NwMJ`Zo{9NAJ?t zw#^>BuA2Tn528JWDl?@;MEJ8xgPoEoxRG4!%jJ*%RN^ok1L>@;6g(W zVV?5|@7)+&hy}6=BfTMGa(LY_>Aqbk)*(z`4@LO$(E0a9Z(w|+8 z&);&z!sA7hc@YqPklOr2lrFltd_XTDOnvOTSAlGXfjec1z8>wxv$&2D(!CJ)~%Yo@v3 z3lA&3FnvZU`2#LMo+QF|UiP@??K*USI;$m2kM19Cs81zIZM};IsK@Sf_%rxWL}7IY zqY1j6;H7zAzfn8McK^!`$nDeht|mHI4YwrgHlp+d3E_v^sm>BiFh=+yembFVL8H^b z&TtB=ay^$P86ur7)upl7!|@@{y`q|1;Kp`z`ATyp;#+umK5KZ9-H+Z@M_a4iUN=B;>l zb7vWRgR4nXy?S;-zJ7NJeXq3A?8rm_3sg$ryJ?CwK1dK>^dhESN{>H#v{~5TyLr%_ z&DH$qA`bKQDUq&x(dCY5-KUmz^=HGA@qd#h^PD`BYrFdJC#qfnY_H(o6N5yh?7Ry2$IIVG`hmttm6af_z|`x8 zS_?GbGIkG_F8_%1bexT1aCu4uB-CloTS+Z1H1~|A@Xxm$1->8lT4QAT_?giX)v#V& zq1o9CQPZ>$kFbj&7lYyST25nDU&%$&+-EuoeM!EC2^f6aDT?~i2rv3%cWo;>UpF$x z^!VsCT{#zg(45>%(3W|uKt;(&BoPX*{>^VYb)k31>ud(|(E6k4Ji)_5V}V|;^U>$< zI+ri5Se@0nQ$ePVPy}JD+Ng(qEGIKoC0xY}6dpqi@OSw%*9JA#*SAw&*q^z#K9#+W z6PqCrVor(ka8pduc*K)D+l#`6ym6U)ZN<*aoT->E!)`VeEAV;`_y!2sjs!YO6*q+R%iTn{Ljo|4|cH)wT|DNY>b(%g?IU_DRo*K5AqHqui zetbH*YAzc7I3E@W%^{v}vZ?c^cy=%OTzMw;7%8YPQ%LCzm3r?)gvSRZ^#QzI4e^L$ zV!eu+RXZYGubQoN1R=GT?n?0b@~^@4E1YG>vlnamkIxfKIvm>b%evhI*HN z*H<*v({y%g%2i5HBqM8d=Dw$pC=Qa!SPKZLoCQ-K$wqeW7w|RV#nW_)=P40#|7?<_ zRGc0UCo>MVr+-00FkORAJ(a!L*5Q-7IBIQ|4<3YY z)ppuUD~=96m>fLhB@mJD_H>!eWaMt9P%)TR`CWlxKBHlur|i@1X|w$&&d|`M(y{rm9*oDk>S!D}jt5E6iR1xKqHGP(JT>0V?vaRL7LPq~oVJdmwk9HC# z%lG?t493qJBnWls5^A>MCr(>jd_{z_-l+X8omxWJbv-}O1ck2;KR?#t55iWz1=QWY*Ny-i{_{u@x7bg zZ;gy=CQL^}Z z*ey*msvXFb4nCXttCRl2j;uMXsV& z7Y9!lC*ZSbGV+@tfWaj?wZGF_pML%NoI{#~z~l7u607(l!PBE#m-m|&4GbKz9;9uI zKZ zWuE8n7utprO3wXi2ztJ%q3tKSt)55mLhnOY~BkkF3Mv3ZYTCgUjB-rRY=cXd@PQ(;@Gd5M6VrQJ9^ z5?fS(Nvb?|LL>f1a*tmoPaqklqkAfbG{qt0a}R)Af2~f9gZxXrSeQF>bJ3#xT?@P~ zNE*sCLA8}Z!ShVE6ib+ZbqV$Z&h*->{ly0_(UBO|N+%-CtK+jkPxWDp=7s41OSHXv z7$kEPjn1(Qjg8bm8d27~aIfj46O{Dt{pP(a%`T~YJTe~-7b5I@AOe)zmDcjV4w5fb z<3(yfciU8TmSDU2t-_=KNBUQe-R7I+hqdEgWD8DFtEtfsS)Vh2RM>>voyqc6g~~%= z`>JT@ge}1_^@c3BCF1q+R|rS@adAlof5`#n60&vEZ`Ip(Dy1sn#l;qNL(=iTKQX)a z)W?>qg=Y7L=^Mo^^8Mn1i0vVfk-HO}FQy!jB|!J4bBsa4GAjIfA{REcoHe;r{fuw= zdzs;r&<8MrqzuBr+LgoBHk)TQ==<)#MpcA5Bcc-#+=hX&BMt6BggVgA>XO&itib^u>Erag2ea3$UEw z=b+n0Pt{oj89$ov(-1xMmh{?Pn*@Ry5nw(1YuN>a|J6Kjlv_TK}$(Vv#@aVmR9t8lq!YPU?x5~ z8*JI6B_=LQqeG@IBVUO&G}J8&BqQc98a5M#d9wq~2|llps?~^8NODe;$V>RU!+`G) zl)}u$w%yt4v9PeX>+J9vL(Ja!)!of*XFz`_o++v}4h1on ztUl!?BXicY@oj^+A4HhdP|oE3$V62g`!6^Y3Myk9V+@=yXHP}u`{w9~i7)-Q9~6G~ ztx)N=fRA_B)1!f*MT$wX^1q;#!XyNt)K>7^qJq9q7VYd6qkYek%g!&q8)Ae0H^31W z7Z3LA>uX#^jutUNgj^;NF5{N`FNXFXnHIxtUhycw{Jsg#Kg=RvKrUJR9X_X7yyofO z)d}GWqDP%dKmNtt+?IR*dS2eCojNLNY8vwTbIMAMtHgid&xhzNdiav1{rN@CU5DiN z@p%RQSlIEXn75@uG5i?ncD$c%o-A|!+2#HC&{Ry>r&n#6@jl(l{Z;n!%bhV;)RMLi z8f7eerUI!m0W=|L&s1y}VK?7|zaQzzC%ZydndQKCmPAz+Jr}#Y6<` z|4s6cSH|Z~bG&YR9zi@qtNdP5k}lP=Xv+Cn#kz-zFBmYJdv9;}rl+&sbkD7>e~Ku9?(F*+P1XK`{7=VGkw8HkJCmr{DLxnH;F)>Vhjjm6!Ve>6|oe#6M;7lG1eN*hO zx(gw%MaQ%E;=(41I?%T18`JVV?N(eSH}_oEly5q%Ls{~@EE7&y!x^gg07t+v&bUF} z%DVc@AgXV;#oLx{WB1>c{BbKMy46UQ2t(_I*S5_yDMj}8`phSX-46gL*MTXMK=ovk z98JPjY@|S)w(W%q*j%KeOwYZDYCJ;FPb!!6kGXfwyK0=LvWELOKM)?_Bqn$_FRT1K zS^6AXtq(6MZ*~OD_+G`cnV!L|QKxoqmZoP=eBT z>bJYYZH2QDn*ayDs%!niMda1+- zgcq{cW-c8%r`mAiG@^j>FFh^Qgx@_K1KeIxFyykCRpRHqJ}G7OZuAm{efI?hA0F!m z1{yym@MXY?`*Z$AL19zVxuyg0`^Y{iLFUi3-_fC__UMztQjJO1)p%ls9@#FDV@Q)- z{0q;R-FXrmVw=@KA?3HU4Bsra4+HYu{2b<=ln}3Pz6AKxv#+c#gu@9lPPjhW=edhj zxjB+(004UHXEqlzk5nE@vFy;wEqrNlPk=31`W0PFoH#z z@=Y*m$(Z`=RCf1~2$$1~jDax5KwtU22c^rGj%5TSNua0st>I)SHTy67!E%Py zed@gh-9wSQnN~>}^`tqik9Z!D@?2lKiTB-+>*Df;LJ_Q?^O{Ez*+t!x@gv2js;6(E z5rx*5{Uh4AHR+>KM6{clO{D&Np5gnsq9bULqc6Kh%_StPzgMwe7V9jCVKnEn6bkKU zEZ5S`RS6C5F1B!~uQoRh!!t70A(<1!CaEfO;cS}VaDsqM+H)XHdJ8Cnq%9qFC+3O- zj4*9pYs!vavqVo!2YH5TfKb)B`|1|(cz0(&KCZv?-yO1nqO896qhLFx)TbE+1DLap zIQpJ#K5LRt!n+`(rmzI}pT^sstP`9ZDdM)W8=Hp6I_5nz?4EEr$F{cLberu%ElKkT zYsG6OcQj_~p|9%WWz9n*DhrJGI})*roRU0-FSfV&=U-0%0qgZ88X}?N zR$TaftZ`+Nss$!I_VBh8ZP>gpeG&+JmtJ@hmruB^mTUj=s*}@%HpYN)l#Z@kf+vHj z6+1BHI8*h0_NR3?9UAf|cjvf*vyX$7+jsK2mzM!l!Rl2!AbWp-{D4X_t7R-WwS}b2 zm@>(t6asZjbFr5*Eb3p@7^JU~Gv*xIeNj}LoY;|+DKzE~TMjwUkbZ9#SKx*X^GZ`; zq!Jg4z{z-E#OXN(v(=m!j?FqWp7_cqQxS`4W#z?;*OB`L@nkE(U;azRUGfZG??h7| z^W1Frf?7gNzdE_62THc&>6B|z)0TEFl7Q5Qjmf-GEst>0{&y(iEEUOoaNG~nOH}}9 zLg4=F{RlwHK+B9>(S5#a9pF1AysYox1pu#l?}RtyUX(5bk@E31)ZbCxDddtIJ)jvw zx;nQYJ}LMN(8D!n7_XJ@yQP=DWJhIb+YQBoJLrL-gk+)I+^J8r7?wx}?VgJLgzydw zQRM<;{0RyDYh0sNrC9udqgD69(i@jW>tBJZ5!SiViml}o-pfEtiMVbJ=dg%{aM=`z zT!Xz4^@!Iqo^)O}vTwy7Ng4@*_}wud*9lPpc%4Zvq$fO%zC_RFn@kpuapoF#hu5y5h>Y zgZZJoDQ^L{*OraD`0nC(Q>hOo<`3u5p35KKbeP;QO88Grn6_h4WJjp-=D%fN9Bqr_ zQr`_m2c`2Fzl=VxoKVVdE-o^0FL0!F&*iCGR^6Y6@(fSy&fC4}!iN#$>ipslR{p{N zBy?D2^Z{)4169u7-z76Ar@JCcm<0e3FO1c~CFK`8H!6`aGYz&Wox7himu~;2jjLYC zsF+8TYnAc8Rqn^|1m7dpOc8+$=<;yYT6t1r>nA?drLp~TU6_jsR&ubOizj!19FU9S z$A1gxrnQ-JncsCARU$QFoISL?S`)04sO700S!N__vxJ~EP?9)*AZbXC-GvWu5wXFS z+!%y}NI_k;x+)Thy2k$e8A#7Ou)EuL+xC@q&-PY>Jy{_r2~^b=09ScyjqYAg^El+D zWsh2H7Nm&?K3uA|A;F?m>KK>^DR09MDJ(2}Un=Aou=Y|u*MaJS^gYBosH>9wj2maM z=8gEs5I)-Ob2Ltbh{JcKBbT~qU+&*ysW zAub&QX&q$dGH*_xg+KM5&WVj&T%m_ztHhWR5{~zo#DfKeQDt=m)gEaIYQVfsJ13yxK#@z#u<_hK$;tQ&R9=VhM0Cw2&!% z!iC?LH1SadbUb>XD5hksLdaIk9dTqm+-AegX3z^grqeu>M6P*n-18Y*Ye3_*pe&Ax zu}O82&@i3=R|JsSFdL#%Da?~ z2eQ?JU7OUWVW$%_&O@G}wUlpZ$zF+-?(o4N665*DK+pL)GLF9B+?Abtx0)!}PP^FC zH7Ke6q1KmukIEA#5g8GBN9(Pg^-LIl?KdJ_z`+i=Dr@{1ZK1Siraj z@(sug`OlpfDyRqVa>cBSV{UB4WRH4&YEB*`a&2n1q6j0I*wXOkaF^h-dOdz?^3o)V zIxnG7s^QLvvKBiCDOqQ}F?pcoG9_NWe)*Xv>eDsQ_Rr6k%JaowmG357bvJXm_Ohm=#+=Ph}WhrPcx=*@<9 zJ=zc4%{*U8^DSp-Q=*^KU~ zH;7gpDIlTPj_BVnJUYsIUlK>BYO>noRAV~%4n`OzncZ5d&GX@lDHd7OKc31SD#=on z{6DZ?;7d6y=8PULcWW%>QDMBij^;|~AooPK)PM3~e)U1}67yPa3O!iUiA-oDZ2C;# zcsedFzCw<>69f`d{N3U2!2`&5dsh7xSBudttTmqvQ?E8*(d!VrJztmg^yJmBlF4Vs z6ly_Z?SjO#TQRvR#nUaZ5)|Iv-dfGh48~~?2f}o|jX*q;W>|Z>Pja*xsmL1SJYmh7$N7wv1 zx!W(;=Bu8W;Rnr`6b)}iwI!S!g=6qZ(;GJY*Bfn4?|RIfGcRgmWK;6Ri3voc;hhAC z(T(GPlP>_ikk~)(KL^hF>CalDt5}g0bv4=7Q8)wF^9gaUz}j|55Our}6qt(@`RaLj zdD<_YwA{?eKL$}8mbT@yPz(XT?vAH3pkw5fZR<%(w^mADXULDcqm zL`OzWemI!}k4C~TqNP@h5{FdzupW|+NMH&tvR%>k)T zS{{sBF1%8O_d9m&?-9C3@r*5#1kZdauzy1Ml2r3e{TC#-##Nuzpfr0+?A12u*4=D) zvB5-|voct%aaKEd0I8(;Y`X^u@8h4@oQV39iqkxfLh99%h5Ylc%vL?&_N!g3^O_p{ zGNN#@4TY(6_yv{ytb1urzPkFpG;>}kQX$=fY-HO7NHU@2v<+lZ=A=Gc?F_^ER0526 ziu3Mr!vQ&!Bo+kE>MROA%?XlxMEu>9(R;6xx9aw2EE`Q)*>J#EZ%@5p0D?`x5D*+w{6 z{yKRP>u$zh5%TQjBl5S%|K^Bt-Pfw7u7N@<;?_%nsv{eghY~*7z#8!Eotm${;4jot zI#;TxSQIP3=k5sH= zfQ8v+D33PF&iZ~Y+%|8LWgzEnXYA(tej|3coM1)&I?V8ejwZ=LAIBOIBJCj^Cu44v zfvBHALXzcQAOiXWP8*(nR2w~^S&N8=b-_CR8KZ@ujl3++hh4D}__Do$!5G42&J3oa zh0KJ>2&$#;&R(;L{FivA+xrNuB)l zk;s2(01?R_ng3uvVbMW8)CPtrB4%x>x>&>s(ocw}J>y|8m@|ltr(FN!II48bLPcKG z&S~GiF5p;kW}TQ%uzvxY$3H)H35Ky%UkPRUD5q7Fo>|KigtK0BrX6?7? zDc#w2`a^-xhPLX1GyTN6uYABF)$0ARy;;JR6kkp-LjIfDP?9H>nbruk8HF&SsvY^+ zj?U|-rHERHWr0F2;%bv~_xOCmP#oR%_I9_dz)L`3Ar0h_Ldb8Q2x;(>L?jr(%P0KK?>zr2mUS9|*iqmROqi8sc(n*Y^#+o$3>4rIC zu{WZWyCxY7Lo|%jnWLpi`79Upv%Jx?U|%iDxtC0>{gw<2wM0eu!1vxt5PoQ1_5Wnp z%8gBKLV-i5Z!E9PmGTuh1EDrxp=B!PKQRxHD|U(!lyvITq89hi7AzFd37eE{XUt4mthmLOx(ha@J5@|`cdI*MArV+WLFhsQ=T8LVwf_}bx{ZhAZ)czyO|RbX!MSa$?WN1ZINF<|8`;*A$|&M zbCTRJc-iXvRPW3a+T;@#Ow+HaeIkiT=Jrd)2@s))nb%ZrCLxwu33Li;VN9HM%CzQT zI_W8Z;rW)vkTiQqhHG(+s6%gDFkf{b9y3{bFMIk}*QN=2}>X=W;8EG0_ zkBLz3O0^;gJ6Ffw9j3kLk=+8|TrXAGN))Y6X#0B{%yPOAD=c8?d+?1oKy z)ChY0CaoTBMYzP6R)^BlERtrw^*)2V)abthBTQuk#1f9+;lIg|MDND1YIkCeU?WXUg1_4 z&4m_*#L=7-R&NOa=UM9aU1YI!)_lRj;+VZR#2V8bR;99OexCkkROx%tG62Erfh5=y z&u83mgs@^RoRo|edf;wL+6i-09uX0{YT&v5kKxa_(4WAlj8^+n!TuF2SsMYV))(s2 z*9b*F0cLwihj>meH^Ypn3Dk9sQgG>PvbTQ|bCrR1o)nM7JS@cnl_>^#w5;i|ep=m1 zAW!3b0SBjFHJ2;%t>{=?*T-QYCi0Q_8-eQABF2-?*PH7B@s+^uM-t7hdYb}~)5Di+ z5A(LPOlvZ4O|WuMZRu={4W*Q9DmuBd8wLk3M+^PD^VOf*+ukE@twMlWA}&FW9QD-u z97sI!9u7{S&QcxHNCOhb3(KB!aB=@te#FU3!k%{zKAH|}4kCTQ^=Q<*Azop`U@JP2*RK%#?$Jn=cz1oLt+>Go8)h?EFRsmUH_eI?`VSl zcd|`6Eu3CPu_k&2-dG{hdBJWq+L(>09KHVVy6IBZ!U&xGSN1O^v_pywXHmdsNcSWp zq@dHBaNDujV^9}FmCf$llVd6$hRq-`Nye!51vc2`#E0^Q;p069yuxg~%`jT5;?MI$ z0j>*4@)9R@-*>qR(R+YQxsKth8WCdcrog32%rUs6Q$f-ynJl?XC0boPE@f&=TwGka zOhM?&{qd-_wzh~eL@@e*x`Z!?Z7e=w@)5$x@{^y}lfVGi$DQX+9 z7H6!y$93Ui8>Y!%T1`=R!CBqOQyv?+3gN~{ZE-4BRiLgIvO#BH#5rmtQcCy5VDSeo zr?}<%a@#Lo12iS5JWq8{Bx5<9?wdkUkKw&XyS(-r96k9A-DNkEWl7v0jdtq?yg{H{csCWqI*RxkN_y3R46?%z7RNCPP7Mha)zVa8OkSu!j!fIS)fE-yo`Nkvwm^6GL2PM-2;$8Fb$ZdHps?TY(!VL$k z4%`P-KmxxXK2B0;U@7H{dLZeDBUa*9tnO+#@9U9gGZmF#5UH?Q#T~LLBcbtWL;3w~ z9mb7$W6OZsEdQ?700W{*VT3=jJpx3Gk0ji$IBIq_z7Zh6Q{O_h=)cRhOM`PH1{36` zJ+jz{m`VNB8Qd|*`c(RJ3IsUdGIDMYOw`&A9}BBKJDHRke1A2rxwy=9-B3*};)p#u z1d@FhhF``fq6VMno+Zs>d(liQ4M)&$nA4>MVQ($`kx^pMOvkqptDx+{um6cR{-@|a z`=2b}#FhVFd{fbO*6VcaJ?kjj2bIGj!@?^3xTn)GC5tbZ>1W0xK&JwooIQwkhx+W! zhc0(@ePjnpZxc?%7W_xjc&$Xf7>=q_I{S_#KGhTBNWZS0FvQ#lsv&DUIX+#Q`h zz;$)bmJRJMNvcihH=!_<6YI?4@;6m&=T^3;2hLyuMZS0sq@i7I@G+-Qb6U z0+l@mr5d;BV^8T|^2#@=ZmVgYcj-trdU_2{{ zZ6mY5KtrnAo*n1#9x4VfcKAD@0_J1$K8G}KOa9tdh<=*#I=jGAOD$|4e0%zsi#<1h8#*pg$uK!?M=#q)*I_aL`F5dH+X9_NL_L$#pD) zJ#YtM;XVC_M1+m8iK+)eaRaj@O^J}EL!-jCjQnBJ$0iNAZoiaxad2+(fwy(QzzDK^UReF`MfZMO|%q$Atqz zDv3HA#1}!&`*?Mi1E|>?s7~-otO@&Z3Ugs^Po@XqTT1_}$q`|@Aa0W;qv(5-KKnedt($5A0J}y$Q z<*LA~CtV`^rC(=nC#!BsGs@fj;JXp#jWDv$DIwVnP+MgMW@nnonm0=3dkQa7R?}Mc z!=?1~BO|#ZM`ns1Gg55w-KARJhgWc@Ig~^cKT0K@-ob}SQZHp@dg|t z*TpvJmrGUe6_SeARmVN5_?MkUL_{v*QyXo4v#2>dYC6}B6`doB#5RT=PKvMDtKTuu zx9s)&6yd$2MNc@7XBh4QWEb$;bJ_V9e{?^rUddUd*0J7-B9H?|x3S~TXK+-S@ha`E zJD%-XsYpDgBV4^@-=tCp)!z+$py|Xagx2G`w84L$`Mp>k*-AU83$7v~+@vcXHC>%Q znt0P1>OERopWiM+(v#sQtL4{fWJWQ>d*v*dQ^6G{w_u*J*LiL+Mv_R9hm5w4@VeN!{Gf((Qr5C#X&2mVdlbx~m`gn}qg&G|x$R`#W!cr zlCbWvk7Y_fAM9rw2aiTDzSp`@jedF4?j$@EdIYBt<`S+JVQyb)cGN2InR`eXj7KXG zDsQa6SZO`A4b>6Bs-U9}`rBKdlnENAyZ*to5^w8^0-9erE80lml=1aO*Q9sKf;KN= z9Mr&eI11bGNH3c9rZq$-lh-KGz7(Xm3*H z-D~XEkk=dkq3~woQ7FF9YOf1;YT7ob`c>f|Fj%K)*`53}W(*$O-_lO{oS+sj zPV{BbgvxlF3OU2hSMxQN{b_RJ8`G`VHCFT3a%IMP|GuF~)f=T~mBsYIY}lqO4saK# zHL1dp0Nz_*05qGyVsm3hpJxz@!0upa#qP0%!R5e-b=-d7KiQ0x^LSsSKQSF~Z;#=z zWw6+K!?Oo+jYGT5U(Jk-#E^WN+=~urhQ}8+XpplUxa#fV2RKOOSh*ZB0Pc1bnPp8gV zgUn)cx6#QR&F*3FK3pdLOM?iu02_=R)oBl7T`%F5uIzeTip0t_mOyT|?l3&q_G*va z%K4_0Mtf~lcFF2(-S{RQdcLYv?fwc7QR19hPQ}~bT}r%lh@Nqwspn%7RUk_04?mj6 zXlODV)3Tn!aJG&Ey%RcU8)pLcb&pnT7mibaeE_CuB&Ph3Z>R8Ih|UEYrA3 z0{JC6dc03{0BN^4G#7stEg9tJcQvM(DCFkzMOIM{3-b49UTHsN$hOEO``;A}S<}=1 zzx+e><()HJu>1Dmu5_!5Vdajq&p(5xJb@{u0J#tt1=JVYMz&T5kFx?NEOngwE_}m=jeyS z;QfiK2eieDCw1Pg<4NYKPw6xsp`fK+E*?EeBhhtA-q*SM6JB?aP@B$I86tz}{_=^M z7oHR8=DOGJ=?ugBH_*1m2TR}`xV_Ws;i3ZeWS^^oCI|y|NG?Yo1Aq3Kis2Oy-#Q!D zpMSpHWd3)gUlLYz^j5ik(ekgkK8jA0wDP5LxsSe9s7icIEGj=#^A!dWQGr_l)pDYQ``M zx_%*Hc31zTm$$Zqi+Zxwo!-lL0lUBx$Rd#1$|;<1*k9G!USaiuOojsW6!OS`5G?tT zubpq?oX1;lQ2hLItmKWgJeULuzD=j|TtlDY?}eWKe9Tn>%j@s9Q3z14s}R7_Ci+9T zHiQl(bETed@9O5ZJ%3@f1@*PBu3^Sv$is=SqdRxh7hM&AgBWk~%?hwFB1Bxg5$!j3O6`Nsx(W3_sn8B-bTXU|2q zR)!%Zs)O43nz&}M%(@OtQl^(-`dblHx{ewvBU|^TueT-gzSBim2pdme$F*{#y|l4Y)-To? z8+<6Zqq!VEv2EK}ef(Tyyv&TC08pBuX?E_u=YhyrG}=LLI8S&vzty+}oD}h~z()Lz zw$Q8&`2-Essjc@PwUI)p-VnH|Fk#b5nTUvoabJ7f#(MC!C_h}!$=Ko3D#pp0?Ihh_ z>pzM-=^6LcxVko{`#?5%K3x@fxK6(I@l+odVq|hi~d=1fq4q6wBfBCL$N#dT%6c!7yA<-y>7C+5oNr^2{^y^4O#@Y zB?_T(cLU(5^TvyPi9$OIz18~66gT`oOFIa<5L+CkRhfuCI8Dy`r9$%Anm%W#sWNQ$ zN+2KSF}GR6awCm=uP9G-uK1`u!fZKz5*T$B=;ayw5$q*;ImW1Sn!Q+P(oD1v5!|Ym znIii9=#+h%B>*VNEtxxCn>HffP(w$%-3mO=HW&Q|Z`;b= z-X4sLdArJ-<95va{gV<#*S!Ww-~p7^@6qIiPl6(I_JMtxwcrg?#6SOt%AqO!_GcQi zTmL9_*QEdd7f4t+e|T3jYr(nCNr)OmUef>!Y`4sehm03440u5hDR`ycX?h$a$ol$h z(;jFD$P3Od0#94V1YEGNxR^&oAindHHDS;wXSaW`)$DzDK8CN($E$Se987PT~ z@+nsGVE2i@~gE}zOC0}S)J827~OjnZ~HOQ~L4VrQj=IDl6 z05xDAPcxNvkrm@>YJ8Q8CpK@KUB1KAP@(u3eg3k75dOHeP@t4czFQ^X`&8r@XJszs z$)>(ja`>XV(|Dz-eP1lv7Zt$T^}aQ#Nc@h7?OG}(kGj7sGuIU=J-M~;vH<#q4eXKv zdhiMZ@w-I#z+j4rT$I|LYhf_XqzjRR`*mZm6WpMN+cl6z6%e5!h;0p_D{ylCB_C}> zTKPalx|R;JCTMy$J$Ed%Wr(^;bptaorPM}ZTvZ;1k{`mHlkrR?Xh*IOUUa>+@mXbw z{4;GP>qbBGF{>UjRIS>!wYZiVHZFFbh-E5m?zr-ZLqj?i9dp=%hDrUaC5Maf!tj!K zP}*C#8IM&X%aq}I$y1h14%DAZ4P}WL#SusdD$KdW9A7<;kzZzfiFBTEm`ghO34JY3 z4rjvU`fA*r<1Kv;?&EQFV>Q{sl!zOJO!@plf+QsoYLHd^PIj_YJ#=qgCV5J~X5PM1 z8W-2zD0Rq&wloRxc5TZkEw#X#lBIvch-y$RX=uIW4UZAw9{-NaN>cnbk0Yo?fLS93 z2W)BdDVHu5(q(h%KxT|O_){xAxym+!bz1R&tA9?JWb-<9iSKq4?e1#Og@7bkXbZB5 z5r5q{Hha5d5!K*56j96d3jt>}^jSwRk3ItZ9ZLav+Q+8Z?{@Ptl25zTs=aP`Ka@ka zJqE%&;OZ})Mf;`2lPOU0kyOAqd-{*l_+EYLm)&f+KgWJ=Cy2n-Xx46REcM7kx=L3@ zr7I>&iKmeb@Xvz2;)SWFG_OCT^Pt#7Psm|}O!4Lb6X@!cx_h+|b`EFE3`wcH=xCzhrYW@5}*&VnV+nA`}V_Kt-=M#}A~LnyR*@++G~X~#g!eOLQ8aLt zQ`^5+e$0>I>_l(kiC7AX=7`fzMJVcOTKg}ldk@1*UiUXB$ zU<=AzI7sp>S8@_d#;PpkNi1f=zbq%Z7@X>D@)P(J{B!?>3qAeyq;~4yo0gJol`yhJ9D=`~p zaO{IO_Qp#WFv}Mr;K;iO`9-2z9{O|KABVV%fa*$x;Nyb_JgAg%ti=2-HRfX-!S&ptTcVsg>WFy_jja_5sTm-d!J9T=?^gKz`xd%kX0jPAuLe;AT^v2w8UPxiFH6gd!06D)MeIW#TZ1cAO9+7@te8| z8c&0ho|6OeTtCCH9esx{TmuKt$M-o75~s$?TqOdKd3~`DC14rpLn$Df{lhGX zg;7V``=~^Z2^cz%RTv^vBCFW#3$PwLA?x?>9P-4u0i<cn~s|CscuM}=gK?6j`hWG#5tqaRQ0-OZkOv!BAa??Od-sok$V zM1(b6k7P6fpK40uG128@?K6p6F0p*JWV%{aej>#C-jNCp0o9=E8`RlD4FD$_?)a`} zFMQ9(5Jl{-AB0F<5zRlME!Y|yVtQPkn8OvrA>dwH%7I=S?zM~9gWt${n*suhtbJe` z9UKfNd7t)69}+>YbteGK&`<<1@AeoJ{i$F;a=L~JHo z=tGvzZY^!8)@?%gMhA<8Ii z9Nh_V0T|}8e2HqvFMiK@blwy0vxS3`x#=>L{h3%dg?M zh8}Px$gQwGG&t@da=Gke#k+2$nmX)FofrEn%IaYEx`_jdT9n@rSo+194RR$~@4x!_ z9qk$e`&?8>9u`=Pr+NGQm_Rux_h|tTwhG1a_)7rG^`7H@pR4j*OL@g zwYWY2vjy%81&08$U4kDjEGIXl&uY3%0|1z1T7|*^ZDZ*zlT^-Rl#J1Bhxfom*7(RT z0Qe;)DcTAdW~yl*e}Zj5>*P!qTQuYsTb~Mm8>3}& zO)`NMp%4<>3Ym`o3XjCC2nL2Q2hdeHv~QhM7O`M5ib`1+0H_P0$S=r^lq<${v4OZk zscI1y5i0PX7lSVW^xKOroPnOfVvNHtF1F{%ze>UYJcKB?Fkx~E zi5poe)~Mk8$J?-0P z+5(RYhk$%~Jo7w6U%sM};kidLipcyde`2SQrxu$ZZ-pKUM{OX`-PrwX!X1QzoJYwl4UZNE!$VTAkxHgHk=o&DZy!;l@2M zoZ7X;tNo7BTJ68Jq+TMOb_p~xloSOIn?$pt4iJ90<-tBaKkeqNr923vUt58Pa6k#A zBG>%3k}#EMeMaK$6TMfg$JUzHVlS#*(&CF&iR6@C?3;5!=3> zuk>1(e+|t%<29Wcb0B$yA7zAFL-t2tbO{+8B4H% zU*ZT?S-yUms9BT8cg~%1%=yNO^+h>Tsiy{Sn%b_|(QHBRYe2;se z${}iYuu$+j%^HxU^;w~fm#$oLL*ttZUxQLU)IP%|-I2(!y;sFd?iNgg4{}w@H4A8@yKTe^~%y1trZg4oAZyQH`dsoEynM?{L_W z1^@h7Q-Pn2-%<*LXu$ae3;dOaNU9pvX{g(yC-}!vg@*_qO}t2EDAr~ryv-mrsS2+@ zS$vWMjTR!BJq!n3y*7cDQ(K0EEwUIytlU@T4pmP+qCDM}CR=+t+AavAY{mBp@$S12 z%6vRUg{U?kXawMfdUp?9htnkeafW}S;J>ct3p!6iyQCKp4X?$qBWH`i$?f#9b{aPt zccy>j{|3$AW!1H_ZdN^`M8m3^oC5L-lG6*ImDWQW0QwHEP(f_2dbta)YSG^=9jbWm z3%WQXaYACxG&Kg5Zw#3Am}_NQJrqqi@mh5u&$#xLEV5rx9tHn0_SxkBGx4T%Ekes1 z($@&2TUj6hy~(7SJSPhl@X~NPwTm`%27nT6m1t8sVFsM#tkj<}E+C8A&z^l;`9dG-&#! zwp+JjA#BYRs;FmH8LaH?TZBgZ^HBuY;+P)i>wuAqD$+nH#C0AtxXOetT*mJQdy^QM zPq;9@6~sDlEQEXnfJik@j2r*4g^o^5MRA!Gd)M9VU5Z62$6zjTnmSp-J~ z;h@OWLrFqelIR~zJ+?C=6Vf${Q0pyEHw<=dKtP)c$(+R`S8*tR*G3`f^AC(`fRes= zwx9DWp?N^Op*MPaoH_=Pg9mUE=wcS%2e~$sc#zX*SU<&_D6k+IkUO%YO0qHs0sNDV?v&&Xv*VxZr}74M%{>&~m-g0nJg=L%{gtab z&-xT|YU8|<66w;Kb(Zzlr?5lQ9B)0CV*)5$m>)KAwsDC3%V60VakY`5dB6OP;2z0ht2+ybzBnqh&^ zkS!3F>fzW|Id~yyq~E=rm(C@%q&C1ih?y{-10N3b(#?46_c&K&>f0?>0`BV^z;E}t z*yw$KSq191Y3hjUvA2Thh~hdV+d{RTzH=nd#eQbG=x%ulhMUxh*FF01j=CvQvCG<;WNf9?VC%dvZjd7fgN~-S${ecmhQx>~dp} zAONfyd6z#4w7Me*b#;9&bkWK=p9H{`H5vm(yA$CXK~?56E!Ip*;gx_$H(nM@_C0vI zt5&YiC2?4XP`qEvyI~JfJY@hWgUIrgIu;jGv6mUi->znkFT((1zFSw8Bqi0JbKVw( z_Qi@xNjc{812=C$)~T6&`6};&iHb|aKpF6IKaiaoh$YZ@A>6SXIZi&{Es@l<1HyUN_gnMqhw^rfk(>0>=V0La$qCFYekuGf&bj#V+g@hHwJ z7K$V+R`P@2pOBAw_8Vx8YrdmWrN^nZoEP8Yw9La){Trrg(-33%$H(K+#W9hy(+}je z=C8i%t=V_t&B4GpK0g~iD1H)hd|#0Ncbn79@fMw>w$`L>UspI2?Ht%<0QVqFXD)vK zOw_p2<8gQSzlK9@{cp2{UyRtCVq{;MeNy?(^ss8_YWbNjPTllT?pk;}<7%aD(?1sR zO{JmtCh1jjWo?N|mM6nk@fUIjqcj%$?m*+sez9Lv?>}dhe&A~o$6RU@IP((w#724~ z1x!eEZ_NB60C4M=>S`104Lo~@kqe#13bS_j9*}M~AFe7!3UwPi`+OYKP%WXn~iF5vvmWBT&y*rmtMW=dza9vKa zrI-qe3Usc3Yl&b}ojs}6rthUAGQO_1=X$I;=zD8_GUh*N+3TIQHyrKQR8c>|x+(Syqx4Ei|tPEblO`tsF$m*onHc z?ISGqn%jLwyBr2R;ZXNcMJ^7sd6v5-C5?nQ@mTOQsCAlY*$I(XO4nijL7qt47})7F zx0-*U*wfQ$N6Nf{ag9UwD?_zH51lmZNNVs*0)MKGW!O8}$DX%01bDK8dVSwXjFv>= zJVlpcZS{7~MO!vi(V05%MuEVA)M1SGv8|Td8M#uCYqA*x=j?i^rA?=O5`Ii>tTy$^ zZT?`Ha$2s6+M1`eJRFhXk~i9&rcW{V1Jvx?bTki5AGdJ5MKi1r@07=U*Z_H&myu{= zFFiF^ndZCCiW&P6n;%$On*-dH)OusuWTMqX^z0clZ}#Fd|59QhyxWuIp%H;CIMASP za5^+F-n0ZkH0WM$VDz8n`n{Xq&)mQEUu8qJapgK&D^5fPSNfdu>R+D?cUXk04YTOK zLH9CZ#?FxZnW%4`F^dWANvz1LVJpIh0l*OmNXIj~)#xdZYI7pHC829u>B#`2)ObM_ z&`VC+9@ty|E%w)xVCiVb#Nsw`++|Dyu1tdlF@9Yq8WrR@Tcc%i8`S*#ds^QGI1RSpiw5rgq~U9|uy0mg!#es978 zT!_idb3us&7+zB%L=r zkzgxU04ljNS5FX7dOdrO8=0f7(hb{G?nh~R+z@nSB7spf4+wuz4A_<0wv43&eA~5r zKL|@$k_M6(qf5BQD)zFxWB$fPy|A&j$0u?8Agg(zb~^PnSLm)jy!q)xT1KL?U;RR+ z=Y#5!LO#_f#9hm=)5kamo9M`4@-6N^Lq+>z&#~b$!82VfUtP%--m|$R!R^XbTwz_1 zh*2zFA=%Q1%ucW-Bu-CacwDh7@j1YQ0Mn_S2|r9$(-T!1PadbIfaWyp#2DV8+hLU7 z-pN3>eOQ8o3D_Pk!FVI=I_!%I3y(`Uy-<#9Ptj)@_xZ1TjtZCU`R#RoQh3qLNAta+ zlg9%+62!2P7+go@RDO^V66zEKa7XV~hHDu;G?LDPqw&ti=E!jEft3!@13vaG$D|l$ zJ%`GTt{}+R{bbuj+5-j(66wa-boPn+3^P9}ozG|%e98G~`r^n^m~Gff$XqiQ23q-b zgCkxVkzfg;Roy+-6FR{M5`vE_t@Va4(Kvc*x7M_hN_$Wn>$uk2pHadH+9owtB{+8@ z8;OH)!X(dr$&JTf?-psrI6kA6JfDs$>v3ma&-uNUAuy~@tM=`<`%(9MQ1;6wn~Mss z^rHZu&!pvD+C`0>**{R&-V3T)7x|W>TaTR2F2H`29wqwMypg|QRDTqpR~B9=6~JeV zUf1RU2qO-NAZ13PK_Z9;9}EB(Q)d~3M%)gW2AWqLD*Op))g=s0=1Uj=?vXz?Rj2E%S6Wzq2D9^c2!t z^{`{b3H_V_#B|BHdra8Z^f=cyH}9Z5K=4kx;d_#}h6d4mwbklG-tz$9<$nT&P6Tufd(= z)2C0O5)!x5=iIm|#Kx*~&1A#4+O59BNwO1peL{zfKu)yUQr&bho57K659;I$+~JTe z%kS&)>8W1VsiA*h05`S@N6NeFxJ9cig-@`}UJrGPfUtht%3XhdjUk=paDzL*i>ETq z#cU08u%`g9UkHy@k}3(ygZ*%c@X^#!SvXjI0;A)Zo0Kuzzj~aYS@)aMt(9ryx2094 zCcY>9(l#8wQXk23ksQFMnhopeEgtaixk^)3L*m7LCB4=uq}dv<<~>YYw2+M3H(_00 z7q?i-Mptj3X1c!-_mThr=_sRVYW@TtwC(y_R znS=8t0`oWjyNFJTClnB)(8f3536L;O77Bh_sD}0#_G3(yQeiHebS4`1hcxW!A&?vh zpV(n~KRJF+K&C7e;GE7#dku$8!f*3<@G_gr+PAN zN2tOKyvF+cKmqkj)n@XvnEs5m&xrPOu(hy%5XuK5>pzLYj9w*rDrfrv*@(viS?Y@J zPf$V(J*^b-0|aCF778zfGCo*Oxse@@h%OS1A_p=>_vo^^8730 z(NFY_L&u@c?cwJ$0ANI@<9+79W5z4Co(LTD;yqZ-eEge}`5$4${L^jiAd6+KW+BT1 z5fik0(a_OvnF?Sy@n-vIOu; zAq-W(5-QFz`?BQVV@QZ;V^yGDH$5}_*xmSOE*$%FOu_2+JL_WJ@bg{F!dHdhsnE^I ze)QL}X-Ssa8|$gPYGHsF?SeK$b*fTB4X1}v_XipeHWSR@|669T)=S~{3(4jp{E;;> za0^!yJWEi>;sb|%Aj2xwi&hvT0l;u|HAgnQ&OlS;yA}(sbodZul$i*DAy+HOLvB6`SmXjU2kI#Rv&J|1JDcKdD+F zEHgKx(z)Ho5@xdOv+0Q|yM2w$C!5Pmfr#(>Nx|EZ)9f0awPUs2#_qo^<$ zhg*&Q+~C}B^+WpvQB{ug z8H%PFsj_+rH5V94I4L^m(Fm&v4AK5DeAzu-^wF>{uAp1ckMhKuWYnXQVka*CIq)_; zMfO&sv2A`4{g`zp^%=c|JFM49BvV52#`QnVMTb>?!` zt!V>9epoGPh++^XL3~1gC7uPju|9&T-uQtnw;y=+W-pCK(-Ch*^Bd#){l4Fet%=Pb zmt8xV@|1-^aLoEn-)B~DWNM8(mbZ*_Y$O5?{|*FVQTROw=tvTd%p#wRsJE+&ASHs> z{A2&4v|_rgA}Nu#mEO>b>O0N^X$f%3%=W$XG}9%022yc0oxL(LrSd>`*ez-hN^%|| zW=-MGhL)wL4eTtK*34e8ek4dwF!o~(T`}*h$3?HNrMsOw^>{En#U^Jj-aT>_lp;r@ z4=JOY=9Lb83?Sc$$63Fg{+V*}rr(<{tLw?8I*XBz=yJ&3`Pvo&4CeQ0EeoNN6zXFo z*D6{>k2H}3M}meOADcbaek(`s~e@mGB3j2Ei3o>(VvJTQsie$jYpjcdJo=?OlnT#*LU zY4ONYV(VX!l&+ITO*)Mxv-+M4*#D!DN@Y>(hPqX;)sq!&XyB!5))fBKE|$~s3|N7p z-6aY9{LPg|BR_yc@zF_1y9%B_?#vs%)v5v=L(X@k^q447A4r{%;RCiR?zclu2Q78! zHyeI#{Lrpnql!;<-hiFJmL=KN-u|H+`jnj06qSP3)Cx7vV?ao$hW<9rNR$~rK9D-k z3CCr4Rq5<=Cd;2g|0@}an`&25Rpj#6nC7&LX&_&li^?pJ*K4Nho4tor))SUDpx$;;k@!zZk#O&iy$ z;{*StMUHBJ6-Z<`N0mJf4{R39SU3z?c#6h|U`EmG93;+bK4CQ`SNHgp?cR4exSY$Q zZ4!_GIC{K^2!b|#mlyt{xe#6p9#6v(3HLE4qYDcmcmeINd;Hxq);OmIiHN`NX*l%7 zKdi&-HW7xxx7r2g{dmTn(&)d_l=K>BBh=ePT}vGueBy$$zvawYGn{opPO85!C$EwC z@y9<6`oIiT)T_S_Jd!eA?wPxCb6v-0^%=yqQW8G=%-L|CB=F0}$46s79MC`aT?XvB z{l1?Eo&N~!A~wj?D+@I2^&3vWi!Ch>LOFU}R@bQtbBo_hcucK-F=en1A`D5orlw&N z#)!46IF27$x-^PjxVLxe>_UHE`cfMiPk17cUhCzpwoubdz;tyGn@8^pC8;CPwT)Hf zN$Y>kmcpeG4;|)Ydpi-^x30(K%JYLQ$Vj$iWUvoLQ(9gaJU5I(PG@a3+tfCng-d!dhyBSeh{p>wCN2hn*L{pWj0iglg=z&EuRgEV@7&$ z{Kz3&WRdj+QCh9uqAqLlWV}Hi2D&LiVGa9PPr|A5BQ>NKR%rc=@Sznn>t>yUC5Vn@ z2y1E1RO(NAd_n$j=B4>x2So<+u{vya63p}5CN8)-(#Z2N!3%>dg4_g()G?~rve$wB z2`H+{FMa+bku;k3QRtFpy;l3A^1kE0J4gvnlxUfnd`Y_# zo)Zsh)13b9KpQs>O49#siT~&L%IRLZ0-a3;&mRouw4m>Pg~wcbq#`XZrjF zTX8qtvl$(SE{~mNa?|&IV4{wt`gPS4b$SRU26ufe+#xDbHKD?#b>Gvg1lu2~=s2F2 zh?@!$jW$Hrr9j6X7bFL`W!n3(x+g&?A4KR0QMG#L?N^T}QC00IuM?mAzc1CK4dnr! z)b3CpM2B;i|7pOazo7i@3=u=c<7^x-selrRC-q3!z{_ z+vq@X=dSg9rGG0;$$00QhQj32Tf+gTrm=B`D^mVuleuiZ#b}_EBBdQ>!9uOIh~>I+ zvn!6qz!j>m97S4Em{sYG*6;<$&K-!Ku5ZErEj);JWB;sZ0Tq;!R;WZf?wx#C@#NXDL%8? zm{T{IuyTa1(CrKMqXwT(!;ve#p8{yUP$SeE(tj*)#%0dD+H!b>k}kfkJTt3DErn#9 zDe=$GXRvP7{u3ILa<}wch^9p-w-C;_8DOY|Hnf?qZf0*#M4eehT0!GUu{K4?_3TM2w!-I)xYiX4f9k1YM|KH83VfgGN>qMh~=;;fIf9B zdLuJ)p0?pGnF1M~AF*eWPLo@7?m_#(IUg~+;AZ8@9@GBCFj-lfgW3&sAz(p*MFTY! z8759H-{PR)_ZC2yKD-qmQ)}*Sui;%SX#B&%jo$#eSp99dH4Yu0xPwBcjqVntfBDGP z|BJH~6xwX~;WPWy1Gn`iPf_=wvRTW7u)oN+H2@tV%X2|Y@{aCr@~ODwUFcYISLytL z^kj4aF6!%EDMlkUOS1m5H)eFG2v;$`I}_lRVFA&d@-{3=x973Zt2V_N^GtR{r5*k; zfYx<&^F4;_Fw@ z%pHKkBkvGq|C{sNwR6n@h}$jzF#25<-GhUJJN1C){lD^_`$K32KGq(Uk`b}eFqe__v ze!8x%H2f4%kLL@GT^XbENW$6I=lC6jDF#-{R0*Z`U(Xb^hgH4`3oh##oJA$rHD72r zTyrdRc2`NbmIP7lQ95Ki)`V;$?D9hXCsGNrLehc+rd%0@E=SUseLGg#F<*B+hltpt zJFlN0-1e2{X>7Fo)M%3h#S4oj3=`tK7M2_t`A_$rFY{*u%FHoJjV8YXgc||`*`q}j z`uIpy>2fP^nIr{nY$1@ygtUd_wBz?LwJ=Q62`HX z^D|~#PsFh!D!%Yx6G>hw8rv>h6gU-yO_!3TEAEZ22B15j)bInP;U(TAyEW53X7xksafVlGl+O?x(!U*~}01jqOFf#G@gX(`u-ztk62xxa03r6 zq)j5O3yn?V%WS$2+LdXTUB?$%_&dC{WE@sXJp{uwaJS>$`tOa3Q^X-KXIb_CF+*~J z^dB=M7Ywf159Y}Czj1}9tv;Z;lbH+LgnT-{`7(bWm$oUzC3^e7(&wVtd^F_OfqU{1 zcUe8*M&}&04OIdOlU~6#^~Ost|BA!&)!W z6sc<+gfn*oXdMS{k&Ab1Lj}8b_7hKEdWIEU*(|d2+-SSr#Qn!ai9(%Vh)UR7cCYML zabBbq40X@YC`Zp{VJkART#9F zc-bQsF13E06fv34Ad0UkcbqAjkwlkVLjOGMQz-w-ylJVDm48q~fI{w~$HVK)JuFWb zzTB!$<#ps&RJq|yo53OdY6a<>Pw5!&CHU_-u<0bArTJJW1>!}gxHGdZWaKS-1IENh zHSk7&;K*vIjBzyoTq8>xd)|bh#75HEg7*&01IC}D&$+aJcfQMRwm!3|nbJh0#{ikF zCVy2D`~lH$yx9B$N*_KNX4U;ZLvc3f%db_FxFKtZ?_0F9yJ=+{j=Fz8SQ@B4k5lyd z2sL1q>sFpW#rr$!A_;lt`HQWjraYpJzC7Xg{FW(0nJ!R3GbNVkw^93;CDGOW8(t;v?#4+-o$Zi)Th95s$E_C} z=jGAW)1h=1$!WsYlOsvaS&L{PoDfkVA&bv1--c^4P&iRk%VwFFFIQ0%%~eehD9D@T zX&&6Fefw2a;E5~oI!esQ%iBQ4Na9mgOEY+@_l(*8h944^7zB8k`|`3E$bFm=Z!a;sS?*q%;tSgX5nU!E=Jn4Vp}6?+x^OK1wMiu z+s`*}f8$m7r$VId^_FS7FZYLW`m>Qu40Js6f5Ck8>^QDv2hXx)_gGyr{pEwAZ%2+e6v<aUd^x1%TD%BH5eWx-~{#{S0T|M zt~c!Jx0WgmNpH!8;YzN}iylf$C;8l6{PdB8EBbiCs*c3U|LT<>^WA?^feCe_LC?Gz z2RRcmA>#^}p=t+i2h_$efBUK+Z~xQPNw;6kB2cm9X$+#e0){`|p0bOn{M|!<^3}h! z0eC8d@~2|SyTU(z08LE%74LFrV#P5qH~!o=81(k-N1$iRt%E#<(g`?Af!3B*&Yuue z+;Wip^wY<9M$JZ1bYo+70;%G@AHc7T6V+8@v&`P`I$LZl%(A`fiB)6M}m^>Ap`B*%>g zPtMNPyFzj6Xk~z>Sk8ix(j(*Nr=U5|-mEGt13J#U6~YJ?_T%B_pYEjzm!Py(+k| zZbq>ag02MT59wJ^!J4?-%ui1^NxLl+?I24xjXaPKKD{9zYm&`+5)@pnZxUjU-j5U{jte5k|?Ee75$te%~yuWUEk$poMSPFi`XiS{!$iEsEsf?VNX@iUPBOhW=vek~(SZji^Gpq&owIv_&>iZ~b zXz+)P_(aumas9Hh$#S`NHs!FxbjH+@S@|QxP65HAD4(A{-{3F?XDSvb?JqT{Z*ev_ zA7uj{=rvxO>XjpEsD6MLtzW+07cKR0U#l$W7tP==*yw=H}Aoe9{+Wmb2>M=+Y1cFy=AutP^BWF zrdnbItuvXrH0^}oBqz>}5%(h#a?9q(BZ;fzcn=_2gX}9+WE&@g6dugpw171S+G8nZ zFEOa+qEHQ^oS5w`2Y;nj4}e>~rHVYP46|)<*B&gzqeG;wutxZ<0!CO# z%LG>G5lSF`Z`c#2sGHzm+r4jXmztg2rYWYy6q;jFUM^lB3)IpIbN ztvir0bA1;ARG1^9f~8$gatT86*4ps$pfE}^{m9J=Ppvp{lgk3{RJcY1Lvi&pR%TaG z?L5o1vQPkgwPr}Ov+8p?^aYg?R-81yRvnsu@Mrt3fnyIyQF|=QliDQ}LxayHwt?zv zloC83-D6IabE88&Xs#@+>*hM(Y3vJlqGc&d%^`1#eb_~)#KL;H|IvJFIq=)1NM=)R4^!U|r)?U)w&15;{N;)0<&JmgufbrIxv=1c8jU{+qtWoOy+54k zTECAfY|+MNF$bpRP^i-J5k&G=KON?_7Utp5t*OJweSY}O&-vrdn{R06dz}@5l3cGp z-L>4{QWnCSG#)-1wQj)w>-|Z89H43b`TFIFOq9Rkzt)QXS5@pkx!Hvg#*{yyP+;ws zgZcj4Wl?xn{~I!S*hLrTB@~P$Cv~A>VlJB%OVG!sN95Vy(p6ku?3y5Pq>&$Z1!y{} zW?%MQmVo<6_MeqqIlATqvDJ^pjH{Fy`c9>U97dY=kJ8_}2q&vG-Nn=ZqZ`cE!zbdN z$HZLW$=mEU8(6aGDfKfMU#8@~tJ%`H7Pr8+J>V4yPx#98!VHM+hf5W#1d=MniT3#^ zRHEJq$$0gv=-01bm;S(pmp|x5W>wexItp*c#}du4^;|(Xg0<#b4TL zuN|Q|E$dMv@EE_56sCv*s;M_4e{3Eu=U4ckL*qKZ@2~F(D{iab)P4m;ph~;M z(>&FJ?ro(Pdx;XFGJ=RgSKpVM zEy)XkiLw=n6Vw)e*K|9Z%$*x5Q#1jd_Cl?5n)Ow{q+x^24)7aRg}d?af&=>6&||H= zBO0FvLnCQY^EBI#sDK*{QRGfoy!_(*ewZDE+{xR(^6mWqgr8?_V?{iBIq z$bqOqunduXyT&J)OWHjiy*;w;#k@$8I z_WV*COUGXJ>b3PJdgSn+8f-fGJ{AtGoi%ft1^iHF)UAvwW9T+wL1GabqtY-}-GMX7 z^XAZufFH!{qjz&P9NHwgEGA zB#&C!b7xy7el$lzdK0IwpS;abqC0Lw>vhfXB_~LZzxBn)v5ED&hQZy6+9cv>BY1h! zMzn&*Z|`P?{3Fooa4<01fpuj%nXfohQc1b6Io-34b?gki7?$9=?TwEaj`xCt-<+f> zH`P-t)Z*Ldj%C}wwx#t;D%Lr=YZBrFSVFSe_r7RmC9gPD&Jp(m!+h5z|EaTy#ZIM32O{_HHl{*K4+IoQAX=S&&? zL?wt}=|v=Wg$ER`*$RQQJ14XAsf@lv1AcL(H-ynM{ly;pobz(5I0zNCOv~W60_3x?6Z0#XL@|)g<V;xyMCvsY#B6<2Qbnd4=TeQjHCXN7c}bj$PZz0zIUwl`T=BiRRK5dDqr<(%l&`1{*9_DNR)XitSI7FSb zLa0zqQ$=m{j&^&BYlj14A`7;!T~tA=b!Oe;sj6OR9v%|9XjjUGA3H{-CU!7I=Y2C~ zl^W4Qm6_MuPhA;SC0%*%TYMJ6bdGq;2(OS@Cv?O`OjN$TQ+?7Y?5eq+M^ zn=^?}&1(UAUkpD4^r{tdR1ME8DqZ-BuS+ou+9bF1!!vTlw=0#dGBB~JOl8eOMySh5 z^5fI({w{>Po02h{wb!v74A93{AQkp245xEp%&0?@f;Jw^ql6J>G3EBCZeOMgAM2ec z8 z^sh~%u+DI%-^+G(kM92dLnXI_kOa-Q8o%Z-N6*m8jXS$r!hX4@_6&q!eSj1VthY3x zY&RU2>eSv<^PCy%b8b?F>eYpIEp`{Gn4_WQzVfP@L-2yE3#JCECG%WNZb)PRnP4L0 zgH>j88*5EY@VUJeIL(tgjymi`P^@uxU|wEtz8I8-_~p(Qr1Q0v^t^qjDyDIrcha0JdbIbCI6UAj@y2?wYo~OZ|2Z;Q!Re~L&vq*(qrc| z{CO$W;FX7_6W8+Osx9qwPrHOJUhOZA$07=)gTFb&bOZXjP%D&iRck1cFpemh8#GZo z-h1ZC*6@y_@r~RUVb3m-pq#J_i&Z)a8OE}T6_?f?J=gNQV_5WLMUg~8Gn=-9UIapk zYB3`@S6}5QeLl&Na$I6EwEVP>Jc{wSL8hKjeOzk7U{;^i=!O^KTph_xetuphL^3Rs zaX3jGGlvqm$DVgoJ`vMX(Lb;1weo66v2Q(hz3U4mX($1bMd4VQg4&#ZqD!hL6={a6 z>krMX*cfvSo^!;g0EyRCizN2HRi>bnZhPz#5Mew^{i*lm5oHQDH+)-mV_;SMqk@IL zS-ie?^XqRjK!gQEX;kMu54CKYgO_DJ%^IHVqKU%+cIR`W#skPxBnv{;LCXp3(BR&q zZZ^4}?4bT*Z}|U@wzrIG>)YDC+tQZe#T{DQ-L(ZuaV_qoxVu|%cXuf6?oI>6g1fsz zkf4D#{hxF0BhP)t^S&S6PZ=2*N!H$b?X}nZ&1+s$lS7knvB(4Ou?IJ!gfA+xh{@q$ z6|S<%T->`NP0R~P5E~IoW6UR%!WgebiovQ}sVdE!6M-Tv5it3?O-$G`X5(zIJMMd@ ze_TIu@}U#hy)oHnsS-W8lP`aVmgXB{#@nGx2A*5rBSKvJp#l`*M@rFAB$x^kPr#K$ zr!DaEqM$O+l&_s{Sbms9;kxf_bIM+kxhv*K6Z85yV2eJEF;i;G>@EN)Is4)QLThbK zOuLn-_e|mClzxdeosq_pXu#-smd%0ya}m!q`O#h_U^d2O>HivwF9BRR0VMv z+kr^XwI!&rsc)tSAsJ)lpth3&oxbzKIFs8fLAZ-EAmOtBZZfnRzeu5%zNn1~@N>*n z`JQRGhJQ4;2aQPluFcC{QZ{2V)GQK&7b?cbnYhBl^$2B_=6A?*Dyaf(jHs0 z1#{hv$YK$ZA@j*z-eP?;c8Lw~=52WG)nhZdQN|^}sBm}nw?jV#l}!#y-z3py)KQasF^u;#n$C0&g@CDw&AWKB43@ojAJ3*dj27W# zWavPhY#XDN3)~*8m$d7CTaJ}x zafd7|tGvL}?EFp!Ee{gjMEJg$uQr*-a_1Z!-g?fxVb*cEX^>wK-h~UwE*?rLmOWnV zjI-&R9yyp!FPOWg3`QJ*>oSH$og6RMWM=X^UnuWwJMI6rgrlx?06BX@@A!ql{3GkL z&a{#RPBvb|B-N!wRP zT|S?otE2eeAL!%P=zp|G?r11CDqDQ}xRol4PbLyhtv4gFJ(lL}7;e9JM5BRoF2B^_ z;et9_Ewr`Y>$L3k7=Y%P!6pFU^5MTpYwY{=Nf+JcjJXns`!mkv?r2nL$#v}!EHUeDbUSm8nkkBBR zmS3~iX!p4BF$%t!jl!!%$4fyaqqig*kN>7)73f-bz=}52)Kg$o7^c2GAKP$r6fKd&ccCNhF45_Ti#+MYh|-shWWslh75y_! z@9r+zHok*1+M>5U?xZPfDq9PxD9kG-y4P}lGw~qz@^n|mt9*O*h0q!xbx~*&Q82!? z7l^E4tswWnZZt-4TxR%tslAZ1e9N1-j+*3tgL_W zk_A2&to*bOnAFP!OwVz&?42$dZRT&}66(Y*VZTMb9thZs(To+G36A;+gICjxdTDVg zLG~Q8K`w7cjdO-U95>g%u2owm4m@!k|E5IC5)OCFqab&CM-h|N3Ji%%2)Tyc970tu zP!(B2q5hYPWy=0Q)dnM8-5xpt=5XDGmGl5cPVsVN;VCVA!N=1vvnZktiHOIDSz$Vp z-*l#=q~D)ZQLc-u49~IzOMLkA-PfHBU#45*?@NpVAaa?b1wR^0chk|n^ppk!Zf~9U zyJd{E6MQE8dbP4gv3p7OGXi^JuL>-%1N^*fCAT)Qsou+alt_%(I0wu!vQ}5_^qfxI zp?`}WBW&fp7(Aly)4H|zaO7G_m%E&Nv>@C>D`!mb$q(jpbI$cG_r;0DeH53KA(43n z{;aCh)aIWRMD;2_^pg9$SzApcyvWK(DwFCuv(vmm^FtP{UC^t-?pj}RItvu;xzXJi zwwT$(V@37k4?n+?6>()r>LexF?!Dl*!6wUzi(duE>J@>7xW*Zj7eh8!3+ucN?ga+y zC$incIZCSRski|&DyRc}=}{_`WAWk#q%OQ*st5J&dQq!vG?vm6PnQylK9x2|F1;>m zWCAPXL$4BVT_=QuwjZl$i z)E)D2WOy!FbFAhOJY~DP>R9B_VYr}+CV9+C6|op0I{L{|=R~5}B`uPDpmweDV>tbM z3eK63?n1aCo9vbDu9er9M1)95FSJl#KVL`W%}P_jWTgM)y!mwh@?#{ac=?uF&FVCG zJW;N=<$k!STsgTQFBsni^;xW6ZGdLMhrS{#4epoeotaMO>1uSY-`Zr~87tv{=dXo0 zXo~U#P8{whywa(WMF~X&M+#YEwuwv(+hV*X7TSH_B_p^tCFicss`FY&&5SR6i z@!^@YBFzNN#@4dOR8=Fm1|nGGvs+{tsM~V)G-CyGoG)(l9lB!|G|>2QLx^i|k4E1z zy(Ridy0^z~TDr2g-51`dERf9(N*$o$AO*duG6GvOJa=F@2xWIqhGa#wT_Ycn6}&TD z4qkwx1Ngr(_v|Zd$-ewOCs@o*mL%eRjaTdWYQ>4^)3=zlZph-kuzJlUeswzY((&%_ zG_)PhU0>MWGcu!obmf4@2SGl_r>9=70gu4qv%wjGV>W;K#@V*MPF5;$pdRt&gCBd# zg;?ZdK)hCE>| zDIRrlQu=$;a$HRPJX@ZQtK+L1{zTXSiilv9hx0m3nZ^V`JVhktL`yuzPNrj8uyRIQ z<3~y>>CuOcd=69UG&Ym+k!&?FP|@wte2HjcV#3(XjjlKOQ)8d7RD3udns2t|!TQyD;726V z&f(2=83L)|=zay{831y@+?`9ScmsF9>hw`>+KJ^!g>o~J_VBa^maQ8C)&5CAx^)LN zl;N`(a-2u&7^o;z1J$`Q2_8T&iKYQ=Z!|Ya`-y7E_qacuD&D)rFZUcNB#A)Fd=>U^K5W|;-wt*JEq^%IT8^#T177mB~B*r|39HPMl)X#*H};#FE=sum1c`Q zB`mtzdz31J@D`DKC{}s05@}1LPc!`>zF}uZl-wShEac(kQMyZa=r?g?N)j$~EOdUu zoIymS$eWy_RQFK~dM(fZ!Xza&P_4R80NcV+%3<;i5Lo(#T$%U4oW0h|@XDa`Oas@) z8P3M0=-AU^Ywd}c|HK=HJsOK=fH^`glINSGhWx1@MlzWmXo&<2HQMN^-I5s*sgoU ztJlZ9R`v?|`5!TMVZ1!H@F<%?xOjK=p4HKlIVSE4Y~<75fr*yO)WgpF$dNweR=3jx2O>8T_-;4o{4TK;Q4IT7WjX?cL9?;J6==2BghiPtU4*`$ky+GRQ1Agzd zCn7g9skOawP(-4cJ+k8%N^Ej_Pum7KBb7Bhr8=AE>1OSiKz|^vvu~cD;^hfal;>(l z5_?_=^o|XcXaUsv`-Il4KsGA`_64r^uf#YGS3`_rHeoqKeJWy^a&AWd;L4b~74O5g zy~gCyN6Sd)d7L-M+QfNk>!;vHp!}rQd8p`$ix^!sUt1o|Uryk5<)_IO?wXU<j+yhihtN_v^*K+#WL$ z3AP7StwLcdtv9eRSZX;vNLlfWb;-_3m8H~h&=_H8mS|LiF#bt zF`O&Y#kNcwOy>*An7G|YZl^l#61W?X2p zJZEKc{|=mkXDGX}-r*-jI^z*N7uHkq4`i5ibysP00r>fqpPg%O{eQOo5Pty8YqRD? zAzvf{Zd-{D8kdGZP_LfawLV2J#x)neirdbK@l$YYN#d z@L7|^f5Gg^y_CfM=7a(%U;aD2vwNh^nv;vADrLuvXbO5JGgrjw4O+jr4Q6WIJQ}Zl zcSt-K;av?k^OFoWnVy@iKG&8M(s{s#Uy9HN|IU@EOuIlGO0r*pS7vG$e?iBuXXuqV zO4M0VXbfH=;=Rt;%!Hp{>_?N%>0kdW#&{b7r=|z4Y5G#gg}>UFd?J*Gs)^BRPh{{J z^2tmn-9FICZ>?ru+XI-up_J{xwG=8l**Oo_Ss=}3`9QY%yv2crQK~euEP?E) z=MW)dKIIT4clSfEpmVpoeaw{t)K*F>N)ARX3yv@>DrH`Bj>yZix(L@TD4j+@$zRjq zR6RUm;4<+1$!ecLIn~sL1@ZOyMZkeMC7hTxDz;}m`=LOhrSrERHB5Vj?FjeJXB0)YId=0Zo6yj8(X^7h0whY5@^ z_fJE$rkt-3zg*5W;Qm(gz9x;&Qo6ISr*E~P14W=HE64vk;dc5T!tJ}b&YHe4=}DEY zidrBdB&ZUu{d*#DHW_!pNmsH3SfD&m@IOp<=w!&1sUl=kv&A+o87T>AU^z#7avb@`=LcX))NpRusK}g!I`n0+}AQ3Y5)yyo~ zXwwOj=@|i3_gb)$#|af^YtP()&sx_m5Qx%P^*spbIf{y9x0#MzWLWippW$tTP7{Eh=ohd-tFDtkwvILR<`&`nIg^b zm(Fr%_EAe2KSulVD!vW;*Nk?0@M=*w518U0tzqImf@C9o--FyJ4a2{Qm0K)o`|v(v z)kVns#TzMyI!81*g`6+>oJQ9L7}A7gFmi&8Rf;1AXM~GG7;@g{a1V%G2PbB3_eH<7UtF&>|2t z22%wF1hBZC>%$}pd)uVc)s0*k#}vTj&CbQB$v}oF5)OJ_t(T0^mE!TA>=<-2cZ!VA ziunp(GVR{cVy(WuL`CAcZKgt*?2r;%T18!R<`03h^^BH0>iRG)_i`Q+t0u0>y-t}=+6s_7vUy{LL`bK=ytXzhC zPdH?6QY(#+>|u3?n@^)vrC-Y}v|^wZTnURi{{tN}OxeT?M*91_&#d*8^osAJ&e~KT zBPI;QPuhKdBOrIiyE@q*KoZuqaBU)U$OYy`v%3lnW6Nsf)t)gF-$(e^ut_eG2!oedL)Kf0U6sKp&z@IzdTWfMBn*tP?xe%nPav!R&6h_ za60f^8y`67Sg1!@+Nh*Gg;P!LkMR)Pwr*~ti}hauIh3kqzGW@EV@| zq${@i*oT>RE@>YZs=ydJxvT5H*y)yCfe94NV++V8`QDb>KHgyIV_>4zuJ z%VR4H3}AC8zSrVxk+?p}>Jdj0W%we%=iI})lPJ4yYwfpureMv7A}<@BEb(Cu4FB6E zK5jARokK*6e}Dliw>L?sl;=)t?b(yLFUeaYwmQ5w#3-V2Wbb~oH#-JkP8TYNbas@} zE|qYW#(+l(k3U*8p&RycF=z z2ni9tw=$G7O!~eY1&%}NUVh8u^>wiV)w!NiJTbAyQ5xAhs7z&$p-@*pJ>X8Ctz>*| z>|(p?AWPxr(sy(*IYc||l{hiwQ+4|Mur2^UcP27nMKMpGwRTFha3 z_)=QL#$Lm}%Sl#JbhCEf0?w`DMXET(sTzL&etGl5wxJ#uLR&R@7pBys(o;K(rqKGY zSUgkhRYWw}$`vrTCX3kj*2Bk+v-3k@JJR{ZGFOzaKtK3}TF}q6;xe?-FlC+&T4c2q zZZ~^IFa899t>Vxv;Txxe!n4Yp*?=dwz@C=4xU-b@AkNIa0o>XPIZ5}18`%z|y!yF^dRHHyBP| z{&x(~IxPn+6RivNF?{s*asGCPq5k-B9Vqd^7$>U7?oj<_8=Es94sp^F(K7G*uoVFcnoV8twk5P+TWU+MU*+7 z>QeSvsR$~ey6n_jX1h2t<26FCd7801I1#?DBSde{K>eHU#VqAJ+SI|4NE0R86Y6E& z?lG;vcg5QQcU%4=Yo)nQ^|Hq+b=223Cg0GOlm^)ARhm367xHxEe&=-HujeIt<}IOb!z#SeTby;@ zl|nVkwl#fvOOkvfWop-#|H=<0psh z));x)dP`}X}-t@Y!df^8;*p>VT_Dd%(7_0L+(3MRH#PH# zQ8cuBP`^Bd1*lH2=?}i&-8qtG+*5zLHRExxX`SlOtzl4;iLj~KJ!D?1mD5QIBQaj) zeZ)l9BhLT+Tv1PF9!1u3{-krdp{ivc{v9^?jnvXOKOSwBNGoc=Dwgo9;l-+04IXd6;%3E+T!qsGT^;Uch^;MY<35Qk zHu{x6%PFVyf+NT1#nSdWMwafw=r9T5H~1nZoQ6~KNg=>f#PPLTTnyID9g@1vLNu>AAzA9S1Ol0?I z`Dui(YNH)+AY8t!RJ4ob?G$nbKej!D$tkr&mQXs8*)k=RADfTAE;n!|?aKCuROnRt zYg`=((PJ*>VR-@B=j#9;uLEGI?Bglf@PN#A_(0ADYEDl;g_t94_SH%_5Tf?IPVi5` z4Nr_a?Z-wXMYd+ z@;m+Aq|XrU0=PRXNV&Xwog{wseYwI!9hdgYr!Aoo5(Rw1g!z3!QocDFJYG4gS?6@z z^Bl_t1**#DfNFC&J|WkiOLcrfg`K_b*VBP+q0fb2 zlb&g{lA9v0BO>8fZ(kEBDzmFwCy90w`!$nHc=yc(Zz0jj6jfsg=nYww5)VJW#mmmn z+c>IGku_%zM~}{QmabV#Mm&k=5~RDlN>N~FMdx5b+Q)Jf;gKkks)r(jH4MN2gKk^i zDG9@aTgfBCp9-H?c+0=n6g?-=mpgxablviM+H+c|d~RZQ9@%V&|NaN44yJE2)xG~s zq47sHenIvBx=QHp*w~HUK;<8NxJMWgo{zvCf^3(+*p#gJOgQXA$oe4cwBGI4wDKAT zrbYH+h66Zb`K8l0x7Q_hY{t;DGj%X4S^4K93F<04Q^m%n`4Ss%IV@%KCm}7M)iuYv z%}Dcq0mp4bbQ@e<;v_}BUGz;py1ff(RV6CV6h;OxZ*Raiohct6i+m!pZu;Mtar57K zb9`BVikB4%5-4$diWX3UU6=NY8ZedR=@!vbuwvTDOLbDS*M>l^8`jyi0?-;TkKn-s zEhxU^;pfS_I2g{wl}tC&)7dWaK2xkL#;i0VVD;RpsHaalY&%Yy57qZ^`G!i8P_h&} zh$%nu>F@;nPla{S(sSx5AHZ?BR&CAbX1j8lPLBvCAOAAUX?PyQPw{@>Zm^T1LJ7kJ z{wq-j-Ng4nM5cc8kAyoG08pK!J|>+z_UD~ldD}g+W1kdH(Y1Bfln<(!npr>h%a<(6^fu=D(pUafM(Z8FU^_+;vSqFs|#o0v!uoBnHN z7W>paSI56GS;0cDku<8PVxroof{5(?{XWmNI;N-7sA2&+g`xq5D8ZS1GX(}8nFE;< zL|qtz&a-FwTwp93a)0Dz-$mfIng9{_KULB}S#6BKML5%J2fkX|>ml5}o(8PXCuH+> z!ae=B{TE9`of=t}$2Hlw?quJ2vVcn#wmz7f$$kg}$z``jCY}WURnk4TWn*o44BtR| z1k+^y4wuT+a}dA@`6IJ#jhaa0(gHXFyZ_0b;r6<cg43)^o?L7+-5> zk49P4{V3sB4W9A&f?;WLzkl0=h=5=K^Ifhtp9u>@BCESOQmbOBHQr)uUyLdo;Qv+Q z)tr15>?L=^bjMTAMNOnto8PgonfnEOphW^<*)_eMmw~BAK%zk#vibJ^B zXLWUut*XX!9yeu)v+ql)p1R>1-qsdLAO)d7v#PuhFD@3%AdG(?wKq|kBFgX*{Q=Ho zbR8!=3!6Pr78i4~_XcgFRCg^=-`vT1-)%y@OdmAT%Z$4(5pp*FQa;{L!HX=NO7+*_ zFHvi4-o7l-BDUfKM9A2h^mhjnVwW;|-Xyo&OSixRILdMv8sW?EtO*CdlAWD%?cBN> znGg#h0Q9nTASL#KL6*>gE9N@tj9O1gNDsKheYgDK;%5eRdDYm(R4x2B;;9$7mycM8 zHb2~g-w=6f$G;84YB5i+x@MI*o$~EPEav$BdN>JH|6zw`b;{ak*^p6?E278&pZ-OA zklfB=(EW(ud4hOk9E5rLJ4g16{V&9GtC{fi8n1b8-Y6h;*owp3jWfMDZ%#=8pCT~G`-O?`L>ON7!Ky?x#UUaO>CS(MmDH%LzlF6nY{f9Bjr0V z&Z^x9X`D;%Ypn)o=oYDL^h)TQMEmw#)FQD#ylgv2kc9g*xJ$mRSkKksG`>Jf+e`Xj ztsx&w>uS?;%HzXGs{W5Bug#Oz;7He$=HZ^OEyh{uIi2obPdcyDG|ps*_A%HjJMbno zFe3}wI5HU#9EpS86ecE5IRpv;x6FU~Osnag;VJ8JYwLcBKmahc6esX^S_p6Hr=v3n z@h1FMv10o*T<_pNm~P)r@d2`Js49$BIM603nJIfGS6{t0{3tlF-}c#z0BIS{vs#`c zIm|Q4b-r`mS?1ND)*80nh>`rQpfw_4tB3^Xrq+bk4gMy82e=MFvdq?14ejv=6`Bh`ezmn?b zY$-`iho(XmQO^+vj0$2!4a%Fwe*wJI9-n9W2l9Zg2+QhS(4?e27%;2q&b9&MmvYjN z@!^({i@kk$4aEmZcf=tzdrsBoInIn~);8*6e*9ol%q&}T6)c~{Z+lQBV5Qc6@!8H7 z=S(%FO1pz;dT|`4&(qExBNKoiYj_ien;poQD?iWXwod4ckWPOnbtqrch^|0gBex4Q zR;!BKn-5r&OOQ=u3?5VaM*N75ZOLv`RV}h(7`#vxUcQ7O8|s3YvQqiBGfU`O@lxgi zJjwne4(2}<*(|P^qW>ZokMvR}g9q?x*(-JCsvprZ3#TqhijQ5a~2WwMBDZ_(dx#VSKA+T3d4kX5B5d zB)_Atci9FS>lU>L7z=q@Q_AYi8k$|H&<-Ng>`Ir45XM9gZ@gH$M6W9*OH+i zAcx=(hG7@bGPK=5;XV(&qR-0{%65Pd&3CZhq%I6!93PLAw=IZ{>A8y;n~6tN?Z}W+ zacy~~wZtqy8I7pwI>*{OaXl(rNm6etfP2(URW-+l;hei^{wCSC-U(NsXC7W!hP4g| zK4MhQAkWUZx3Szi`xQkPcksdi`(}^VTtDap3GLcwlray0kGw_balLW@mO{m$y1bSVI)=T^Ksjh zVnv5&@-f!556yw0QK0WF*Fakg!8pd#nMR%?Wkl85ui(5=&SPHuU+{8wiZ2nkQ8Dkw zvszD8i(Sv#D_(J6l?x{63Ec)Ik#>TpRlC@`{0WWm7EHKQ4we?fAV^7I(SEn(Hs-v9 z4Yfg+q16tLR4yw5>0}0A@8+E`A8ieF>e8jCYTKI{&OuxYYzl4lL0?`f$#2H<$<;3|?LF_h4z$nM!>FOy-4b zko)-GZq|4ZI3X6-c?PA!$;UJek(;#lfeM_U8!NY?XG< zQs?r17e!DdNIQ2fz8J2KFFu96nHJUj{Q5B{o_=`6vG3P{JP zI!j?TW@NCpL=0Qd=^1bSvfuz|Iwa>%DD;W47GZgucdDaCji2M=d7mW5Lp^g(>nFau zZEDCS`ctluAYD>H%5NpE;EW=-xyfSClf-({-Y1pb+j}H#1Bs&=$0x&gXQRX-#AOZ) zghKwqtDhe?p=9}KR9M!0k+PSDW{;ADK^j&@#&x|Z-{(w>MqVNf-5iH_t{5u z%6?Lwu(N;`U1^*G)rQw9%wEE5HAWYD=|6??kM@#Oq+Wb~aWseev)yQt-f4M(n5fMq z1<=V9A)%AwLVHXPBD1uR{&3`Gmb4@EeIvW$7BV52H+oEa>&k95Tw(`ikTJF}o}RT% z0NcYcla{J9?grd^_4J~N;bTPl4s}JUjri(Toqh0(R5TlRf^4n%0$U;Xm}m^T8dIgF zo40k&_V#NKn_zYqeV_~=Bt+&#Rww$bAlYMV*pE{PEwd^Rw4`jH14MI~5g%KT^hJJ7 z_$GdBq6#&Uxm!-}OXG(oFI=Y*vnL~BDUR+;@6cSST;P*{hxUB6yqlHA;L^9@F0ga+ z!oyUOPxE#(dI=mXX}ebGMtv)@er9`FN%Wp5YfBEwCt^6KMm6qSY08lp4BD*;L$!t! zthl@~HN1p|!n;)Q=WuO3Y;9c~DQD~0F*l`RSKo}?F_OGM0$o(-s*w48c)`y^zY zt5C?8hb9tyiG_*8RPxzXtfmC@RpV~7uy&85yX;we;-va;Sf<@5tpudkXH2p7(j$Hv z3@tGbn!kNLakb${aG#Lx*ziK64ocA%MhEMC!rGlVZq`w(T)~IZ`nHBD?>)(zNPHVk z+p%WH;NtQUE^qoW`1$u3^I2(~-t{DnKQ0l>r=u8C1=~2$F^`mo>ex_%vJ1iUjXWs= z^3XS?EEePrgkM>z)O5`25x-|2Da=-$W?#wO2c{_fTxqh*(oL%HT4HrxgS!%kq_&ut zv?jk+nGveDm$r_{y45luLg?^~RrXy&WKJs2GEj_Gm2n+UpRowquy{C@A1OR_AzE&V zhW>7;A3;qIf}63s zyULxtIXsEiiFJk=4#Cp7E7$Nm&O>dhJeSUGFV=2#__R9Ol?-I#Q7a8BQ{ zXD}_Zn(K9-bOitC>XPf$jDN|=7Iy;cQH38tob^pmnH7q2ZC(zR8gT`1QST0%W zl3&=2HV=ZnOilJ!YL}>$>ZMHbp8ugZP|9L#=TKf12tMQdWaTG)pv1F?RZy;0x|MHZ zV38-Xr5aRwdiOc>^{1P241;GJnFf_eME2k~*VZ)qlO~(_Vn+F$JOXRz9eYoFw9@_X zdp<1I^CBXb1hagffm~-N0iANmc4A;s3ns7WN`et~MV(JZarqXlc534cR!{_9&&}Oi zWe{!DmT(CtZ@ABWK%X>f-p*Wsv90newYrAJOO9SWA5VRQ3X4BLgFPSH5(X zDObb{1NU{~sEPnJ+q9y)AVq11o#Lsgq3U7w{d!#ge^AAGl1Bu6*CE_=v-Wwam zV9%90l9zUcSPY8c-r+bbrEz{Cwc+qI)9xSB&(OAp4|IxM27XLFk=7Z4_YyeCA6yF; z4KGcF9bi8*sxG(-A^B#-AI|uh^n2%ksVX$ps@ACN(e2Ikq~dukyY_QaH`=l#%BUT8EW%J!Pce(Pt4MY9xwURE^0 zyhBbw+$7p*(xnvsCK8EoS(y_Yoy*~VPi<+;8@#!x%-%f9zQEg5RVQKRbZ4bxpUF|_v108al35WZm zUF9_9eVdBnU^cll53f`So(~a^z$&@OLyn>)k_D@oDMC#Edf0yj|LoojZ;C`)A)OFla|# zkBJyT6Wh4(Y?2|=rDpU6qPZ6HBD|wPc^e#+qR9dueGF(3sC2yVGTrF50{&wSL)JiK zMAzEpQw#oyT~Q>T>jTgm@=z&My(EdqfMTD7r{HB^cUF zW!}O>$6LQ5Odj?{T$p#qu{6r=IW!-cc~2^REkElGNnJ9@uVI$ks%DeDjK(mt6)5fA zZqW1bC50*ZJbMTAldknVKi03djSo1_m+!ocGjk*L&qh|KFKMGXV3ePZ!{l~Xi{h2k zGOsF%m84O0?|hs4#@dku>Z-I1-Oc>qEiy!s$|_1ajC$&p-NHeR=?8ZjHugP=iGH&2 zbjfMB-WEwj>MY^hpu$r-?bgg6?YwS$et-&KC!o%ap{9tP_Yp zi29zbiJWyUii(2j8onAKMPK-Or=9ALS~o#k{}#y8OCs|-Kg2~iq~PZ)~{T0_ywLi`hrnxEXp_? zJy^)IM098R+Zxp>MeO8g%52UIJvnkLlJg?Hbc#W!QtJh_ zZiJ3)ppN&Y2HtFNiBV)Y^OR6Y23Q^1@t(>E+vhUE3MeKkw0H6C(y0$ZJUo-<;@nd= z%(VHED4i8B%c6y-F$B|w(Vk}RU6>qwkRzENcoIgf1suFclhGS$ChlTu z{9F2`i?*_dUT*S zRFZ_DzHu`PhXtfT-~Bo{OdgZ_6QOs6H0#{FUeh~=Nn(x7UY&ZZZiX2zgpGmbpUl6` z>E5s*t57dLCR-%rc(}DCP|TG}pm-w5>`l+8W94Jamfut4A8)A{nX;SOTC*oxSw)2I zofxWk@wMFuu1{33TV`_yZ4kqO=LIAA-mEt8cKn&*s}K=@`Jw07H`D1r#K=|_Q*|5h zIm@94jj#LcU9PC+%DG$|609S`savqnXfx8o<~rD^7v#Ud%BKafAm)#6}H;IZ+X8v`QWHov;h?>R{=SNm;8+ z5eW0i_AFLiNW)wu1z+dFoFo~}TSYPdjEk;?JK_7OjHHJ|NZ4@oXk1A=xAhPuBs*HV zh52;zGm~lLl9&XccM70p=gw8%p*_=*b0Mn+?p(5m>t{J_!sj} zP>>dOxFnU;q-IZ*OQ=YhkJW&?PZHQPSRE>45U#(7M2Q=#Cm8K+iYm?+K{6twLTNXE z1|p=3TPN0mbnxH;gPc(iVVA4;#IJl64)v7b{n9@<-??qeWZ&~dN1KV@P-*VkJqbMO z=o7%s&zBL$)_Fvjgki^&&G=jOIld#^bXxxlp@@9zwug=4ofcIzW?i2+}ZCcb8G?13G4 z(^X7(xC~^3sUc|4m>g_)UZ*<@>gUCwyc`2hA1cs0sdysc{+UKJ}PU$f^lfND0C*A(gS)Z9!GkU)lAsiZ|bp$_I z-iH+>%nI4IX>QJ!A;cJoyKdug+-8PY-TV2H=-H3A(yq`IcDes?y9BrH&={!fRY@S} zVf%~_i#P3FmrOPD0~*cuSpbaTe67YACOM5ocTE;}T3iV^s@@z#)riCLKZ=dazI+}& z7FFPH{0=#u6_Y8Krv(jh;CZJ30ZW@P_GJGVylpX*a9F++%~YEN*1gt^6u0aAEkR)1 zQVjfW5gm$We`Rgq;%!AaiN2_WzK8k!{e=5G;uv+YVhQ57{;c>eSCqbPRqM1V_Mp&Q zZn@41DVnlxMt^czE|;*$
!E^J`zIMR1EPRL3A-*~~P+<>jS)q3lmRUhA}^=Dc|uA74D-DxCe?5t+plNAcH|A;g5sMtvZp zo3$H>sg*6OH$Pt(yp(w{eN7u-zx4qr7_?WpMnr&{^p|kpy~y{|#FO?CfzIwU^n840 zc2tJUl5tn8vZ97xk{5qAHn8a!sFqM&I;dwswj?Lx$yxO0MhbXugR;=~^{+qt|KDHp ze=&diU;IxO%OuqslJ9^ZbdTWrCNiVasrzA49#6ewaP!;Y<`QYWMl8~^2r)^%6#7eO z{3-KnGL*IIC*@y9vx&`~Qcc3=7(!M7<uuh5WwbUk{YML@kJMAAYS*r+?sCT`e(4?n zX#ee;2)eN;hB%5oVEpK|&Vopa=`vwgv;%-jX^n!*drEVIN;Z@Bn! zj$eXXV}DmcU6ow`%Sv>0>wNzK)BO=o{>&v6Ybl;zUcwhB=F)2Xr2s;1-P>;0CzPZu zdAK*J_`~KG$N-%qttJ9?0H+J&?Nf^%hKZ@O$!HTnbg-1vREUK6FRyoPD*$@06iaE! zzl)z*f6l6_5tmleCRZInz#>x%#rtl%KHHE#hvNJ9W*VlN<12yJANFd0bWKtuvvc_n z&mdKzWe)%M{>-?X&>@yrS9@UEa^u%PO8I`2dvNUgOH2v0IAfxsq9Ev5Tp(!F>pWM^ z|B}v69lHpJU%#+_bWzkE`Fpj3i2pZ%O8oByb^m`7^%i#+^G!$eImet{wz%=u6P3SC zR37MAR&o-)>U2WGI7(0JZ z|L@4wbRtjYr);ww=n*a;z44NkYc<- z+Hj+ec5&n>gME6otMtKSM7pA`(F5!cQAfTf$kyK1oiqxJooa7|`03=)+Wk{qJohM~ zpDo8R8wx>bnKhxHfFl>6rCj(>}QTr)PJ-Z=m` zjvYds`s#&{uGpg|mK9uTSg>MEfq_ELPV)VAkKEqgZQ^+c|uJgNddASFX!|i&<9a~Oh-s1pXkY;OZ%eXAS zqQ04O4nb6`DoeO$dWa_bgz$UuV3{cRojRr zIUjb;oedac+axq6wqc?2;kpK9_36wtZ9zFf96O=-V)MsWKtkWnor`IXZ1N#b)kCB19cA;^ zrghk+r`;<0VkG$?GFmfw;s1OR#>sIZip!w@yG_@YAkj6QA+LO+r(jK7~ zXbJazuht4#vrzSY&ez+SH4Cd7^~5dMYMd^NYYlp6ZZ7zC@6B&cT0wcgTcFT*@q~YG zLk43Q4{m=3^S6h0Hg+g(A@t`>A3z&;ztXahCa3z=HufgVRKDnnY%K~g3{e{@CTuMj zQSb_^hS6BT(alMrfG z#3HFM@gjyQ<}o`3`h-jw!MuX@5PgCxrx^q7Z`zn2t=Yw@eAO48+&?At)e^V}YqK6b z1*vg7d{Y0tC>XWtj0Wo_#OGQK+`tb3Z9>B>TmZbqITj;b^6^)Bs`nTlmo;4Ug-l$)qf~<)-3}7Bq01YT5Lx1DAxA8gvFhBDb~~{vygu`$K$kIG6u!!EwwN*_zL)F%VU?d^MxCMJgN)kHpdfWK% zfE$-4bxg@0BN|ll{GJivSrM4%UlPy?#KlH9Sn=vDpZLFp(vTcFY+RPbmV1JjDYdkR z#`2g>8VnD%LzCE+kbFC(l!|X zqu+w_R|xPC90D8<@=b2^2#oT!G?W{sZv`aTa%Ga~+QTHb26?_}ZT5x+KcQ6u56##p z*^`XemA0m%J3>>>E{(HP(cB^=M7#~3`W=_~poBwS6WQM)gCyX{Aend`+3qy(gO~e> zs$3}UiB+z~T1|lbhI0cxrbK1|lb0h7dzAr+?u6Ubgz=s0lg6mgOy1Z6G~KA5UP|BO zhzB$rB9HVnDSuzdHKggRE^J>~v)@#!5u4R=xqz02`~=YIG7DTOguycyo4sK%b$6{)*J45T zm)iY=O*J+a=U&3h2N~*j2A^M^i90$oW<*ubcq==%i$jAIFI2ABu zx+fntIRo)2v?_bD910$sGm1Ti?81W8b5BZSYLcS(|PWgDaPabUFNBT zKFm++8zsYKrgbJBkK5Udvi27|Jn5-iDGvKx_!KVZ-mb1K$ACASrFlw0T3Q;meR>_H z+G6F#u`i0OJ1to-wDD2Pd!BuP^y`L#FD^rF3m8&(86;3n}i{5Tq^c^A|_n)RF z_rxs`#Mj8cs66EBy@?{kH@3BlvBhe6*q5LBK5;cjhuA_J6BB87$I`9`52(Tow&B0K zK=yOih@o&2l@GKB6IsyUAZ^)L_+M2$HfN&z&}8wnbw>V7z&Bw+$AS?O?x2~e#ZBV- z11^CQrOUf>ed^Scp2aK?q(o-Z$c_5?dUj^4272&P{wRY{WrgiBmIzBS($f{IA-KyzL=iY|hpnrN1JmhOe}DfR?kKiciITp#xx|9q4!PPeuKd(+ z>zFE7LYw%(KV}ywowv0civ9HLOn!~U+}%sl*|l70ouDs zg8_0+X}C5&w^ia(y(DcKAvu?;GlHHV_vRDXRoI^871yi1FM)v_}HF;nQ17 zp2Iz~uGqla;%huP^TN60tVPsuHZebY8sNQ++*^V`c1YLmA@2TDbw;y*#}aL-@lk$s z1mSf7BsMNwZtN!W)UsUeOdjOi#Yg=D`r`KQVDPT1Yj*kKV(c4U{X4dq^-yF?eilf^7FKh`TlBAln8M(=@jHG&%!thLMCs{U^HDMx) zDr80H!o-;^Izf;6+QoE_p(ozp74rX? zqf$mz@_fSOkMrsY`ovW@LmQ-O1YJ0Me#8_zD-+9PbSzK3^f#E7r{75=PlZwNhT<(C~gPVm!^?Fv~goVZp62rTPrX#fr=vW#+ z_uTAv?9*rIvq@;?XCs)OmPK;CT~ULfZsTPUaEVJx2@Sjvv)W^uTa8-L1&gs2aQ>TL zSkr#%_KvktjoZO%Puq8B=m#1HyuY)LPKkr}Hg0**`V;?LJD(P(_f%-SmU>Tk!rirs_X_x;ZFH74Wq zTw)+FE1&$5UhP7W9q6p%7#Yp~o2jWvlo&`cs#Urz0W;^{iO!%A%$PiDyoOX5Vkzuv zpVVMst}n?=m=_6{^rD3^PS7Y|Y(r!piQqe_^bB~@YlFcwjfD&`mX9~K~iLS&!_TXH@#$trp$M;w(n7yA*-x|FHJFiR!&itrC|aGIE&kSEQ7Y^2ueh z=%l8bR4@88OD$CgVL;LjmxFPp2pqXTGQSU(*S&sM8@BGAn;5QiewKP zI}myf!b1gnl&b~AifTZe`+|6Ckv(mN%@u*+{iQ$RcsKD0@sVx$NK(*apmwRQtUcF6 zyEGO@NqPpcR#n-2Nut)Ld-w{lgP*HXhak52o_NOvTdlM?#thM&xruY9FZ0|8ucfpW zd}sAvYFSLgXxa|C#bim^l37TG$^J3&(*_0$Kpm~?|+Ku1p z|1jIqJTG+RV_Hi}*voY=0n|J|_gm@cLEeemj@hYxo^Lv3FFL;FcGQk#w*RXCds5{wbOaPsO$o*^C}dG0*k!E>vFnvuGS3!Jc?oPOPM*b2do`M*+WS;N2dbt^fJJ$A#X;oi00hi2 zO}wJ7-Ixu;6D8CLLviokrY}52Ef^7k?>4{p4Rw154e_$Ymnw}3r#c-OeVEAY#rc18 zzW$xThmC~AwY(zP&}xp9*Li9OU}Oz$s6>xGUHJ0oE3aZx!Q8TlKIY)3bUg0Yj&xad zJk|Q44A9x|I%;pxXNP`TA6ROG;$J;meiBUZRQ}2g0+#A``e16@y!Zi|FMs|!V-IV| z1k!TScn;~~etnJCw-HXsjXSQEnwK}_IMC(ltmPj&H)Nkb&*)+L92(GdO)M4!GX z5sMmyOsHfC0g&D4l)i%{2aZ)%m*MwVN>)&+CDF}l67k8&M)xJB&c(SI!s_bk{Yvl@ zJ3!PLO^DA{yb^y>C5@}f-pr1XJk z0{P42!G;sTb5O2P?Olc{ymo@SQ?9$1tm3f%RUNevV&Q)-^)y$10H+XlPZOi}=JWK$iFeNFxSGL>W6Wwcu0wcYVR`4pvPLE>Elcr_tGr;&nPC)S^lZp=t|RAgxu`Y{HdwyvnK16 zd2fIDZG7XQHX_Zj@NkH(MX2=4Ven3WexrlNaXT3RZ*#aHW!SO3sMnt}yg zC5cZ@iR(A2Sw}bB3J1LvmUnCR#2a*EjsL$O(q=pHD?Z-q{uNE-&uE!#q$@(DAZk`j20!A+_S%M{D z)3%DlS0$tS8|K*h&&0oo;2tME_P!)qbB@VKT|Ffp z*sAaFnjfI)ri*-v%N1ct*B~nm0}Q0TRvBx9GOOM0Q0i*yx@k4BL7rRzN~di=%@+s` zPqjDiA>&`clw;&GfB9;`wWiSt5`7i(315T}VpY#M6~(mC6Hg=;heP-!P^hj;-*;{& znJnp_7){6yje^K1X$ZRJD30XhdnhR5W=xpRvt|>zK}luM=z%a|+8sp{f07j8=S~2^ zMT#i*a~{GWcm4?8Yu`9I@M|l!jWi%qjl_0RT441vJ=L@-x+e$|i*E5zh8Ri<#Tm=9 zDby?{e~2&v7o!<919{~nj$+!_@jZX9C|bs+(pLY-vqsLV5#!Pnp2(C(O|>xl*7&{f%ra%llOg4aoR6}CECJLb zy@za3$4urr=B6@V>b8602F}ATsM@zdi!Eu6QItyzRHfJzfOx~bUS$ouGsJ7v;k59l~AX1sk{lQh(m zfZdZ36XYn2uQ{sI+1b+=-p@!cVN_#29W-Z7l^q%>?IqsQC^<59r{<(PQYnL5xf%vz z3-i%^`eUb{U#t|W%v75aVk4@v$1T?u3<^$cVCBhf*wRcczYJrJ!pI%QzqpomgHY@B z;e*2F(Up!9K$h_;fw~dww?!;AC6xy`D=*9CBET38JZR!@USK@3K7aoXq0y%6xP7>pb zKG}`eM5xcsBTSRaPZVzpy_Y{@sx}X{xiIENfw>)hVrWH~876ZuSN(M<4bYq85^tUN z2;m~Z^9S}O{*pmtvNl0lwO)-x^ljZO_XMC@CQ4l%wcU4q!bG8)+Vs4?zC-U-f;GOr zYh^B5^E)BJxU`;-x%ZM(q)sI@{usq8#J4ja$+1>VqL&Of>1ioo+9sAFtM22AVr>{I zZqBUC>uGijp}WN(N>a+Qdetuf%Iv=wt2D1(D2pml7y_p|)W3<7@bum*rcgFd|6P$4 zT4$CIX|Ms~r60@l7DY>xM~I?gD|~TGwY=y9vG!lQu7c*vrVpPY)FYi?_FlaqMMe8x zxR$l*?#j;<%*)g0fC1w}B-YYF_qGFi3nXAB*Q#8lgwJO>xyj|}=2{O?FkoQ#pMJkNc)M1Oz zE;Q=j1efy7=^jG8*nN`VYJ;)hVj$>xc4c^La!APXHi%(RW_ld4?3)3|^7hr>X)_iE z1_l#mSNkthNrHJ(8A?OKq~MW=bXti5X-zzvd|9B_QdNp4K4L@5g3?KP;J|6P}ijGCHS+gTJm z8!e`{$qVJ?=AzQcA!E!D5|f%4LU|z;D40o(NRqtK@!o?wL<)lI$up~{spdSDPVIv= zNo2DTSfykr6-~tVOGJWwu#oLG-_LXrN<}+HF6?Ao(w{Lg?;E=YqQJXQTU-0Kip-v6 z29_9(w<@cX;BIDr;=p@id)bTd^1>DEhJdxHwJcEE#Q42v#%`x==xD789NZ;8k>h^= zqXU9i97}Y*O2h8Im^sS`C6N0Z@V-hz=-5=zMbWbdVqgg#vSs;iK)#%z)98;~a}SW71$ z5s!@|rbYp8M>OTJSc=;a5R0;h(UJLH z6NVQn?vfJ4`qKS794B3k?tE`eNTF)`pLdSLCiX-nBPIVpD{%h@TJh<>&yd`4aXG*7LFp3OiA>#r6jclohA_8Y`7)PnKk zjU?-cPvo{B6_#p}7#>*t(}UmMWn~;LbPNT{TmNDJ&Y=Al1MoQcf3XU~SgTljNP6_^ z@hkV5lDV}z$=zD;z)eUq$?b-Ajr8<_w94XoOu@pz*xynXKC#_3h*}LqfhTiP6{{ai zHfLPI z_&r?hN>%2+A?d}mrrL~J!sRZu)KDWy;E~K;>b&aRm|;!T3I7aXps2vXoJ+o0TgiK= zSH$783lC*#`mw0NC--+0uyP~<7<;rk?k_go%A4Ypf^NI8_dffBw0E6PJ|4jS=)&*@ zzG647g9xS}O)QCei#^d4u$MNIkb4^Rg?A1AQO|P$U*AFlyioA-DqTw5IQc)rM_Ui} z(Mo^TctUie33N_@9txwK`9Jvq;cbulgOMB%GmWL%m z_2cU4hyRMA4ZiSj7r^fkDKXl65|(%;_VhWzrFRBbz?GH{S%ZUl5A-#~wk`7M;0{>% zpkEy83%c)KP@pR=e{j=KVh54=iK$)-*h5;f%0-PeaL;(Gl*f>`ye+BUSL>UQ+~1+T zfi{fnS;5zfh3B1UXo_0bHK+j&O4^qJ-Px%aH+CBV$FN?G-wd@@6ZV-lPjH{Et zOkkn<0l5Y-#o@?;-jnY)gKA8te39d4E}$FywN!`%i<|S&OV-eW2`hPN*iao?fAb4R z#8X7w8;)zY+k>t-6F*q%`N)on)f=O3yzp58NdzIiHr?kp|IzbThl1cey#@@pSST9N z7Oll*2k%&G*v#$HF%#Z1wo>EAhz2YsiOXm~*$J}DDFvP0wlB+V&TJ#c{o|7csjs;u z&dn z+vo7skyCOK|MDJ4lWlo;=s3nZM;N0y+%D@6cCX8~s`7mwP@=YzD4c}A)%j;=tqv>c zUigvenDR2wc&q3PTbl&^@2JTYa=&Q5c=)S8x!5It!OL|C;}Y^XuzOH{D)Xm+YC0w% z&B2o|Uh)rTlvj6-!xixCH&zUtc*Jk6HUihjc4=y!&!lSFjJ~D>#|5S5<8#G-O5#$e z4~KB|g+*~fkBg-2j+w7-9!oBkbj+wc!W+#zWYk;S1Jpbk64b{cxZ?j6<_hh2z5OTH z@%*HgRCr}++4B=>=uUSZoXF>#sX&TZ_E+*C9kLzs){VLmEibB~rqS3yezZO5GP~rS zfP3>wiR?cqffNkprztyT#Suid9~Yx70e|wYmKV+#XoPV(?Dy!7R@r^gC*bxcPs~S~ zE743SC7(dH?9?G!B2E?cZA4rmbs49NOAS>qOK=ilrypK%w8jKq)jgJqNc6+Hcbf;h z)h%9%5os_Mk*nRIx1Qm4wchN2RWmTuL5ZOL)Vdcq)V8$`xWRD3N7zb(G*7rVkF#Ji z?+M?PHdv1M5n6Ie@1@BU|5W5YMX3Yr96H=M9VYd4YAoIk9)Fs%a1z*+MKjq;w)7p_i$Nd zQZ4%tl&};(>U{zn0Y>h#4&&){KE|~GHi%9=bPhtaaiK@4RmD`Q@jS0Ez3>2WRlO_= zI!RXx*S>t5RwekNRfzKJFQpdV1ueac98L767c}zjcXAnK68-Z zfem+;ItQ-vB%wZPO|lh-5TiV$Zt{w zJJ0lbFx%tt;FeaJ9(s$NW17hi_Ioe7ediOaAGLl}PO2SBfmv<(EjME!XQ-wHRz0GJ zBqYU@#YLfpQx`u`IoW?BCC%pP&V6G&;HuQQ#7Uetc2Z-3dV)}`yC9N`bp$C4pol(0)5tR+*?n*PM+rn*E93p}HWPn+@J*7ux@o z(=mV&z31z3uoQ~jk?}O!IzBXb&|{w2bPm8$N|bDn>Pt{xVcZ|>HuqQ?k5g?`XJ>7p z>^)YDr~z|tl*-fw(#KlAm&si7wfzMy+^x$VWF4E(+tL6KF8f|y%o1Z@vIkS?NgugW z04X;9Vrb^&&YdKzF^OWo6A9pXZR2GmvQsp&+M*m6a4j?MX6v{m+)}<>*#jNq?SJ%v zB-4H+!DugiJtX^rqdFhAD*zn#m~!$Q9jzre$%A-D+-_`@H2|CXa`J@~- z*TX5rHN`|%4LaYk?cyGBB{Unw$)j*!L^fx9LIM9Spvm`}v z0)q%b8w0uM^LYl<{{=FbO;Gu01uG?;9a#&Ok;uKj3N!%&4r#Sfk)in>RDRZdulxaq zJYY6^E-qM)36c`)O3~bWPE$DfI~C`dBc>7$9@&~awB%oDro01PJjNxyMo=!GgSyd-Cx>3wE!xo=?_92+^)|+cpRcLMWPwU*Ir;3zPWsXmv?C#^{ zOPf*7fgpA2p*Y+T0$-0RN!e-!hMRxlnmFo!cspS?s+cQX^oW{}a~IO_xu$tohe2tV zOR?`X*lu#p*Ae{85z>^w&lJ6&uu4x;U-j2xfOWs}GcQT{1KSlH_CRb!6o>qSJh~FA z5!B?RTqcB32{IM!Bj7Y*QLBME2|LEus>(>(nf0LP8(p>ih1WJ3faae4GW{yDS3(>TW$t zFF8O4%?+cDn#L-CK{nOl&Nf8)4P3HB@9`)dLqbn1_N?W=_4QuO{0A>#?PtASYuj|G zaD1&BSmio@J4MaZ(or=9M7{;9M`;%9YkSL6IP}5UJTSwKKP+bY3$MzM~t;R%Lr!K;R zzGZaNQXAPIZ!i-VtyYTHa0}==PUD_(lO>Q70Om3XmiAM==jSG)DEa{Z)W%0l`l2sG z?2_SG=MY$otQasL`0gEUk(eN#!Z*Lq5aEgtes>}iLBI4U@y5#D=mT1U$SS{GRvE)| z-$Y$7Ra6IUlS4lIJmKvX-`}rLp`t$g1xTzBm&2ap6wH`yZf=g77(C}De+?C$HdCz^ z1S_wqw-1xw00;|q(D-FISmZl1nFmGK)CZpOZyX`ZTiVAj*N5Dj< z{JHe^VTguu1&TtNN)=i0s3(Feq(^&lg>(5oMJzE%OTkV{F0{TLXE-j@hufB;k9pkh*drzkkXe0m) zeRL$RwUfU+mmqgIic*&CaU$BFmC>F1*owX4-5SbJlfiz|x*sMFI_9Q6`$@v2VHnW{ zCx!m%_Ac{6f)nk*>qh&a(N?(53k3E8d8sT3$?C+~{h@gTYD62z_D!10XZhjZ*IBbcc zBf0rf^leo=@p9{ew#(SB+1nnOBlGD(FgJhCj0SJ_up5DWI@dEFSiDpr&A~Q)C}(Fq zJw5ubFUM^MZ%&`sPl%$IgO9O73cJq>Q6@JwJVP?MNFKTKQPgyK-u89HN9`K?3q-B2E zwEJPLX@@OkTxz_kK5|yDF315Uq&!>;hqbt3C0)2E76gq+jJVnlQm>XbjozfpRqm0@ z>P&gOdzp~He7y{1ZYf?!N#0(}Ez@QK1;LzDdFS}5s5@}V z5dX(eq|85rH>tlt=GmswxqZ}}JOJOoqAvk0Gy$pzxpy!=pnxlk=mK+Dp0Q(h6LR)rL~yXz!f3Tuv+nO$aJZd(q^efa?O>pU z0*&SZ%Fa%dpjWjTlYFtsrmh~~Ii1yqV>FyC3?0E6NgC`DX6%Y5DYGQ$d_rlXp8;?} zd#IwD18IYW^z-Y-d!%BS(F!{$)ax}X->O;vhi9(zm4;}639*PV7k6y?IvL0kOVik6;&kWYXE^@Rt38{(466P+A;qgv@^cE zI$DhIk#jUHdlFXn#Sk@yZ6VB^I0FM&2BQPu6bKm+>uby+t5ZGDJPfvIBWXGD%I>M z^Wd;Km!F!;#b18S&c;k~VjL(`h|x+)>|fO8>scX3?RdK2j`Gq*OS%@-HG~1JJ;m?q54PC?Y6EZ1d?FJCW z^I>b`m>Pyk0K{9OKf zotZZHfMr1H3?k@a$m+PCfwFjJh*u+FvaFr&pQAbRvzI()&AWL5Oknsfo%ig#@t421 zLYhEz9zbL;dz- zM@NO-dnHI`E8d8Gn>|V*z_{$Zxfd9s?n;88PdO8>8ZFAh+hfq4U(hie6|vle9dqJn z;j&Zg?#xsTNh!{DB!hiz6^j?NxmY&DzOx*f$~#6dP@s^{nCsH>hhgPUaB&%*k)1Oh zBc8o(5D2*7X{t5Ew2y(6CqBK;{tL}`(++d|vhTBFxa+gJ+|m>xQwieI1q%#TWB4no7)`fCsi-=Jj&P(NYuJb&Y$^cMY(&JB$6%VRXiJ3#+dT@T{9` zv-QE7))cwrO)m;RR^^DfUtqzg7pS4>WXSrd(%O>K)#= zEk@sdgD)8)%G%wmPm%f2yjR^CXnA>83(68l+$R?(l5>(u^(e8s%V%w=@m~SbfFH7( zL@EsD-Wu-Go<^@YG-!>$EaO02YR|{H3HbZh&Fm_XI>$yjy_DvwDu2s=;*-v zcxyuB@A9zDY`AmIzwLH~QExNx4Vjc?lMg%_^_+FEf@u|Vt;vAY?j|!gmS0!KVoOf1 zjR*bplV2|($efCG2EvlQ4%KdCg<;KlpM6<7;TrnAb(p|zLaOYswqv;#nQotJ>%#+z zEhXii^`p4Kp(3OHMpy@(GQf~v$BC4{XlLG~v)IZS3V?0)NF-tT=+U`8w}d?24(u&) zXL5Q-suv8f-8R~w&WJvlt=+IzYGX_O{J3!hs7zj8JvKd<`@^~d&15OhExwSe(k;4+z*DN4ole$#$u!N3w2@TPlr%c~u*wqSl(zNg<0zau^Zfz2aS_uN$ zLEC_`?!?!sMnfbM3B`1~8MC`t%aNt3)=c2DqSwL&nM@=gpn7diw(wdfaZOwFEYbYy zWOdYuJ0meTpegwA9=4dPmB*)0*ZIIGd0k&APxIj$TRP*lT4dU(TgF^@uE6_MT?-YgePF2=|c5J98{3 zAi-V-yxQzlu3d{xXXU;dm0S*23+2zk6ZPh!*bzzM7_@6r3*F;y=KR9W84=q0oLJ$rEE^K$~DxW>nvu1cpwkyX}KQDjeYN#fDXYLa~ z;Bb8eT%iN0uGjke45n>jBX?wyD!t?8WQ;bGQl9ddOQSAn{9UUkB2UJgT)-05$4{23 zZ&%`fl;DzpTegtX#+JFPugPS*N?DbF4XEoq5F_quJpmVh?K8O@f@-za-|S;fTOz+z znH!GjNF~rn{WA3J)Jh}8CUN|=O5ghSqWNjv-OBRxdjWjk-OQ6~^V1+zbR|v7+7KZ) zPbe<3*C!3k#8b zslbu#s9d;2SJobhI;<$Zv8=W*JAxZJr@0ylCm4z|6jUa_;*a9w!QW z%!;nptBQb;-^jpN zb$46rhgpn?EZ^qGAIkg|*z`7|kJDbYmr~om76(HMd9Bvvqul6JZ3k~Hckytfz6boe z-c67cZ^Tndv6s?Ny!_O5_f8-MIpNh#mobB!vYMotoK${t-UKCI0hToDi~g0gzvD}E zuxBiCCF5s05$ur1$ITg@_r3$sPlDuVW}#T}iN^${?okw`;l+B4x{M^ZF^Q4AK*}JP zEIy!|e6XwW&G;Hilx)hR5iCi=YH!s%ZxI12x>J2)j--xcLBKR1DSG=Bj806hFE}%< zfEV`B&D0Bqq3T1p3HiDPcHWUi z=x&BvLO!svfzFKK?umH2x(TQBGp%~{L=$wPt$svBE^2jN3p}A~r|=0ZZ5#t5Q1;2l4J%qk3pl~$B>0K&a=c#lI(caiqB=7ZituBYzZ9?8AMP9ECu{lCMnlhd zc;p{!_{GE;^NJ8WKW^LmO6mXdHAi94hiy8g8cSwMZ~&WagfuY4n{8w->{Ecm&PjwO zc9$b^cklby^;LYkcFI4gHN~*Y&6x(DtPboP5?BI_BC1R_0O6`dwYJ}m=()U}5*fayR9TJ>3}B$`#$!Bc9qsW`n?rs%ki_`Ow`Nnv%fGSCWw9It7z4m50&MzFR z_|8b$5WJjHZ!UV> zz5pykU)<%?G1iA^%HWIJ_pNxX;rYFnCdcWN{?~7bp(TXpcZF_Xahv1()eiTga4LcyeRnL0&HV+4^ z(2sBuLz%P!VDtNKE_~td3ILfZUN)%mFw0+X5rgZz^o$4 zg5>06R3E0iuHZ)Ww|71f{J6hUf;JHKdHdUsd^d=-9ILd7c>K4&wubPl%(1+8!~%lG zr@LKFe}1zcfjk|}YzOORr#>m>+D=+3e8G0t3AVf#A~8w!pX&lvPhv2^DIdF!-gnsc zYx%+I7cT-^7xiPE^@tqPZ<))VBD6U^DtQ`^+kdR>uKPvw2Ju0cke39{d+ZJ`*mXvI+ zkFAL2$Jh0SJB;EO!d%cz19pBPB1w8CZtXi}qwS~O*ZG%I!DT_s>lWt6v5vOQ<~MD; z*+#h3Z5qPanL8EhkjxPJv*bDd<74l9Hjxr79E54-(8WXhuu%XlmUbz8-cj!sJCuCI>Br$+fMD z9uu(i;23u#y(l<2byj(?ky>d;041%3`YN-O1%%V2wwLp~*cZ5TKrGQ+1KRSb8U{P= zmIWIJcf-8nBFLOsNH4rr^9yl(bvvJ9pYXbvJO{;@u{rA}4w6KX5pS|GTOgeZ%9sTp z?3T0!8G2I<&V9D^EyhE|noe|vkAf49+BC{!^{QHEx2-;XM`Qst3jZZT5QD7cX4EM* zv|ok>aNEAbm{u}G=#a~R1^}P2oI-fk5IQVDk5|c_iDY{==4-x%5!iS8{Nj3we>iG? z@$`~jnVLxKvJInfJnj(U-DnL2QYn9W?hnHE4RAdgi|YK-jNQ``d}(TuPz_|#4$%e9(Z^an#@yrLRT_w1@csea zWg}iK=!m=uEx~YA{w#Q}96$dIS-U#&nL#nf)$x+0_SQbz?-lmtZJZ{#WtcPpnyP5J zoeZ9LQ=a_(j=Iyf+QMaPeK)RU$Sn2_yM6HkFV>|d{*JYCBy4v19CR#iYKwn+V)R(O zqOwxjGwqq@`Nv2+V-a>?nRZs8xgu7}6FSlEbGLQD{!B8~smE|q$>EQYF37Z8YevgL zz%8rgt~lYI#?oY!8S$Yvw+w{Og-_PnsnGeU6y#EIpL6WL0l$10?65DLqq9NH1I=1v z!Qzfhj4xHnw#27=1C|r>GvkgY%n!`@AUy7q{t}Z+Z*g7N<|TpX_Dcp@8dIW8x?T!-k2~b@I5M z5bur}o*cX{f#c(8X{b6U8zu9(SSMdQRsJ%c$D30*T*R5|sX?A_p=2(lddY6Z%bX76 z9&uC@dZJR#_FBsPA>ZuanzEeTH8KWwxILmkf=h0FPi~6OCT+uUf^`X@nYOy>Y}Hvk zbiUm9H3l@G?rJIHO_hA8klg@uG()O3tl3o<^{Tf0$e|GjF^i*3{`ZL)(9+Vz*4NKZ z-!>$&goUK2ZUr$};=Ito1 z{oD~7MUPPd&{D2V54`VeWNpM_qK~X#zdDfKexZQX6iK6sm;)-b05l;9Is0u z)Lg(Cg%CmrA<{}a3?Oeq0y0y=nM!t$_%NRM8;3dZs5bP-@-Y1t-1kA-vk#9mfU9>lnl<}~S49b1QLRM1{#bI1iA8coEV z`Hs=^&y%kERO3vm-Zi+pGMKTUX0+^82b+8zh{h?1p{<^h^JG5c!04Meh@5h)`2RL)(GN+GjVey!c`6ePE zhph|Vo~CRN!&=9&eEk17{YXKHk6^{b|8XswKIx3Kxw$R{s5$2v69}LEI&I%x!}Y>? zI)e~G2qFH}(hdX2(~tnQZ7tgSsW`OYV|uo0PC)BkjNPK)wV6M&xT_0h4jq^?rz4S* zn&VaFC0cxPme%7sVV`a+qXwrIy{Q%dC%3Iy(W{PiR=dlY+KzVf*D;Ov^!Q zuy}V2O)M-aW0BdRSkowY3_%ZO(6XjCmFoo)mg9q%EU7bgE1QDd37g)RfO-vR@x~a| zMLObHMw8RV1#eGXhBjZUVTA2Ux_En0J@7+LwhE@XW$pv3I#<`F05#`WqmkIl$2oTD zCQqc(RR|%35Lw7-7(m7$0V*daCk5cl>F^>bv)~d=Po`n(eZ2qMR{E67PoNY+2qAK^E`sWJn?m$jYx+-=QVvc{$Pj{*lShFn3-v{{mlZ8Yzo=5Al5>|x}LI@#V zBx!H^XZ2^u&!np&raZpLx)HD9SEDBNUYkrLSUgb+dqA;f>n{{ydrfLQ-R)YSk0002ov JPDHLkV1lfr>oNcU literal 24111 zcmcG$1yoeu-!D9Z7$6|6ga}G^OAgX0(j|<5fV9#%V<9aP(jhGj4ALD6NO#9DbaxFf zFmn(7{?But|9$WCu6x&d-?bRvFmuk{`|R)j?oWIVA5l=+kWl{IWnRPrQy|>JM6H6`5 zS6hm-&DWW7`suykNYfr+)51$Ephs*^q*P>OEL#o1TWqcQ`ef*^y+`Gd-DCAq$H}yQ zOj}sIh{S47VpQgCN_US%<{HHAs$>aF0en56zt_~xqoJ8?z7w)LP1bS0le39mo*Y|n!MY%x{30A(;3a8 zPR(ar{(5i|3_A}k@^YN1e#^RX6ZjxOtZ7)&FFo{#F3tkBHqF&-7+1^=DRu7z`{ymD z9&fvYmd3;5Or9~lZ9`~ zT=CpyLuU=Jb9R5nZV1$8KboaGjz_ou{zgGqYC$dHF4^Eqt``2HkD&@5i-!D4z|oal zRgY=nOC>9|1BE7%^v=R<8fA2MWLhS>*n2y*#7~|Znmx#&G57)JH5X{}%9b5f!xgEc zkDpEIEm2$t)r92=bdNr9UFvZ1NRGC|5%JZ(F-7J+QvR}JxH9q{=YS44K7^beLcGz9 z48DOiuRBYuijQ%OyT8)WNPX1a#%T~071fQ87Q?xkoZ|9k9{K^jSwo#u5DNNlvpW%=H1sxUBb2fRwQ1f?>p(S+w}Y~RrjO6Qr35}7@0*W{n@^p@hUXP&Jt%qD&Ygjf z$mOh-#}@45zL(Of)^Tz=C?WN9l^^EwGLbWzK2K8iqYVzeVVc<6!n@8THZ^0Y|2-If zQlySMex^1vAT%`-e{M|xN|@rQnmL%6xBXTE2|w>=fS$yeI(HWLtFb&JX5=PIs!`hD|h8J0ok4H^*T|^ZT1Jm~|>HgF@3PL}lgGz-lfIx@mY!vZIBB z2gF87S5u;P~Bx6%-Oz(@=??0$8^k^kX!K#|nV|(Y3 zO}cMU5M#NGZX=Ga?TL|Z*bbX?=|JK4Y?8;wh4ViP7T`fg&!#|81zKUqAZDFwvj z=R=e#2-DIR7&F2@c4?D#n(fKYJex`#fD|`|jS#j!_TLnQ zHpEbDj*qu;;(^u$?o-uy5-H?1G3;+;#5j zL-}C*v-oEy=o4CG`ViC1Kp8j^+s}juwYZndnUP*0%7pzYC`G(O=jjprUe4amIZjUf z^>-I`fok|lG{^6h#uDQlIfUTIiSrlS5?e#KYE|k8r;>sm*LI_YI#G@bC##qd)llI5 zihxd@m8_Nn=i_b3A&)sRca;|5kEt&-hbpw=Zbn}`{jn|P?rwxFOzdqq7|iw`&}H=4 zGWkAMQD?@tZN>g1$&<$3)_mJE{$#W0oJui<@gdiG?g*8&C31#rb6$&fw_ghwYYRe| zFD0w$#rd?iOKSttUxX3G;}4RpLol48p#wk4kK!lekm+L;k{Nm3oDND#kBL zUc;gsC#((O=@G)yWkp7`=O-=N6=fMNj)({kbIR9{uHX4CFMm4NUX3qs^?6X-WeIF& z^2jawfydSDJLaO4kVx6&)oJudY@98C47R4-2E8lfXg}6nJzr+hoda?{>~i7tBuuf% z?TEr@_u|L0BWyKZOG;URg=KQ)`ozFIGlKIlxExsP4&H8s?|(obLX?|W#;qk+T18FX z+LFX`2}#V7()#N+Dvp@I8|R;wC@UINb?+>{h$Tm(kN-gXbG}nW3IH9?LU@1VUC&u~ zJzAM(PzXBOmNfAdW7Du%qfN1goF9w0?t1=kuuVchqjL+KR-*fX8OuBXX3Vgu@pCko zL8L3L+x>vhwL8>F#cr^>P|)B#bGTVC$om3fuLF?MAmGz~sR8+Mw{%1sA%9Mudg25wqS{#YSM*eVCHz_%{s)OgRa$Q41r`d#Xb+K4U zys@)c7sY5ntMhJl{QiaNG+kwRhtRPeXRcZl3mviap!WDr|C2 zzLiaek2k>0{zA$t_Z=sGGI@xm-@}MGPJD$V+A&Vn`NUu?<4P)U-HAfB&b8~g-Mn>M zvz0E9jR#X`Z2FkwZhcvOy;Rd>Zvc=b8+j(5WqiaV@)*@8@LF;|2R6Uy*J#Q}mwS%Z zp0rA~2lq)6U+F7?-c3eTwl(1<2XMZz=?Mwd^PlO)3XRKvWz7bgp_1OmPL|nfrOQYs z>!;{v#AY}oD1J<-9HO9p-jfTd=sZ_^uBSdYJ$X%8O+dVLEI3_z;S5C7YPSHAE1FNQFdWS@?@R> zfcz>}{@>!Re?Zt{`8h^M>xGS4Im(R!E8xe1=>p?$)N^Q;>&5}^f@JEKfnQDA#_&Y^iEviz63x4ACdQYEuJkvoZWRR3Wq(PvBxE>y?$@ptM_i8gO zV1W#_i1WpznVm@!+eNo}CAox)j~!pq!Dpclrw)T&_cLZn<5c*hB~vA|iY(OCcV)y6 zg1(RpKS#;3pA?Ke7s0nB2f!^CQ6n7ezPDQghf-c{u==!&ZhJX(#b$sC?f^Sk+jB*!B z#3hd~U+#gsQgJwT>L;gVbeqtVNRJ}1N|Klft>*IC4u9OLvc8~gu8SjUNfgk?Bl*R1 z+Wea@g`en^$z-4{e}2o~+^~;`%*&Q0?b78*#cxaau#g2zbp;9a`A5|vd7b=^MH*(~ zFAJyEE^mSovIK8pf#%)z?l~51I8fJZqKErZU^`aJ-R}!S;ggI29IMMO7GtvhyYoE} z{_3gsFe3R*e7+On%&+7ShTGQKi4EEdnjP8RIg{5SCdO_Z&gg?fPcE3wMK&a37q!XO z$H(swD2KcjR_Tp6|IEYFqAaiQ5#wuGnLPpxCUOn|0N*8#{0rOj!@H<^3?9TTh)qI{ zKa@An#N(XBA_cF1>OM<7ysZn}xzobmW249*=s$C{TQWo_DVw!A$*%#UNG@eqG$efh zB>$3!B{g0u8v}jjg%@czO3F~1VwJefgr1TOswXb{;vR?xq(L3c|P|Dtor%6Vc)4(PgFpZwYy zf2ScakeGPne+`}{{GMx^UtzH1`zV$4-1^5hGR37^5?d4Y)Lc904x?9*gIAro@l_c5 z<%0j9O2O0*U0qE2s^N5EGb0$x$fSRJZ6l8OdDw$FkiSF8tuIHmsG|&2$zC>N{cbp!OSIE@W7SM>mVl zrC0spg4Y_-cY7M(kUO0-Hea%-8=(Q3eC@#SbyxHyNrAoNF^cQ%#?&NTQ|8)qrCW84 zw$}NdmHB|wr^{`DjhA~rxI_ovOy!{0<}-=rXdU>=Aog-Ip((Zd0tCE8iw$}M`wB9Usn zP61Xz#HuCcs0pbVN$zbOsG1y=VOiEoF%lbWwS&Wl>1?x|^pB}PE|XPgRmd8&9M9nY z$?c*|Tq!6?oaO!G8mRe&VcZV!XN%}c$`f*n+-{nR*@Su;?S4j^Jy*8lf#{y)u%bKP z(z{1*fZlQE5MKyga)BkaUn$}HOB_nb_HB0IgPLQ9Zb09?5I#~6C?o~(lX9Obp8(`i z_QmAHgi*=n^Lx8Zu)(cecgL;PtzAkWy|@tB8sK)2bzx=%?4?fAl~i>=`gB8npj||j zTC119L5gKAs76b}YoM18n(zHT6Y-Dh(EUlLwsWxT?6Wi}pOv1(!_|Ie<|qOo2P)9_ zpV9c>7L~(`ume~tG~r7X3W_=1U$pH@sd+OmSF(u*;#X$r-{`MMbwBT^NxwJ<{Mba? zbUwBpBD88?R(?^?%{gY~voBo*I}oCCS2)^i<^s=RrrW(lZFQ$K%7^;2lxEN8mgd3r z*yQ-DYpXI_8uHd1L?391z3^zj9vGs|*H)W+?Z#0H`EEqN*4EZGM&aXy#<~Uu1|}v+ zy&kWGX)otVB_aO%ITLYo&ed2KTqXYachJx0EH|-6VPHBiepZ&;RxWfBxtuW9kJ2ca8!x+)BV{;5wQZuyZXT+(bQgyORm^cW+;;Z$loC6g4I^ zV1&fJ@j)csdLBs69|bMu-MB1f^xf|jVuakfSWm^cb86_4Hmn6Bj;h zf=yxu@odDYwU3Q;OYHLKvXm%T>y|<|xRaHAT8B?H}S#HJjU|6GL8^jpgf-pZWgEX9uHl1py zjydIhs5-?RZQRtNztAP9^R+%ZpuxFsH9-&a;+0Smm;0~Q7pxt|%*qNaJ#w%cVFtYF z5Kw=~TY9j*T$p5vDS;0!TIy?GzHVM$nzW?2`27eaA^&)08deMvVUrZIz?N)EzIO$ZbQqGE+l)4Ujml$UohFdQ2!Zq!DOs~3_ z9Bv9&PDO+LFMH8_n&#E#q59*6m#qNptcPA~&4V9|o4r-cao!Hiv7Wqnc*hU65W=?8 zfSxT>k3LOf#30jWYh}objH=FU80ubY+pQ7LqxrrR4i{O+apMwNnXi$)YF&59_nFX^OBeHRl&zZ%-;Xyn&mrhcWHFvAKGuJ1&-o zm&^LzpQC)BwHG~%;+6Abbf1RvSj*Bcot(?HZP_(!Qa7e^H@ff)=xti^BiA#-cte#Q zRn68utqEA}`o^d=6v+Ph?Aps~I*Fs{nw7RN^v3odkN%75wzJ;4`xpV7Q70s!OH~c+M`E_T2PNeVmPl!rTcznbTs*Ai!Tj4 zcSr&a3SXSf`nAWucyjp5kMTwDD>3{O#=V53jkX_*o~8>(oK(As^pe-THgmr;D;|2= zD5V?ZItBHt%(O9;8N)D9j^a}ih6kaSK^V}rmloY+ZLpSet#Vk6bLYa+RzG$}zaLh= z7q6MlVu@(_%#ukIrE&t!CcyPxt}P`>-!!*eQV)&RSy}kjz2W=55adg|0p7kDg5aG~(nnPFeZv`gouO2A|4Pu~~H1evGY} z+P%*iL(w{xS8a&iLqPpk8=_P`k6IHz@K2nN}sh8Y`oR*b(m`#ljfUQ~21U^}ND z)!2BRG+GjnDhZpNUYlu$7(Ye?J$)mLrV0?l<9NVGL%) z?_)@|cL`Hqj#7C{8xbBE3GrQDZbOiPnl(Dh+HgDjG2rcs^Y+z8F*M9MEIpF#Y_$(C zqbMV>xH$eCmYlBGUH>0aJw>Ei-vc64AJCs~8(|xN!cN5XDF-Mg3JKt^8usBp9 z6Xt*1LeoBrvpPlc%^>=7AE!37G*{Ma26(2<%6@r<_ACqN>Lxgjm8j#BjjMc~aQAfe zol!@m0`ubHBHObxcFzb9$Y!8CZ3f+qYV?5$TGp&nfKg)ZC}}a5+Ow(b>$d%xp6=VY z=TBm+-xIj(LxPpqz}V9TKtzDN>>JM1g4$nBNHStQg{8!OEC!>k^B$>ljhnlU$Myz< z_|%mRPplx&lV;cQ+St)^)Ab*?oZ^;ZBk&7HA2kh-MQHAxeg`o}5m|1*4vWOVr*i=s zJNWMcd2noK#VpDYg-20qo4e_i{^y_DahH=~v(kf(jZmaM{8@?w1`|~U6}tEXW4O&o z^DH2syU2Jfca8^3!PYN@tIG;gUvHg!?bFuAVjX4xsjXdD2-8ZDx}5c6vtfq#Fkn^_DN@9D9c|h z$=6=K?`~>?F_B-E&kv#7!4G6uUw94<6+2zd>~+wgF2`+WeIV={7Mw^4O`n9i+W@|ycJmVn9}gEtA)S+1rj|Qp^zPPRB_phk2VXqh2F<+{tycb!)-6J z!S;9MeUaa)%)Ok}igbU8X%)Q)2(cJt5sMXEWqq{Trzj&Kuz$d4exB~MqNQ&msb2ux zE#;;%QCh*&0rskf+smBb2sKuN!tZ3Xz)17Yv{CatE z0p@S(wzXTEj3}yGpZYLzLz~e?d3&V^fxH-RLlA&u$(F!>z!bSnUj69<0&vAjtu!uA zDiCNTXvw)}p|WOh0dO4>w0#hLV)CJNUI0%gAmxDq*3_<$r_R59~Z8isxknv2N4<7QsZ87QH)C@G=c;y%naG9E=ej2mN`yEl#gcCx#H50 zQ}xGiNX;(S-xn6n2Rnnq&f*~rCBBzAY#*%`iw6ia2u+_fUT(XXdToJ~6k4adop%Yz z0&6z}10+YAf`)}CtnomU8lMHOn7J^Js?k+P&d+GhZ<>msE4Lz*NULlsek1j4UWS8B z{_q2+#1<^$w$cM&88+5usZ!zs4?vJ9IMrj3n4GdD-vo2$mt3zW zbj8F@>wdgw|MZEA(donKN1%7CuLR&Qzy@$~%bKtu^cZcc!`%ejiw5CV{SfKoE7tDd zkSZ+r^{dXZ2-)C|a-J~(3Hh?~`?(6tf3VR*recmi5avyG!?|$28g}3L#UtbPw6h&A zg#XgIi{VN)h&#vG*&6Bt z;yBT0t&&wh{$G*(wU)eV*Ii;yR}oCsATY_>c3-$e`h#I^>L$Jh&M;K^TsC6i->C=LgxYjthS-ku1tO}g@gos9qq)7BqhBjhvv?G z6;0#6TELU#{43d8>$d!Dp|J&9wN`_s%yo#4PW0#w0=HzXpm6ky!poH|-c1KpQOq}n z!`(W|o;&i#!69#?VN=H)m&Gy%!IUeb(G4Ekk!Jm1`-g&3k53{1hXOY%pjFc+YOX=svCS4>`y*1kpEcWma?hq%`hk)MQ z=O4Y-^jD>}m3mpF((9?%EgjJsdnK!_IZwr%J$Rq!xF7Z_&BF2$tD$PJSzP~^cmv|P zJB(OGkA~8ro}9-`#38FwFk@E5jhsr$5t@*ayJX0dKoi17oYK@Qv2lI1Krq|MUB~-s z$YS5wYE%IF92Ky`lJ6xgvhM`>v5m{|-WQ-h|CL(fRnK@#x^fo->9X1QxX`Sq!`F6v z$tOKl_g1{>txwnY#+)-Ud0c;h-b-Li#?IjllYdQsR8U1Af&{QylYGM=fD5Fwg*RGU zoH3g^IrAfyHRnplfQz;${JQVBA0G?sz$y&b5*u8spJ^FZP2dx}x@pwJ(oa4BpNTnhKo<3NCRYmy_yF>*VupZV z@6sK2BXe->>yro(;emMH#9RpEQKTW@Ze+q4K`W(>X*1&kOc7AgqwrdljbHu#UNAK^ z9~(VD>v(k8t1mRY5b1H;Zmx-3sG2$B*}&;^-8xD-HXO3DNAA`<_Pf+74wYVVxr5!w zp+6k@lgtRM4Xjj&xjjM-(LpPo_baDiwbYz#SDEW3AU^GvXwm@nL37yRpzT35iHhNA z3)p+p)IOD&<8Q`i%+bnA9fg=u%&-RV=D}V5qZWV&-7Zn6BX-rr&thSy@y3VY_ zGChGiWjsb%Lklizlc=G(M2mYibRt=Qhqc7E+>2sEZ_hUP0q(Xc{7_M=p~-n65R8+f zAPZ?B0RSyCmXDT$hvTvs2bD1LHB&uXP7Ho3PaC?^DOYir1(>ax=t&R$IJ!x}{qnMcvi@Q|Z`Vlv*Dl}gHjS={&cPqr%aVik zG@rS1==rZNj9~8&lZ82SJbI`xoPm4;n^9tO@$uBU)mOJg+6lLqq~+8Rt8Dy!6ZUhl zozz?o5TxCpBP?vEb0LymGIE;hWfL+!&Zx!!M(FAMRE0xv-A-+V!#KjIB(uC+FY49L zZ4wG^09o{AC<^#S;cxvPWQ} z>^uwuODN;y>>|Bv*CN9JEUlP3?Ir&AH)qT7*wq*?v;dPHYDNYEbtoU)!};4{mTD{w zEtuYLHqzuhOEoL8=*Y91h~HP2{^iW)SJ_J=wGH@gk-8}IGOmNB!0$Hvyis6*pns>{SQb|r0G8Cr{h zjgKNdPPW!9$9anu+avkR>#OVQ{asyMCrhnE05}T*k!eq|#8d8lF1DO1wGKO2Zf$J^ z>>VLd(UYCJ-87j13Gxt1xaFbtV{&nzfdYNQfXhwOcplT*O#jIYdF-@{SP?tq~Cyh5gyV z^6O1}P7j-I+T>;Crv$KyXZ9_h>EqO;U6*dn z8(#w8H0eV#DG2nP>DC2sK&zvqVB4Q2?z7N(dg}dDjhlzZtYTwfnahCJr2NN2f-8wN zBUbZS8W=lU*Z!s9WNdnuGP_kVjM~htcM7gUry-53$wmlcf<=qo3R5 zTvVx^lFO+G8{jt7b5rdHF#^)m4*ZP4>5mct4A4?1LeMw#b4wg_|MSVXk9y&8zpMeYSbEc*zG=zRa zQjfhZ_q~9Ywk2q=;$#dfODSg1&1?#d|G&SZ)2IKH-#DK$XS28*Us0 zkB27~jsitN+O-)*z=(B(O zP`D~w$lk!7YGX=#W=Kx5PL6o{{LVU1iIe(yu;u=6k6kD=?o5@i;b}W0>#$h+NTha2 z#6(n*2bv}XGRr+e8IjauG|>3u0Xar0dwxy*o;=5&>q_Mbjw_V58& zMiDP}VO^B$j|q>?b|AbHmj5h(o7uK@j_yv@Z)|V0X4fZ&XQhjRzYNrSk8sl(dD!AF^mLEg@+h2|& zQOj^Fj{sz&d@2hT8QpY0?&|1wD{SknyX0t#^O@LFdfBhJoT|k>Un+b% zcKQF9cimq+vwTDf#KVj;2dwK^j8|+ell)Yx<}gCvAd4{Lz0AK#YG7Bc9U%wqfupr3 zdg!hp3n}5J+KqdvWXiVzzxDy_;%$0=-ptzJ8Sv|VNXU|CJ@Z~Xnc36w55d8#A+xL! zBE$MD%(Qg-6qB@hBp4~%atWzdZzLMbi-&Cv{OHFjWBUb{oXdPK@+UP!^TszlXg^#k zsoU~**RF3QYb<$fsh!0=SVPC;=gU;Un5WfD!Y`kG9NzSp(qL_Bx6nA%d1j^}dXvi2 zG~9qRN|Q5C%D}423%u-pt@#C0TR>)Oht`spyH3@^Ti4jcEy2VEbTR7grs0>G*PhLH#D%)>b_k0X@PM48#*&=YT*|gw7!`b(;s6Zv=Jx5cZn+v-u^=@Bml#QzD_N{ zX?b~>6nw$oe^@fHdwAxZ20NV(>hA82A?L!wiDzahFp`lCT4o+A(DchWon0f1%C8j+ z%N`YVk=?7=@+_Nl^g6?P_U-%D+atRAtFG^xOQ)6jb}ZdF_2=bC?sw>b8kyVf{v`9c zLGH!udFb_nq{iB~lQmz-GroVdLR%+^gRpbuyLaE(-gNzKJI5uh^QX_#5RUz~K|P^H zGc=Ey7TB7XwkkJOF5VwRhFec0=wyPI*{Vt+dCg^nr`Yf5V5{{E zlBEn3+a1{1MJJ8pDtyT|;?LvkrSo*T%G47!cDAoB2_8>0Ta(vP$KIi^(((7sXn-XLe5EByJ z=%7$ZqR44?k7=Lim8Xx>q+xG8(oT(jExztdAH!Z+lwGQ{qD04%-T6Yr;AR_Xu!n}q z@asov=TB9hn1T4c_Uh=N;txudg1|Wha+YiA8MOitKc_8OiYH!)YQk$f-96JEy6Yxq zQp~a*gKnu3qkCL>zx;aU{5lv;?zaW6X4*iCF|wiCEn%O3Xx)Af(-tqnkO%x$qB?+u ztf1%ht5tGm{-3hU}VNCky)z=whdSf!UUyWSfAP*a+4grF+jntdnlbFHk z`1z1xhj2eJsD~2TY~^~xa{l?PCz>T4eEm{{jBDt2EE(KcBOC4_$kJ!{fNnpG0Wpt% zdEZyg!&iQ*_7RXmUSYa3$}o7(bonW%)t{$xrk)!B_ud%J(SCXpeLPmHlqHabFcCN~ zyl=m(bTQXBI}#2Uq$LiYfKo;Cnq!ER=R!9eAOE9U1)gVM?HgNzs>={3`&sZIz*B3gH_8psQRf>#+|MwX5W);ivF;(^?*gXdHoA!{4SmQkoz_v|Pz*Y51w z4Fbz*ZA+&3sWaIdsVJYi7<#2R>uIGsL&f1WgVf1NG*+GjDNo@OX9Fn8j!b=CEm~oT zI}DzwMtE(sk2nI^8o%lE%Z+kI0M2%W4!B7LHNmX}4ZwVfo9(?a)@AIYW}PO6$ddsc z0XV4C6j%1?38mx?1=+Xwc-!Ff*f)%@w`)f?n6+^4e@ZXj(wIQn9G_A!meF~7N!Vn3 zw)ARhA6%bxMt}#_RZ-7)Ral68vcK6JE#mj6+r)o863QyWTxVuZ3ofX_TsL%$i;XA| zj15dQ`ylwOOLM=AazA|IcCS4QzO7vJDW6cQ16*XXuG43e`8n;iPV*R0rS)ev>_o-X zkKKcAeVSBxTIib$nzEsdk0g^#OG2IL#Dz_?yj>|bDLZdA^=tR71eL9wU2ron*Le)H z{Z-L5)X}|9^$n7BK3`R{tjNu=r8Z34F*mim)~+*6b!+$YB+q2%_wdc-Hla_~s{V27 zuuktYGOy4oDB^;|A=eq}&z0!FG)W)(gkiu+v(`*>%hT4+fd~ZR)?iVO=N9+cnMoAN zBht47aG=k@tJusiYHP_a-^(!dq7-Kg29LT;o`kghE>(itehOZ?zfO`B=yoWzyTV;4 z@;bqH$&@~w=CHy>->lEHmY zf`gumX7>VA1Z3Q)DTd^yroD8UPkRE}7|H+jJ};Aob=Qm+dj5xzy6e+gM&vUL_1W8PXl4>cbpRs zvs@ptCg7mR{o_^$Sa#IwtVRHo`waG8Q-{>&O;jYrHTa`1~ZIt*Bs5aXrwD|%p$TmXJ zb*LOaF0;8+ad?nM-@9&Zm%&Lhqa9!nFA)@3(AtS~*1bdg2h6&<4Zhi=bv&wXOar?4JKdhRFcCZzzI;tQKpB-@wA-cCzik*yN9T{<=tO#MTXC6}q-H_D?vTj) ziFhrAdPy_1KQ%{=!^d3T)KefbK}$R$LwU}s)1$>e!YS_Ew+Mi#xO+uM zK*Step1=|4ArxiP6VaM7+&~&MFIsNpq0=Uc(4hll4!##w1qdC!2#Rx z@Jyd8+sxILR0&(n?*HxZro5)b$L0R8S1{ubq1Vga%!GCF5ev2{Of+PPDc1xN=LBgs z9|HsFbG?0G^$4o#k#kzr=iJ^OK(>$nz%(l{xT7AadU^A=k24cs(9nDMel&8uh$$)* z&6xyld5>w$b*NibFQd!8YII#F0D#}51X_!m4=$&*-M!XdLR}?Up)Nj#qQ@k!8iggt zpLFl(GFBw==r@qV|9dVQ<6d*pq(eYzuwZvnk??|~Ye zJKc8Ss4a3l%}XW4(-pujj+t2A%z4J)e*SS3smjo76F=hTc<7!>`V-o&l9kZ4JMr!9 z<6paL+0G?WT+>QOj+&+G*Vx+5;briGF_n0E{0P;&_p60ZS5J;?|LpQx1~YD$Z^V}QNos&-EsvOHm zmZfNlwJiowT*ri-zDS+0B;8Y6^z9E1g-O^Ylz%%DO&c?Gc&k}jT_iO+0v52>L2as* z?XG8%6uzZ;KdUCX`!3!>86N&K-C6x!ttXV>m#K>StGBJ=>n5nuQE}cOHt~k_a+yD; zhm?@}L>U@2z%p;_WZ661F$&w0Z9?gpsY*1w7d%F)TbALq+&sS&*Do%edVG@s+8iUV z)Fgb9$NxLZ#X)$OQa{zj>O#+$2ja6|M?a!h-0eox-|oCXx0g`B6>@4uBCjl`3l{l1 zpW>Q3!;va2wMs$1Hp@1Hdl2tpmVV8aXEm&B>tt4v$vg8v0b_UNYJHdDzv^bn>f|3{ z9oKV2+8U0Y$=RZPI=f1_9a#3WI$YGPf9Og)8j5?vt}=8#K2Irkg;^(jzrRc!pwkgn zCtH(c9-9VF?}nOPJyFwPps3geaCt>V#fNu0WDKpXSsqLRo9urO{(oct|2puwjy-*} z>(&$nA3%58nw)vP*ENcId|sy6I;=fa{YP~?kyM}O01E`D1Bqj?z@u7EoY?%f~VW<~mY zrxKg{?&!Mw*;$==va)%KVZiN`pLIg7%Ls&|%k3On`M}JB*3Z~EFHM^5HhXqmTN%$< z-5hNzjI{UVwaod9d@p|LRdz1T?6?vnoyX9`;eiH9Q-I}*T;cboimYo}sBep|^+p^> zr$4Nw6{5K-Gf;eRw{gPvrd`}i62`T>-0kUPLB77^Jw4Rkdua6dOO-n6H%Ssf$ke59 z>E%SmTWVbVt)kfwz9%OjIbe$T+oH8VAd_hIxkzcOsG?f&PuI7z-lTun=0I1G!#;TrdD4;}9an2zyi`${m+Z)LF zY~AnGFLcN@u`#6sc{hdz!vx^+&7Yfs#p&I<(Oqihwrq_wOmlZkte&!AfKKG(Q}=7K zt-C&jVs~V-q+FwGua_;@GwCixdQ^2IcYQzluPmyIWSbHhF>N_-x~NGAYCYdt*J7Ae z>6^YE4jFq40qW>pn|yf>Mw0&MDyTaMt(t%S+}zm^U~nwf!eU)f5a%pwb8uBDP`FVb z%+iwaurs24LZ@DVQ~i=Rh041O2qJY>TiLsK`z$me>^`?wKAGd01yFPjz6i)no3I;z zJ=Cx4#%O5rz=XPxz8WS45a_;yPE`PRd0a|X%?Vs z`Rc2N!>HMzr|r*ShG&jhIS{ZRkSyfHDsukZk5Dz2ssg#6INNrWH=L69T<`{gD+MD5 z=h^n_?xsJ_8}g>{qgs00sH8?87hFt`qENz@)w1h#Z~}OzM^k=YZ#BZvwQ=jK7ghqrSo^k#k6q;DK+ax*n#NgAiWZ1z)odUpm%qi0 zIc2e$ZeVK9Sr5DyoXW#DSG$I9MRdO9o6YEJRTNT6gHZ_QNuhS1~zE|?rymLg3&L$#GSA2 z4Zcu-%5QWZ$bE4?*~x`2%B8daa^nb)2Z5#x47Lbm2iLY52~ho3o*8^ZpoiB?{;G=q zmSm!J0i0E_y7CDb=kLs}u6rR@-3eXEDFi34_$VdD@uc+~bcq|^(|QJA;)kwI`^g%e z{hsPZPdsS7`vBk;SeUMuxBe#c1zH@fz)>$% z{P&2!b0w3Gf%$jRisNqXf8fZwNp0a{4FYXs)!&)?|>PdhVE(=BP zZ*DQ%2pWx==mn3S*T4NX%38zILF%o8(&AAzM7`?zX|StDU}L`FW&UOVuui81O3g(Z zwmuSX*ax*+EGN*ayXvsTnM`y0mE^JRmu?v_dyix9CwDi=SIvsOC09Va7=Kti+P$yv z%DKF4C0J+a)i=Ui}2AqYT4KnVoK*RdsJU_cm)W`BE2b}LZp9_5^O$w!%!P?ege8&xz_ zM%;1k%im!D=zVGP>dpl;D9YLx9^`1AZl>JorWAx)p}PJQ5L#{nl;g*{uqSZkb5npb zEQkx#sgc-kP=9(itN?B2O;h=ckRrMN;SfFVxc{8C-F>ET@h&J>${^0#IIAW7YiYi@ z@?&D6QwF8{LEe?0B1s`Cz-%%f-06ryeIM_v`Ix~UHM3UbOX&6r==)dZpy{*U84o#l zZ!FMUCj5#wGfcRETBZi~q zSjOyMG3eZgPgGg{)2!wf)N674B;2v-Hu~<>-KDhYPm?ySa;CbTF(Cp3!8=Ewju@bZ z071Nt_kPPw-@srYssZ>U?f+MiP*d1<)9nUq?>SH-4m`a4+kbpp$V3JY=YO2TH>T;9z{5~`BI86DCJ7W41R~=; z!~*vYL|Ahj`&ZL@cjm<5%rK=yJ|fE9jV+m9w&Tks08j&|aK$5l7;4I|)wwXW zRo1%!gq4@8-F`Bi6I9vM@}qPBs;TrXAGQ~e2IQeZ+G;5YV(Vs#CqJj7>nVUDROhN# zh??Q|r@(pd2)OeEpk?Z}gpcXIY0qwv*I^q(wN~}C$G6DqMFqw2KgX(dCm+X*9MO_Wv~4rcc7*@uD_UR9Hh%LI(9Hxu-6atFN>gc{Eve-C`R899BW&ze zuTXo!>F3TGq{h|S*5;>V6|Cdu0?u2>rGfYhbVmsB6tkh%w~)_bY~LAbpoyMnic<@w z)&rk7YzM5s#YphZ;aMzQfD8)wRYpKSp!?euICri|mcGK>1&DAhG!dXevE?8NMLUb! z090;bl3Py*V0M52?8;3b*P~2voTDvQRs21Q|BZxgTO;@vlHY4vcmD^IUlB5rN8P1P zk3KIM)B%v{(8w6rX0MfYDhf|6t^0BMQ0;P_Y!E*AXes^&z^q(mGgqv(EViU6SUWxV zUtCxJ?x#tV*ir=8`_>iDO;|kHK_(w9HHL(Q>;gK2LN@JjB)vF!Mw_t=yeTu&(%-*6 zGn4u5tyhqot}ZpHQh+SHj0@g|?nhdVUb|9CUY<}2EQK8;jb7!GLyCWUMr=$s{5uH5 z(0TQL0seX8r7Lhsvxd0ql1d5u>z((oMqk%m-8KXO9$r;ePf$I7kN8WwpN7F2f5%`z zAnG*ZwO+-4IJYYy5T<{OXDkToc#Oz^_FiH;D&RnlJKd_CPzMYtt#5&VA+_=81<;k} z^lMkFe&DO!4QN_S?fHLj)U@BuVZ!vy`~ND0HjZ125vr{@{qeqDBu*$TJibepnt}1< z^Bqm&N5EB7q8#SXlHnm4#`^|8Yp*gJG`?jHNO^a!$4~yxpk$*F8DhW6v}X);t-pJC z1=7b?)?>4(P=l(-1<@-y8e;6-H-VzOE2PcFECZ}brJ5Vi7~SyF{I@9@n#U5%nO*iV z?MaI8>7^NGR%Sslz!4yiQP+gRl@kl65i!x7b-~uR0fy>825$!oD%r%pTL(5VkX=vn zy((+<6Z<0#;ZDML^MtGHgPs!TlvH~I9_-^>I*ixC0=z^HO zA-VRcY!kQ}xkkLCx;Ec_6^ydJLU&J>@B1nRWwan30e#S6L+1;)cty8#lsZlaGfh)B zO;UXo%~*~!Icj4P)lnkpkP8DNEBx`|EX^L8z*Jw*Z$WyG1`0pgaW;pbA7(j&ugt>x3mGT?Imk zIGP{0{%f)_z>_aBts?yJd@D(oi4#D%y@22Nn==0S!#|Kr5c!YlwoFW2WjaO6c<)vn&k%K$l=*l1C&9Q>o$vOu zr%D_QN=(4$O8Jq^E}nq8bL+#^n#M0i2@J729|8iYg2G>p3%r9I+3hTn9j%wL-Etue zzMW4&26q1I@KV)LUm;t~Iyl5W!&G`-^S{h<0`N>h*R=ZyiRm+ff)(PR55Qv?IiIjm z0)lnd)6K+?9|8DaG?z-R7QTtL=I*$_)yGN3;LrUN9^beEFu5noW z7M6{mbu3!2KT!tCJb^;V2$wB~2Uq{oV+}eLVgUoBQ)cG>%oG-Jp7#J#`4Pj}ai133 z?(g4>Qk1Y)E0R_Pj=QHfD@50rwZhM$Kg;eljH(q=HRXNc)C zRby>!0T~%{ZEdn!*Gu`DN=scUcNbT^#IyS@CVSzkJeVv&g#e)4%t_yOS{MJLl`D^j zx@-IHN_A6Fl(IBr-%}y7l(_Aru~sNT)+zf=Dv}r_yD?!jvP}#rdzNf5GRBf+F!r(U z!!Yle>VBU4^Ld~5^ZfJv#r)4YI^h#L#P0jZ40c3VdxS%&Ws-%9sxEc+k?%nf3-^%MQ2Hk<({ts5PI`L zVlk|0KLP8Ub9J(mChp5Zx&0eEJ8c(B0zL881jv_?}fk&f%% zCT!~xqZpXpvEoXrR5YGPuHpbD8sr^H3}9mw_$$2NofuvHAFG0zn1b(m>gtL>1p}n9 zA7j+-n78*!)sdrsEzQwke0DhoiDpjSx0Q1VTK>IrV&k5GNkbX$tGrx}7&;~H*J#BE zjaj5$t6SSwV*umDh4xuMynXzER67Tdyg34poPLK{ul>qDKrW~|TXC8MOo$eLZ!L(1 zSTt5DVZ}ip3CJM}P*zkcxG_>uDF=_Yv-lXD;_^8jlhFGw?R4$>n z`j)O708%z$hwEOlgFy$-9OG6J;ockJqidbJqkcf1OjfwzgzWwqr>v&7wzeko{6t-_ zFK8!ezrD??bfA?zwVo`?VM71h02e(P^$rAs>`9-)Te>1idPjM91p@wI|F4zw-x}rv z&vOC98~;@Gt1Q3c6sKr`&m4dulTgBTrbhiDzH#;~znJKj$}wf!dx2Q_@Sz0JVzf9P zI#&$aWF^M(cw#GT4(Rl|!_B3QF!zJ>jDdlB$pn`;J!K$1+@;*bci1YmNi2eHn_Zi+ zdDb9cM%iKcMm8;`8>G%k6`(Xix%ER{TK5~K_c^Fce$0V0iNrn2R$q?U>|UAJJkb?C zbV?&Z$)8O51OEQKRVnF@AQ}V1hpQ83w(1u;N{pamV7tgBd)B^tWsQAAfsIOLDXh~z z0Dw(jse~R~gj=yspVIynk=@Xyo>vpokBRs0gULL^8Kp1+Uh2jXAeKa(IC%~(vK!%l zZm8fqdHM`g7wivO#Ia*`2I$sxCXAPx>8s600ts@4-y@5gLV5hwqoUR8dddsN1HeKy z7INN9w)`YSN1!OKC1`fu!)x@$`6h%GRsCIq?!lk5sy;d2aTk4s8w6hB0w7{}`r0Pv zr{hKGA-WH2Llj_BWbhCYCO<~QA-I-}D23alOZ@>(6KOWjb$ubj?P+JH*$uxIvFMNF zwSzha`FXI+JMIX!$K${v%W=O{bH9^{s^Fx1V%` z>YV&GK*F<7i^7gCg9_n4{uyPDQ(ES}(wS6WTVGcTQF=0SQG3=Q-Hy*R=pJb}sEi0tLiJ?n-+L zg1MPYqzuq&PeRlF+aVFn)GCA_`CpiBG_$ZshWa1a^Al}5qzE`b;F{S_L;inT{{N?M zv@B+YXfQZcX3KqcgM0*eVW^z%5f>;rWdXH`Z4x!SaTkHgvPXRc-8(NS_Lv6$k~kl- zD*t|9h_)gv`q=vM6ze)5=E+ZLUh8f5YPgKRqQ1KzrZ)o7I=Tb03Gu*1nJI1L5jvM1 zw>SRToHIsROCL1GyFb1#_?)7j4YhhvKz$6kSDRMN3U9iu{xQb4Z%QGnUi#QB;Ki)^ z=9&HaLJ>q_2(Jr=TSW zwdCfLq!mLw3qQRX`Mi1VM8gO`48ujk>^z!cJsS9xdF9GbZMt!|w+>=D2GXAb|0q7q z<8ECuL;L8nnP0%~3aQ2HA8@Fy6MOuSY|n+&Bz(NdWF~e*)Z`ZT;U9I(!z>@dy!iKB zlPbN<=y^3h%6#6`|LkDFvGDsU_4heCyi+SWqXc!m#~YS)*J#JX_@nKmkkC6lFO?FN zFNz}PaVx>wRW#I>zCZ%-BpE^vstgVfTUl8#@p)h1_9^X%{eS{*yd)+pEDVRkTNb0G z2Imv1s8Y|FR;l3r54XjUv&3>w8{!h-t%yg9QI^=8O}^eTHI< z3298Lgsg~DTnOB|cWblhw?wyVXtWbF3*|isrKYuM(FX!L$z5$9NxOGebPC<#+@hYY z!fHLHsv5LytQ_p&@uUIVP@1B@o@dF=xuF|3^Q_-%!Re*U*Gs+a$HGll%>2`)df5}0 z)uPswUW6m4IGcJ6)r9PmJseDJM`hK-RV|#pSr$Ch@7mqD1=%v#aU}8qX?py@r>_`A zn|Fs0pXk#*HHSfh;_8@zw5vH?qzHxK}oZ#81+d&O@Z zhy)b-R)bS$Ps0x(d(!7ACukdv`Hbq6K8lP3c%iY@-g^m=lIew#nhZ% z3q5*0%F!*!D&upSNQpTvD-c4g^W4oORU%DfjIXyBifS|sIcaHDs4O8i@YUDBvgGen zT6QpTl3Y5hQ`(X{j1|+PNC;;J1=E= z&a_s?wf~r6*_<$Tux|puw|&;KBV_FG?hwzr&uQQqbWiT}p0k>w4xSi1=mSp8d3fO8 zmf)h*gCcEtq^oqGT}VhP9}im~9K!In)WE>tECdoq1pHchHehN{-a0xS;q6r$C0H)1n&{ z$zqE!mVzIcDNKzG7uVQBvj7WK>FU_&EpPfRMc)n~>nYNLh};p*&vz_$xTznj5!Tb1 z7tnQqJIwGS)lHzG)E~ScsTI1md~$uqXRtwjw>a3nJ^1}@sGQ0hQoQT#e{wt&LQg12K?S0bgQ0|<`u{vU&^qo72 z5vDw4rVl21-yEDOG&SFDrv0%|^b_VCP2f-v68`cs+D}!|*`w?N_I=D!G%6fc&g^!H z`@8usN^kE*Ts3?_-F{=z9vQw`XnrYgBkt>{6QyzH3_*KuqzpJW&522Hq1Qo~@9H;=5#Zcyo@KUTJ}h=;CV*MO~kYl?3`PVEY;_M)5pUm#qf z(Z3)cDlbmKuVzxN|CkfY`yO}c_DM}+ZOn{h2=4ag!3En^r)}-Y+UD>ex52m8B2327 zcjoPrRnr>4q5+UEYdo~J=TJqn*xs;Rv5DXZQheF*(^rTUOV)Emmn2B?)0piS<#OTH zOQ;vqn~vK3ER?(Xe)J;`s$%frFdx#1G9~s#T6)L^B!3hi|>Id1L^j>NHE|XX>*iKg>d;#GR##5y?El8K;C6 zQ*R)W&w3_JuKZ{g^xzFhuUwtjEuMj?E_eX<_VNjlE-Yh4qmX6M7tKh?FPngrZ;=}{ z{N?&<4>>*hxj0z(#UVACVIZCoeHXLWJ5u=7T)4BT4+oZ8%>IQfYmz1G@DT=v#p4VA zWb|M3j(RjEZC2-Ji3spT%+dDIK({`;w~tgEIAsP$PAaY$3S>u>H4^0VjY(kF6H5#^_`a z{#--dj5VClQ5YnwcxXFBoFPPUA0%Gj-M3V7VjuaPNaF6}n) z8k7(t^w(tp&B9PoJlabU@JKTmAL<+X^Gk9;C2Ie&(moO!eORmZrC7_x#NrY}rk3j<;}7j1}(m&ke+ml6#4y3%O=O_gVc z_yiO{w||OlA*QQoG@UE6C*_eN1WrSyJ0L6T$b9j+f`Es}CocxclA)xCosLPzquU)f zHrhM}a!FiPaG9^$C@!+%XC2-C%_(>PCX9D9^^9T*H){98pM>=+MQq8FR#Fh1@8{l} zd>2hZl^MLnr3Fgb%(F%nF+DCg;{y@!n1zCN{KsvRK|c}%Db;dhw(k)G0|RYsx_k|% z!p91Gl36xXxWITU4I|RhlvGrNYNDDFSE@)7iP6N#gsRc?^K~f~fmq#Rr@ts(?gVX2 zcR?9fJ4nA6{JTkc%mPGq20Y_fTW-E#P6v?tonpVp{5P``S-<1)`09Ev@S&Dl9}qD5 z5s9@jwZ=e#T#cerGDAu8iw0y5&hDja-a-A0rfeyWD-073rt-sTr=1lCgIW+lM}a<+ zG)dgL9<^>0knko0F>}p9*H2q}JFWlH+!SH&P66BWjCoxm_64>ydeafV_R+=;cw<_^u+tjY|iUGdl{rpS|mybUxv(DW>E4DEPGl9x=hLKXSNFL@;$(zrWkQ>gOZg6o!^hb5Vkygh5KPdH*Bl?pCkB_wxKr(}qjnS9TWm((5< zrEB_S49{-qMsSu`L%?o=+JT(ZS(InpX*+MftnS%GOHY}3HdlF=NR*Q8{ z?ucnOTRwT+zb`Z20)4pxX~_$GgTO3Sb$!x-8s>AhAB-8#S4}MXJxjvln5ilqb+5iX zzGheIKqeZGzRt#$@)bDO$N^Fbm4|9m0V(^&jp-|bA5vTt-Y@T54sqQ&hpqg}8r6q& z=bzED3Y73IT;}{~y>R=)a39?s?4~+xC0Gxh1tYF+ytpOkao4vha7GbGJDo*?NRfa} zDeLq^pmFptFs-U$$G#%D0QVc^o$)KrSyn}oUyt})Gj||F%S_fB(Dd!EUk$X$F@Z>8l8cr4kttKH=wMMBG4__T7ZDE&V&$_a{Gr7i7+di41PQSVm@xGeB~CdmH9c zfDjSV=VLmnZ_LI6bB%caT#r=yy?H4qDdBZ%DWct9Z0fJFK!g9eMHQUKh0!$+!jTT& zwyswi2m=e7`&*_t7qobM8S6DlGC{>R0p`zNIz&5ZRyVGmk?VUzEZYoZB+8#G&`TXJ zLOJJ#qw9b4m1f|<2?&&^{5nq20!{!t&^qkvWI6g5;tL}T$C{co2S7BN)f!fXc%*p# zwn*#*p6)ZQB#MB5fV!O5-zisu(x8{$u+)Xa!S6TLJj{@BG?GcCk5M$fT~UsHXhaX& z^=G7n>Q!~s(gTP86p)jpjF&FW@v}t>a&mN3v}!gXJADv-+p!*NDzh1be%gX<$%ezt zZgU_)KgHqHg~qH6o(#G}YyYmc^^b(W14pkc%qo^_E#|GRuWu|%=AFeyMB7}U=vN!J zr@F!DUiQ`R@nv$S>_ijDRA|t7G7*Bh6^`Jo{}Cu&^SVJ16%0<2Oy_c7o{*cKfB+A^ z*N1^wyFk(|=FBh$x>3WbLfO1UgVwDVKTb4c($}$ah(B_?ON@)#x_#mIzW2~w0A%|k z{BCyK&3Nx(U7IMcP=n>Di*A1v5fWKA;mS-IKl)+9!opG`IxM4AwU|F|6>o|ymC#rI zSHgE`zxrBsh|Z)mQy@;()^rA6X1-|1wnTMt2jfZ8CLli5+-VR1;Jd$T8WAY!H@#}uEsTn-FkuR zt<(KtgPle~Gh?{HY#b+cj|LN{L)%6SCV&wWz_Ao}zC-oZ85X-$AnOdbzXPjV8-Ck5 zgW1BL<&-?Y5el?xjnX1aRQjoKiNYWvs*{kAd`<2~Z_5P5XR*K|t8vKBy8XltujNMU zaT%1c{DFBCDIi|+bLz;YWZnw-?*fly? z_1h}WiS?ulLDVi6(X9==K})yxWYvy6U#V2l5?(|0se!oc?_i5$`+=^x;~)v>NneAt zD#VlV6YVvVTRcnE!dROZ?8XFGW2pzjSoj;2GsT*Ac z{)aat@MeY{ofJwfT}p-)#b2A*8X=aN*>CHnb#_VnXCT^GGy(z!0s+`RHm(qgjF|mL zNr_5!f6xV8ENAMZJN>aWpq~&GNf#6PM}>(>Zo&-y8lf=01i1Cz)g5z@X#6wAAaeIV z4uB`-^WS|znsXGZ#`tTpF{FY2h|Cr5U&1cg{cnb{dPvdnlqnJc+U4-*BsrsCN?^~Y zdK`MMOwbO!SiR!G#YMzSHTBiJzn)29ch0JMVsdhKsnpnlO$+A{YAQ!qR79jlag?T< zgBBwaqHI2D*ob(4$nW*-Q#f3tNQK&b(bAt)A{t#W%llTpfL=V;DiuvyRG zHGGwjlVh+nmvi1*QUp3!Q8P1&Cy3xBTbOC&=;@OAQ{JCr%eQQ&Zr-+Gdfe9>mkKtY zg}aGwpI^xqe*I9bjt1=Do4URnG9@1;C_03v%{aO~2Lq+LIOkE#Ks9E*+0Bm?-AOjk zM9IsWE*gp$pPCeqx5WJTh=hdnEp|HWYoUnZZyS!p_;~0DF%1i};9v+muKKFvPj1A# zdNvXY)y8q~$Co(6MOsMtt<`wj`2@r%E6TUwcJoPw^8VdLu#MM?cW-I4jkOO0S5qT! zXoLNDFKokCzPmN$qjyE;pK&N}53PN+5YH^YZeatf?HcAsRSbOVmbPICnz3Q zb@uD4&nws`;BogGDDeF0u&OHL{AsBCDn_8&etgEcVtzKLSs9uf7tNnGo_cY(?Tb%C z+Z2AcJ9zbYp83fBIoafG&GZY4=kg#%IYW-We?`K0S|`^EW`fY{ZE@21=Imqp+j1f= z%hUFL6_>`oWl7Rnowo*yFJ4nuTe{X0{$5Rt?N69~9}OZT9ZxGZjciGNISmam8qNOr z{Lty62CQfSEI6-Q9(>3kf=szkxnj{OPJ`R4ZVNUeCM>2y_{Znxy!jIv*aQR9jJr1tabUX37`7)!G|X}~vTakN$8olB zAZhl+9u`~MEtT6HK0gnC^DaI8Ag*D~9jr@!@LYUQck?-TlHgoEy~Kg1BSFT{bl>>^ z6R7oD-*HwA+?a1jINCC+r#>qwA#Cj$3l#&87YoHQm68aK=-~wLgzschk_k~?7*$A&Yly`3W+;mIuL)ka5I36)+^yE`FjM9|E=C!gyqLXj!{mddm{byr7U z5WQE8qY|GMCknyyB{4-QsRa&5BkarLRZD32MN0(bZhLAFtqN5&>R!nKmJ(vkV^Zqr z(FdO2#=2hM2+}wEc=cz_@E$6#dssT(a!ykJ_RmbD& zzC?1Nw6IpPaIyj#2t@iif*ZsaY8Wh_j0#2ar}L&Qrb^}y;k`^WgTEH`Oj3SJEFHvO z)HnPQC79Yk2OD?99UadL zQ{RSrXh2&7@$X zCIgOCCUk$g#_IqhK$j#OEHPCcJ?V!#0!YjH8Jyjoz!Wa8KsW3e@3$MQTv9xBLqj8jR-wVxOul4(%vmU@ zS+)gdw+U0rC#B`RfoT%i-U(SQ9|N0PZ*G#OS_$)8^X`B%sXHx`HKB@gw}C1JA#+%a z({L#XKje&lY5oCfDkZcAH6^b-{V~fX&Ay>OE zsYl&0$ZBK&r={|pVqFRVV^X!(m$tPX>+DPlPn17jI&||@VDe1_=!_#u<8w(^X~Ck! zL;G#S3)P5+Sx^krPbJ+H$e@=Q@+CPGR3vKy#~FxeIR+aV^AuGTznTR>b_DbUeqz&t z2mTUO9?ACkbGuV?b+-9z8TBk`+G3D%We+Fq<-v`p1hl!e*~wrQvK}Aw=ZnT zy^ZEc`%dWAj*nbMZKvyA7-b0cMcz8n(-dLas zDONArN)A!g2GU7UC4B!hgt9~yo>zVTdCm<2s6j>zMr=6LbaY|~DvwVP4);38=(a&; zr!;2vB?kFPmiToG1+!gWyh$`Csg*QpSR>nd!Kk^aBXsrbtSe8;C(%1Qx_0I~Dg8?( zQo>ZX;e4+Q-#ebcVhD!rpWPbtl_6y^x}BxHuI_Vv)Y@4x@jpBg`wnz1#=K&T^1FW* zd-@t6vE=-mU3$Io@=1HyDeH`(T5wL_AJcZqXdB?5FdlERp>Ffaxu;|Sq55_kWX??6 zouPdt*yw$Qwtv0v46QG}r>q*Q|0iim#LYu&VPuc8Bg8UuNj7v%zUEaj)n!y z;%C?KdUTO~3x=;#OPJmf7;sMr!1KeNPa$?+|C+s>?by1ra{~YTJ=DW8uI3uzP|InP zwPOl2Bel049iZ5RGicoe{t5e)s}^h#u`}8btQB>WEZ+b12KN4d_E2km@R1?L^7sIH zakl&mo-J^R$SwJfTFmy7YCtSZm5d0t7;#YO4AKUglP%>EK{HhlKs6*lqC zQiAJvkwNI$>F@l>1Y0&JCMx?5yLYs5Ksw;o^G%uHf*?Fbgyq!M^L5w#NIS_GV2Zdm z%huWWcZJZ@e0(~fOLe?Y5vsM`n+$pRIL0*^RBY%u$*LvnRw}jF(9mC4xRM9=chnon zOf(sunm!FhKualAudr#9b3}>j%M}-)pyCIO+wE^{gVkFmdGxOkHNyZ6>-8DKEKfnRTv6pe*IbxdCNR3mvw?u`7L3uJ4YEJ2ChY}$4@AOQPVm?_@xsfA% znNC^DUqT-Y($*CILLrcbN_GEvM$IKl#V6LNl`kFG44$S!ieka?ZsopA|F3csCCC&5R3Z zgcB(TG5J@RNo5UVe?gRf%AdM1fHxCg}+-`A*Y5puicwCvZTPvB2q=$st{T**QUJ(uLfY;5J7R3)#mOC?9)Z{y1%M-Q`LPEJ{ zG98hoLhgVZ945;I67qKJu!(s7d|bRE=m&^@Og5LekPs10(h?8ZpGiMUMVqd}K*JQ~ z5T*2ppn7E@CXfY@Y+K)U+cX-~SXLW@YsQicQynT?4#pst>7HruG_79U-H_9=!d9q7 zwoJ(g8xm|28?w*C{Y}WMGH_rQYUxms38bEbow0o2zEHYw%hAC?!*A~dN0vm$g(QGT z0T1LjlcDk9?#V?&&1A*Wxg{Gl7cGAC*~y&QldG%J9^!xa(VU|dTeho(0~SYmFpxCB zK@yUo4-Gv&JsULw6MLB2a+;BWLXnCYpb8BS50h656N%>|D;pBiG(^qY6;7!L;OC2=NkCg|IS+a@NadGl7&7A_VIJoP;IRt=C1;z4Rv zU&^L|4i7jxoiQ$X10f>Fpl;v(zv-J!|C~iNCNXWc-i<%Xi5)*9Td12OsjDvIDDe`whl}=WC8erccgX0p@cZaNX z$pXowz6XcI`@OgCF4vcf6e^ zZze5X+F)>Ie%our9z>SZK44n&Q*oFEh>C#O7$qw!YP445IPh4kF;Fhw+uz?YX3JA6 zT~j6gtG^vN3o&mArq~Ty(c@;K3FI)aFhk?xUlLSI%*;?Qa6;y-L@N}Hn^u9Tcdt>6 zQH|ym^W$9dzw%|S1~2hqVe{W+b-4+1KV{86;X(#{;z*C)+6uvfgM58^Q$!1PJ_3M1 zU{8g+{QR>?%^@WXrVb#${A}G$G+$|V*IFzAtzIj7*FrHp5NKI?egqVW&=p$I1zaq) zmTW64Xxje>r%=s&0Vf)xu0Jp^P#g$COvW%^Im+Pc`lE(z25dNtZ`t!^PnfmoEL^qb zNGwDD@Qg}gD_64$wNm^~R9t#v3FKsCb2#i~%EV@gseyUwEh;pFC)$u5pqiDcHUD4^ zMJv|`8YvX3=#chTKBdV5qlT5KlUph`hz`BTKzs!*_j5XKZf=b+voucon7t(dhCdSQ zW*4rgq68f5*Lj{~i%ASlQFOuw7l|mGfF`iQ6fO(p z#dIj2W7GP|WdW60-C`UloEG4m{V(&KSNz>x8Q4;aYnMkgWfFr~4h_rOUw6kQL?k{5 zLpQvS@zC5f(-Np3GZTV|P3~oHR~X7i(I0TXFf(0_NoXz5@r|mqqO}}Z1 zuGVcqd%3L-Ur|Z>i9KNc%ciqCgf!3BchCcV*6#>4hTvbw<6JJF$_4f3co2`<#1LrD zj|K`l%`{Hij zg~u39svY)r$$BcilT4JUJ4`B!Wa^66I=I04hf(ZEXiHhr)c9(SJ&KKwJ6d9jO{LnH;!G&>?7*EZI2Zf< zkZK2tZ{QRR;%AJ{;H)U`G#6XQJ!w%5b^cPMES^KD^5n{vOi09Y(Fq5w30-HHu4d|os$s{qjFum~>3uhI$${5rj0}SIn5=|{qCO^A(H&PUPAUbsgPZ*4 zjE%6b??xz!6@yF>vil>CucBn6sGzTj^#M4`849o zY(Gd5`|v*73GfZ#X|B)fvj$BoEXRR&8n>`WyC%2J0y^_YbGn)(?9-KjW4+qY3QH(^ zBQDl@1?aw>z^$ZxWliA(Af6Hf`FZZaW}_ykLfV|A(;N%O+@9OZBA@2v(Dd0VVtpk{ zTmOTw%YMBl?L$C(Y=jc~X~Paice%v|<{Qm(GJr=3mDPm~f8wJrV{hlT6=0{8Q8ORs z_mW+Jq-uSN^VsRrh-iY$VMf@^oSUptzSnI#nJ+A< zI>&QC9L;gvrkmx}<0yXNU|}820nz4kLImC^_(C)3%Qeqb6gfnu=xsm5o(EgJqAblO zUl?nST2mgkW6^!Qq(NCFymp-nOC>q=ZZS`|llcX|dt)>l1es&p3@$k`z%~9C=h* z3MfQ#L+-AO#V$20PG_2j`zXprPbj;rM}b&~%AGoRP4X@?_&2?+Bi!C8NuD&g^f71X zm(-_u0T{k^L5Cq}K38Kho+L#2j|;uwZuQh}c%hn4hUZSQs)89YBj z(CIZ*RPZI|;d84=Xn?g{J^Y~ttO=Yw#OqZZ8t`si7wOm_+sadm# zIi8fwC@@1Ry)d)BY9~44O9ZeIBN`0U@`}%}snSQZj z!T159VU86f5Y0@=*f3rlemiz03?JAp;TulGLG9Dq9%J1LTtI^+&1wWo002IzC|7~Sh@w&*@3 zbMhz!BO2&D;Q75j+dF}t9+jsxAZHUlOfPpG-#Z1@45DrLHVfjfP&jV(#eXN%jdw)n*23UI7BRqL!oVZtD2vyER_ZX|Mz%gaf#WN!>Zr#Z?S2}!-J9NM`c_=NHg-YB5ZR!%yz^|{34 zH*ZQmBjI4*aHZPz@2G_a{Mba_UZHrZ2cHvbv=6K~ys$e_7-X?9;ZuIUA%)VjkT!ZZ z>wFT;djKq=Zkd!jl{GD(TZ=CGfE)ApOcYe&YchE-fkCa0+4i>1E-7@fOxmcZ5_ah5 z8&DdbV9NMiq57?7eYLwX8Co3jgxwOh%lh@4Tv-9&5kV+=XvVGKdq&r;^`4^j#@4s9 z9jah#8vKl=Hmx_|_~=qIF%O>yJtsC@Q|Lck{#Di>A5v1Yc(@kSij!wvZ4FYLrFkY> z`_0{ABpTmkOt&%nH0DJkdo?7S^8s*~BAA%r${I{7hqO`#o6C?N6Y!OIU)vd@*}cq*AVD0|b${9eHi4&OOON;dYt9ED$S;SRo;2U?C)B|)D1r~J!T;yIk(shxWSXsJzIThEIM}tqTY^k%8O~|C8J8xIY$pVbr`B>e{ zW=HCCX?$lx7r?X=x?JJg8Y_v|-H^_3-1FRffd%&$`{awo*{gw~tXGCMyjb7LIr?*# z-33e)F_#Mon+cwS3NE=LcEMPaD=#=V`3gwu^zo2>qi$d-z>!|9MIY7Sjy9goPRThb zVh&$@6>CKcm7xG$1+= z*WDra@zW^v`zvo`Tq85v<)PoA1qn*{Hu$QXo)e?;v0F?kEhmXp&ni+rp4oc0bh^~M2xIg+EWHU_V z9|{m$_dvuOq|B$=Wy{~a_>Tqh5An7{%-p?{A&{^^mH|#*kLxlvC$HL-v=pCa+ZQwW zo)+kmD}2)LDgBMkH?Gq?`RWw!o=eDGQCDwJJP)VSEl|&68ah6q_Z4^rL#KA~*54&O+KdR{5twp1mL^HvVjJen44! z;laVdiJucT>|NZf&dnhQ)8;*q?O)<*p-xSBb55SMSD;ZwA$!70eW)F`p zS{1_}44e8;x*ihnYtJRB^$@( z&a*yPET03U8TNpCe5}23I1~`jH%rfwe zJ;=_FdQ9Iu*SJdDf_dtfzw-p0p178bU?prh*PceB{C+C7^^!YTYQKFf;7qiFcHbFj zbg7Ib(73l8T|P5Gva#@hW%8KJqw{A!*Vu0I=c<`?Rj~vz7an|2P*89vC{z>_5f2Y8 zMMXt12?I|3yO7q)^_p5AhLF8)A{S6fFnx~%Vw^An}?Q5 z>X2GfD2S?fDEe|it!v5W3*LzPCkgJ8)ogE`=N63RiVdIU^JQ#4)GPd6Z4T1h4_G|B zN4~cR0*4Vu(p2jrW;X}*m4=J%A$e!4tD}@C+hZ}mSR0iN0h&;_?YD=}_l2f|Q|jm5B&T3)B{h_B(5RSe2&a7ndB3^4E7=8ApR;vQj^j z)!Kqfy~zzaoEOTnf&RI7gs!g!D{nmOkmb9>UCB&5wG)J3yIEcaiB?|@^TEl@`FD9^ z_vUc5pRO9GR{VX7Q0788bVkYQ9os=w&7TcBpa<>{g3E0;FLztSyqaJ|xf`-lCw;$q z#Uf%OsUd!95ZZ$47nyiUv`N215yTd+vA9&l+B+7-1t*_NHJ~qPqk^Cw%f2L;%$k78 z{=9u2630v4$n7Z2tJDIV!HMs@1*#x`JZ-|QEEL% z%rcU{@bJI3rC?Gm`(JhIW`;o{5K}$t`Av3+pwB0XovOwK>$}{? zMr`O4Dov~nncdW9yNHLf_I&C;2xUjo7!yxK!GUa?cXI^x1~IM*?SucvkhdQtp!USL zdAE3m5^lfNO$N2cURS&^@>hG}?#y7ma9-=F4n7b1oM9i=F8iHjMk&bjCjUTB%Uf~0 zHhiIa9TCnWE=^6+M#!>KBp^*&zV31K44h2N>ACHrrs{e)fKSv;a;6W_qeh=fb(M=D z_xzoKmgBX%b>I2t9BK3&Wu( zzmth>r7kvS4M%xSiZk}Qi~fo4z;Y?t16O*4TF{Rkw1XHznbpH7C#kIt={`M|(W~IG zjm<#HP48&jI?T(viP6mJp6^FrY^DBRG@V^@iO-9-lVOEsYhJ4*&%J^mjdZl1nXG4GwO=CXm zho?JxwpXdL_X39ifwIZsztBz7sHp@hROkN{}a2=N%%Lr__X-eohYC}e^&Qz zP_w5*sY0V!hBaGG?anwMboJ{^sGB1zGS=vEM(L*H-HuFTY7`Qbe z_WKER@;YV&gC&B*WU;f?MD(NQk8c}e8;Al2J402=UbkFj1hxZ(U}vv~g6639eb$z5 zD{3a0JnK<0FZVudsqBvOOx8#CGK2}^DY59}0S`RLZTan@HvotBGmVg@lW{QL z@mHP~MyH66Q^g(^R`2&47XQZd-<*+M`{8l>GI&o!#@QOe`4Z;WqdlC5?dCLy{>`|H zln&}~Ya7ZcUQsyJXg_r+eB*+kSe~W_Y|@^QwX5b>yPTS>(x+Q8efesPu|GTu>OY#x z77>7*9DY9FRi|e|Ws&a&PlKdGneRr}ZOH>M!~ZR87?F=7dqsgl@^%Enoz(cochA84 zt$?%6_)bwqNO*+CjXL}`mR6vx&Bi-W<3x(^SMt4O*wf&8{a5XwSg1&T6=LgAyoDt@ z1D7U9Nxg z+g}{~dFo|%I>Sk!1sic@m;71%6eL#Mx+0+w2OQnTF(%Zijr&!dyydIYCu&^pwSCet zgi^Aibtr*wu)f_NrWXcqdHq27%MvU)(DLYvt>rY;^=8z}VWWOrnOE;z(5m=-_m`gb zf6oY<9+{`^bIq|?b5JYNImmMXSVf(weZkrO`(cSk!T%qb^F_j3;i~bFZofCdZSJvE zHiZ`xsdiz_Rw!6ZfZnjl4X3qYg7|bpz@F>Nx?*XkRwEqqgpToUl(SfM<){APrI%#s z0l)6}D0~q1__Oq_H|+BmvD<#*i~_{mc;?vI<%NVj0O5U1CmI`xox$-oFwrdF)jb~G zd}4=nO2k^E#lpU{IJPm86~7cZldn$i4K{HFd#!OCJ8O9w^}|uOirkiyve1mIq1nYJN&Y6Q z&r%270+{of^YN7MM~mXK^vCE(EwuDzxF2Y=7OgD_4{n&g3=6ac-?i9cx!o|O6);e8 z(*|{^XAsq^V~R+>9$w#jEQJ25@ja%3jE(}Vild?I&d-FzjU_P)IXmrSzg!ljv2 zA0-(`wYCMiTQ0lX2-5t!X;l*LwC`H#&x455&LMFJ`nZc}>Wm7t2cygL8H9E9+ z-aIw>p7(4-ZXUWJMdT63q$^TEPo79dDrI$B2qiA{sb8-UQ-9I}->`Umjx{i6Uuc+uLKjV%6?1jn5T1~scbRmJ#>sYJKJDqgD zt#gPrua?r~n16d&6UmSA20r%(TD(?oiZ0(IF`Y2M1$e|MvmX%YvpYT({MF=7%8S+3 zCk#r)_PM&dCx`2o_{nc?oJDV5JOZ=zDrwUrx1q<@geBp49-LQwGI zsq@RopF8Zj$P^h01B`mr>Q|0^^(*L%GN@N8%RDn2Lw;(igFXx|@e3*Css>Rn?oB6P zHOu?yVUQb>>eDr`ZUvE-YqvG-)p<>D<-KS1C#amDOaDBFuVqeaPNuh9t|h0}W}}ew zmJ0gyt*BlutXOsSQW}2mPf=+oqey!Z;X$3xQ5JfvY^N8UBetZ2e z<;Rql65Yg^mDGCQeY+Te*Db}$_m_NSO|CX)!DR-BAC^;{gv^$asl4ut-5pi=xw*(v z_-GtHZ}7MMS-W)ciXLT(cEj5K2s5R6)fch3;E2 zP;j*-E&v```R~WoHCX1qQp#L2kh@!9JQAYT>3@Nw^;vMW9J}8a6gd- z4o(C&=wG)b^u3Al#>XM)Ut2DklQo4jP4a=vGNNQzz7U+c8`BZo>zooLqi(9a91-H9frc31f?eZz1gKB0bRJC@U?B--l) zd%Isq+*UQ!d};_vSMgo08I_|Nxj8>bquxH=0z?;R6PY^XwpQaQvo8WdX38`ucUVcq9Z-;)I&=L+)pRiZghU8+5aJyKZaF36V+>+42Zbw z%(uw)|54ZZ)>6D%7>cvev>AGmmD$aTyvf{d%8K&b^}9P@a<=L*pp4V^?(5NKq+J>K zEtiZ^0kH-8fGwQf`WM$$c#XkCe|kfgy?OuoubRi+FW`$9{hCdEkgNeYdiik;XSjZR zDUug%hE&B1tT!$4QWsamU_Hm8L}eFesGsrvG-}T|{|H1okoSl;mj?vNgWE#2|9-IF z6!G8>H@)ld{RA3j>hQOweoWUtx@8oU`ZwzSFU{V%=)cm~bQKbaix&ZuRfjFDi)@8& z^)?|S!W|;R?~#b-$6_)LpM|F%uG=Vw$;AlUX^^_LwzySg4fN+~R6-^}GX5W5{x=Ag{8a-}CatgDvOyc%WZURq_hGrGwtF;B7Y3=W!eNgjpn$KFUQtPg zP9Y2R5WYfhS)R%fg1gF2PQ~^8u#xj>t;)Q*^(%qCqGyuS%(>hEOk!i3q(Qd*&LJWy z_DW|BX{4-*wU+=>y6FB4bZc|hA#|Y9&z`lbAWK|)Edj-L-j3w{q%2VK50INIY?06< zrocQD$<_z3g=|KxS7)=(CQR0O?Nx;UxrpQD|EuiSXaYS$ik-PK1SUw|26ryysk!>- zA*1NIxH(Z4*$J>ykM(cAH^uae*KExAjMEfDT(T~GO6RJRkx-K{T~iaKmAw5rS2FS} z^6%*KRN8dE(okhqjjxltE5Wxvnz3yrlU9&1I-$FVnECdD4}Lb}#R3CQ$!b7X2L7(Q z^#JS+9J!po-*(1@Gkhh9ud&?+wdoD;$yYCHFogc($#X@wev0}Ff*OaX4|v-eh2H~* z6mVnrbb;q4kF3Eaxv@YjUrpFlai{rB48DynPvRASFO@%JXZGw%8+PQ%)&E(=%Andn zO_f%R&q{(*k1}eE-IORr=nX-k;GBh*tq|+qY3dFb# zB3V$kb)<6(;o|u#Cn4g?rfI8nhy-QC*8sSWJMhtS*e@w;q4|JWZhpW3%ks8W2_lcJ z1pSi`zX)BBx1`j}?L`qwYndPly@&I0HXVK=7FCkT`(o+Z>OedaliSV<-lHo>w(XFS z!oz$!^9xCk8H4$Zf<&ddk@gH|gc5P`R|3WW{u}p=lAQK*JEtMli~@dz!0+LtPkRHC zOtKrpkHXzU^`<>RtcNWQ!0L!?_(ZwJzz&OaLSqoA<%@M}&2@FSzYA3rruBg01kE;_ z^s&&51-zI9a{6J1U-aJ+Q2^VIoZatIV=wpm<$N|q)jQ$`hAHj}FHeOGcQ*1bF_y3u za4!e^1jqPcVxN@F@QhVsup$rlb^!m~OoTitSy%FDZH{ zZq|wyZ@SfAux^I*Voh93^M#qwUrK3pk}*4e9MRrJ>0I)-yD@)qY=2$Qf8}``gc-dV zN%`2;8tuM`wAdZztq$^^06!H}Trb*OtX#$NpGcJQf8W|;cvMF#sOO zR*i{fKF{{HYdT4f^aB2|UY1O9Tfz7wl17JP@TP5yPj0x z2$@NZqVXv0wb6W2nR0Vtt`=%WoGSmW0i_ZQAFha>zs@DS>n5i(rY9<~zAx`6rAcQW z@Q2U7st9{-Jl9t0Ku?Sa|4&tv!@YBwr$CABmA1|u&1|;=e|F)!J7Fl-UZ`VK5)E%r z2&vh1ax2EQ?aIs1#KAV%S39ZhRkE|JD$Php1FU7}ls5C(*{B3$ ztNr4ux>C|#*d<5;LkUqRQ77Q zaUz%HV~sJY)+zgvD9G$?9{_kz&mTiS(!^bk5uZW!+sxEe>iSPczY97;no2Vl{xAM- z_MiN}Brggmd2P0B+b~6hx^n}+VfUxdg+!yPcD|

_U%J{`Z(=y zwH*YwOW;>sZ;Y8e4h>@u7NR_gV{&@-IJgqXG>lcRDpqapz zCoEXO+92uHqz6c}nuA=D$%a0XrDZW-7e^H9+9gEbVc}~@_ml@Fx3pk1tFb7EFUVtb z+gfScKgeT<+bj|zQK2EjqF7G}kt+XZv4(9XPe!5ne@2FhM5sULUt=@rXFhaY1HL;dCZjx^T(N%-cYcC*id`yGK3iZEfN`6Ll>O>3aX~(KxN;Wa zAj4(c5g&H^__!ij4MQxv`aLE9Y=wf!e+m++wRSI{DK#hw*-Bq=(Up8s4`6u`Bc;hy zxNysJkVv)Knn}(g74O~@5>=+?qo{CCMye^tG_*{G7{2^t(spQlir z+h#EZ%V$%^zz0#DhO!{qJWCG42?_f) zd#VS}H_HCwb+P%y6M>I#!GW`ORtHq+yM42%$rxsrH)WNCLH6niIY|9$m3#`{ zsoSM(Xh)yG>euH*{dlgRzWyrqHfWzg^Yyx{yF{Hew7#S?P)4_5bjYh$(6=}(5NGTg zResCN_Jh539+o^e2dhK$Dp0{Mn*ABM2(5 z%Vp9RX#o@1vmSx=r`iNsNMTYW z&8v#jt`9zT)2z*$XAo6y+v(2KRr}{f{lT5x{o~zhwb{f8uqPhNi=U~6LMFyVFHfF~ z-tOJ4;~SEKxz2-ImeZs;57T2NuMAH)tvNeTPQ>A)tQmwvT9*8Wsd8EtK1|0$xzAOj zsb_P)n{?TPrD7?asfbDNE#Z3X6w7rV;Kg1`(`ROG-+mI*enCe>7*0zVh~bxQ(Jb>h z`x`Ue9jo|UW|=>wI6<*QPW@avGVhx2ksT@K;?!p=aUYaEXm z?LVaTg<2e00kF-i2{laLY#ay5aV<+UnBn%-D~|6OYi~>qOsO zB;0sBTmgDII<(x#z!h8&B)_>-qr*r+8i)WxUPug=yx+O;G3!wv;4Yr`hmFccf>^V~ zjeJY~nr6!4ISEgzW=CAIjI^mvaZ8VO0{|XX3x{{zJ_Z2XHLe-6z1yGrh2I%0SI3aKK2V;N(S&c@Ar4g|6Kp&UxoNy_5c6? diff --git a/nitrokeys/features/openpgp-card/gpa/images/gpa/2.png b/nitrokeys/features/openpgp-card/gpa/images/gpa/2.png deleted file mode 100644 index b4b18d497c9f9de621f8dda599f79dddee7394c8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 89745 zcmYhj19T<9)-W176Wg{qvF+r<_QbaBOl)gn+fF7mvvpTDG{8&G_2u|l z`i2B3vc!>2p`@#vy=@kgHBIAjtLnWryYD@y-o z9iJ>K+6HJsTYM@~Qw^*`x}4#Oe^jhgaa7Bb@|pUVIc&dC!VnP=iPL*XS|E7JSGn&~ z$wdd8A=vIUF*we|I?D{hF0+e=*7I|8KS1pY6YW->wmMz_M;YPG*(O%L4)T1C6G)6d zCu-TeM$vxO#vE}L4KY8*skL@hXB5T0MW?X0#K~(*cY|9?sjrinkPZ(!egIPD=;$iB z6z^X;Dl{HgV3X;3El-}-Y;eB~$E|}N|57*$hvR-Fp5!a#pvpoCt9iCZ+mEaLfwnpI zo?O)an~_d3^Kp$vdjYLyFgA9hr+YD(q~@pFL;ahp2aL+cK%g3LznE{O$>Uo}`K7i% z95m;P{oH9R3l%PP^7_>Llyz}kp5KX8c}O#Bica~#)peA+6`kdQHv2?6Y$GF+Y(kTB z*mrcRLV4d{v&k6vH#dFs=8Y%dS1-JV7xqS3$^!h?pY1P!OHW`ad@b0nkim|u3)P%$ zj4yAIoJJxHN?gN8)Y`b?YrlVk*Qd6cLr!GLSsN}C!sM5_RJnGwr||#Q%h8II2KqH1 zUzB|;!IT<4t-IlK%B8xgKz z^3+Esj>g+49Qqk0H#-5Mru)0a`+ak`b9(UG-LnI|r#=q~!}qi)_6c%%AM7L_(6XDk zlh7*cQ{*j|cKao3m6o+A*)z%N(t_jVat_sUw0_2=8W(uj?)R9eHC(S^;D~_!{KmFO zf2X%v@~pm1g6_B(CTCqTTJ~UI6lIAy_PU*AS(SzFe+;6!y|8m^pE7B62!FkYYA75w zKxMlMfqlqlY2e9iec>J#-^+vR-EvWu7+I1aUgG7aedgWJIS(^MXn}5& z_27NE_2Opn0+pS$)`-QT8+mb7Zz8>;dv!nGvD9qbTs}-WBfJ$l>_r5Oq1Cq=RF0z9pmx^_{SS`KI_pDvo?`!eO7rxPb(`U1r>18j`eRN5$%BT~a{6R?cCQ-{+i?wX z)zTQcd=#p8Ib*+bLOvD+yfViLnP*T8gpAW|1!9U*aqs=&ZVe0tbDK-Z`{rRJgpU7445b{9*kc4l(e#B@9%Q=;W4sDArL z#FR58z~A!kWHI>e`!Qgqk);Eh=}s2Sg~Ts>hiTW9n=H0>| ziY3`tuCtO_gKl^6G3VgEHG}GEIb0H}Z{WH%@tB;PDf7>oeRU&2XqIjDF7`KPZ}EDVe>x6RT@b)nyRerm^G62Y>Q5jIiW$)hH|npQHP+n)j0Tit%B#LIA2d|dN+S&;UBJP;#fBhxOoMsk{q%({>0?=;4$Kh8V+7S9xV z%4NYs?~Do-MV$FW^(Ys3p7Ls*aDMtwfh}5WhzkNWTpjLcvx1S=Sq=QfR5H7pWo=ak zBz;)la=O4G2_EriO;kQBSd!=@hq;h7?dn_1+IsvfdcP_L)lj_f-H1OJ>y=7Uf(S++ z@n_2E(4DcO1*fESRi}k@^(}$zp+!L$563U0QkkdIN@JUMwcXRl=IV6yS6l|I8`deG zT0XaOof5k#d9T_M3qiBnFJtO+Zat{^4`>)zsfA?F{x|I`$eWa+LCZHz@0dNlBV-4b1W zP_%(at{sThceoVL!ti+qx%^1PlW?g|xt;8OWja}|4{N+L`8{pkrKM7iH`yJ`Z)|0# zX9Et}e!rKPkuC7u4ewL;(!%*Iy7|Xgm7XR}b@zlG3eCt$DkMo862~uwxD%UiBa?GV zEE{gS(GYsw2kDk89aUwI3!kk-6RPUY>#^G`c4}@w;PVC)i#lQ#RkElUDf&XrqVwB! z`t{2S05nlWW9NHUfyh%y9w3Nz-xaY^1ECRxkL&G%Ok)K4J)P0_6rLeXy$Oo9-{(0@ zBqw53Sa#o1V&7sGEp#L%Ugm)m0nSCb!GMN}oj<#uZmtiX^J#Q0bOt6}2+EbtGcKRw z^&EVo@gOLXvb_o(f5u@|o3&TFj7*kAibd{>e)}={JSk55O8L_Iy{5EUQL`~7@pQGG zPI+k_3}R!8s)&HCe_la7=AcXe9*86LY71SPEOC@&)R=g`(Y5jP1T`rZ6R~iuut8aT zsMgSSgE<_!-*1SkrA=3s+)Q{i0G3i4HwrDk<|~j=*OS9Rf`IxuCB04XT&vZcaeUh( z-y2f`;Vo&V4cq3RbFG-BHeYQQ64P>*!sXx!`pnq5HygtHSB6&pc&>>W^EhyaemrA6 z!UNS_i`ulgqM-prBt=g&s1<8idb)p+`sHQKJXg4HmoLqGqDqJ>)j`bA!Y1N;zSmK+SISY3pmbb|1ysaJg#? zDHx*Z*re<37IPOR&QK)@x#LEvSH4)N;IpA=)$u?lin0P?YTtmBbq9Q-rz=H{30rq| zM^%ZvAU{0g^7V!_4q$IxM z_Y!B_!KgQKAG1@nbYNNoQdbzKFv?M?UK}f7x+?K4FHs6dZ}gnnuIh0s6Kq=?lr_7|U)v0oZSU8} z+Af~P63-Vc;WXn9L7WEw%I9JHHW{W~Hc{sF9FbVPv$viVWgafx_eu(XVt&)#D!<#h z_M9oFuIR!&_;h7I?C|0fuI3E=^Bq8ur_ou_%| +&CY3gi=2=8Vb5gO9*wW=xly zZasfMH(~I4qtS7@uy{tx(Ysyg)7EKx43})&26B3tCb9Od+!^=AO`!It%jCqG{W7Q0**!>@6#2lFkPtsI@Y0}JPUV4ssQxD} zH#;Q8+T>X^%lF6MDjwNf@kfKNX`DSUsMqg{T2$ApEsK6a16Rse2VharUY*1UYNHNa z%QqY^cL*i}4IAoeRfSGd@>ciJM(P7pJU7==PmwIkP1hLc-q%dG)VyJ)2RJ)dO{L}+ zyyj2i5HULS=li_{i&mFCv9L>SH6S@8k+>Xpuz^3#X?$YKx9>T6+;{rDZmMflTy@6X zW6P^Na-tyU<>7O7;n}=T9|}I6(eYE{aDm#>nvD@m@Du9xH*4;j;^5{4j{L1T)Q`%X zyI_5ZXw2w}jR%gSK40~KM?Mdf7m{@K8Zn-D@p-bRzgf5nda;}$+4Gh?T2H!WP&uWc z(mzE^_~K1MSWFLTd=*c1IFxgk};DHjj z#)>9Tn^0Sy?7Q2(ekp5C`y8t_Zs&O#HJwNY)lR^VjZYP8VM@7C9olruXgYgAn;rTq zwJY*lw4Z=N=lyqXr;o_Q<1JdBb|O#Tc#MXkhN{yhD$ItWuw<*+`EnSh?FT_>ykA|U zq@>EsbQ#OyS;SNoel~}i7eI!)BxzjFspE5`rasz=(u@vRG^(np6m1fm7VC|ekd~Sk zB19Lw-Qp#N<6iK8dUEM8Ck%cbf%XX-=zjaI3tQA1B%p$Cd^wBZ=JA}y!~39Jg{`K` z7MS0G>p)Gtqybh4!cJ55hU@Sqpe~O)*^^)7`52#+Fei}1)}vHU$Ijmq#P2I6DC~Qj zRofC+O|a6MF`k*3zMW<O7xA;mYslhQ&=vL8~#^qCgZt?70`=D&xFZupCH^rU&QsS*Ti<=294gmiUk$qIWlV&-q%;^p8$L-zFZuIKvoA6u0F&Che^G`-l&KBcE3*F z@n$bXnNrx=vpa;dPpnhEzE@daKpkmgD<`<8Yady69U@fyVY&IN{ML0+{2n=!+W~}6wHAu+?qQwz%zb&~KL#im2YR*yDi|M^B^)E8UW7g}I{IVA z60h-Mr3~4qF)uC2hoCPAQ5q980leuaV&X>$A`((~_hHz{O@)lA@0YrGaCN-U^I0(I zoqTAMDxsMO52!^(wy}Jf7y?G;d!&E$55nJeJ`9&)Zo-9n>t1!&c2fdzkp}agYR}wO z1qyuEy5YVP1TtWE5`MDF&eCJzhOEgR$a0PC|Ay*y3%*JXq$1S*h_GhC>a#yzvbhs! z>q{u?xUhkY=IKjzRlb-r#(*VN2$PExw-EcJ&o(lmH_|@VDL}2Z=FFTYu%K4IJg;5{ zW1cnSI0GfU3%exlIFqVQYoH@Z{~5PP(3K`V^*v3|$o3EeblQWtBNDGN?HS&tefbfp z1I@oX)xr%oPg8oeya-#eVK_lHE?eI-|z&-B_9|$`L{B8D9~|_S!jdwLG3J zf|ncC6lQ8*t?K^(fg$4D3t&!>N*n8~;_03I!;fUqh^XfEvoEW>?3MU8%;{xnc5l=w zzVT8hf}?{Ks*$Z%QY%N(+j;i+<@H&-wEOnniyq;&!7BHs!F&#ZNns^yO2-Fi%Af44 zcfP4l1urXzhKKX*42?8xPa|p|??x6k@!5e!Gdy=Va!KxR&m7OF@ZXe^Sa^!I zXarXSi@w|Q^##X1_mFRIB_KCU*Ep_`O;wW=8bs)y%&B6(H8Jimpd4kc$2Rk|Vy=Evo=s2~5f5PRhGE_B&k=;0`sUm@yeG`{awo5a-DX;_UhO zfRh|9BPE$6W+1AX`HW4@9W+|;Ze->l(3j<4$x zi`>@-qd$|kbuYNpxtdAk>Q?#j`q>B1;&3yodT%%BP`OM5`3ErN_NrR4-87iJ$d0WL zcXfBP63H<~9V}3LidCTspAB)Nf;dGx3Wc22y$1kFMXH>Fkal3J|9M;cIX_a1pKBof zGR2U;1!FbFL_N~+`x&ppi;i4Z)YMaVshQpBDXe-kca8%nA{y$UmDwQ1l;bHGLTy|A zK?gL{2W^DL%bV6&sdp3jqUFKFj_u**WCp(#MK!D4Ty?%3fn}FhyflMHOmx!3fU2#x zwPsbXI~SItSzWt@?of(X{h}W4X8XB`jfVxF=WpLTe8Q_md=F>D$4vsf)D#| zYHz2O3nut|7;yp)g`wj)YH_F4E8kicyhk{Cg;?56Z`OS}uitB&OizLXLC0*eCw>#x zn`Uc_Ol?9)F`Z1qrs-=8yYgH0qQy;4Ck!#t%5HBp1$Q{?(s^YY8KPGHaPSefo_q6r zJIlC+s;>TBfE;#`F1P8ErRdU-+lkGCem|8KvUvF?X8OBL8`V-*;$wDNubduitf%r} zM%+ZnqTZ-9zo~*4v$w~0_1n9CS_if|FQY??`ODb0JCz4M|ziYqi5g9p%*>*t$R%eQ$x_5Yg{NU+q4DX^pKQO-H-Mk((fi~{+pf~HPDR5p7&kS_a z?=8_rh4jqkj&|G}dBXEWs}(zhHLKa`?QJ<+@Aj`Mp?YbK_y;nztY!fR@n53@C$1vR1wMe zbYr3)cUVyu2t&Q|9qx}~R!(CK%Rha};UYLbN7DP|Fj>z?D^!#ke0gciy82)*8ThFK zXK{k1-FDi@#C?Rjo&Sn#2RhhTXWaNdVxi8^h(fuiT*W^OYt>KI9v+{agYpfZc+-VOt>+P()>w6`pJ8w|Ui~!wxYZ`~xB0|KI3I;WsnjZ#daywZBXADSwq|zMrf9 zFRoHZ8KKnNw~}1F^gmb5nP4)F<@drmyb;iahqBv}|3tYNTDB=F&Mud4Fa}2z_!tHP#(8-VjuMxfbK>8O|$z zAh6`fPf8T8qDfPhZ~An*=BF;3QOw-eT~bxE^iSNJdc@nEP@tv`Q?md4?iW1EXJIuV zLWP%l*!$y_K*H6d_@&g8^h;A2FL#0PK}S9Uz$wKLH?W7`i%?H z2$q-1j>EM`;RQqSS652OX0M#Jp=eiiW}{-`n2@g+)g@0a7fwq4Hxu~@W-MSq$Q0o!=0l%!t z-853B!v=td(+CUp63Y*dfqSzx*irnk=&O%prz+^_~QGS{@M=t)?rboy;AG>Zi(3O}8wC$sa>stAa_XW*|<2@=wi7S!G$nu+!jm^FL%-%JS$eZANKHY-qwRq{myzPK8#1q0qb%aV1`%Ijj>jW;)I{6B0?tu zH#bt+4EyZ%!@t~@VYl`~;e zZ>YfA`p(^)Z28$8)yg+-A_JX_|91NkUu?~VE>JkBjRlRnR?@&c)$Oh-^YIFjR{|*5csGNW`0!=f3lA2KO92mkZ;WP2s1#)(LHh|D*eCmi{-_C`5ZI3!a!=>r8h_;@A9HY;Tc@6hre|(NT-^nRi5^&$ z3(Y=qCcjZ$Jj_--yWPr7MBm%tw+2&qnr`o4oMCc(Wo+nn;l_Qh$NKld#nO%!6jkfh zq5O94>*G6VcgJcOjlVJ9Qh*K!BFN=i7zR zYW&^!4;P@e&1+WfgUm@B8Y#~6ilZjcO$iyqUIMeq?cj@BcZ06q1pHnBk>WuG(}Cjn zpTX{jQ`U@=>8thm=glpF9jzH7=vk?m=rOZLZMbk9FRBo#?@N_9vHWd6w-KfcF0J2> z%fW0ILSXD^Zm9p`y%O$f&eR7ck80O8i!h)&rQI%4 zK;GVkmul=d9*A6L=I9Z{K+h=%Pwrk@?1hNga}V7YnJ%ui)H@dY|Io`4AQb51Pff9N zo@SY~czB`0ytjN7!6nPMC2_FpPNKYrFwuV~qE|5-R7PGlT zqM^Fr%L2~Zn%WTePwUYzk|*R{1{sxfA^`GVeXzF7ADU{;MFHs+A4-Q7f&O1EKyUHX zqq4kZ%X((X+5{cSPAw3X*?PZqb@ajDW3$70ASljK>Ob1PtYPhzu!c!SioF>u=nwE_ z00_k^)!OBbx;{HD)($u3m?X5{Ds{Rax5N6glUKkGfl;a&&SgHi+7M?r6+gljl+~cG zm=SlghUDyX%#ooj^t~UYIPvM8C(?Vp$JEX=Azu!y#Z;6MUXNudut{jj1QEKg_aS zQt=?)7}OYuB@m;4U7DLZjL5US?P)<8&vv0!F3uVynB)paHS?6NfX}p5sk;b|Y-y*x zQg%FSkE!>+*F5qP(v)qtV7fae=q;4Q!AQA+&s@QvMW5QV_T;`l zOpX3;w<)dK*%gg03D%L&AkFh=H0+h+l8UT2s`n$C7)@mGg^@RUP3JWIxF_Z{m%)^; zaqSG=QM?$PeP_)>GbHr5-h+DI4cZV2+F*X^!`9Aw?;@>Gm`zc^HTez&IKM(^c=+AX zc%lS^I4`N^>#C0wpF_VXEhO>7MHZA6{Ia+|Tqv_>qIp1kkvW&$pX0BwpCGSm&l&4U z?3D>~PYyoi*jl$SJKAhFfV8{Y4oN#rdzjNcpj97O6aN@do{~2^=orRCS?+4$dh>Er z#|npxf`%>K#p zYOet5EEqnrASRdI0cxwsVSDABuXe9njNi5-wPCeF_n+Dyw7P6Di0gkIbAv3;_KuWA zyFbXlhq)aq9oHRfi}=v?UT1w73^h=GN3~j$OB3u|eXU$CVVBE$Pg_{k-%ZhD^3+34 zfDp}t@~3m=3A_V%-Oq#6k%%+$4Xzy7R}(>qT@9R#=X@M}#q!|3abaAntHD zO1o0q7Mf23oSBnD4G_U>DAf-Que$~I20`WH^=Z8GL2 z_pg%1wSiZp2qJ{#acO0`5%;@#N_TXRX_xc94l)gZD6i?{*$xGDr+0DKp)7BtdGADh z$lnegi{1a{kbmc4ME>darw?3~17rsI=IFqS{J9#e(H}flmc~5|IUM#N;DSp_HRA=F z6c(dFj5Th~SPl92=r2^#tMT6fXSC~1jXh>csF%#SzZ}<7xfxQwLq_fW@oZw+|8NYm zE-Mf#e=KFQDvTkJBL!LYOE^}XM*>6}juff@dC1~OxM^|BYoAG>CVa3(VicoZtpJoU zKSLoklHXkUvh2y$%U1?w0+k__d$|0lc(eS3_HsuHL2F6G=e~2g`JccQ-Gv^uUR2n_ z;qb+c=`kF>eRd3?t!u8s7Q?SNbZH&C&Iw1U-$G%?a3y_aobQ#nZXT{Q6d+aq<>7dn zi30;7z%?!t)x%uqk}sQkn-j1lGTRw6KE@kKI$E2x+J8*~pOTPlPB`;HVYSh$c2+J1 zj*`4kiI|RJ!vG@;3|0ah+|{QOOUaIVJo#$^cslEX&qkNHuWp4Tm4ncy*H7Y4Zc(Mb zuW_}6eJro>Ve6v*PJO&&{)_=B5$|NIKHGX6+PMaH{?P~XcOzeTxug(u{+7NjrPUFb zf2!11@|bo4n(BX=k6ToA3?`PE57meMmq-R*CZ|3emEi{0|MOqR_`(nXMFkq#`4hI% zf5+kyGA8(c1CWbD{}(XEvaXN%KOlIE#{X9=YX>822m7D>l$Xv|G0gmLfnUqA2r7CO zE!>TpIwYYnVi+78q*d=ow5;w7X=&jEdN^PHQZ8;rG4z-W`rO2#xu7#9e)|W2;&LkV z_yPX&5YwnP>;jF*710eh2o-fq-JlS}29g*v5y?@ZH}-30_m|cF zQY~K&LiN<*2@+Be;+J{&2|!gjbHQQHs05r^TD~>D*SXP$?`QM?Mq{OY3|1E^y{>v+ zEA;BIhqHq@(Ga8z(3{tIB5k|hLw^5;fmviATuYd$n_u?oCJMyR^YRx2#OszA>L>6ZaPnj^A*^5Sz^Cx{x=-v|IV zHa5n0!3{=)!)FbvH4<0rHmz0H@|O84A0)XPxC*8HcBp#dKY91)1N*X4(Tae~Cnds8 zgO7N=k=P^m#Z7Oxotn#z`>6CwIbWqf%z0BkCNN;#`HAO5x~ zqxxlFlzzr(XT1JtCb+!)81gp)C%Xo3V9V+R7eevkHd=r6w@ zzcAS5r>NwA@4<&J!yfTZ-15^X2KFfOcRe(veReg%>cTPV`6Qwx!fQmJ+j)Ftf&-mn zWs6{?uA|!g~*v zV!G{&u+R)DmprY{;9FBqC_6o+z9uf@b%>mcRa@^ z2NzrI3Glfgkbqejg3apX-c0#T(c4zLa+o4M@b-z{h5kBAoe$z0o|n8s@~J)W9NL>9 z<|m3E^A>Zg3TVKTegaI+Z}=R+kO&G2>OytAAdG@Xe&JB$yX3f_R|1+Q7qWsSh-m%^*NQ zhzWUEP@5o1I1A~!v|@CfzOMqfbSm2Vx%l(F^Pi)xRGpGWh8NWV++Ta)Tc6+-+|urB zXp373!q$?0t5?~Ln_a^VLCCl|XoNqFXDE_En)Rm`jzBi>a>2f@WBVvqZ-Z zZ_nkbRY7vanc8?fUP1t-aswe?@>q1TZ?wh~`par;-aXF?sJF`7neS zZ+t{4Yne!_rN!*ICUyekGT-sTetL{~Bk*3qUB$IY7rvy|LscY|isH zlp|CeSvM!#=kH_{YidJ5x=iL}0h>XUq5%yO;3cx~r0IBHE=d*9%F>!L>QpW$l(|b7 z6(w1cr{f`ku%1s@%U{Gl2t`pa3ht{I=SBgiYEzRP^qDSHR zYGan7D*x#>sJ0*)Cm2P>V13uxp53{$MnfDiZC67Sl<=@CHnr=62&?!$ zwilO}KHI(*5J3vFVG2_rMMii$6$Mn-h|<9A-YYeTvR{1yVEAaDd64a(V92VCs+&6x zjIt<1J%+V}K>~~SE(>;i$|Mn11n$25XOVfK?%m2zlfel5-$Y9CYpLF07 z*!FvI2`W#KLJLlj9ZK?-+*}78G!%9Fji|23#!!6WzlIhziL!$0RsNC(K~oWtZ+E1? zgoX8rB*f@+geWB35As?}dA6D3KfFuA!jh0D9J-(jY`IufP*@n1no9X{cMN#vs{FOl z^xcP0=yvNG3f%;T{uo21&L02r|K=<{7=v z1T?>c7Jz`ody#N*`Qb}w!WZ;YSM;%hdaJY1P1EFo3&+e~AQO82(+p>?ivZB&hA&9j zbv?qWl$2H4LCv@o-^xNmnBfM7re?lXh{@uhJnhS@n3P?=X&;yywXnt?+SWb1WGD1tF2|b8_ zhycSQeXy>O#*?OQDv{hl8ImizLsA*Ybj-`n3;)Yg{K*4DP8^6%gN(li3{^NGtsOv;ea z&_qk*t}ArfA*vT62azT0;O5K$wASI9^j<+)Zx!_Zd`vK^jpU^f_LPMKA+wd17za6cTRqbOP+;(aR^;yKw?l=YC634lo0JV zyb6~d7<4qDoxFjN{HLDf(%r86GVrn&a*Oncsl$Sf4&0n-bo*O3m`bU;((HC~J}RqQnrN>f8TRXK@PCFJ~>5KclLUSHMfFJ9e|I-4)V z=li@#TI8~OH&#_Bt&Q3A6AIld9WF*~gr-zK85SajE3FoVyosCd%h33-Gv}R}9#d*g zdF0>qyO>~(6{KGl;L9zX8|n806Eh^dDuXhld);0@zhk{DXx^fc{S`5(tW3R9^-EE_ zd>jj{`X_)n=i2xxB0^? z_!%SQi2Qt~lW+;lpt?sI64lIsziibToL}DuL<$9;3acd+7#j@iGFg>k}}_St&)8nxZ;}9 zgXS4!(QQX5j)Q8AFP6T&av;X7j{!ZNf3|=)Ef-MC=oRkFm{2$r+yHeZ~4yjuK)3X4{E# zo6r3h^zp^Pt>ipAz^l?|0HRzvrwVE=KT3DP4N> z4Y5$3hT+H!4k`!{$=AgFS&OJMgZN`t|I?xZ(nl0F@|zPDB8Y5aU^Q~*sYX}}pSWR8 zx&q)kEYD9AG&D5a^7;)v_V_|5B0H`ubz1bl#@$7A)fzsXi=tq*7UF3T41dLH(y+MJ znzr4Gd6(yFH=INiIR$w#=y#1MiP#cm((s%^pNZ*&lG?KgG8rDCJmH;bR(PF7DjJ58 zx_spB3-N3B>CAAb@`wur9xHGV05Cui8o^n=S>wv>{mH9Kz`2oHV;ILL9?!kej zoa0wkKs4uX0O2PyUEZ0@J2LFcAwSjfuHX3xJ~iVfju$tCdOu{8j0#4n=ffo>h&hZH zc;ksBrDTXbAHNYB8dBPwriu-#zySbcTwK@yMf+Cm79IKye7&tmVmQ$5slcjJ%r<|U zR7#kj&=vcY%K3L4_zf{417$kKyXm~9E6U9+gE2AL#|-&0T1#B4)bkn|5+foa1RjBB+SJP$ zw|TSLieBDn$9R)^X6#cbwcXr2hJT1QuGmbh^^`+R7bP8 zZG?1$e@i-A(=Mhu9Xe{yxy$zBv;7Wq)ojn@Z2_e}gN1@j(Tk-usBkcVtir>&uIv<| zkCA&T6Y8U!@>hBY)|#p?s%*baGYUSEU~qZnz9WAzsVzb}`Wr5V$m{N3FBfU)y2VRP z(@k{#Dwx*^Ka=k>MND9M?EpSlBST*@OtM7771UKyp2~%|y|pNRORN+bp3$04*dHc5 zWG_oYc4$=*063fi0A5ykh82wnq&b#NRuo`KP9$>w$tDX=u0<~NtFf#cq&}&(f$U>w z!?ice#(3X$C&1EX@Z7}+0lxq6IyZ3->EcL?YP!IadUdg?n2{oK+D8%(8Psp_u%M+d z)j^HW08ptLvCb87WyEwRF#C&ge*UN|G_MT5huI0#x2DemMxiqA{DT@)Q1)I60Kokw zzN-TQ)Z7lzTpksy*CBdQ#b#cnX{N)hlk}IcjjDAX_e6hV-i@f)**=3wAK+F%9u|DZ zqhvSJ?`lTwoDGcSy!&$;=8qv{obnC2qtQy0#(3qY^+@+$h_U|VssBANF-YMd^j5^x}_ECs2o93o~ZdZ0-yCr1L`0Ocw%a2)`$c1 zN4lqx5eW#moRNch{;LIFd`K14qHSmFHbKc5V4f-=R8e6jkaaYb@&uHS7z!?GO_zUe z(!yPVj5e?@?WpQhMMZVTrPZ!|{mBbk>MCk5KTm`9mknAuN9@m^h<$y1 zP|(n&__uYunkeH0gTt z3I#Yojcl5RwlEn^UF~BsB`PTYgMF~?tAy=f<-Fvp$oD%Tn zB~yRR7CP)&ecLOk2xxOYmHPw+Ra|k?{^x)^QI|3_%m-Skv9T`SpbUcI*~fc(k?Ln; z3`8hZfrl*u%c)Zge1|UYs_%SwY?7{2)770!7iFmxBQx?CvkM7g*(*$#fe*ZoG&4|1 zw(qedTGtIJ_*9wocre(EnJ_jxBjPK9ya0V=65@`_P8R!e(B0x#0TY3JNjX9|To?F> z9iaUy1k%r`4R3K#dlz8bkMr50(mQ%6YEgwV_}a&+=d;d%WOHOKt8lj36ihaBWFv;! z0reWgNHW9T4MX8tVkj8e_SbhJLPD4TnDp1o`op8iaV=BVH15kack%LhWE`Ba+Y#T< z9Qi;SA9+-+%gY~T%W2{Od|bjHM4>%+AF_9UT(AluD59@whx{n8Ws})g?$Y1tj_}BX ztlEFxctOQWP=7%{5#6vte|bZ{3L@DL%%K1!kbkWr_@pHN8H89~8q1*5*jpiuemZ z;2Wt~DOR95#&b`QDwHQss*+!j!7h^YpT5LsNm7GZS9X&@S>(*j%*`3MIe9A7Oe`$@ zb7Qb(DMClb$3?XNorgGFv+`i_eD&>iim7b=mn4xIhm(_&L%YT&G<8zM>8GyI<_52M zqo(#cOv(TC5vx2HUuIFMRz%@&ja{>u^o_{Q#>W?p$XB4`^g1GZc=$#&wpUE^Z~3H} zmC3&-YMZOHD@bI$4M^b&Xzh5mOS}-GlEr5>4g%}`K;9g>Ka(rAc zV?Mifl}t`X$VVSjB3}?55#v*WR#H-+qEw?V7!?&gGdDlx1^RCW1Q}DPk+#RqY9)|` z0THw>7v$DMrPf+2&b2Ph{M=ms;2<=lIK}w*&EXlXm~#$EIr`P<%lR2>r_{h4*oawl zMmyx7)O?ZSW{e6$B5(Eb&;R8DAPlx!`ZS4LKEcJZdoo%yW!J+}8)YU%XX6!D>yfCE zujd|dUvqMMaGIsMRk+_#RC>49(clZDoY2tM6(=uqTXz4W3LD9A?+fv@?b#w4%#8He zy7|uy%Oa*)rn40!nS3eHJRzGs2J^URr3RkvjsW1wZsYUly~n#+J1VJ<794F}@1K?> z2z6xUAYGkmH3l+d<$HvzA)X)l$G1PRiZ%yhhpXbh-srb5qE*bY|_x$ zGE&}NZ+v`W^K@)>HsS`2I$!FK9rv3{6LwWwYo;7qLIB{^!>gGn5eI2oo6ER~3IQ__-ahVHe0+U{|#->tNUC)@V?;0d>tj?+&OtE&mQGln2U;!|YX zTFPmEnEI;x-$$R9?Oh#vC>QNt|0SS?uB)-Gm%^YosoFaFwKZX$k5uZ@Adry5j~`^y zi;MEeDp50XmSrMZP8!GDoE~8&-d-b* zim_Gbg;LGfn2ynCGz{@RglyLfdT$>8A8&6N700)=`$7m1JOuXu!CgBzK@;5Ft#NlJ zxHTcTTX1)GcXxM}#+}pozk9!D-0|*v&KUQ@;kA>*zz;NGKo?XG3teab6eB^t|f1-DK$0qva!+gg9XMnCjzB; z-Ih;f!Xr*{y++O1E;MH&o_Rzv@55Lfok=7T+g>e72KK+LV!!Ul>WC5y&!&BgIGztH zdhNBXs_W`nLdghoG6UFi?5DSJV-~kH$KuDUs9}!dbR>=~A<(NH=A%&hXM7sIk@7d1=qn2%2?SBoORAUNx zl6^X_FqWs@Tf1FRZ%nWrTJl*w=k4L?}JOO!3N54)lSZklX_&<a;C-mCH!iO|S9&*J zXT6Oo2xhFY^%_=(+hVFV-O$S`e@=maM7@Wd%QNZi!d>GUt84TsRA^(;BrafEQ*jD6 zPAi_e?Y~J?<=N28rY?Jk33kG0tlpF?nk63ky_z3dbxBo`N0RqeW^C#oFU9>SE+QBe@ZzWd?rIGjOr5}&?Kv|yXJ>S6 zTIKBhk(+=Or7f*CIA~Fn1}{^-n5DSfy^B@eA=7Pucf3$YRN7G=+)qYK{f?SSrEs0` z--_c33@sxym#9jw`gq$*?>CM&BPvwT{y1G=iEhbIT47Ho+D&TFa4m(zYb^eRh%AuM@eplXQCrj1l_TII-mcMh zyC|ySHT}^CKtNB}f^fj@4}*p=eO*2jdoyyPfntNBdE#|+b*j5rjyD;;zg{bBrql(C zBuPh4$XhtY7eY7av#yMOlC%;HWkW?zp9U^mj1r|8U z$1)svrkM%T=WW1=M0qO$Qn- zyMpwlhT~Tr>qV|=2RRm7-v{F{7Ci*IZC1p|si{NsyMxd_LC`3obWo#3RG1q!I9~K>t8f}i>fO|_1eFn?^pzUD?H;G{w1kfq zCsdkuqk^<~JFCh9H`X-ZWFLYf;LzL};xc0>@G2k3=DSfVEcT&a7iZ#xnldAiH=k@& z?ET-(q_jj;_t#Zh_rl#~@b?y3+tDYYCs)g>1R_xIaCXP{KR4dv4q`<0rfGH#5$LJZ z(_vk;oBZLT@@i`bRT5|?RUCi90iEbcUXYHZYK#C?GPyYXLp{hR_bM1ix3wdPFX1=U zCTt&}$B0+^maqsGT#nd%JoQI!*SiJ^%$5#>Bh2|?1#Af9tS`97(s)M3Zs^qOPi@AC zQe-WjM8?L>2RBxu%dOv%#}z(+X})g^CFibOoQf&73pUMv*K?Q<;FYc)d%(L2Ij#)a zPGGDCHek_l*X<@)6wx#Kz*y0Xw-?KXXAnbD4`o7LcVB76Ww{=~aBLKC=omXmeJWo+ zsOqlX`|By8V6z!8q&rqa^39|rfj`|a3LSg_9mP1FC)9SmD_(V6+;_cbE;`=Z%++8= zsBA5r_W*3asB%L{eKI4SB#K9OKgIWG%w>Q1rN3@; zKb)5HfCehv&eKwu+qxoix#g6Qr^OFJxtwLs2WIh+IVVSh^0?i3JyCAk|605ErV(1L z!O>6`TPQi=if+51!4iF5@;b|SF!{PLrQ^{pI8>r_EId+oaB#+4y0H0`UeOErBHc3@ zNQ+hE5nf<)9b(lAb67Q)>`fPCXTFbFw2CX423OsX`s>N9XmL>A>-Cu{9Gk&lIG*AD z=_zN{9DH{Ngly1j)P(GhX8@UkZ*sCgn>tgvL=M5vHa?+(^Fb2Q<{QeNt^O1<+x|Hl z7-VPhYbKa)*}IJ9kE0sf3%`U_oGpe@T2bRjua)h{JaWx*yzcqR1yq?&PVNRy_8(di zJkpY%JA3ZEpIpXqpjJTQ-JbdFw3781r75=a#L2CR>!_M*)I>VJI759XL3BNfxV!BV zI^Ev!{HCUn$3{CL?3m6+&yXEgDWhY@SyXqA;8;z;X+Y|+(P)N|!-Z33qrO>B&Iu8z z9kqkfxI)`6%YvxaA9?eWQEstyxXTAm9A48^gzKV;wX)*=T6{bLoTZ>mx=_G5_tI$g!Bn5< zD0z6tXXf4&E|f!~Hti`rx6rt2?pM9p-R_gluB?s(%!bya0-|0yyuh?~0+ft+eoupV zBm56`djz=n_*Fh{-V*WjNqaB9DJ1`HAfuqH7qvtPFlu+8Dzt@$cC7xn<40e*=LtCD z8F@IaM~HHjDv>}+?q8XMief~6)sn=^xrUbd!980y{P{a*d#Q8S_jgsAg+YoptT2;C zt?gbu9>8JF)Ia;VJd&WA^3(v_)<09`4bpw{gyPgb)S7zldIdvLH4EhP(TJx@JR1?i zK^o6avLWC)hZH%%MrpSi()Y9 z8OT^9#Fvq}9IOdtK~whqw)Z00;1HIAndfD96+3O|)sGlU!<vmjR=BnwI6FVJo=849HHQ>_71qR!5>`^|wBT7oLZthAT z$?T#Y^++luIlj#Ex*~nF4$z+Fvb0K$9E#~lSL;a5pM7Y|C%W@OP=0m$V(}r?pM>oHIsc$u<1ZQ1X&L&ypZ}EF`hEG2>n}hr#t0`k?WsXk zDDuybhl)xX3Mevd#@eA#jrKgm68+g`w3eUv{)Y8WIA9M8Qs8NwMJ`Zo{9NAJ?t zw#^>BuA2Tn528JWDl?@;MEJ8xgPoEoxRG4!%jJ*%RN^ok1L>@;6g(W zVV?5|@7)+&hy}6=BfTMGa(LY_>Aqbk)*(z`4@LO$(E0a9Z(w|+8 z&);&z!sA7hc@YqPklOr2lrFltd_XTDOnvOTSAlGXfjec1z8>wxv$&2D(!CJ)~%Yo@v3 z3lA&3FnvZU`2#LMo+QF|UiP@??K*USI;$m2kM19Cs81zIZM};IsK@Sf_%rxWL}7IY zqY1j6;H7zAzfn8McK^!`$nDeht|mHI4YwrgHlp+d3E_v^sm>BiFh=+yembFVL8H^b z&TtB=ay^$P86ur7)upl7!|@@{y`q|1;Kp`z`ATyp;#+umK5KZ9-H+Z@M_a4iUN=B;>l zb7vWRgR4nXy?S;-zJ7NJeXq3A?8rm_3sg$ryJ?CwK1dK>^dhESN{>H#v{~5TyLr%_ z&DH$qA`bKQDUq&x(dCY5-KUmz^=HGA@qd#h^PD`BYrFdJC#qfnY_H(o6N5yh?7Ry2$IIVG`hmttm6af_z|`x8 zS_?GbGIkG_F8_%1bexT1aCu4uB-CloTS+Z1H1~|A@Xxm$1->8lT4QAT_?giX)v#V& zq1o9CQPZ>$kFbj&7lYyST25nDU&%$&+-EuoeM!EC2^f6aDT?~i2rv3%cWo;>UpF$x z^!VsCT{#zg(45>%(3W|uKt;(&BoPX*{>^VYb)k31>ud(|(E6k4Ji)_5V}V|;^U>$< zI+ri5Se@0nQ$ePVPy}JD+Ng(qEGIKoC0xY}6dpqi@OSw%*9JA#*SAw&*q^z#K9#+W z6PqCrVor(ka8pduc*K)D+l#`6ym6U)ZN<*aoT->E!)`VeEAV;`_y!2sjs!YO6*q+R%iTn{Ljo|4|cH)wT|DNY>b(%g?IU_DRo*K5AqHqui zetbH*YAzc7I3E@W%^{v}vZ?c^cy=%OTzMw;7%8YPQ%LCzm3r?)gvSRZ^#QzI4e^L$ zV!eu+RXZYGubQoN1R=GT?n?0b@~^@4E1YG>vlnamkIxfKIvm>b%evhI*HN z*H<*v({y%g%2i5HBqM8d=Dw$pC=Qa!SPKZLoCQ-K$wqeW7w|RV#nW_)=P40#|7?<_ zRGc0UCo>MVr+-00FkORAJ(a!L*5Q-7IBIQ|4<3YY z)ppuUD~=96m>fLhB@mJD_H>!eWaMt9P%)TR`CWlxKBHlur|i@1X|w$&&d|`M(y{rm9*oDk>S!D}jt5E6iR1xKqHGP(JT>0V?vaRL7LPq~oVJdmwk9HC# z%lG?t493qJBnWls5^A>MCr(>jd_{z_-l+X8omxWJbv-}O1ck2;KR?#t55iWz1=QWY*Ny-i{_{u@x7bg zZ;gy=CQL^}Z z*ey*msvXFb4nCXttCRl2j;uMXsV& z7Y9!lC*ZSbGV+@tfWaj?wZGF_pML%NoI{#~z~l7u607(l!PBE#m-m|&4GbKz9;9uI zKZ zWuE8n7utprO3wXi2ztJ%q3tKSt)55mLhnOY~BkkF3Mv3ZYTCgUjB-rRY=cXd@PQ(;@Gd5M6VrQJ9^ z5?fS(Nvb?|LL>f1a*tmoPaqklqkAfbG{qt0a}R)Af2~f9gZxXrSeQF>bJ3#xT?@P~ zNE*sCLA8}Z!ShVE6ib+ZbqV$Z&h*->{ly0_(UBO|N+%-CtK+jkPxWDp=7s41OSHXv z7$kEPjn1(Qjg8bm8d27~aIfj46O{Dt{pP(a%`T~YJTe~-7b5I@AOe)zmDcjV4w5fb z<3(yfciU8TmSDU2t-_=KNBUQe-R7I+hqdEgWD8DFtEtfsS)Vh2RM>>voyqc6g~~%= z`>JT@ge}1_^@c3BCF1q+R|rS@adAlof5`#n60&vEZ`Ip(Dy1sn#l;qNL(=iTKQX)a z)W?>qg=Y7L=^Mo^^8Mn1i0vVfk-HO}FQy!jB|!J4bBsa4GAjIfA{REcoHe;r{fuw= zdzs;r&<8MrqzuBr+LgoBHk)TQ==<)#MpcA5Bcc-#+=hX&BMt6BggVgA>XO&itib^u>Erag2ea3$UEw z=b+n0Pt{oj89$ov(-1xMmh{?Pn*@Ry5nw(1YuN>a|J6Kjlv_TK}$(Vv#@aVmR9t8lq!YPU?x5~ z8*JI6B_=LQqeG@IBVUO&G}J8&BqQc98a5M#d9wq~2|llps?~^8NODe;$V>RU!+`G) zl)}u$w%yt4v9PeX>+J9vL(Ja!)!of*XFz`_o++v}4h1on ztUl!?BXicY@oj^+A4HhdP|oE3$V62g`!6^Y3Myk9V+@=yXHP}u`{w9~i7)-Q9~6G~ ztx)N=fRA_B)1!f*MT$wX^1q;#!XyNt)K>7^qJq9q7VYd6qkYek%g!&q8)Ae0H^31W z7Z3LA>uX#^jutUNgj^;NF5{N`FNXFXnHIxtUhycw{Jsg#Kg=RvKrUJR9X_X7yyofO z)d}GWqDP%dKmNtt+?IR*dS2eCojNLNY8vwTbIMAMtHgid&xhzNdiav1{rN@CU5DiN z@p%RQSlIEXn75@uG5i?ncD$c%o-A|!+2#HC&{Ry>r&n#6@jl(l{Z;n!%bhV;)RMLi z8f7eerUI!m0W=|L&s1y}VK?7|zaQzzC%ZydndQKCmPAz+Jr}#Y6<` z|4s6cSH|Z~bG&YR9zi@qtNdP5k}lP=Xv+Cn#kz-zFBmYJdv9;}rl+&sbkD7>e~Ku9?(F*+P1XK`{7=VGkw8HkJCmr{DLxnH;F)>Vhjjm6!Ve>6|oe#6M;7lG1eN*hO zx(gw%MaQ%E;=(41I?%T18`JVV?N(eSH}_oEly5q%Ls{~@EE7&y!x^gg07t+v&bUF} z%DVc@AgXV;#oLx{WB1>c{BbKMy46UQ2t(_I*S5_yDMj}8`phSX-46gL*MTXMK=ovk z98JPjY@|S)w(W%q*j%KeOwYZDYCJ;FPb!!6kGXfwyK0=LvWELOKM)?_Bqn$_FRT1K zS^6AXtq(6MZ*~OD_+G`cnV!L|QKxoqmZoP=eBT z>bJYYZH2QDn*ayDs%!niMda1+- zgcq{cW-c8%r`mAiG@^j>FFh^Qgx@_K1KeIxFyykCRpRHqJ}G7OZuAm{efI?hA0F!m z1{yym@MXY?`*Z$AL19zVxuyg0`^Y{iLFUi3-_fC__UMztQjJO1)p%ls9@#FDV@Q)- z{0q;R-FXrmVw=@KA?3HU4Bsra4+HYu{2b<=ln}3Pz6AKxv#+c#gu@9lPPjhW=edhj zxjB+(004UHXEqlzk5nE@vFy;wEqrNlPk=31`W0PFoH#z z@=Y*m$(Z`=RCf1~2$$1~jDax5KwtU22c^rGj%5TSNua0st>I)SHTy67!E%Py zed@gh-9wSQnN~>}^`tqik9Z!D@?2lKiTB-+>*Df;LJ_Q?^O{Ez*+t!x@gv2js;6(E z5rx*5{Uh4AHR+>KM6{clO{D&Np5gnsq9bULqc6Kh%_StPzgMwe7V9jCVKnEn6bkKU zEZ5S`RS6C5F1B!~uQoRh!!t70A(<1!CaEfO;cS}VaDsqM+H)XHdJ8Cnq%9qFC+3O- zj4*9pYs!vavqVo!2YH5TfKb)B`|1|(cz0(&KCZv?-yO1nqO896qhLFx)TbE+1DLap zIQpJ#K5LRt!n+`(rmzI}pT^sstP`9ZDdM)W8=Hp6I_5nz?4EEr$F{cLberu%ElKkT zYsG6OcQj_~p|9%WWz9n*DhrJGI})*roRU0-FSfV&=U-0%0qgZ88X}?N zR$TaftZ`+Nss$!I_VBh8ZP>gpeG&+JmtJ@hmruB^mTUj=s*}@%HpYN)l#Z@kf+vHj z6+1BHI8*h0_NR3?9UAf|cjvf*vyX$7+jsK2mzM!l!Rl2!AbWp-{D4X_t7R-WwS}b2 zm@>(t6asZjbFr5*Eb3p@7^JU~Gv*xIeNj}LoY;|+DKzE~TMjwUkbZ9#SKx*X^GZ`; zq!Jg4z{z-E#OXN(v(=m!j?FqWp7_cqQxS`4W#z?;*OB`L@nkE(U;azRUGfZG??h7| z^W1Frf?7gNzdE_62THc&>6B|z)0TEFl7Q5Qjmf-GEst>0{&y(iEEUOoaNG~nOH}}9 zLg4=F{RlwHK+B9>(S5#a9pF1AysYox1pu#l?}RtyUX(5bk@E31)ZbCxDddtIJ)jvw zx;nQYJ}LMN(8D!n7_XJ@yQP=DWJhIb+YQBoJLrL-gk+)I+^J8r7?wx}?VgJLgzydw zQRM<;{0RyDYh0sNrC9udqgD69(i@jW>tBJZ5!SiViml}o-pfEtiMVbJ=dg%{aM=`z zT!Xz4^@!Iqo^)O}vTwy7Ng4@*_}wud*9lPpc%4Zvq$fO%zC_RFn@kpuapoF#hu5y5h>Y zgZZJoDQ^L{*OraD`0nC(Q>hOo<`3u5p35KKbeP;QO88Grn6_h4WJjp-=D%fN9Bqr_ zQr`_m2c`2Fzl=VxoKVVdE-o^0FL0!F&*iCGR^6Y6@(fSy&fC4}!iN#$>ipslR{p{N zBy?D2^Z{)4169u7-z76Ar@JCcm<0e3FO1c~CFK`8H!6`aGYz&Wox7himu~;2jjLYC zsF+8TYnAc8Rqn^|1m7dpOc8+$=<;yYT6t1r>nA?drLp~TU6_jsR&ubOizj!19FU9S z$A1gxrnQ-JncsCARU$QFoISL?S`)04sO700S!N__vxJ~EP?9)*AZbXC-GvWu5wXFS z+!%y}NI_k;x+)Thy2k$e8A#7Ou)EuL+xC@q&-PY>Jy{_r2~^b=09ScyjqYAg^El+D zWsh2H7Nm&?K3uA|A;F?m>KK>^DR09MDJ(2}Un=Aou=Y|u*MaJS^gYBosH>9wj2maM z=8gEs5I)-Ob2Ltbh{JcKBbT~qU+&*ysW zAub&QX&q$dGH*_xg+KM5&WVj&T%m_ztHhWR5{~zo#DfKeQDt=m)gEaIYQVfsJ13yxK#@z#u<_hK$;tQ&R9=VhM0Cw2&!% z!iC?LH1SadbUb>XD5hksLdaIk9dTqm+-AegX3z^grqeu>M6P*n-18Y*Ye3_*pe&Ax zu}O82&@i3=R|JsSFdL#%Da?~ z2eQ?JU7OUWVW$%_&O@G}wUlpZ$zF+-?(o4N665*DK+pL)GLF9B+?Abtx0)!}PP^FC zH7Ke6q1KmukIEA#5g8GBN9(Pg^-LIl?KdJ_z`+i=Dr@{1ZK1Siraj z@(sug`OlpfDyRqVa>cBSV{UB4WRH4&YEB*`a&2n1q6j0I*wXOkaF^h-dOdz?^3o)V zIxnG7s^QLvvKBiCDOqQ}F?pcoG9_NWe)*Xv>eDsQ_Rr6k%JaowmG357bvJXm_Ohm=#+=Ph}WhrPcx=*@<9 zJ=zc4%{*U8^DSp-Q=*^KU~ zH;7gpDIlTPj_BVnJUYsIUlK>BYO>noRAV~%4n`OzncZ5d&GX@lDHd7OKc31SD#=on z{6DZ?;7d6y=8PULcWW%>QDMBij^;|~AooPK)PM3~e)U1}67yPa3O!iUiA-oDZ2C;# zcsedFzCw<>69f`d{N3U2!2`&5dsh7xSBudttTmqvQ?E8*(d!VrJztmg^yJmBlF4Vs z6ly_Z?SjO#TQRvR#nUaZ5)|Iv-dfGh48~~?2f}o|jX*q;W>|Z>Pja*xsmL1SJYmh7$N7wv1 zx!W(;=Bu8W;Rnr`6b)}iwI!S!g=6qZ(;GJY*Bfn4?|RIfGcRgmWK;6Ri3voc;hhAC z(T(GPlP>_ikk~)(KL^hF>CalDt5}g0bv4=7Q8)wF^9gaUz}j|55Our}6qt(@`RaLj zdD<_YwA{?eKL$}8mbT@yPz(XT?vAH3pkw5fZR<%(w^mADXULDcqm zL`OzWemI!}k4C~TqNP@h5{FdzupW|+NMH&tvR%>k)T zS{{sBF1%8O_d9m&?-9C3@r*5#1kZdauzy1Ml2r3e{TC#-##Nuzpfr0+?A12u*4=D) zvB5-|voct%aaKEd0I8(;Y`X^u@8h4@oQV39iqkxfLh99%h5Ylc%vL?&_N!g3^O_p{ zGNN#@4TY(6_yv{ytb1urzPkFpG;>}kQX$=fY-HO7NHU@2v<+lZ=A=Gc?F_^ER0526 ziu3Mr!vQ&!Bo+kE>MROA%?XlxMEu>9(R;6xx9aw2EE`Q)*>J#EZ%@5p0D?`x5D*+w{6 z{yKRP>u$zh5%TQjBl5S%|K^Bt-Pfw7u7N@<;?_%nsv{eghY~*7z#8!Eotm${;4jot zI#;TxSQIP3=k5sH= zfQ8v+D33PF&iZ~Y+%|8LWgzEnXYA(tej|3coM1)&I?V8ejwZ=LAIBOIBJCj^Cu44v zfvBHALXzcQAOiXWP8*(nR2w~^S&N8=b-_CR8KZ@ujl3++hh4D}__Do$!5G42&J3oa zh0KJ>2&$#;&R(;L{FivA+xrNuB)l zk;s2(01?R_ng3uvVbMW8)CPtrB4%x>x>&>s(ocw}J>y|8m@|ltr(FN!II48bLPcKG z&S~GiF5p;kW}TQ%uzvxY$3H)H35Ky%UkPRUD5q7Fo>|KigtK0BrX6?7? zDc#w2`a^-xhPLX1GyTN6uYABF)$0ARy;;JR6kkp-LjIfDP?9H>nbruk8HF&SsvY^+ zj?U|-rHERHWr0F2;%bv~_xOCmP#oR%_I9_dz)L`3Ar0h_Ldb8Q2x;(>L?jr(%P0KK?>zr2mUS9|*iqmROqi8sc(n*Y^#+o$3>4rIC zu{WZWyCxY7Lo|%jnWLpi`79Upv%Jx?U|%iDxtC0>{gw<2wM0eu!1vxt5PoQ1_5Wnp z%8gBKLV-i5Z!E9PmGTuh1EDrxp=B!PKQRxHD|U(!lyvITq89hi7AzFd37eE{XUt4mthmLOx(ha@J5@|`cdI*MArV+WLFhsQ=T8LVwf_}bx{ZhAZ)czyO|RbX!MSa$?WN1ZINF<|8`;*A$|&M zbCTRJc-iXvRPW3a+T;@#Ow+HaeIkiT=Jrd)2@s))nb%ZrCLxwu33Li;VN9HM%CzQT zI_W8Z;rW)vkTiQqhHG(+s6%gDFkf{b9y3{bFMIk}*QN=2}>X=W;8EG0_ zkBLz3O0^;gJ6Ffw9j3kLk=+8|TrXAGN))Y6X#0B{%yPOAD=c8?d+?1oKy z)ChY0CaoTBMYzP6R)^BlERtrw^*)2V)abthBTQuk#1f9+;lIg|MDND1YIkCeU?WXUg1_4 z&4m_*#L=7-R&NOa=UM9aU1YI!)_lRj;+VZR#2V8bR;99OexCkkROx%tG62Erfh5=y z&u83mgs@^RoRo|edf;wL+6i-09uX0{YT&v5kKxa_(4WAlj8^+n!TuF2SsMYV))(s2 z*9b*F0cLwihj>meH^Ypn3Dk9sQgG>PvbTQ|bCrR1o)nM7JS@cnl_>^#w5;i|ep=m1 zAW!3b0SBjFHJ2;%t>{=?*T-QYCi0Q_8-eQABF2-?*PH7B@s+^uM-t7hdYb}~)5Di+ z5A(LPOlvZ4O|WuMZRu={4W*Q9DmuBd8wLk3M+^PD^VOf*+ukE@twMlWA}&FW9QD-u z97sI!9u7{S&QcxHNCOhb3(KB!aB=@te#FU3!k%{zKAH|}4kCTQ^=Q<*Azop`U@JP2*RK%#?$Jn=cz1oLt+>Go8)h?EFRsmUH_eI?`VSl zcd|`6Eu3CPu_k&2-dG{hdBJWq+L(>09KHVVy6IBZ!U&xGSN1O^v_pywXHmdsNcSWp zq@dHBaNDujV^9}FmCf$llVd6$hRq-`Nye!51vc2`#E0^Q;p069yuxg~%`jT5;?MI$ z0j>*4@)9R@-*>qR(R+YQxsKth8WCdcrog32%rUs6Q$f-ynJl?XC0boPE@f&=TwGka zOhM?&{qd-_wzh~eL@@e*x`Z!?Z7e=w@)5$x@{^y}lfVGi$DQX+9 z7H6!y$93Ui8>Y!%T1`=R!CBqOQyv?+3gN~{ZE-4BRiLgIvO#BH#5rmtQcCy5VDSeo zr?}<%a@#Lo12iS5JWq8{Bx5<9?wdkUkKw&XyS(-r96k9A-DNkEWl7v0jdtq?yg{H{csCWqI*RxkN_y3R46?%z7RNCPP7Mha)zVa8OkSu!j!fIS)fE-yo`Nkvwm^6GL2PM-2;$8Fb$ZdHps?TY(!VL$k z4%`P-KmxxXK2B0;U@7H{dLZeDBUa*9tnO+#@9U9gGZmF#5UH?Q#T~LLBcbtWL;3w~ z9mb7$W6OZsEdQ?700W{*VT3=jJpx3Gk0ji$IBIq_z7Zh6Q{O_h=)cRhOM`PH1{36` zJ+jz{m`VNB8Qd|*`c(RJ3IsUdGIDMYOw`&A9}BBKJDHRke1A2rxwy=9-B3*};)p#u z1d@FhhF``fq6VMno+Zs>d(liQ4M)&$nA4>MVQ($`kx^pMOvkqptDx+{um6cR{-@|a z`=2b}#FhVFd{fbO*6VcaJ?kjj2bIGj!@?^3xTn)GC5tbZ>1W0xK&JwooIQwkhx+W! zhc0(@ePjnpZxc?%7W_xjc&$Xf7>=q_I{S_#KGhTBNWZS0FvQ#lsv&DUIX+#Q`h zz;$)bmJRJMNvcihH=!_<6YI?4@;6m&=T^3;2hLyuMZS0sq@i7I@G+-Qb6U z0+l@mr5d;BV^8T|^2#@=ZmVgYcj-trdU_2{{ zZ6mY5KtrnAo*n1#9x4VfcKAD@0_J1$K8G}KOa9tdh<=*#I=jGAOD$|4e0%zsi#<1h8#*pg$uK!?M=#q)*I_aL`F5dH+X9_NL_L$#pD) zJ#YtM;XVC_M1+m8iK+)eaRaj@O^J}EL!-jCjQnBJ$0iNAZoiaxad2+(fwy(QzzDK^UReF`MfZMO|%q$Atqz zDv3HA#1}!&`*?Mi1E|>?s7~-otO@&Z3Ugs^Po@XqTT1_}$q`|@Aa0W;qv(5-KKnedt($5A0J}y$Q z<*LA~CtV`^rC(=nC#!BsGs@fj;JXp#jWDv$DIwVnP+MgMW@nnonm0=3dkQa7R?}Mc z!=?1~BO|#ZM`ns1Gg55w-KARJhgWc@Ig~^cKT0K@-ob}SQZHp@dg|t z*TpvJmrGUe6_SeARmVN5_?MkUL_{v*QyXo4v#2>dYC6}B6`doB#5RT=PKvMDtKTuu zx9s)&6yd$2MNc@7XBh4QWEb$;bJ_V9e{?^rUddUd*0J7-B9H?|x3S~TXK+-S@ha`E zJD%-XsYpDgBV4^@-=tCp)!z+$py|Xagx2G`w84L$`Mp>k*-AU83$7v~+@vcXHC>%Q znt0P1>OERopWiM+(v#sQtL4{fWJWQ>d*v*dQ^6G{w_u*J*LiL+Mv_R9hm5w4@VeN!{Gf((Qr5C#X&2mVdlbx~m`gn}qg&G|x$R`#W!cr zlCbWvk7Y_fAM9rw2aiTDzSp`@jedF4?j$@EdIYBt<`S+JVQyb)cGN2InR`eXj7KXG zDsQa6SZO`A4b>6Bs-U9}`rBKdlnENAyZ*to5^w8^0-9erE80lml=1aO*Q9sKf;KN= z9Mr&eI11bGNH3c9rZq$-lh-KGz7(Xm3*H z-D~XEkk=dkq3~woQ7FF9YOf1;YT7ob`c>f|Fj%K)*`53}W(*$O-_lO{oS+sj zPV{BbgvxlF3OU2hSMxQN{b_RJ8`G`VHCFT3a%IMP|GuF~)f=T~mBsYIY}lqO4saK# zHL1dp0Nz_*05qGyVsm3hpJxz@!0upa#qP0%!R5e-b=-d7KiQ0x^LSsSKQSF~Z;#=z zWw6+K!?Oo+jYGT5U(Jk-#E^WN+=~urhQ}8+XpplUxa#fV2RKOOSh*ZB0Pc1bnPp8gV zgUn)cx6#QR&F*3FK3pdLOM?iu02_=R)oBl7T`%F5uIzeTip0t_mOyT|?l3&q_G*va z%K4_0Mtf~lcFF2(-S{RQdcLYv?fwc7QR19hPQ}~bT}r%lh@Nqwspn%7RUk_04?mj6 zXlODV)3Tn!aJG&Ey%RcU8)pLcb&pnT7mibaeE_CuB&Ph3Z>R8Ih|UEYrA3 z0{JC6dc03{0BN^4G#7stEg9tJcQvM(DCFkzMOIM{3-b49UTHsN$hOEO``;A}S<}=1 zzx+e><()HJu>1Dmu5_!5Vdajq&p(5xJb@{u0J#tt1=JVYMz&T5kFx?NEOngwE_}m=jeyS z;QfiK2eieDCw1Pg<4NYKPw6xsp`fK+E*?EeBhhtA-q*SM6JB?aP@B$I86tz}{_=^M z7oHR8=DOGJ=?ugBH_*1m2TR}`xV_Ws;i3ZeWS^^oCI|y|NG?Yo1Aq3Kis2Oy-#Q!D zpMSpHWd3)gUlLYz^j5ik(ekgkK8jA0wDP5LxsSe9s7icIEGj=#^A!dWQGr_l)pDYQ``M zx_%*Hc31zTm$$Zqi+Zxwo!-lL0lUBx$Rd#1$|;<1*k9G!USaiuOojsW6!OS`5G?tT zubpq?oX1;lQ2hLItmKWgJeULuzD=j|TtlDY?}eWKe9Tn>%j@s9Q3z14s}R7_Ci+9T zHiQl(bETed@9O5ZJ%3@f1@*PBu3^Sv$is=SqdRxh7hM&AgBWk~%?hwFB1Bxg5$!j3O6`Nsx(W3_sn8B-bTXU|2q zR)!%Zs)O43nz&}M%(@OtQl^(-`dblHx{ewvBU|^TueT-gzSBim2pdme$F*{#y|l4Y)-To? z8+<6Zqq!VEv2EK}ef(Tyyv&TC08pBuX?E_u=YhyrG}=LLI8S&vzty+}oD}h~z()Lz zw$Q8&`2-Essjc@PwUI)p-VnH|Fk#b5nTUvoabJ7f#(MC!C_h}!$=Ko3D#pp0?Ihh_ z>pzM-=^6LcxVko{`#?5%K3x@fxK6(I@l+odVq|hi~d=1fq4q6wBfBCL$N#dT%6c!7yA<-y>7C+5oNr^2{^y^4O#@Y zB?_T(cLU(5^TvyPi9$OIz18~66gT`oOFIa<5L+CkRhfuCI8Dy`r9$%Anm%W#sWNQ$ zN+2KSF}GR6awCm=uP9G-uK1`u!fZKz5*T$B=;ayw5$q*;ImW1Sn!Q+P(oD1v5!|Ym znIii9=#+h%B>*VNEtxxCn>HffP(w$%-3mO=HW&Q|Z`;b= z-X4sLdArJ-<95va{gV<#*S!Ww-~p7^@6qIiPl6(I_JMtxwcrg?#6SOt%AqO!_GcQi zTmL9_*QEdd7f4t+e|T3jYr(nCNr)OmUef>!Y`4sehm03440u5hDR`ycX?h$a$ol$h z(;jFD$P3Od0#94V1YEGNxR^&oAindHHDS;wXSaW`)$DzDK8CN($E$Se987PT~ z@+nsGVE2i@~gE}zOC0}S)J827~OjnZ~HOQ~L4VrQj=IDl6 z05xDAPcxNvkrm@>YJ8Q8CpK@KUB1KAP@(u3eg3k75dOHeP@t4czFQ^X`&8r@XJszs z$)>(ja`>XV(|Dz-eP1lv7Zt$T^}aQ#Nc@h7?OG}(kGj7sGuIU=J-M~;vH<#q4eXKv zdhiMZ@w-I#z+j4rT$I|LYhf_XqzjRR`*mZm6WpMN+cl6z6%e5!h;0p_D{ylCB_C}> zTKPalx|R;JCTMy$J$Ed%Wr(^;bptaorPM}ZTvZ;1k{`mHlkrR?Xh*IOUUa>+@mXbw z{4;GP>qbBGF{>UjRIS>!wYZiVHZFFbh-E5m?zr-ZLqj?i9dp=%hDrUaC5Maf!tj!K zP}*C#8IM&X%aq}I$y1h14%DAZ4P}WL#SusdD$KdW9A7<;kzZzfiFBTEm`ghO34JY3 z4rjvU`fA*r<1Kv;?&EQFV>Q{sl!zOJO!@plf+QsoYLHd^PIj_YJ#=qgCV5J~X5PM1 z8W-2zD0Rq&wloRxc5TZkEw#X#lBIvch-y$RX=uIW4UZAw9{-NaN>cnbk0Yo?fLS93 z2W)BdDVHu5(q(h%KxT|O_){xAxym+!bz1R&tA9?JWb-<9iSKq4?e1#Og@7bkXbZB5 z5r5q{Hha5d5!K*56j96d3jt>}^jSwRk3ItZ9ZLav+Q+8Z?{@Ptl25zTs=aP`Ka@ka zJqE%&;OZ})Mf;`2lPOU0kyOAqd-{*l_+EYLm)&f+KgWJ=Cy2n-Xx46REcM7kx=L3@ zr7I>&iKmeb@Xvz2;)SWFG_OCT^Pt#7Psm|}O!4Lb6X@!cx_h+|b`EFE3`wcH=xCzhrYW@5}*&VnV+nA`}V_Kt-=M#}A~LnyR*@++G~X~#g!eOLQ8aLt zQ`^5+e$0>I>_l(kiC7AX=7`fzMJVcOTKg}ldk@1*UiUXB$ zU<=AzI7sp>S8@_d#;PpkNi1f=zbq%Z7@X>D@)P(J{B!?>3qAeyq;~4yo0gJol`yhJ9D=`~p zaO{IO_Qp#WFv}Mr;K;iO`9-2z9{O|KABVV%fa*$x;Nyb_JgAg%ti=2-HRfX-!S&ptTcVsg>WFy_jja_5sTm-d!J9T=?^gKz`xd%kX0jPAuLe;AT^v2w8UPxiFH6gd!06D)MeIW#TZ1cAO9+7@te8| z8c&0ho|6OeTtCCH9esx{TmuKt$M-o75~s$?TqOdKd3~`DC14rpLn$Df{lhGX zg;7V``=~^Z2^cz%RTv^vBCFW#3$PwLA?x?>9P-4u0i<cn~s|CscuM}=gK?6j`hWG#5tqaRQ0-OZkOv!BAa??Od-sok$V zM1(b6k7P6fpK40uG128@?K6p6F0p*JWV%{aej>#C-jNCp0o9=E8`RlD4FD$_?)a`} zFMQ9(5Jl{-AB0F<5zRlME!Y|yVtQPkn8OvrA>dwH%7I=S?zM~9gWt${n*suhtbJe` z9UKfNd7t)69}+>YbteGK&`<<1@AeoJ{i$F;a=L~JHo z=tGvzZY^!8)@?%gMhA<8Ii z9Nh_V0T|}8e2HqvFMiK@blwy0vxS3`x#=>L{h3%dg?M zh8}Px$gQwGG&t@da=Gke#k+2$nmX)FofrEn%IaYEx`_jdT9n@rSo+194RR$~@4x!_ z9qk$e`&?8>9u`=Pr+NGQm_Rux_h|tTwhG1a_)7rG^`7H@pR4j*OL@g zwYWY2vjy%81&08$U4kDjEGIXl&uY3%0|1z1T7|*^ZDZ*zlT^-Rl#J1Bhxfom*7(RT z0Qe;)DcTAdW~yl*e}Zj5>*P!qTQuYsTb~Mm8>3}& zO)`NMp%4<>3Ym`o3XjCC2nL2Q2hdeHv~QhM7O`M5ib`1+0H_P0$S=r^lq<${v4OZk zscI1y5i0PX7lSVW^xKOroPnOfVvNHtF1F{%ze>UYJcKB?Fkx~E zi5poe)~Mk8$J?-0P z+5(RYhk$%~Jo7w6U%sM};kidLipcyde`2SQrxu$ZZ-pKUM{OX`-PrwX!X1QzoJYwl4UZNE!$VTAkxHgHk=o&DZy!;l@2M zoZ7X;tNo7BTJ68Jq+TMOb_p~xloSOIn?$pt4iJ90<-tBaKkeqNr923vUt58Pa6k#A zBG>%3k}#EMeMaK$6TMfg$JUzHVlS#*(&CF&iR6@C?3;5!=3> zuk>1(e+|t%<29Wcb0B$yA7zAFL-t2tbO{+8B4H% zU*ZT?S-yUms9BT8cg~%1%=yNO^+h>Tsiy{Sn%b_|(QHBRYe2;se z${}iYuu$+j%^HxU^;w~fm#$oLL*ttZUxQLU)IP%|-I2(!y;sFd?iNgg4{}w@H4A8@yKTe^~%y1trZg4oAZyQH`dsoEynM?{L_W z1^@h7Q-Pn2-%<*LXu$ae3;dOaNU9pvX{g(yC-}!vg@*_qO}t2EDAr~ryv-mrsS2+@ zS$vWMjTR!BJq!n3y*7cDQ(K0EEwUIytlU@T4pmP+qCDM}CR=+t+AavAY{mBp@$S12 z%6vRUg{U?kXawMfdUp?9htnkeafW}S;J>ct3p!6iyQCKp4X?$qBWH`i$?f#9b{aPt zccy>j{|3$AW!1H_ZdN^`M8m3^oC5L-lG6*ImDWQW0QwHEP(f_2dbta)YSG^=9jbWm z3%WQXaYACxG&Kg5Zw#3Am}_NQJrqqi@mh5u&$#xLEV5rx9tHn0_SxkBGx4T%Ekes1 z($@&2TUj6hy~(7SJSPhl@X~NPwTm`%27nT6m1t8sVFsM#tkj<}E+C8A&z^l;`9dG-&#! zwp+JjA#BYRs;FmH8LaH?TZBgZ^HBuY;+P)i>wuAqD$+nH#C0AtxXOetT*mJQdy^QM zPq;9@6~sDlEQEXnfJik@j2r*4g^o^5MRA!Gd)M9VU5Z62$6zjTnmSp-J~ z;h@OWLrFqelIR~zJ+?C=6Vf${Q0pyEHw<=dKtP)c$(+R`S8*tR*G3`f^AC(`fRes= zwx9DWp?N^Op*MPaoH_=Pg9mUE=wcS%2e~$sc#zX*SU<&_D6k+IkUO%YO0qHs0sNDV?v&&Xv*VxZr}74M%{>&~m-g0nJg=L%{gtab z&-xT|YU8|<66w;Kb(Zzlr?5lQ9B)0CV*)5$m>)KAwsDC3%V60VakY`5dB6OP;2z0ht2+ybzBnqh&^ zkS!3F>fzW|Id~yyq~E=rm(C@%q&C1ih?y{-10N3b(#?46_c&K&>f0?>0`BV^z;E}t z*yw$KSq191Y3hjUvA2Thh~hdV+d{RTzH=nd#eQbG=x%ulhMUxh*FF01j=CvQvCG<;WNf9?VC%dvZjd7fgN~-S${ecmhQx>~dp} zAONfyd6z#4w7Me*b#;9&bkWK=p9H{`H5vm(yA$CXK~?56E!Ip*;gx_$H(nM@_C0vI zt5&YiC2?4XP`qEvyI~JfJY@hWgUIrgIu;jGv6mUi->znkFT((1zFSw8Bqi0JbKVw( z_Qi@xNjc{812=C$)~T6&`6};&iHb|aKpF6IKaiaoh$YZ@A>6SXIZi&{Es@l<1HyUN_gnMqhw^rfk(>0>=V0La$qCFYekuGf&bj#V+g@hHwJ z7K$V+R`P@2pOBAw_8Vx8YrdmWrN^nZoEP8Yw9La){Trrg(-33%$H(K+#W9hy(+}je z=C8i%t=V_t&B4GpK0g~iD1H)hd|#0Ncbn79@fMw>w$`L>UspI2?Ht%<0QVqFXD)vK zOw_p2<8gQSzlK9@{cp2{UyRtCVq{;MeNy?(^ss8_YWbNjPTllT?pk;}<7%aD(?1sR zO{JmtCh1jjWo?N|mM6nk@fUIjqcj%$?m*+sez9Lv?>}dhe&A~o$6RU@IP((w#724~ z1x!eEZ_NB60C4M=>S`104Lo~@kqe#13bS_j9*}M~AFe7!3UwPi`+OYKP%WXn~iF5vvmWBT&y*rmtMW=dza9vKa zrI-qe3Usc3Yl&b}ojs}6rthUAGQO_1=X$I;=zD8_GUh*N+3TIQHyrKQR8c>|x+(Syqx4Ei|tPEblO`tsF$m*onHc z?ISGqn%jLwyBr2R;ZXNcMJ^7sd6v5-C5?nQ@mTOQsCAlY*$I(XO4nijL7qt47})7F zx0-*U*wfQ$N6Nf{ag9UwD?_zH51lmZNNVs*0)MKGW!O8}$DX%01bDK8dVSwXjFv>= zJVlpcZS{7~MO!vi(V05%MuEVA)M1SGv8|Td8M#uCYqA*x=j?i^rA?=O5`Ii>tTy$^ zZT?`Ha$2s6+M1`eJRFhXk~i9&rcW{V1Jvx?bTki5AGdJ5MKi1r@07=U*Z_H&myu{= zFFiF^ndZCCiW&P6n;%$On*-dH)OusuWTMqX^z0clZ}#Fd|59QhyxWuIp%H;CIMASP za5^+F-n0ZkH0WM$VDz8n`n{Xq&)mQEUu8qJapgK&D^5fPSNfdu>R+D?cUXk04YTOK zLH9CZ#?FxZnW%4`F^dWANvz1LVJpIh0l*OmNXIj~)#xdZYI7pHC829u>B#`2)ObM_ z&`VC+9@ty|E%w)xVCiVb#Nsw`++|Dyu1tdlF@9Yq8WrR@Tcc%i8`S*#ds^QGI1RSpiw5rgq~U9|uy0mg!#es978 zT!_idb3us&7+zB%L=r zkzgxU04ljNS5FX7dOdrO8=0f7(hb{G?nh~R+z@nSB7spf4+wuz4A_<0wv43&eA~5r zKL|@$k_M6(qf5BQD)zFxWB$fPy|A&j$0u?8Agg(zb~^PnSLm)jy!q)xT1KL?U;RR+ z=Y#5!LO#_f#9hm=)5kamo9M`4@-6N^Lq+>z&#~b$!82VfUtP%--m|$R!R^XbTwz_1 zh*2zFA=%Q1%ucW-Bu-CacwDh7@j1YQ0Mn_S2|r9$(-T!1PadbIfaWyp#2DV8+hLU7 z-pN3>eOQ8o3D_Pk!FVI=I_!%I3y(`Uy-<#9Ptj)@_xZ1TjtZCU`R#RoQh3qLNAta+ zlg9%+62!2P7+go@RDO^V66zEKa7XV~hHDu;G?LDPqw&ti=E!jEft3!@13vaG$D|l$ zJ%`GTt{}+R{bbuj+5-j(66wa-boPn+3^P9}ozG|%e98G~`r^n^m~Gff$XqiQ23q-b zgCkxVkzfg;Roy+-6FR{M5`vE_t@Va4(Kvc*x7M_hN_$Wn>$uk2pHadH+9owtB{+8@ z8;OH)!X(dr$&JTf?-psrI6kA6JfDs$>v3ma&-uNUAuy~@tM=`<`%(9MQ1;6wn~Mss z^rHZu&!pvD+C`0>**{R&-V3T)7x|W>TaTR2F2H`29wqwMypg|QRDTqpR~B9=6~JeV zUf1RU2qO-NAZ13PK_Z9;9}EB(Q)d~3M%)gW2AWqLD*Op))g=s0=1Uj=?vXz?Rj2E%S6Wzq2D9^c2!t z^{`{b3H_V_#B|BHdra8Z^f=cyH}9Z5K=4kx;d_#}h6d4mwbklG-tz$9<$nT&P6Tufd(= z)2C0O5)!x5=iIm|#Kx*~&1A#4+O59BNwO1peL{zfKu)yUQr&bho57K659;I$+~JTe z%kS&)>8W1VsiA*h05`S@N6NeFxJ9cig-@`}UJrGPfUtht%3XhdjUk=paDzL*i>ETq z#cU08u%`g9UkHy@k}3(ygZ*%c@X^#!SvXjI0;A)Zo0Kuzzj~aYS@)aMt(9ryx2094 zCcY>9(l#8wQXk23ksQFMnhopeEgtaixk^)3L*m7LCB4=uq}dv<<~>YYw2+M3H(_00 z7q?i-Mptj3X1c!-_mThr=_sRVYW@TtwC(y_R znS=8t0`oWjyNFJTClnB)(8f3536L;O77Bh_sD}0#_G3(yQeiHebS4`1hcxW!A&?vh zpV(n~KRJF+K&C7e;GE7#dku$8!f*3<@G_gr+PAN zN2tOKyvF+cKmqkj)n@XvnEs5m&xrPOu(hy%5XuK5>pzLYj9w*rDrfrv*@(viS?Y@J zPf$V(J*^b-0|aCF778zfGCo*Oxse@@h%OS1A_p=>_vo^^8730 z(NFY_L&u@c?cwJ$0ANI@<9+79W5z4Co(LTD;yqZ-eEge}`5$4${L^jiAd6+KW+BT1 z5fik0(a_OvnF?Sy@n-vIOu; zAq-W(5-QFz`?BQVV@QZ;V^yGDH$5}_*xmSOE*$%FOu_2+JL_WJ@bg{F!dHdhsnE^I ze)QL}X-Ssa8|$gPYGHsF?SeK$b*fTB4X1}v_XipeHWSR@|669T)=S~{3(4jp{E;;> za0^!yJWEi>;sb|%Aj2xwi&hvT0l;u|HAgnQ&OlS;yA}(sbodZul$i*DAy+HOLvB6`SmXjU2kI#Rv&J|1JDcKdD+F zEHgKx(z)Ho5@xdOv+0Q|yM2w$C!5Pmfr#(>Nx|EZ)9f0awPUs2#_qo^<$ zhg*&Q+~C}B^+WpvQB{ug z8H%PFsj_+rH5V94I4L^m(Fm&v4AK5DeAzu-^wF>{uAp1ckMhKuWYnXQVka*CIq)_; zMfO&sv2A`4{g`zp^%=c|JFM49BvV52#`QnVMTb>?!` zt!V>9epoGPh++^XL3~1gC7uPju|9&T-uQtnw;y=+W-pCK(-Ch*^Bd#){l4Fet%=Pb zmt8xV@|1-^aLoEn-)B~DWNM8(mbZ*_Y$O5?{|*FVQTROw=tvTd%p#wRsJE+&ASHs> z{A2&4v|_rgA}Nu#mEO>b>O0N^X$f%3%=W$XG}9%022yc0oxL(LrSd>`*ez-hN^%|| zW=-MGhL)wL4eTtK*34e8ek4dwF!o~(T`}*h$3?HNrMsOw^>{En#U^Jj-aT>_lp;r@ z4=JOY=9Lb83?Sc$$63Fg{+V*}rr(<{tLw?8I*XBz=yJ&3`Pvo&4CeQ0EeoNN6zXFo z*D6{>k2H}3M}meOADcbaek(`s~e@mGB3j2Ei3o>(VvJTQsie$jYpjcdJo=?OlnT#*LU zY4ONYV(VX!l&+ITO*)Mxv-+M4*#D!DN@Y>(hPqX;)sq!&XyB!5))fBKE|$~s3|N7p z-6aY9{LPg|BR_yc@zF_1y9%B_?#vs%)v5v=L(X@k^q447A4r{%;RCiR?zclu2Q78! zHyeI#{Lrpnql!;<-hiFJmL=KN-u|H+`jnj06qSP3)Cx7vV?ao$hW<9rNR$~rK9D-k z3CCr4Rq5<=Cd;2g|0@}an`&25Rpj#6nC7&LX&_&li^?pJ*K4Nho4tor))SUDpx$;;k@!zZk#O&iy$ z;{*StMUHBJ6-Z<`N0mJf4{R39SU3z?c#6h|U`EmG93;+bK4CQ`SNHgp?cR4exSY$Q zZ4!_GIC{K^2!b|#mlyt{xe#6p9#6v(3HLE4qYDcmcmeINd;Hxq);OmIiHN`NX*l%7 zKdi&-HW7xxx7r2g{dmTn(&)d_l=K>BBh=ePT}vGueBy$$zvawYGn{opPO85!C$EwC z@y9<6`oIiT)T_S_Jd!eA?wPxCb6v-0^%=yqQW8G=%-L|CB=F0}$46s79MC`aT?XvB z{l1?Eo&N~!A~wj?D+@I2^&3vWi!Ch>LOFU}R@bQtbBo_hcucK-F=en1A`D5orlw&N z#)!46IF27$x-^PjxVLxe>_UHE`cfMiPk17cUhCzpwoubdz;tyGn@8^pC8;CPwT)Hf zN$Y>kmcpeG4;|)Ydpi-^x30(K%JYLQ$Vj$iWUvoLQ(9gaJU5I(PG@a3+tfCng-d!dhyBSeh{p>wCN2hn*L{pWj0iglg=z&EuRgEV@7&$ z{Kz3&WRdj+QCh9uqAqLlWV}Hi2D&LiVGa9PPr|A5BQ>NKR%rc=@Sznn>t>yUC5Vn@ z2y1E1RO(NAd_n$j=B4>x2So<+u{vya63p}5CN8)-(#Z2N!3%>dg4_g()G?~rve$wB z2`H+{FMa+bku;k3QRtFpy;l3A^1kE0J4gvnlxUfnd`Y_# zo)Zsh)13b9KpQs>O49#siT~&L%IRLZ0-a3;&mRouw4m>Pg~wcbq#`XZrjF zTX8qtvl$(SE{~mNa?|&IV4{wt`gPS4b$SRU26ufe+#xDbHKD?#b>Gvg1lu2~=s2F2 zh?@!$jW$Hrr9j6X7bFL`W!n3(x+g&?A4KR0QMG#L?N^T}QC00IuM?mAzc1CK4dnr! z)b3CpM2B;i|7pOazo7i@3=u=c<7^x-selrRC-q3!z{_ z+vq@X=dSg9rGG0;$$00QhQj32Tf+gTrm=B`D^mVuleuiZ#b}_EBBdQ>!9uOIh~>I+ zvn!6qz!j>m97S4Em{sYG*6;<$&K-!Ku5ZErEj);JWB;sZ0Tq;!R;WZf?wx#C@#NXDL%8? zm{T{IuyTa1(CrKMqXwT(!;ve#p8{yUP$SeE(tj*)#%0dD+H!b>k}kfkJTt3DErn#9 zDe=$GXRvP7{u3ILa<}wch^9p-w-C;_8DOY|Hnf?qZf0*#M4eehT0!GUu{K4?_3TM2w!-I)xYiX4f9k1YM|KH83VfgGN>qMh~=;;fIf9B zdLuJ)p0?pGnF1M~AF*eWPLo@7?m_#(IUg~+;AZ8@9@GBCFj-lfgW3&sAz(p*MFTY! z8759H-{PR)_ZC2yKD-qmQ)}*Sui;%SX#B&%jo$#eSp99dH4Yu0xPwBcjqVntfBDGP z|BJH~6xwX~;WPWy1Gn`iPf_=wvRTW7u)oN+H2@tV%X2|Y@{aCr@~ODwUFcYISLytL z^kj4aF6!%EDMlkUOS1m5H)eFG2v;$`I}_lRVFA&d@-{3=x973Zt2V_N^GtR{r5*k; zfYx<&^F4;_Fw@ z%pHKkBkvGq|C{sNwR6n@h}$jzF#25<-GhUJJN1C){lD^_`$K32KGq(Uk`b}eFqe__v ze!8x%H2f4%kLL@GT^XbENW$6I=lC6jDF#-{R0*Z`U(Xb^hgH4`3oh##oJA$rHD72r zTyrdRc2`NbmIP7lQ95Ki)`V;$?D9hXCsGNrLehc+rd%0@E=SUseLGg#F<*B+hltpt zJFlN0-1e2{X>7Fo)M%3h#S4oj3=`tK7M2_t`A_$rFY{*u%FHoJjV8YXgc||`*`q}j z`uIpy>2fP^nIr{nY$1@ygtUd_wBz?LwJ=Q62`HX z^D|~#PsFh!D!%Yx6G>hw8rv>h6gU-yO_!3TEAEZ22B15j)bInP;U(TAyEW53X7xksafVlGl+O?x(!U*~}01jqOFf#G@gX(`u-ztk62xxa03r6 zq)j5O3yn?V%WS$2+LdXTUB?$%_&dC{WE@sXJp{uwaJS>$`tOa3Q^X-KXIb_CF+*~J z^dB=M7Ywf159Y}Czj1}9tv;Z;lbH+LgnT-{`7(bWm$oUzC3^e7(&wVtd^F_OfqU{1 zcUe8*M&}&04OIdOlU~6#^~Ost|BA!&)!W z6sc<+gfn*oXdMS{k&Ab1Lj}8b_7hKEdWIEU*(|d2+-SSr#Qn!ai9(%Vh)UR7cCYML zabBbq40X@YC`Zp{VJkART#9F zc-bQsF13E06fv34Ad0UkcbqAjkwlkVLjOGMQz-w-ylJVDm48q~fI{w~$HVK)JuFWb zzTB!$<#ps&RJq|yo53OdY6a<>Pw5!&CHU_-u<0bArTJJW1>!}gxHGdZWaKS-1IENh zHSk7&;K*vIjBzyoTq8>xd)|bh#75HEg7*&01IC}D&$+aJcfQMRwm!3|nbJh0#{ikF zCVy2D`~lH$yx9B$N*_KNX4U;ZLvc3f%db_FxFKtZ?_0F9yJ=+{j=Fz8SQ@B4k5lyd z2sL1q>sFpW#rr$!A_;lt`HQWjraYpJzC7Xg{FW(0nJ!R3GbNVkw^93;CDGOW8(t;v?#4+-o$Zi)Th95s$E_C} z=jGAW)1h=1$!WsYlOsvaS&L{PoDfkVA&bv1--c^4P&iRk%VwFFFIQ0%%~eehD9D@T zX&&6Fefw2a;E5~oI!esQ%iBQ4Na9mgOEY+@_l(*8h944^7zB8k`|`3E$bFm=Z!a;sS?*q%;tSgX5nU!E=Jn4Vp}6?+x^OK1wMiu z+s`*}f8$m7r$VId^_FS7FZYLW`m>Qu40Js6f5Ck8>^QDv2hXx)_gGyr{pEwAZ%2+e6v<aUd^x1%TD%BH5eWx-~{#{S0T|M zt~c!Jx0WgmNpH!8;YzN}iylf$C;8l6{PdB8EBbiCs*c3U|LT<>^WA?^feCe_LC?Gz z2RRcmA>#^}p=t+i2h_$efBUK+Z~xQPNw;6kB2cm9X$+#e0){`|p0bOn{M|!<^3}h! z0eC8d@~2|SyTU(z08LE%74LFrV#P5qH~!o=81(k-N1$iRt%E#<(g`?Af!3B*&Yuue z+;Wip^wY<9M$JZ1bYo+70;%G@AHc7T6V+8@v&`P`I$LZl%(A`fiB)6M}m^>Ap`B*%>g zPtMNPyFzj6Xk~z>Sk8ix(j(*Nr=U5|-mEGt13J#U6~YJ?_T%B_pYEjzm!Py(+k| zZbq>ag02MT59wJ^!J4?-%ui1^NxLl+?I24xjXaPKKD{9zYm&`+5)@pnZxUjU-j5U{jte5k|?Ee75$te%~yuWUEk$poMSPFi`XiS{!$iEsEsf?VNX@iUPBOhW=vek~(SZji^Gpq&owIv_&>iZ~b zXz+)P_(aumas9Hh$#S`NHs!FxbjH+@S@|QxP65HAD4(A{-{3F?XDSvb?JqT{Z*ev_ zA7uj{=rvxO>XjpEsD6MLtzW+07cKR0U#l$W7tP==*yw=H}Aoe9{+Wmb2>M=+Y1cFy=AutP^BWF zrdnbItuvXrH0^}oBqz>}5%(h#a?9q(BZ;fzcn=_2gX}9+WE&@g6dugpw171S+G8nZ zFEOa+qEHQ^oS5w`2Y;nj4}e>~rHVYP46|)<*B&gzqeG;wutxZ<0!CO# z%LG>G5lSF`Z`c#2sGHzm+r4jXmztg2rYWYy6q;jFUM^lB3)IpIbN ztvir0bA1;ARG1^9f~8$gatT86*4ps$pfE}^{m9J=Ppvp{lgk3{RJcY1Lvi&pR%TaG z?L5o1vQPkgwPr}Ov+8p?^aYg?R-81yRvnsu@Mrt3fnyIyQF|=QliDQ}LxayHwt?zv zloC83-D6IabE88&Xs#@+>*hM(Y3vJlqGc&d%^`1#eb_~)#KL;H|IvJFIq=)1NM=)R4^!U|r)?U)w&15;{N;)0<&JmgufbrIxv=1c8jU{+qtWoOy+54k zTECAfY|+MNF$bpRP^i-J5k&G=KON?_7Utp5t*OJweSY}O&-vrdn{R06dz}@5l3cGp z-L>4{QWnCSG#)-1wQj)w>-|Z89H43b`TFIFOq9Rkzt)QXS5@pkx!Hvg#*{yyP+;ws zgZcj4Wl?xn{~I!S*hLrTB@~P$Cv~A>VlJB%OVG!sN95Vy(p6ku?3y5Pq>&$Z1!y{} zW?%MQmVo<6_MeqqIlATqvDJ^pjH{Fy`c9>U97dY=kJ8_}2q&vG-Nn=ZqZ`cE!zbdN z$HZLW$=mEU8(6aGDfKfMU#8@~tJ%`H7Pr8+J>V4yPx#98!VHM+hf5W#1d=MniT3#^ zRHEJq$$0gv=-01bm;S(pmp|x5W>wexItp*c#}du4^;|(Xg0<#b4TL zuN|Q|E$dMv@EE_56sCv*s;M_4e{3Eu=U4ckL*qKZ@2~F(D{iab)P4m;ph~;M z(>&FJ?ro(Pdx;XFGJ=RgSKpVM zEy)XkiLw=n6Vw)e*K|9Z%$*x5Q#1jd_Cl?5n)Ow{q+x^24)7aRg}d?af&=>6&||H= zBO0FvLnCQY^EBI#sDK*{QRGfoy!_(*ewZDE+{xR(^6mWqgr8?_V?{iBIq z$bqOqunduXyT&J)OWHjiy*;w;#k@$8I z_WV*COUGXJ>b3PJdgSn+8f-fGJ{AtGoi%ft1^iHF)UAvwW9T+wL1GabqtY-}-GMX7 z^XAZufFH!{qjz&P9NHwgEGA zB#&C!b7xy7el$lzdK0IwpS;abqC0Lw>vhfXB_~LZzxBn)v5ED&hQZy6+9cv>BY1h! zMzn&*Z|`P?{3Fooa4<01fpuj%nXfohQc1b6Io-34b?gki7?$9=?TwEaj`xCt-<+f> zH`P-t)Z*Ldj%C}wwx#t;D%Lr=YZBrFSVFSe_r7RmC9gPD&Jp(m!+h5z|EaTy#ZIM32O{_HHl{*K4+IoQAX=S&&? zL?wt}=|v=Wg$ER`*$RQQJ14XAsf@lv1AcL(H-ynM{ly;pobz(5I0zNCOv~W60_3x?6Z0#XL@|)g<V;xyMCvsY#B6<2Qbnd4=TeQjHCXN7c}bj$PZz0zIUwl`T=BiRRK5dDqr<(%l&`1{*9_DNR)XitSI7FSb zLa0zqQ$=m{j&^&BYlj14A`7;!T~tA=b!Oe;sj6OR9v%|9XjjUGA3H{-CU!7I=Y2C~ zl^W4Qm6_MuPhA;SC0%*%TYMJ6bdGq;2(OS@Cv?O`OjN$TQ+?7Y?5eq+M^ zn=^?}&1(UAUkpD4^r{tdR1ME8DqZ-BuS+ou+9bF1!!vTlw=0#dGBB~JOl8eOMySh5 z^5fI({w{>Po02h{wb!v74A93{AQkp245xEp%&0?@f;Jw^ql6J>G3EBCZeOMgAM2ec z8 z^sh~%u+DI%-^+G(kM92dLnXI_kOa-Q8o%Z-N6*m8jXS$r!hX4@_6&q!eSj1VthY3x zY&RU2>eSv<^PCy%b8b?F>eYpIEp`{Gn4_WQzVfP@L-2yE3#JCECG%WNZb)PRnP4L0 zgH>j88*5EY@VUJeIL(tgjymi`P^@uxU|wEtz8I8-_~p(Qr1Q0v^t^qjDyDIrcha0JdbIbCI6UAj@y2?wYo~OZ|2Z;Q!Re~L&vq*(qrc| z{CO$W;FX7_6W8+Osx9qwPrHOJUhOZA$07=)gTFb&bOZXjP%D&iRck1cFpemh8#GZo z-h1ZC*6@y_@r~RUVb3m-pq#J_i&Z)a8OE}T6_?f?J=gNQV_5WLMUg~8Gn=-9UIapk zYB3`@S6}5QeLl&Na$I6EwEVP>Jc{wSL8hKjeOzk7U{;^i=!O^KTph_xetuphL^3Rs zaX3jGGlvqm$DVgoJ`vMX(Lb;1weo66v2Q(hz3U4mX($1bMd4VQg4&#ZqD!hL6={a6 z>krMX*cfvSo^!;g0EyRCizN2HRi>bnZhPz#5Mew^{i*lm5oHQDH+)-mV_;SMqk@IL zS-ie?^XqRjK!gQEX;kMu54CKYgO_DJ%^IHVqKU%+cIR`W#skPxBnv{;LCXp3(BR&q zZZ^4}?4bT*Z}|U@wzrIG>)YDC+tQZe#T{DQ-L(ZuaV_qoxVu|%cXuf6?oI>6g1fsz zkf4D#{hxF0BhP)t^S&S6PZ=2*N!H$b?X}nZ&1+s$lS7knvB(4Ou?IJ!gfA+xh{@q$ z6|S<%T->`NP0R~P5E~IoW6UR%!WgebiovQ}sVdE!6M-Tv5it3?O-$G`X5(zIJMMd@ ze_TIu@}U#hy)oHnsS-W8lP`aVmgXB{#@nGx2A*5rBSKvJp#l`*M@rFAB$x^kPr#K$ zr!DaEqM$O+l&_s{Sbms9;kxf_bIM+kxhv*K6Z85yV2eJEF;i;G>@EN)Is4)QLThbK zOuLn-_e|mClzxdeosq_pXu#-smd%0ya}m!q`O#h_U^d2O>HivwF9BRR0VMv z+kr^XwI!&rsc)tSAsJ)lpth3&oxbzKIFs8fLAZ-EAmOtBZZfnRzeu5%zNn1~@N>*n z`JQRGhJQ4;2aQPluFcC{QZ{2V)GQK&7b?cbnYhBl^$2B_=6A?*Dyaf(jHs0 z1#{hv$YK$ZA@j*z-eP?;c8Lw~=52WG)nhZdQN|^}sBm}nw?jV#l}!#y-z3py)KQasF^u;#n$C0&g@CDw&AWKB43@ojAJ3*dj27W# zWavPhY#XDN3)~*8m$d7CTaJ}x zafd7|tGvL}?EFp!Ee{gjMEJg$uQr*-a_1Z!-g?fxVb*cEX^>wK-h~UwE*?rLmOWnV zjI-&R9yyp!FPOWg3`QJ*>oSH$og6RMWM=X^UnuWwJMI6rgrlx?06BX@@A!ql{3GkL z&a{#RPBvb|B-N!wRP zT|S?otE2eeAL!%P=zp|G?r11CDqDQ}xRol4PbLyhtv4gFJ(lL}7;e9JM5BRoF2B^_ z;et9_Ewr`Y>$L3k7=Y%P!6pFU^5MTpYwY{=Nf+JcjJXns`!mkv?r2nL$#v}!EHUeDbUSm8nkkBBR zmS3~iX!p4BF$%t!jl!!%$4fyaqqig*kN>7)73f-bz=}52)Kg$o7^c2GAKP$r6fKd&ccCNhF45_Ti#+MYh|-shWWslh75y_! z@9r+zHok*1+M>5U?xZPfDq9PxD9kG-y4P}lGw~qz@^n|mt9*O*h0q!xbx~*&Q82!? z7l^E4tswWnZZt-4TxR%tslAZ1e9N1-j+*3tgL_W zk_A2&to*bOnAFP!OwVz&?42$dZRT&}66(Y*VZTMb9thZs(To+G36A;+gICjxdTDVg zLG~Q8K`w7cjdO-U95>g%u2owm4m@!k|E5IC5)OCFqab&CM-h|N3Ji%%2)Tyc970tu zP!(B2q5hYPWy=0Q)dnM8-5xpt=5XDGmGl5cPVsVN;VCVA!N=1vvnZktiHOIDSz$Vp z-*l#=q~D)ZQLc-u49~IzOMLkA-PfHBU#45*?@NpVAaa?b1wR^0chk|n^ppk!Zf~9U zyJd{E6MQE8dbP4gv3p7OGXi^JuL>-%1N^*fCAT)Qsou+alt_%(I0wu!vQ}5_^qfxI zp?`}WBW&fp7(Aly)4H|zaO7G_m%E&Nv>@C>D`!mb$q(jpbI$cG_r;0DeH53KA(43n z{;aCh)aIWRMD;2_^pg9$SzApcyvWK(DwFCuv(vmm^FtP{UC^t-?pj}RItvu;xzXJi zwwT$(V@37k4?n+?6>()r>LexF?!Dl*!6wUzi(duE>J@>7xW*Zj7eh8!3+ucN?ga+y zC$incIZCSRski|&DyRc}=}{_`WAWk#q%OQ*st5J&dQq!vG?vm6PnQylK9x2|F1;>m zWCAPXL$4BVT_=QuwjZl$i z)E)D2WOy!FbFAhOJY~DP>R9B_VYr}+CV9+C6|op0I{L{|=R~5}B`uPDpmweDV>tbM z3eK63?n1aCo9vbDu9er9M1)95FSJl#KVL`W%}P_jWTgM)y!mwh@?#{ac=?uF&FVCG zJW;N=<$k!STsgTQFBsni^;xW6ZGdLMhrS{#4epoeotaMO>1uSY-`Zr~87tv{=dXo0 zXo~U#P8{whywa(WMF~X&M+#YEwuwv(+hV*X7TSH_B_p^tCFicss`FY&&5SR6i z@!^@YBFzNN#@4dOR8=Fm1|nGGvs+{tsM~V)G-CyGoG)(l9lB!|G|>2QLx^i|k4E1z zy(Ridy0^z~TDr2g-51`dERf9(N*$o$AO*duG6GvOJa=F@2xWIqhGa#wT_Ycn6}&TD z4qkwx1Ngr(_v|Zd$-ewOCs@o*mL%eRjaTdWYQ>4^)3=zlZph-kuzJlUeswzY((&%_ zG_)PhU0>MWGcu!obmf4@2SGl_r>9=70gu4qv%wjGV>W;K#@V*MPF5;$pdRt&gCBd# zg;?ZdK)hCE>| zDIRrlQu=$;a$HRPJX@ZQtK+L1{zTXSiilv9hx0m3nZ^V`JVhktL`yuzPNrj8uyRIQ z<3~y>>CuOcd=69UG&Ym+k!&?FP|@wte2HjcV#3(XjjlKOQ)8d7RD3udns2t|!TQyD;726V z&f(2=83L)|=zay{831y@+?`9ScmsF9>hw`>+KJ^!g>o~J_VBa^maQ8C)&5CAx^)LN zl;N`(a-2u&7^o;z1J$`Q2_8T&iKYQ=Z!|Ya`-y7E_qacuD&D)rFZUcNB#A)Fd=>U^K5W|;-wt*JEq^%IT8^#T177mB~B*r|39HPMl)X#*H};#FE=sum1c`Q zB`mtzdz31J@D`DKC{}s05@}1LPc!`>zF}uZl-wShEac(kQMyZa=r?g?N)j$~EOdUu zoIymS$eWy_RQFK~dM(fZ!Xza&P_4R80NcV+%3<;i5Lo(#T$%U4oW0h|@XDa`Oas@) z8P3M0=-AU^Ywd}c|HK=HJsOK=fH^`glINSGhWx1@MlzWmXo&<2HQMN^-I5s*sgoU ztJlZ9R`v?|`5!TMVZ1!H@F<%?xOjK=p4HKlIVSE4Y~<75fr*yO)WgpF$dNweR=3jx2O>8T_-;4o{4TK;Q4IT7WjX?cL9?;J6==2BghiPtU4*`$ky+GRQ1Agzd zCn7g9skOawP(-4cJ+k8%N^Ej_Pum7KBb7Bhr8=AE>1OSiKz|^vvu~cD;^hfal;>(l z5_?_=^o|XcXaUsv`-Il4KsGA`_64r^uf#YGS3`_rHeoqKeJWy^a&AWd;L4b~74O5g zy~gCyN6Sd)d7L-M+QfNk>!;vHp!}rQd8p`$ix^!sUt1o|Uryk5<)_IO?wXU<j+yhihtN_v^*K+#WL$ z3AP7StwLcdtv9eRSZX;vNLlfWb;-_3m8H~h&=_H8mS|LiF#bt zF`O&Y#kNcwOy>*An7G|YZl^l#61W?X2p zJZEKc{|=mkXDGX}-r*-jI^z*N7uHkq4`i5ibysP00r>fqpPg%O{eQOo5Pty8YqRD? zAzvf{Zd-{D8kdGZP_LfawLV2J#x)neirdbK@l$YYN#d z@L7|^f5Gg^y_CfM=7a(%U;aD2vwNh^nv;vADrLuvXbO5JGgrjw4O+jr4Q6WIJQ}Zl zcSt-K;av?k^OFoWnVy@iKG&8M(s{s#Uy9HN|IU@EOuIlGO0r*pS7vG$e?iBuXXuqV zO4M0VXbfH=;=Rt;%!Hp{>_?N%>0kdW#&{b7r=|z4Y5G#gg}>UFd?J*Gs)^BRPh{{J z^2tmn-9FICZ>?ru+XI-up_J{xwG=8l**Oo_Ss=}3`9QY%yv2crQK~euEP?E) z=MW)dKIIT4clSfEpmVpoeaw{t)K*F>N)ARX3yv@>DrH`Bj>yZix(L@TD4j+@$zRjq zR6RUm;4<+1$!ecLIn~sL1@ZOyMZkeMC7hTxDz;}m`=LOhrSrERHB5Vj?FjeJXB0)YId=0Zo6yj8(X^7h0whY5@^ z_fJE$rkt-3zg*5W;Qm(gz9x;&Qo6ISr*E~P14W=HE64vk;dc5T!tJ}b&YHe4=}DEY zidrBdB&ZUu{d*#DHW_!pNmsH3SfD&m@IOp<=w!&1sUl=kv&A+o87T>AU^z#7avb@`=LcX))NpRusK}g!I`n0+}AQ3Y5)yyo~ zXwwOj=@|i3_gb)$#|af^YtP()&sx_m5Qx%P^*spbIf{y9x0#MzWLWippW$tTP7{Eh=ohd-tFDtkwvILR<`&`nIg^b zm(Fr%_EAe2KSulVD!vW;*Nk?0@M=*w518U0tzqImf@C9o--FyJ4a2{Qm0K)o`|v(v z)kVns#TzMyI!81*g`6+>oJQ9L7}A7gFmi&8Rf;1AXM~GG7;@g{a1V%G2PbB3_eH<7UtF&>|2t z22%wF1hBZC>%$}pd)uVc)s0*k#}vTj&CbQB$v}oF5)OJ_t(T0^mE!TA>=<-2cZ!VA ziunp(GVR{cVy(WuL`CAcZKgt*?2r;%T18!R<`03h^^BH0>iRG)_i`Q+t0u0>y-t}=+6s_7vUy{LL`bK=ytXzhC zPdH?6QY(#+>|u3?n@^)vrC-Y}v|^wZTnURi{{tN}OxeT?M*91_&#d*8^osAJ&e~KT zBPI;QPuhKdBOrIiyE@q*KoZuqaBU)U$OYy`v%3lnW6Nsf)t)gF-$(e^ut_eG2!oedL)Kf0U6sKp&z@IzdTWfMBn*tP?xe%nPav!R&6h_ za60f^8y`67Sg1!@+Nh*Gg;P!LkMR)Pwr*~ti}hauIh3kqzGW@EV@| zq${@i*oT>RE@>YZs=ydJxvT5H*y)yCfe94NV++V8`QDb>KHgyIV_>4zuJ z%VR4H3}AC8zSrVxk+?p}>Jdj0W%we%=iI})lPJ4yYwfpureMv7A}<@BEb(Cu4FB6E zK5jARokK*6e}Dliw>L?sl;=)t?b(yLFUeaYwmQ5w#3-V2Wbb~oH#-JkP8TYNbas@} zE|qYW#(+l(k3U*8p&RycF=z z2ni9tw=$G7O!~eY1&%}NUVh8u^>wiV)w!NiJTbAyQ5xAhs7z&$p-@*pJ>X8Ctz>*| z>|(p?AWPxr(sy(*IYc||l{hiwQ+4|Mur2^UcP27nMKMpGwRTFha3 z_)=QL#$Lm}%Sl#JbhCEf0?w`DMXET(sTzL&etGl5wxJ#uLR&R@7pBys(o;K(rqKGY zSUgkhRYWw}$`vrTCX3kj*2Bk+v-3k@JJR{ZGFOzaKtK3}TF}q6;xe?-FlC+&T4c2q zZZ~^IFa899t>Vxv;Txxe!n4Yp*?=dwz@C=4xU-b@AkNIa0o>XPIZ5}18`%z|y!yF^dRHHyBP| z{&x(~IxPn+6RivNF?{s*asGCPq5k-B9Vqd^7$>U7?oj<_8=Es94sp^F(K7G*uoVFcnoV8twk5P+TWU+MU*+7 z>QeSvsR$~ey6n_jX1h2t<26FCd7801I1#?DBSde{K>eHU#VqAJ+SI|4NE0R86Y6E& z?lG;vcg5QQcU%4=Yo)nQ^|Hq+b=223Cg0GOlm^)ARhm367xHxEe&=-HujeIt<}IOb!z#SeTby;@ zl|nVkwl#fvOOkvfWop-#|H=<0psh z));x)dP`}X}-t@Y!df^8;*p>VT_Dd%(7_0L+(3MRH#PH# zQ8cuBP`^Bd1*lH2=?}i&-8qtG+*5zLHRExxX`SlOtzl4;iLj~KJ!D?1mD5QIBQaj) zeZ)l9BhLT+Tv1PF9!1u3{-krdp{ivc{v9^?jnvXOKOSwBNGoc=Dwgo9;l-+04IXd6;%3E+T!qsGT^;Uch^;MY<35Qk zHu{x6%PFVyf+NT1#nSdWMwafw=r9T5H~1nZoQ6~KNg=>f#PPLTTnyID9g@1vLNu>AAzA9S1Ol0?I z`Dui(YNH)+AY8t!RJ4ob?G$nbKej!D$tkr&mQXs8*)k=RADfTAE;n!|?aKCuROnRt zYg`=((PJ*>VR-@B=j#9;uLEGI?Bglf@PN#A_(0ADYEDl;g_t94_SH%_5Tf?IPVi5` z4Nr_a?Z-wXMYd+ z@;m+Aq|XrU0=PRXNV&Xwog{wseYwI!9hdgYr!Aoo5(Rw1g!z3!QocDFJYG4gS?6@z z^Bl_t1**#DfNFC&J|WkiOLcrfg`K_b*VBP+q0fb2 zlb&g{lA9v0BO>8fZ(kEBDzmFwCy90w`!$nHc=yc(Zz0jj6jfsg=nYww5)VJW#mmmn z+c>IGku_%zM~}{QmabV#Mm&k=5~RDlN>N~FMdx5b+Q)Jf;gKkks)r(jH4MN2gKk^i zDG9@aTgfBCp9-H?c+0=n6g?-=mpgxablviM+H+c|d~RZQ9@%V&|NaN44yJE2)xG~s zq47sHenIvBx=QHp*w~HUK;<8NxJMWgo{zvCf^3(+*p#gJOgQXA$oe4cwBGI4wDKAT zrbYH+h66Zb`K8l0x7Q_hY{t;DGj%X4S^4K93F<04Q^m%n`4Ss%IV@%KCm}7M)iuYv z%}Dcq0mp4bbQ@e<;v_}BUGz;py1ff(RV6CV6h;OxZ*Raiohct6i+m!pZu;Mtar57K zb9`BVikB4%5-4$diWX3UU6=NY8ZedR=@!vbuwvTDOLbDS*M>l^8`jyi0?-;TkKn-s zEhxU^;pfS_I2g{wl}tC&)7dWaK2xkL#;i0VVD;RpsHaalY&%Yy57qZ^`G!i8P_h&} zh$%nu>F@;nPla{S(sSx5AHZ?BR&CAbX1j8lPLBvCAOAAUX?PyQPw{@>Zm^T1LJ7kJ z{wq-j-Ng4nM5cc8kAyoG08pK!J|>+z_UD~ldD}g+W1kdH(Y1Bfln<(!npr>h%a<(6^fu=D(pUafM(Z8FU^_+;vSqFs|#o0v!uoBnHN z7W>paSI56GS;0cDku<8PVxroof{5(?{XWmNI;N-7sA2&+g`xq5D8ZS1GX(}8nFE;< zL|qtz&a-FwTwp93a)0Dz-$mfIng9{_KULB}S#6BKML5%J2fkX|>ml5}o(8PXCuH+> z!ae=B{TE9`of=t}$2Hlw?quJ2vVcn#wmz7f$$kg}$z``jCY}WURnk4TWn*o44BtR| z1k+^y4wuT+a}dA@`6IJ#jhaa0(gHXFyZ_0b;r6<cg43)^o?L7+-5> zk49P4{V3sB4W9A&f?;WLzkl0=h=5=K^Ifhtp9u>@BCESOQmbOBHQr)uUyLdo;Qv+Q z)tr15>?L=^bjMTAMNOnto8PgonfnEOphW^<*)_eMmw~BAK%zk#vibJ^B zXLWUut*XX!9yeu)v+ql)p1R>1-qsdLAO)d7v#PuhFD@3%AdG(?wKq|kBFgX*{Q=Ho zbR8!=3!6Pr78i4~_XcgFRCg^=-`vT1-)%y@OdmAT%Z$4(5pp*FQa;{L!HX=NO7+*_ zFHvi4-o7l-BDUfKM9A2h^mhjnVwW;|-Xyo&OSixRILdMv8sW?EtO*CdlAWD%?cBN> znGg#h0Q9nTASL#KL6*>gE9N@tj9O1gNDsKheYgDK;%5eRdDYm(R4x2B;;9$7mycM8 zHb2~g-w=6f$G;84YB5i+x@MI*o$~EPEav$BdN>JH|6zw`b;{ak*^p6?E278&pZ-OA zklfB=(EW(ud4hOk9E5rLJ4g16{V&9GtC{fi8n1b8-Y6h;*owp3jWfMDZ%#=8pCT~G`-O?`L>ON7!Ky?x#UUaO>CS(MmDH%LzlF6nY{f9Bjr0V z&Z^x9X`D;%Ypn)o=oYDL^h)TQMEmw#)FQD#ylgv2kc9g*xJ$mRSkKksG`>Jf+e`Xj ztsx&w>uS?;%HzXGs{W5Bug#Oz;7He$=HZ^OEyh{uIi2obPdcyDG|ps*_A%HjJMbno zFe3}wI5HU#9EpS86ecE5IRpv;x6FU~Osnag;VJ8JYwLcBKmahc6esX^S_p6Hr=v3n z@h1FMv10o*T<_pNm~P)r@d2`Js49$BIM603nJIfGS6{t0{3tlF-}c#z0BIS{vs#`c zIm|Q4b-r`mS?1ND)*80nh>`rQpfw_4tB3^Xrq+bk4gMy82e=MFvdq?14ejv=6`Bh`ezmn?b zY$-`iho(XmQO^+vj0$2!4a%Fwe*wJI9-n9W2l9Zg2+QhS(4?e27%;2q&b9&MmvYjN z@!^({i@kk$4aEmZcf=tzdrsBoInIn~);8*6e*9ol%q&}T6)c~{Z+lQBV5Qc6@!8H7 z=S(%FO1pz;dT|`4&(qExBNKoiYj_ien;poQD?iWXwod4ckWPOnbtqrch^|0gBex4Q zR;!BKn-5r&OOQ=u3?5VaM*N75ZOLv`RV}h(7`#vxUcQ7O8|s3YvQqiBGfU`O@lxgi zJjwne4(2}<*(|P^qW>ZokMvR}g9q?x*(-JCsvprZ3#TqhijQ5a~2WwMBDZ_(dx#VSKA+T3d4kX5B5d zB)_Atci9FS>lU>L7z=q@Q_AYi8k$|H&<-Ng>`Ir45XM9gZ@gH$M6W9*OH+i zAcx=(hG7@bGPK=5;XV(&qR-0{%65Pd&3CZhq%I6!93PLAw=IZ{>A8y;n~6tN?Z}W+ zacy~~wZtqy8I7pwI>*{OaXl(rNm6etfP2(URW-+l;hei^{wCSC-U(NsXC7W!hP4g| zK4MhQAkWUZx3Szi`xQkPcksdi`(}^VTtDap3GLcwlray0kGw_balLW@mO{m$y1bSVI)=T^Ksjh zVnv5&@-f!556yw0QK0WF*Fakg!8pd#nMR%?Wkl85ui(5=&SPHuU+{8wiZ2nkQ8Dkw zvszD8i(Sv#D_(J6l?x{63Ec)Ik#>TpRlC@`{0WWm7EHKQ4we?fAV^7I(SEn(Hs-v9 z4Yfg+q16tLR4yw5>0}0A@8+E`A8ieF>e8jCYTKI{&OuxYYzl4lL0?`f$#2H<$<;3|?LF_h4z$nM!>FOy-4b zko)-GZq|4ZI3X6-c?PA!$;UJek(;#lfeM_U8!NY?XG< zQs?r17e!DdNIQ2fz8J2KFFu96nHJUj{Q5B{o_=`6vG3P{JP zI!j?TW@NCpL=0Qd=^1bSvfuz|Iwa>%DD;W47GZgucdDaCji2M=d7mW5Lp^g(>nFau zZEDCS`ctluAYD>H%5NpE;EW=-xyfSClf-({-Y1pb+j}H#1Bs&=$0x&gXQRX-#AOZ) zghKwqtDhe?p=9}KR9M!0k+PSDW{;ADK^j&@#&x|Z-{(w>MqVNf-5iH_t{5u z%6?Lwu(N;`U1^*G)rQw9%wEE5HAWYD=|6??kM@#Oq+Wb~aWseev)yQt-f4M(n5fMq z1<=V9A)%AwLVHXPBD1uR{&3`Gmb4@EeIvW$7BV52H+oEa>&k95Tw(`ikTJF}o}RT% z0NcYcla{J9?grd^_4J~N;bTPl4s}JUjri(Toqh0(R5TlRf^4n%0$U;Xm}m^T8dIgF zo40k&_V#NKn_zYqeV_~=Bt+&#Rww$bAlYMV*pE{PEwd^Rw4`jH14MI~5g%KT^hJJ7 z_$GdBq6#&Uxm!-}OXG(oFI=Y*vnL~BDUR+;@6cSST;P*{hxUB6yqlHA;L^9@F0ga+ z!oyUOPxE#(dI=mXX}ebGMtv)@er9`FN%Wp5YfBEwCt^6KMm6qSY08lp4BD*;L$!t! zthl@~HN1p|!n;)Q=WuO3Y;9c~DQD~0F*l`RSKo}?F_OGM0$o(-s*w48c)`y^zY zt5C?8hb9tyiG_*8RPxzXtfmC@RpV~7uy&85yX;we;-va;Sf<@5tpudkXH2p7(j$Hv z3@tGbn!kNLakb${aG#Lx*ziK64ocA%MhEMC!rGlVZq`w(T)~IZ`nHBD?>)(zNPHVk z+p%WH;NtQUE^qoW`1$u3^I2(~-t{DnKQ0l>r=u8C1=~2$F^`mo>ex_%vJ1iUjXWs= z^3XS?EEePrgkM>z)O5`25x-|2Da=-$W?#wO2c{_fTxqh*(oL%HT4HrxgS!%kq_&ut zv?jk+nGveDm$r_{y45luLg?^~RrXy&WKJs2GEj_Gm2n+UpRowquy{C@A1OR_AzE&V zhW>7;A3;qIf}63s zyULxtIXsEiiFJk=4#Cp7E7$Nm&O>dhJeSUGFV=2#__R9Ol?-I#Q7a8BQ{ zXD}_Zn(K9-bOitC>XPf$jDN|=7Iy;cQH38tob^pmnH7q2ZC(zR8gT`1QST0%W zl3&=2HV=ZnOilJ!YL}>$>ZMHbp8ugZP|9L#=TKf12tMQdWaTG)pv1F?RZy;0x|MHZ zV38-Xr5aRwdiOc>^{1P241;GJnFf_eME2k~*VZ)qlO~(_Vn+F$JOXRz9eYoFw9@_X zdp<1I^CBXb1hagffm~-N0iANmc4A;s3ns7WN`et~MV(JZarqXlc534cR!{_9&&}Oi zWe{!DmT(CtZ@ABWK%X>f-p*Wsv90newYrAJOO9SWA5VRQ3X4BLgFPSH5(X zDObb{1NU{~sEPnJ+q9y)AVq11o#Lsgq3U7w{d!#ge^AAGl1Bu6*CE_=v-Wwam zV9%90l9zUcSPY8c-r+bbrEz{Cwc+qI)9xSB&(OAp4|IxM27XLFk=7Z4_YyeCA6yF; z4KGcF9bi8*sxG(-A^B#-AI|uh^n2%ksVX$ps@ACN(e2Ikq~dukyY_QaH`=l#%BUT8EW%J!Pce(Pt4MY9xwURE^0 zyhBbw+$7p*(xnvsCK8EoS(y_Yoy*~VPi<+;8@#!x%-%f9zQEg5RVQKRbZ4bxpUF|_v108al35WZm zUF9_9eVdBnU^cll53f`So(~a^z$&@OLyn>)k_D@oDMC#Edf0yj|LoojZ;C`)A)OFla|# zkBJyT6Wh4(Y?2|=rDpU6qPZ6HBD|wPc^e#+qR9dueGF(3sC2yVGTrF50{&wSL)JiK zMAzEpQw#oyT~Q>T>jTgm@=z&My(EdqfMTD7r{HB^cUF zW!}O>$6LQ5Odj?{T$p#qu{6r=IW!-cc~2^REkElGNnJ9@uVI$ks%DeDjK(mt6)5fA zZqW1bC50*ZJbMTAldknVKi03djSo1_m+!ocGjk*L&qh|KFKMGXV3ePZ!{l~Xi{h2k zGOsF%m84O0?|hs4#@dku>Z-I1-Oc>qEiy!s$|_1ajC$&p-NHeR=?8ZjHugP=iGH&2 zbjfMB-WEwj>MY^hpu$r-?bgg6?YwS$et-&KC!o%ap{9tP_Yp zi29zbiJWyUii(2j8onAKMPK-Or=9ALS~o#k{}#y8OCs|-Kg2~iq~PZ)~{T0_ywLi`hrnxEXp_? zJy^)IM098R+Zxp>MeO8g%52UIJvnkLlJg?Hbc#W!QtJh_ zZiJ3)ppN&Y2HtFNiBV)Y^OR6Y23Q^1@t(>E+vhUE3MeKkw0H6C(y0$ZJUo-<;@nd= z%(VHED4i8B%c6y-F$B|w(Vk}RU6>qwkRzENcoIgf1suFclhGS$ChlTu z{9F2`i?*_dUT*S zRFZ_DzHu`PhXtfT-~Bo{OdgZ_6QOs6H0#{FUeh~=Nn(x7UY&ZZZiX2zgpGmbpUl6` z>E5s*t57dLCR-%rc(}DCP|TG}pm-w5>`l+8W94Jamfut4A8)A{nX;SOTC*oxSw)2I zofxWk@wMFuu1{33TV`_yZ4kqO=LIAA-mEt8cKn&*s}K=@`Jw07H`D1r#K=|_Q*|5h zIm@94jj#LcU9PC+%DG$|609S`savqnXfx8o<~rD^7v#Ud%BKafAm)#6}H;IZ+X8v`QWHov;h?>R{=SNm;8+ z5eW0i_AFLiNW)wu1z+dFoFo~}TSYPdjEk;?JK_7OjHHJ|NZ4@oXk1A=xAhPuBs*HV zh52;zGm~lLl9&XccM70p=gw8%p*_=*b0Mn+?p(5m>t{J_!sj} zP>>dOxFnU;q-IZ*OQ=YhkJW&?PZHQPSRE>45U#(7M2Q=#Cm8K+iYm?+K{6twLTNXE z1|p=3TPN0mbnxH;gPc(iVVA4;#IJl64)v7b{n9@<-??qeWZ&~dN1KV@P-*VkJqbMO z=o7%s&zBL$)_Fvjgki^&&G=jOIld#^bXxxlp@@9zwug=4ofcIzW?i2+}ZCcb8G?13G4 z(^X7(xC~^3sUc|4m>g_)UZ*<@>gUCwyc`2hA1cs0sdysc{+UKJ}PU$f^lfND0C*A(gS)Z9!GkU)lAsiZ|bp$_I z-iH+>%nI4IX>QJ!A;cJoyKdug+-8PY-TV2H=-H3A(yq`IcDes?y9BrH&={!fRY@S} zVf%~_i#P3FmrOPD0~*cuSpbaTe67YACOM5ocTE;}T3iV^s@@z#)riCLKZ=dazI+}& z7FFPH{0=#u6_Y8Krv(jh;CZJ30ZW@P_GJGVylpX*a9F++%~YEN*1gt^6u0aAEkR)1 zQVjfW5gm$We`Rgq;%!AaiN2_WzK8k!{e=5G;uv+YVhQ57{;c>eSCqbPRqM1V_Mp&Q zZn@41DVnlxMt^czE|;*$
!E^J`zIMR1EPRL3A-*~~P+<>jS)q3lmRUhA}^=Dc|uA74D-DxCe?5t+plNAcH|A;g5sMtvZp zo3$H>sg*6OH$Pt(yp(w{eN7u-zx4qr7_?WpMnr&{^p|kpy~y{|#FO?CfzIwU^n840 zc2tJUl5tn8vZ97xk{5qAHn8a!sFqM&I;dwswj?Lx$yxO0MhbXugR;=~^{+qt|KDHp ze=&diU;IxO%OuqslJ9^ZbdTWrCNiVasrzA49#6ewaP!;Y<`QYWMl8~^2r)^%6#7eO z{3-KnGL*IIC*@y9vx&`~Qcc3=7(!M7<uuh5WwbUk{YML@kJMAAYS*r+?sCT`e(4?n zX#ee;2)eN;hB%5oVEpK|&Vopa=`vwgv;%-jX^n!*drEVIN;Z@Bn! zj$eXXV}DmcU6ow`%Sv>0>wNzK)BO=o{>&v6Ybl;zUcwhB=F)2Xr2s;1-P>;0CzPZu zdAK*J_`~KG$N-%qttJ9?0H+J&?Nf^%hKZ@O$!HTnbg-1vREUK6FRyoPD*$@06iaE! zzl)z*f6l6_5tmleCRZInz#>x%#rtl%KHHE#hvNJ9W*VlN<12yJANFd0bWKtuvvc_n z&mdKzWe)%M{>-?X&>@yrS9@UEa^u%PO8I`2dvNUgOH2v0IAfxsq9Ev5Tp(!F>pWM^ z|B}v69lHpJU%#+_bWzkE`Fpj3i2pZ%O8oByb^m`7^%i#+^G!$eImet{wz%=u6P3SC zR37MAR&o-)>U2WGI7(0JZ z|L@4wbRtjYr);ww=n*a;z44NkYc<- z+Hj+ec5&n>gME6otMtKSM7pA`(F5!cQAfTf$kyK1oiqxJooa7|`03=)+Wk{qJohM~ zpDo8R8wx>bnKhxHfFl>6rCj(>}QTr)PJ-Z=m` zjvYds`s#&{uGpg|mK9uTSg>MEfq_ELPV)VAkKEqgZQ^+c|uJgNddASFX!|i&<9a~Oh-s1pXkY;OZ%eXAS zqQ04O4nb6`DoeO$dWa_bgz$UuV3{cRojRr zIUjb;oedac+axq6wqc?2;kpK9_36wtZ9zFf96O=-V)MsWKtkWnor`IXZ1N#b)kCB19cA;^ zrghk+r`;<0VkG$?GFmfw;s1OR#>sIZip!w@yG_@YAkj6QA+LO+r(jK7~ zXbJazuht4#vrzSY&ez+SH4Cd7^~5dMYMd^NYYlp6ZZ7zC@6B&cT0wcgTcFT*@q~YG zLk43Q4{m=3^S6h0Hg+g(A@t`>A3z&;ztXahCa3z=HufgVRKDnnY%K~g3{e{@CTuMj zQSb_^hS6BT(alMrfG z#3HFM@gjyQ<}o`3`h-jw!MuX@5PgCxrx^q7Z`zn2t=Yw@eAO48+&?At)e^V}YqK6b z1*vg7d{Y0tC>XWtj0Wo_#OGQK+`tb3Z9>B>TmZbqITj;b^6^)Bs`nTlmo;4Ug-l$)qf~<)-3}7Bq01YT5Lx1DAxA8gvFhBDb~~{vygu`$K$kIG6u!!EwwN*_zL)F%VU?d^MxCMJgN)kHpdfWK% zfE$-4bxg@0BN|ll{GJivSrM4%UlPy?#KlH9Sn=vDpZLFp(vTcFY+RPbmV1JjDYdkR z#`2g>8VnD%LzCE+kbFC(l!|X zqu+w_R|xPC90D8<@=b2^2#oT!G?W{sZv`aTa%Ga~+QTHb26?_}ZT5x+KcQ6u56##p z*^`XemA0m%J3>>>E{(HP(cB^=M7#~3`W=_~poBwS6WQM)gCyX{Aend`+3qy(gO~e> zs$3}UiB+z~T1|lbhI0cxrbK1|lb0h7dzAr+?u6Ubgz=s0lg6mgOy1Z6G~KA5UP|BO zhzB$rB9HVnDSuzdHKggRE^J>~v)@#!5u4R=xqz02`~=YIG7DTOguycyo4sK%b$6{)*J45T zm)iY=O*J+a=U&3h2N~*j2A^M^i90$oW<*ubcq==%i$jAIFI2ABu zx+fntIRo)2v?_bD910$sGm1Ti?81W8b5BZSYLcS(|PWgDaPabUFNBT zKFm++8zsYKrgbJBkK5Udvi27|Jn5-iDGvKx_!KVZ-mb1K$ACASrFlw0T3Q;meR>_H z+G6F#u`i0OJ1to-wDD2Pd!BuP^y`L#FD^rF3m8&(86;3n}i{5Tq^c^A|_n)RF z_rxs`#Mj8cs66EBy@?{kH@3BlvBhe6*q5LBK5;cjhuA_J6BB87$I`9`52(Tow&B0K zK=yOih@o&2l@GKB6IsyUAZ^)L_+M2$HfN&z&}8wnbw>V7z&Bw+$AS?O?x2~e#ZBV- z11^CQrOUf>ed^Scp2aK?q(o-Z$c_5?dUj^4272&P{wRY{WrgiBmIzBS($f{IA-KyzL=iY|hpnrN1JmhOe}DfR?kKiciITp#xx|9q4!PPeuKd(+ z>zFE7LYw%(KV}ywowv0civ9HLOn!~U+}%sl*|l70ouDs zg8_0+X}C5&w^ia(y(DcKAvu?;GlHHV_vRDXRoI^871yi1FM)v_}HF;nQ17 zp2Iz~uGqla;%huP^TN60tVPsuHZebY8sNQ++*^V`c1YLmA@2TDbw;y*#}aL-@lk$s z1mSf7BsMNwZtN!W)UsUeOdjOi#Yg=D`r`KQVDPT1Yj*kKV(c4U{X4dq^-yF?eilf^7FKh`TlBAln8M(=@jHG&%!thLMCs{U^HDMx) zDr80H!o-;^Izf;6+QoE_p(ozp74rX? zqf$mz@_fSOkMrsY`ovW@LmQ-O1YJ0Me#8_zD-+9PbSzK3^f#E7r{75=PlZwNhT<(C~gPVm!^?Fv~goVZp62rTPrX#fr=vW#+ z_uTAv?9*rIvq@;?XCs)OmPK;CT~ULfZsTPUaEVJx2@Sjvv)W^uTa8-L1&gs2aQ>TL zSkr#%_KvktjoZO%Puq8B=m#1HyuY)LPKkr}Hg0**`V;?LJD(P(_f%-SmU>Tk!rirs_X_x;ZFH74Wq zTw)+FE1&$5UhP7W9q6p%7#Yp~o2jWvlo&`cs#Urz0W;^{iO!%A%$PiDyoOX5Vkzuv zpVVMst}n?=m=_6{^rD3^PS7Y|Y(r!piQqe_^bB~@YlFcwjfD&`mX9~K~iLS&!_TXH@#$trp$M;w(n7yA*-x|FHJFiR!&itrC|aGIE&kSEQ7Y^2ueh z=%l8bR4@88OD$CgVL;LjmxFPp2pqXTGQSU(*S&sM8@BGAn;5QiewKP zI}myf!b1gnl&b~AifTZe`+|6Ckv(mN%@u*+{iQ$RcsKD0@sVx$NK(*apmwRQtUcF6 zyEGO@NqPpcR#n-2Nut)Ld-w{lgP*HXhak52o_NOvTdlM?#thM&xruY9FZ0|8ucfpW zd}sAvYFSLgXxa|C#bim^l37TG$^J3&(*_0$Kpm~?|+Ku1p z|1jIqJTG+RV_Hi}*voY=0n|J|_gm@cLEeemj@hYxo^Lv3FFL;FcGQk#w*RXCds5{wbOaPsO$o*^C}dG0*k!E>vFnvuGS3!Jc?oPOPM*b2do`M*+WS;N2dbt^fJJ$A#X;oi00hi2 zO}wJ7-Ixu;6D8CLLviokrY}52Ef^7k?>4{p4Rw154e_$Ymnw}3r#c-OeVEAY#rc18 zzW$xThmC~AwY(zP&}xp9*Li9OU}Oz$s6>xGUHJ0oE3aZx!Q8TlKIY)3bUg0Yj&xad zJk|Q44A9x|I%;pxXNP`TA6ROG;$J;meiBUZRQ}2g0+#A``e16@y!Zi|FMs|!V-IV| z1k!TScn;~~etnJCw-HXsjXSQEnwK}_IMC(ltmPj&H)Nkb&*)+L92(GdO)M4!GX z5sMmyOsHfC0g&D4l)i%{2aZ)%m*MwVN>)&+CDF}l67k8&M)xJB&c(SI!s_bk{Yvl@ zJ3!PLO^DA{yb^y>C5@}f-pr1XJk z0{P42!G;sTb5O2P?Olc{ymo@SQ?9$1tm3f%RUNevV&Q)-^)y$10H+XlPZOi}=JWK$iFeNFxSGL>W6Wwcu0wcYVR`4pvPLE>Elcr_tGr;&nPC)S^lZp=t|RAgxu`Y{HdwyvnK16 zd2fIDZG7XQHX_Zj@NkH(MX2=4Ven3WexrlNaXT3RZ*#aHW!SO3sMnt}yg zC5cZ@iR(A2Sw}bB3J1LvmUnCR#2a*EjsL$O(q=pHD?Z-q{uNE-&uE!#q$@(DAZk`j20!A+_S%M{D z)3%DlS0$tS8|K*h&&0oo;2tME_P!)qbB@VKT|Ffp z*sAaFnjfI)ri*-v%N1ct*B~nm0}Q0TRvBx9GOOM0Q0i*yx@k4BL7rRzN~di=%@+s` zPqjDiA>&`clw;&GfB9;`wWiSt5`7i(315T}VpY#M6~(mC6Hg=;heP-!P^hj;-*;{& znJnp_7){6yje^K1X$ZRJD30XhdnhR5W=xpRvt|>zK}luM=z%a|+8sp{f07j8=S~2^ zMT#i*a~{GWcm4?8Yu`9I@M|l!jWi%qjl_0RT441vJ=L@-x+e$|i*E5zh8Ri<#Tm=9 zDby?{e~2&v7o!<919{~nj$+!_@jZX9C|bs+(pLY-vqsLV5#!Pnp2(C(O|>xl*7&{f%ra%llOg4aoR6}CECJLb zy@za3$4urr=B6@V>b8602F}ATsM@zdi!Eu6QItyzRHfJzfOx~bUS$ouGsJ7v;k59l~AX1sk{lQh(m zfZdZ36XYn2uQ{sI+1b+=-p@!cVN_#29W-Z7l^q%>?IqsQC^<59r{<(PQYnL5xf%vz z3-i%^`eUb{U#t|W%v75aVk4@v$1T?u3<^$cVCBhf*wRcczYJrJ!pI%QzqpomgHY@B z;e*2F(Up!9K$h_;fw~dww?!;AC6xy`D=*9CBET38JZR!@USK@3K7aoXq0y%6xP7>pb zKG}`eM5xcsBTSRaPZVzpy_Y{@sx}X{xiIENfw>)hVrWH~876ZuSN(M<4bYq85^tUN z2;m~Z^9S}O{*pmtvNl0lwO)-x^ljZO_XMC@CQ4l%wcU4q!bG8)+Vs4?zC-U-f;GOr zYh^B5^E)BJxU`;-x%ZM(q)sI@{usq8#J4ja$+1>VqL&Of>1ioo+9sAFtM22AVr>{I zZqBUC>uGijp}WN(N>a+Qdetuf%Iv=wt2D1(D2pml7y_p|)W3<7@bum*rcgFd|6P$4 zT4$CIX|Ms~r60@l7DY>xM~I?gD|~TGwY=y9vG!lQu7c*vrVpPY)FYi?_FlaqMMe8x zxR$l*?#j;<%*)g0fC1w}B-YYF_qGFi3nXAB*Q#8lgwJO>xyj|}=2{O?FkoQ#pMJkNc)M1Oz zE;Q=j1efy7=^jG8*nN`VYJ;)hVj$>xc4c^La!APXHi%(RW_ld4?3)3|^7hr>X)_iE z1_l#mSNkthNrHJ(8A?OKq~MW=bXti5X-zzvd|9B_QdNp4K4L@5g3?KP;J|6P}ijGCHS+gTJm z8!e`{$qVJ?=AzQcA!E!D5|f%4LU|z;D40o(NRqtK@!o?wL<)lI$up~{spdSDPVIv= zNo2DTSfykr6-~tVOGJWwu#oLG-_LXrN<}+HF6?Ao(w{Lg?;E=YqQJXQTU-0Kip-v6 z29_9(w<@cX;BIDr;=p@id)bTd^1>DEhJdxHwJcEE#Q42v#%`x==xD789NZ;8k>h^= zqXU9i97}Y*O2h8Im^sS`C6N0Z@V-hz=-5=zMbWbdVqgg#vSs;iK)#%z)98;~a}SW71$ z5s!@|rbYp8M>OTJSc=;a5R0;h(UJLH z6NVQn?vfJ4`qKS794B3k?tE`eNTF)`pLdSLCiX-nBPIVpD{%h@TJh<>&yd`4aXG*7LFp3OiA>#r6jclohA_8Y`7)PnKk zjU?-cPvo{B6_#p}7#>*t(}UmMWn~;LbPNT{TmNDJ&Y=Al1MoQcf3XU~SgTljNP6_^ z@hkV5lDV}z$=zD;z)eUq$?b-Ajr8<_w94XoOu@pz*xynXKC#_3h*}LqfhTiP6{{ai zHfLPI z_&r?hN>%2+A?d}mrrL~J!sRZu)KDWy;E~K;>b&aRm|;!T3I7aXps2vXoJ+o0TgiK= zSH$783lC*#`mw0NC--+0uyP~<7<;rk?k_go%A4Ypf^NI8_dffBw0E6PJ|4jS=)&*@ zzG647g9xS}O)QCei#^d4u$MNIkb4^Rg?A1AQO|P$U*AFlyioA-DqTw5IQc)rM_Ui} z(Mo^TctUie33N_@9txwK`9Jvq;cbulgOMB%GmWL%m z_2cU4hyRMA4ZiSj7r^fkDKXl65|(%;_VhWzrFRBbz?GH{S%ZUl5A-#~wk`7M;0{>% zpkEy83%c)KP@pR=e{j=KVh54=iK$)-*h5;f%0-PeaL;(Gl*f>`ye+BUSL>UQ+~1+T zfi{fnS;5zfh3B1UXo_0bHK+j&O4^qJ-Px%aH+CBV$FN?G-wd@@6ZV-lPjH{Et zOkkn<0l5Y-#o@?;-jnY)gKA8te39d4E}$FywN!`%i<|S&OV-eW2`hPN*iao?fAb4R z#8X7w8;)zY+k>t-6F*q%`N)on)f=O3yzp58NdzIiHr?kp|IzbThl1cey#@@pSST9N z7Oll*2k%&G*v#$HF%#Z1wo>EAhz2YsiOXm~*$J}DDFvP0wlB+V&TJ#c{o|7csjs;u z&dn z+vo7skyCOK|MDJ4lWlo;=s3nZM;N0y+%D@6cCX8~s`7mwP@=YzD4c}A)%j;=tqv>c zUigvenDR2wc&q3PTbl&^@2JTYa=&Q5c=)S8x!5It!OL|C;}Y^XuzOH{D)Xm+YC0w% z&B2o|Uh)rTlvj6-!xixCH&zUtc*Jk6HUihjc4=y!&!lSFjJ~D>#|5S5<8#G-O5#$e z4~KB|g+*~fkBg-2j+w7-9!oBkbj+wc!W+#zWYk;S1Jpbk64b{cxZ?j6<_hh2z5OTH z@%*HgRCr}++4B=>=uUSZoXF>#sX&TZ_E+*C9kLzs){VLmEibB~rqS3yezZO5GP~rS zfP3>wiR?cqffNkprztyT#Suid9~Yx70e|wYmKV+#XoPV(?Dy!7R@r^gC*bxcPs~S~ zE743SC7(dH?9?G!B2E?cZA4rmbs49NOAS>qOK=ilrypK%w8jKq)jgJqNc6+Hcbf;h z)h%9%5os_Mk*nRIx1Qm4wchN2RWmTuL5ZOL)Vdcq)V8$`xWRD3N7zb(G*7rVkF#Ji z?+M?PHdv1M5n6Ie@1@BU|5W5YMX3Yr96H=M9VYd4YAoIk9)Fs%a1z*+MKjq;w)7p_i$Nd zQZ4%tl&};(>U{zn0Y>h#4&&){KE|~GHi%9=bPhtaaiK@4RmD`Q@jS0Ez3>2WRlO_= zI!RXx*S>t5RwekNRfzKJFQpdV1ueac98L767c}zjcXAnK68-Z zfem+;ItQ-vB%wZPO|lh-5TiV$Zt{w zJJ0lbFx%tt;FeaJ9(s$NW17hi_Ioe7ediOaAGLl}PO2SBfmv<(EjME!XQ-wHRz0GJ zBqYU@#YLfpQx`u`IoW?BCC%pP&V6G&;HuQQ#7Uetc2Z-3dV)}`yC9N`bp$C4pol(0)5tR+*?n*PM+rn*E93p}HWPn+@J*7ux@o z(=mV&z31z3uoQ~jk?}O!IzBXb&|{w2bPm8$N|bDn>Pt{xVcZ|>HuqQ?k5g?`XJ>7p z>^)YDr~z|tl*-fw(#KlAm&si7wfzMy+^x$VWF4E(+tL6KF8f|y%o1Z@vIkS?NgugW z04X;9Vrb^&&YdKzF^OWo6A9pXZR2GmvQsp&+M*m6a4j?MX6v{m+)}<>*#jNq?SJ%v zB-4H+!DugiJtX^rqdFhAD*zn#m~!$Q9jzre$%A-D+-_`@H2|CXa`J@~- z*TX5rHN`|%4LaYk?cyGBB{Unw$)j*!L^fx9LIM9Spvm`}v z0)q%b8w0uM^LYl<{{=FbO;Gu01uG?;9a#&Ok;uKj3N!%&4r#Sfk)in>RDRZdulxaq zJYY6^E-qM)36c`)O3~bWPE$DfI~C`dBc>7$9@&~awB%oDro01PJjNxyMo=!GgSyd-Cx>3wE!xo=?_92+^)|+cpRcLMWPwU*Ir;3zPWsXmv?C#^{ zOPf*7fgpA2p*Y+T0$-0RN!e-!hMRxlnmFo!cspS?s+cQX^oW{}a~IO_xu$tohe2tV zOR?`X*lu#p*Ae{85z>^w&lJ6&uu4x;U-j2xfOWs}GcQT{1KSlH_CRb!6o>qSJh~FA z5!B?RTqcB32{IM!Bj7Y*QLBME2|LEus>(>(nf0LP8(p>ih1WJ3faae4GW{yDS3(>TW$t zFF8O4%?+cDn#L-CK{nOl&Nf8)4P3HB@9`)dLqbn1_N?W=_4QuO{0A>#?PtASYuj|G zaD1&BSmio@J4MaZ(or=9M7{;9M`;%9YkSL6IP}5UJTSwKKP+bY3$MzM~t;R%Lr!K;R zzGZaNQXAPIZ!i-VtyYTHa0}==PUD_(lO>Q70Om3XmiAM==jSG)DEa{Z)W%0l`l2sG z?2_SG=MY$otQasL`0gEUk(eN#!Z*Lq5aEgtes>}iLBI4U@y5#D=mT1U$SS{GRvE)| z-$Y$7Ra6IUlS4lIJmKvX-`}rLp`t$g1xTzBm&2ap6wH`yZf=g77(C}De+?C$HdCz^ z1S_wqw-1xw00;|q(D-FISmZl1nFmGK)CZpOZyX`ZTiVAj*N5Dj< z{JHe^VTguu1&TtNN)=i0s3(Feq(^&lg>(5oMJzE%OTkV{F0{TLXE-j@hufB;k9pkh*drzkkXe0m) zeRL$RwUfU+mmqgIic*&CaU$BFmC>F1*owX4-5SbJlfiz|x*sMFI_9Q6`$@v2VHnW{ zCx!m%_Ac{6f)nk*>qh&a(N?(53k3E8d8sT3$?C+~{h@gTYD62z_D!10XZhjZ*IBbcc zBf0rf^leo=@p9{ew#(SB+1nnOBlGD(FgJhCj0SJ_up5DWI@dEFSiDpr&A~Q)C}(Fq zJw5ubFUM^MZ%&`sPl%$IgO9O73cJq>Q6@JwJVP?MNFKTKQPgyK-u89HN9`K?3q-B2E zwEJPLX@@OkTxz_kK5|yDF315Uq&!>;hqbt3C0)2E76gq+jJVnlQm>XbjozfpRqm0@ z>P&gOdzp~He7y{1ZYf?!N#0(}Ez@QK1;LzDdFS}5s5@}V z5dX(eq|85rH>tlt=GmswxqZ}}JOJOoqAvk0Gy$pzxpy!=pnxlk=mK+Dp0Q(h6LR)rL~yXz!f3Tuv+nO$aJZd(q^efa?O>pU z0*&SZ%Fa%dpjWjTlYFtsrmh~~Ii1yqV>FyC3?0E6NgC`DX6%Y5DYGQ$d_rlXp8;?} zd#IwD18IYW^z-Y-d!%BS(F!{$)ax}X->O;vhi9(zm4;}639*PV7k6y?IvL0kOVik6;&kWYXE^@Rt38{(466P+A;qgv@^cE zI$DhIk#jUHdlFXn#Sk@yZ6VB^I0FM&2BQPu6bKm+>uby+t5ZGDJPfvIBWXGD%I>M z^Wd;Km!F!;#b18S&c;k~VjL(`h|x+)>|fO8>scX3?RdK2j`Gq*OS%@-HG~1JJ;m?q54PC?Y6EZ1d?FJCW z^I>b`m>Pyk0K{9OKf zotZZHfMr1H3?k@a$m+PCfwFjJh*u+FvaFr&pQAbRvzI()&AWL5Oknsfo%ig#@t421 zLYhEz9zbL;dz- zM@NO-dnHI`E8d8Gn>|V*z_{$Zxfd9s?n;88PdO8>8ZFAh+hfq4U(hie6|vle9dqJn z;j&Zg?#xsTNh!{DB!hiz6^j?NxmY&DzOx*f$~#6dP@s^{nCsH>hhgPUaB&%*k)1Oh zBc8o(5D2*7X{t5Ew2y(6CqBK;{tL}`(++d|vhTBFxa+gJ+|m>xQwieI1q%#TWB4no7)`fCsi-=Jj&P(NYuJb&Y$^cMY(&JB$6%VRXiJ3#+dT@T{9` zv-QE7))cwrO)m;RR^^DfUtqzg7pS4>WXSrd(%O>K)#= zEk@sdgD)8)%G%wmPm%f2yjR^CXnA>83(68l+$R?(l5>(u^(e8s%V%w=@m~SbfFH7( zL@EsD-Wu-Go<^@YG-!>$EaO02YR|{H3HbZh&Fm_XI>$yjy_DvwDu2s=;*-v zcxyuB@A9zDY`AmIzwLH~QExNx4Vjc?lMg%_^_+FEf@u|Vt;vAY?j|!gmS0!KVoOf1 zjR*bplV2|($efCG2EvlQ4%KdCg<;KlpM6<7;TrnAb(p|zLaOYswqv;#nQotJ>%#+z zEhXii^`p4Kp(3OHMpy@(GQf~v$BC4{XlLG~v)IZS3V?0)NF-tT=+U`8w}d?24(u&) zXL5Q-suv8f-8R~w&WJvlt=+IzYGX_O{J3!hs7zj8JvKd<`@^~d&15OhExwSe(k;4+z*DN4ole$#$u!N3w2@TPlr%c~u*wqSl(zNg<0zau^Zfz2aS_uN$ zLEC_`?!?!sMnfbM3B`1~8MC`t%aNt3)=c2DqSwL&nM@=gpn7diw(wdfaZOwFEYbYy zWOdYuJ0meTpegwA9=4dPmB*)0*ZIIGd0k&APxIj$TRP*lT4dU(TgF^@uE6_MT?-YgePF2=|c5J98{3 zAi-V-yxQzlu3d{xXXU;dm0S*23+2zk6ZPh!*bzzM7_@6r3*F;y=KR9W84=q0oLJ$rEE^K$~DxW>nvu1cpwkyX}KQDjeYN#fDXYLa~ z;Bb8eT%iN0uGjke45n>jBX?wyD!t?8WQ;bGQl9ddOQSAn{9UUkB2UJgT)-05$4{23 zZ&%`fl;DzpTegtX#+JFPugPS*N?DbF4XEoq5F_quJpmVh?K8O@f@-za-|S;fTOz+z znH!GjNF~rn{WA3J)Jh}8CUN|=O5ghSqWNjv-OBRxdjWjk-OQ6~^V1+zbR|v7+7KZ) zPbe<3*C!3k#8b zslbu#s9d;2SJobhI;<$Zv8=W*JAxZJr@0ylCm4z|6jUa_;*a9w!QW z%!;nptBQb;-^jpN zb$46rhgpn?EZ^qGAIkg|*z`7|kJDbYmr~om76(HMd9Bvvqul6JZ3k~Hckytfz6boe z-c67cZ^Tndv6s?Ny!_O5_f8-MIpNh#mobB!vYMotoK${t-UKCI0hToDi~g0gzvD}E zuxBiCCF5s05$ur1$ITg@_r3$sPlDuVW}#T}iN^${?okw`;l+B4x{M^ZF^Q4AK*}JP zEIy!|e6XwW&G;Hilx)hR5iCi=YH!s%ZxI12x>J2)j--xcLBKR1DSG=Bj806hFE}%< zfEV`B&D0Bqq3T1p3HiDPcHWUi z=x&BvLO!svfzFKK?umH2x(TQBGp%~{L=$wPt$svBE^2jN3p}A~r|=0ZZ5#t5Q1;2l4J%qk3pl~$B>0K&a=c#lI(caiqB=7ZituBYzZ9?8AMP9ECu{lCMnlhd zc;p{!_{GE;^NJ8WKW^LmO6mXdHAi94hiy8g8cSwMZ~&WagfuY4n{8w->{Ecm&PjwO zc9$b^cklby^;LYkcFI4gHN~*Y&6x(DtPboP5?BI_BC1R_0O6`dwYJ}m=()U}5*fayR9TJ>3}B$`#$!Bc9qsW`n?rs%ki_`Ow`Nnv%fGSCWw9It7z4m50&MzFR z_|8b$5WJjHZ!UV> zz5pykU)<%?G1iA^%HWIJ_pNxX;rYFnCdcWN{?~7bp(TXpcZF_Xahv1()eiTga4LcyeRnL0&HV+4^ z(2sBuLz%P!VDtNKE_~td3ILfZUN)%mFw0+X5rgZz^o$4 zg5>06R3E0iuHZ)Ww|71f{J6hUf;JHKdHdUsd^d=-9ILd7c>K4&wubPl%(1+8!~%lG zr@LKFe}1zcfjk|}YzOORr#>m>+D=+3e8G0t3AVf#A~8w!pX&lvPhv2^DIdF!-gnsc zYx%+I7cT-^7xiPE^@tqPZ<))VBD6U^DtQ`^+kdR>uKPvw2Ju0cke39{d+ZJ`*mXvI+ zkFAL2$Jh0SJB;EO!d%cz19pBPB1w8CZtXi}qwS~O*ZG%I!DT_s>lWt6v5vOQ<~MD; z*+#h3Z5qPanL8EhkjxPJv*bDd<74l9Hjxr79E54-(8WXhuu%XlmUbz8-cj!sJCuCI>Br$+fMD z9uu(i;23u#y(l<2byj(?ky>d;041%3`YN-O1%%V2wwLp~*cZ5TKrGQ+1KRSb8U{P= zmIWIJcf-8nBFLOsNH4rr^9yl(bvvJ9pYXbvJO{;@u{rA}4w6KX5pS|GTOgeZ%9sTp z?3T0!8G2I<&V9D^EyhE|noe|vkAf49+BC{!^{QHEx2-;XM`Qst3jZZT5QD7cX4EM* zv|ok>aNEAbm{u}G=#a~R1^}P2oI-fk5IQVDk5|c_iDY{==4-x%5!iS8{Nj3we>iG? z@$`~jnVLxKvJInfJnj(U-DnL2QYn9W?hnHE4RAdgi|YK-jNQ``d}(TuPz_|#4$%e9(Z^an#@yrLRT_w1@csea zWg}iK=!m=uEx~YA{w#Q}96$dIS-U#&nL#nf)$x+0_SQbz?-lmtZJZ{#WtcPpnyP5J zoeZ9LQ=a_(j=Iyf+QMaPeK)RU$Sn2_yM6HkFV>|d{*JYCBy4v19CR#iYKwn+V)R(O zqOwxjGwqq@`Nv2+V-a>?nRZs8xgu7}6FSlEbGLQD{!B8~smE|q$>EQYF37Z8YevgL zz%8rgt~lYI#?oY!8S$Yvw+w{Og-_PnsnGeU6y#EIpL6WL0l$10?65DLqq9NH1I=1v z!Qzfhj4xHnw#27=1C|r>GvkgY%n!`@AUy7q{t}Z+Z*g7N<|TpX_Dcp@8dIW8x?T!-k2~b@I5M z5bur}o*cX{f#c(8X{b6U8zu9(SSMdQRsJ%c$D30*T*R5|sX?A_p=2(lddY6Z%bX76 z9&uC@dZJR#_FBsPA>ZuanzEeTH8KWwxILmkf=h0FPi~6OCT+uUf^`X@nYOy>Y}Hvk zbiUm9H3l@G?rJIHO_hA8klg@uG()O3tl3o<^{Tf0$e|GjF^i*3{`ZL)(9+Vz*4NKZ z-!>$&goUK2ZUr$};=Ito1 z{oD~7MUPPd&{D2V54`VeWNpM_qK~X#zdDfKexZQX6iK6sm;)-b05l;9Is0u z)Lg(Cg%CmrA<{}a3?Oeq0y0y=nM!t$_%NRM8;3dZs5bP-@-Y1t-1kA-vk#9mfU9>lnl<}~S49b1QLRM1{#bI1iA8coEV z`Hs=^&y%kERO3vm-Zi+pGMKTUX0+^82b+8zh{h?1p{<^h^JG5c!04Meh@5h)`2RL)(GN+GjVey!c`6ePE zhph|Vo~CRN!&=9&eEk17{YXKHk6^{b|8XswKIx3Kxw$R{s5$2v69}LEI&I%x!}Y>? zI)e~G2qFH}(hdX2(~tnQZ7tgSsW`OYV|uo0PC)BkjNPK)wV6M&xT_0h4jq^?rz4S* zn&VaFC0cxPme%7sVV`a+qXwrIy{Q%dC%3Iy(W{PiR=dlY+KzVf*D;Ov^!Q zuy}V2O)M-aW0BdRSkowY3_%ZO(6XjCmFoo)mg9q%EU7bgE1QDd37g)RfO-vR@x~a| zMLObHMw8RV1#eGXhBjZUVTA2Ux_En0J@7+LwhE@XW$pv3I#<`F05#`WqmkIl$2oTD zCQqc(RR|%35Lw7-7(m7$0V*daCk5cl>F^>bv)~d=Po`n(eZ2qMR{E67PoNY+2qAK^E`sWJn?m$jYx+-=QVvc{$Pj{*lShFn3-v{{mlZ8Yzo=5Al5>|x}LI@#V zBx!H^XZ2^u&!np&raZpLx)HD9SEDBNUYkrLSUgb+dqA;f>n{{ydrfLQ-R)YSk0002ov JPDHLkV1lfr>oNcU diff --git a/nitrokeys/features/openpgp-card/gpa/images/gpa/3.png b/nitrokeys/features/openpgp-card/gpa/images/gpa/3.png deleted file mode 100644 index ee8c7e4109f33961e595c6de656f01ae6f7ca5b0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 45231 zcma%?1yo&6li(p(aCdiicMTHU-QC?SKyZfu!QFzpLvVL@=i%||F%S_fB(Dd!EUk$X$F@Z>8l8cr4kttKH=wMMBG4__T7ZDE&V&$_a{Gr7i7+di41PQSVm@xGeB~CdmH9c zfDjSV=VLmnZ_LI6bB%caT#r=yy?H4qDdBZ%DWct9Z0fJFK!g9eMHQUKh0!$+!jTT& zwyswi2m=e7`&*_t7qobM8S6DlGC{>R0p`zNIz&5ZRyVGmk?VUzEZYoZB+8#G&`TXJ zLOJJ#qw9b4m1f|<2?&&^{5nq20!{!t&^qkvWI6g5;tL}T$C{co2S7BN)f!fXc%*p# zwn*#*p6)ZQB#MB5fV!O5-zisu(x8{$u+)Xa!S6TLJj{@BG?GcCk5M$fT~UsHXhaX& z^=G7n>Q!~s(gTP86p)jpjF&FW@v}t>a&mN3v}!gXJADv-+p!*NDzh1be%gX<$%ezt zZgU_)KgHqHg~qH6o(#G}YyYmc^^b(W14pkc%qo^_E#|GRuWu|%=AFeyMB7}U=vN!J zr@F!DUiQ`R@nv$S>_ijDRA|t7G7*Bh6^`Jo{}Cu&^SVJ16%0<2Oy_c7o{*cKfB+A^ z*N1^wyFk(|=FBh$x>3WbLfO1UgVwDVKTb4c($}$ah(B_?ON@)#x_#mIzW2~w0A%|k z{BCyK&3Nx(U7IMcP=n>Di*A1v5fWKA;mS-IKl)+9!opG`IxM4AwU|F|6>o|ymC#rI zSHgE`zxrBsh|Z)mQy@;()^rA6X1-|1wnTMt2jfZ8CLli5+-VR1;Jd$T8WAY!H@#}uEsTn-FkuR zt<(KtgPle~Gh?{HY#b+cj|LN{L)%6SCV&wWz_Ao}zC-oZ85X-$AnOdbzXPjV8-Ck5 zgW1BL<&-?Y5el?xjnX1aRQjoKiNYWvs*{kAd`<2~Z_5P5XR*K|t8vKBy8XltujNMU zaT%1c{DFBCDIi|+bLz;YWZnw-?*fly? z_1h}WiS?ulLDVi6(X9==K})yxWYvy6U#V2l5?(|0se!oc?_i5$`+=^x;~)v>NneAt zD#VlV6YVvVTRcnE!dROZ?8XFGW2pzjSoj;2GsT*Ac z{)aat@MeY{ofJwfT}p-)#b2A*8X=aN*>CHnb#_VnXCT^GGy(z!0s+`RHm(qgjF|mL zNr_5!f6xV8ENAMZJN>aWpq~&GNf#6PM}>(>Zo&-y8lf=01i1Cz)g5z@X#6wAAaeIV z4uB`-^WS|znsXGZ#`tTpF{FY2h|Cr5U&1cg{cnb{dPvdnlqnJc+U4-*BsrsCN?^~Y zdK`MMOwbO!SiR!G#YMzSHTBiJzn)29ch0JMVsdhKsnpnlO$+A{YAQ!qR79jlag?T< zgBBwaqHI2D*ob(4$nW*-Q#f3tNQK&b(bAt)A{t#W%llTpfL=V;DiuvyRG zHGGwjlVh+nmvi1*QUp3!Q8P1&Cy3xBTbOC&=;@OAQ{JCr%eQQ&Zr-+Gdfe9>mkKtY zg}aGwpI^xqe*I9bjt1=Do4URnG9@1;C_03v%{aO~2Lq+LIOkE#Ks9E*+0Bm?-AOjk zM9IsWE*gp$pPCeqx5WJTh=hdnEp|HWYoUnZZyS!p_;~0DF%1i};9v+muKKFvPj1A# zdNvXY)y8q~$Co(6MOsMtt<`wj`2@r%E6TUwcJoPw^8VdLu#MM?cW-I4jkOO0S5qT! zXoLNDFKokCzPmN$qjyE;pK&N}53PN+5YH^YZeatf?HcAsRSbOVmbPICnz3Q zb@uD4&nws`;BogGDDeF0u&OHL{AsBCDn_8&etgEcVtzKLSs9uf7tNnGo_cY(?Tb%C z+Z2AcJ9zbYp83fBIoafG&GZY4=kg#%IYW-We?`K0S|`^EW`fY{ZE@21=Imqp+j1f= z%hUFL6_>`oWl7Rnowo*yFJ4nuTe{X0{$5Rt?N69~9}OZT9ZxGZjciGNISmam8qNOr z{Lty62CQfSEI6-Q9(>3kf=szkxnj{OPJ`R4ZVNUeCM>2y_{Znxy!jIv*aQR9jJr1tabUX37`7)!G|X}~vTakN$8olB zAZhl+9u`~MEtT6HK0gnC^DaI8Ag*D~9jr@!@LYUQck?-TlHgoEy~Kg1BSFT{bl>>^ z6R7oD-*HwA+?a1jINCC+r#>qwA#Cj$3l#&87YoHQm68aK=-~wLgzschk_k~?7*$A&Yly`3W+;mIuL)ka5I36)+^yE`FjM9|E=C!gyqLXj!{mddm{byr7U z5WQE8qY|GMCknyyB{4-QsRa&5BkarLRZD32MN0(bZhLAFtqN5&>R!nKmJ(vkV^Zqr z(FdO2#=2hM2+}wEc=cz_@E$6#dssT(a!ykJ_RmbD& zzC?1Nw6IpPaIyj#2t@iif*ZsaY8Wh_j0#2ar}L&Qrb^}y;k`^WgTEH`Oj3SJEFHvO z)HnPQC79Yk2OD?99UadL zQ{RSrXh2&7@$X zCIgOCCUk$g#_IqhK$j#OEHPCcJ?V!#0!YjH8Jyjoz!Wa8KsW3e@3$MQTv9xBLqj8jR-wVxOul4(%vmU@ zS+)gdw+U0rC#B`RfoT%i-U(SQ9|N0PZ*G#OS_$)8^X`B%sXHx`HKB@gw}C1JA#+%a z({L#XKje&lY5oCfDkZcAH6^b-{V~fX&Ay>OE zsYl&0$ZBK&r={|pVqFRVV^X!(m$tPX>+DPlPn17jI&||@VDe1_=!_#u<8w(^X~Ck! zL;G#S3)P5+Sx^krPbJ+H$e@=Q@+CPGR3vKy#~FxeIR+aV^AuGTznTR>b_DbUeqz&t z2mTUO9?ACkbGuV?b+-9z8TBk`+G3D%We+Fq<-v`p1hl!e*~wrQvK}Aw=ZnT zy^ZEc`%dWAj*nbMZKvyA7-b0cMcz8n(-dLas zDONArN)A!g2GU7UC4B!hgt9~yo>zVTdCm<2s6j>zMr=6LbaY|~DvwVP4);38=(a&; zr!;2vB?kFPmiToG1+!gWyh$`Csg*QpSR>nd!Kk^aBXsrbtSe8;C(%1Qx_0I~Dg8?( zQo>ZX;e4+Q-#ebcVhD!rpWPbtl_6y^x}BxHuI_Vv)Y@4x@jpBg`wnz1#=K&T^1FW* zd-@t6vE=-mU3$Io@=1HyDeH`(T5wL_AJcZqXdB?5FdlERp>Ffaxu;|Sq55_kWX??6 zouPdt*yw$Qwtv0v46QG}r>q*Q|0iim#LYu&VPuc8Bg8UuNj7v%zUEaj)n!y z;%C?KdUTO~3x=;#OPJmf7;sMr!1KeNPa$?+|C+s>?by1ra{~YTJ=DW8uI3uzP|InP zwPOl2Bel049iZ5RGicoe{t5e)s}^h#u`}8btQB>WEZ+b12KN4d_E2km@R1?L^7sIH zakl&mo-J^R$SwJfTFmy7YCtSZm5d0t7;#YO4AKUglP%>EK{HhlKs6*lqC zQiAJvkwNI$>F@l>1Y0&JCMx?5yLYs5Ksw;o^G%uHf*?Fbgyq!M^L5w#NIS_GV2Zdm z%huWWcZJZ@e0(~fOLe?Y5vsM`n+$pRIL0*^RBY%u$*LvnRw}jF(9mC4xRM9=chnon zOf(sunm!FhKualAudr#9b3}>j%M}-)pyCIO+wE^{gVkFmdGxOkHNyZ6>-8DKEKfnRTv6pe*IbxdCNR3mvw?u`7L3uJ4YEJ2ChY}$4@AOQPVm?_@xsfA% znNC^DUqT-Y($*CILLrcbN_GEvM$IKl#V6LNl`kFG44$S!ieka?ZsopA|F3csCCC&5R3Z zgcB(TG5J@RNo5UVe?gRf%AdM1fHxCg}+-`A*Y5puicwCvZTPvB2q=$st{T**QUJ(uLfY;5J7R3)#mOC?9)Z{y1%M-Q`LPEJ{ zG98hoLhgVZ945;I67qKJu!(s7d|bRE=m&^@Og5LekPs10(h?8ZpGiMUMVqd}K*JQ~ z5T*2ppn7E@CXfY@Y+K)U+cX-~SXLW@YsQicQynT?4#pst>7HruG_79U-H_9=!d9q7 zwoJ(g8xm|28?w*C{Y}WMGH_rQYUxms38bEbow0o2zEHYw%hAC?!*A~dN0vm$g(QGT z0T1LjlcDk9?#V?&&1A*Wxg{Gl7cGAC*~y&QldG%J9^!xa(VU|dTeho(0~SYmFpxCB zK@yUo4-Gv&JsULw6MLB2a+;BWLXnCYpb8BS50h656N%>|D;pBiG(^qY6;7!L;OC2=NkCg|IS+a@NadGl7&7A_VIJoP;IRt=C1;z4Rv zU&^L|4i7jxoiQ$X10f>Fpl;v(zv-J!|C~iNCNXWc-i<%Xi5)*9Td12OsjDvIDDe`whl}=WC8erccgX0p@cZaNX z$pXowz6XcI`@OgCF4vcf6e^ zZze5X+F)>Ie%our9z>SZK44n&Q*oFEh>C#O7$qw!YP445IPh4kF;Fhw+uz?YX3JA6 zT~j6gtG^vN3o&mArq~Ty(c@;K3FI)aFhk?xUlLSI%*;?Qa6;y-L@N}Hn^u9Tcdt>6 zQH|ym^W$9dzw%|S1~2hqVe{W+b-4+1KV{86;X(#{;z*C)+6uvfgM58^Q$!1PJ_3M1 zU{8g+{QR>?%^@WXrVb#${A}G$G+$|V*IFzAtzIj7*FrHp5NKI?egqVW&=p$I1zaq) zmTW64Xxje>r%=s&0Vf)xu0Jp^P#g$COvW%^Im+Pc`lE(z25dNtZ`t!^PnfmoEL^qb zNGwDD@Qg}gD_64$wNm^~R9t#v3FKsCb2#i~%EV@gseyUwEh;pFC)$u5pqiDcHUD4^ zMJv|`8YvX3=#chTKBdV5qlT5KlUph`hz`BTKzs!*_j5XKZf=b+voucon7t(dhCdSQ zW*4rgq68f5*Lj{~i%ASlQFOuw7l|mGfF`iQ6fO(p z#dIj2W7GP|WdW60-C`UloEG4m{V(&KSNz>x8Q4;aYnMkgWfFr~4h_rOUw6kQL?k{5 zLpQvS@zC5f(-Np3GZTV|P3~oHR~X7i(I0TXFf(0_NoXz5@r|mqqO}}Z1 zuGVcqd%3L-Ur|Z>i9KNc%ciqCgf!3BchCcV*6#>4hTvbw<6JJF$_4f3co2`<#1LrD zj|K`l%`{Hij zg~u39svY)r$$BcilT4JUJ4`B!Wa^66I=I04hf(ZEXiHhr)c9(SJ&KKwJ6d9jO{LnH;!G&>?7*EZI2Zf< zkZK2tZ{QRR;%AJ{;H)U`G#6XQJ!w%5b^cPMES^KD^5n{vOi09Y(Fq5w30-HHu4d|os$s{qjFum~>3uhI$${5rj0}SIn5=|{qCO^A(H&PUPAUbsgPZ*4 zjE%6b??xz!6@yF>vil>CucBn6sGzTj^#M4`849o zY(Gd5`|v*73GfZ#X|B)fvj$BoEXRR&8n>`WyC%2J0y^_YbGn)(?9-KjW4+qY3QH(^ zBQDl@1?aw>z^$ZxWliA(Af6Hf`FZZaW}_ykLfV|A(;N%O+@9OZBA@2v(Dd0VVtpk{ zTmOTw%YMBl?L$C(Y=jc~X~Paice%v|<{Qm(GJr=3mDPm~f8wJrV{hlT6=0{8Q8ORs z_mW+Jq-uSN^VsRrh-iY$VMf@^oSUptzSnI#nJ+A< zI>&QC9L;gvrkmx}<0yXNU|}820nz4kLImC^_(C)3%Qeqb6gfnu=xsm5o(EgJqAblO zUl?nST2mgkW6^!Qq(NCFymp-nOC>q=ZZS`|llcX|dt)>l1es&p3@$k`z%~9C=h* z3MfQ#L+-AO#V$20PG_2j`zXprPbj;rM}b&~%AGoRP4X@?_&2?+Bi!C8NuD&g^f71X zm(-_u0T{k^L5Cq}K38Kho+L#2j|;uwZuQh}c%hn4hUZSQs)89YBj z(CIZ*RPZI|;d84=Xn?g{J^Y~ttO=Yw#OqZZ8t`si7wOm_+sadm# zIi8fwC@@1Ry)d)BY9~44O9ZeIBN`0U@`}%}snSQZj z!T159VU86f5Y0@=*f3rlemiz03?JAp;TulGLG9Dq9%J1LTtI^+&1wWo002IzC|7~Sh@w&*@3 zbMhz!BO2&D;Q75j+dF}t9+jsxAZHUlOfPpG-#Z1@45DrLHVfjfP&jV(#eXN%jdw)n*23UI7BRqL!oVZtD2vyER_ZX|Mz%gaf#WN!>Zr#Z?S2}!-J9NM`c_=NHg-YB5ZR!%yz^|{34 zH*ZQmBjI4*aHZPz@2G_a{Mba_UZHrZ2cHvbv=6K~ys$e_7-X?9;ZuIUA%)VjkT!ZZ z>wFT;djKq=Zkd!jl{GD(TZ=CGfE)ApOcYe&YchE-fkCa0+4i>1E-7@fOxmcZ5_ah5 z8&DdbV9NMiq57?7eYLwX8Co3jgxwOh%lh@4Tv-9&5kV+=XvVGKdq&r;^`4^j#@4s9 z9jah#8vKl=Hmx_|_~=qIF%O>yJtsC@Q|Lck{#Di>A5v1Yc(@kSij!wvZ4FYLrFkY> z`_0{ABpTmkOt&%nH0DJkdo?7S^8s*~BAA%r${I{7hqO`#o6C?N6Y!OIU)vd@*}cq*AVD0|b${9eHi4&OOON;dYt9ED$S;SRo;2U?C)B|)D1r~J!T;yIk(shxWSXsJzIThEIM}tqTY^k%8O~|C8J8xIY$pVbr`B>e{ zW=HCCX?$lx7r?X=x?JJg8Y_v|-H^_3-1FRffd%&$`{awo*{gw~tXGCMyjb7LIr?*# z-33e)F_#Mon+cwS3NE=LcEMPaD=#=V`3gwu^zo2>qi$d-z>!|9MIY7Sjy9goPRThb zVh&$@6>CKcm7xG$1+= z*WDra@zW^v`zvo`Tq85v<)PoA1qn*{Hu$QXo)e?;v0F?kEhmXp&ni+rp4oc0bh^~M2xIg+EWHU_V z9|{m$_dvuOq|B$=Wy{~a_>Tqh5An7{%-p?{A&{^^mH|#*kLxlvC$HL-v=pCa+ZQwW zo)+kmD}2)LDgBMkH?Gq?`RWw!o=eDGQCDwJJP)VSEl|&68ah6q_Z4^rL#KA~*54&O+KdR{5twp1mL^HvVjJen44! z;laVdiJucT>|NZf&dnhQ)8;*q?O)<*p-xSBb55SMSD;ZwA$!70eW)F`p zS{1_}44e8;x*ihnYtJRB^$@( z&a*yPET03U8TNpCe5}23I1~`jH%rfwe zJ;=_FdQ9Iu*SJdDf_dtfzw-p0p178bU?prh*PceB{C+C7^^!YTYQKFf;7qiFcHbFj zbg7Ib(73l8T|P5Gva#@hW%8KJqw{A!*Vu0I=c<`?Rj~vz7an|2P*89vC{z>_5f2Y8 zMMXt12?I|3yO7q)^_p5AhLF8)A{S6fFnx~%Vw^An}?Q5 z>X2GfD2S?fDEe|it!v5W3*LzPCkgJ8)ogE`=N63RiVdIU^JQ#4)GPd6Z4T1h4_G|B zN4~cR0*4Vu(p2jrW;X}*m4=J%A$e!4tD}@C+hZ}mSR0iN0h&;_?YD=}_l2f|Q|jm5B&T3)B{h_B(5RSe2&a7ndB3^4E7=8ApR;vQj^j z)!Kqfy~zzaoEOTnf&RI7gs!g!D{nmOkmb9>UCB&5wG)J3yIEcaiB?|@^TEl@`FD9^ z_vUc5pRO9GR{VX7Q0788bVkYQ9os=w&7TcBpa<>{g3E0;FLztSyqaJ|xf`-lCw;$q z#Uf%OsUd!95ZZ$47nyiUv`N215yTd+vA9&l+B+7-1t*_NHJ~qPqk^Cw%f2L;%$k78 z{=9u2630v4$n7Z2tJDIV!HMs@1*#x`JZ-|QEEL% z%rcU{@bJI3rC?Gm`(JhIW`;o{5K}$t`Av3+pwB0XovOwK>$}{? zMr`O4Dov~nncdW9yNHLf_I&C;2xUjo7!yxK!GUa?cXI^x1~IM*?SucvkhdQtp!USL zdAE3m5^lfNO$N2cURS&^@>hG}?#y7ma9-=F4n7b1oM9i=F8iHjMk&bjCjUTB%Uf~0 zHhiIa9TCnWE=^6+M#!>KBp^*&zV31K44h2N>ACHrrs{e)fKSv;a;6W_qeh=fb(M=D z_xzoKmgBX%b>I2t9BK3&Wu( zzmth>r7kvS4M%xSiZk}Qi~fo4z;Y?t16O*4TF{Rkw1XHznbpH7C#kIt={`M|(W~IG zjm<#HP48&jI?T(viP6mJp6^FrY^DBRG@V^@iO-9-lVOEsYhJ4*&%J^mjdZl1nXG4GwO=CXm zho?JxwpXdL_X39ifwIZsztBz7sHp@hROkN{}a2=N%%Lr__X-eohYC}e^&Qz zP_w5*sY0V!hBaGG?anwMboJ{^sGB1zGS=vEM(L*H-HuFTY7`Qbe z_WKER@;YV&gC&B*WU;f?MD(NQk8c}e8;Al2J402=UbkFj1hxZ(U}vv~g6639eb$z5 zD{3a0JnK<0FZVudsqBvOOx8#CGK2}^DY59}0S`RLZTan@HvotBGmVg@lW{QL z@mHP~MyH66Q^g(^R`2&47XQZd-<*+M`{8l>GI&o!#@QOe`4Z;WqdlC5?dCLy{>`|H zln&}~Ya7ZcUQsyJXg_r+eB*+kSe~W_Y|@^QwX5b>yPTS>(x+Q8efesPu|GTu>OY#x z77>7*9DY9FRi|e|Ws&a&PlKdGneRr}ZOH>M!~ZR87?F=7dqsgl@^%Enoz(cochA84 zt$?%6_)bwqNO*+CjXL}`mR6vx&Bi-W<3x(^SMt4O*wf&8{a5XwSg1&T6=LgAyoDt@ z1D7U9Nxg z+g}{~dFo|%I>Sk!1sic@m;71%6eL#Mx+0+w2OQnTF(%Zijr&!dyydIYCu&^pwSCet zgi^Aibtr*wu)f_NrWXcqdHq27%MvU)(DLYvt>rY;^=8z}VWWOrnOE;z(5m=-_m`gb zf6oY<9+{`^bIq|?b5JYNImmMXSVf(weZkrO`(cSk!T%qb^F_j3;i~bFZofCdZSJvE zHiZ`xsdiz_Rw!6ZfZnjl4X3qYg7|bpz@F>Nx?*XkRwEqqgpToUl(SfM<){APrI%#s z0l)6}D0~q1__Oq_H|+BmvD<#*i~_{mc;?vI<%NVj0O5U1CmI`xox$-oFwrdF)jb~G zd}4=nO2k^E#lpU{IJPm86~7cZldn$i4K{HFd#!OCJ8O9w^}|uOirkiyve1mIq1nYJN&Y6Q z&r%270+{of^YN7MM~mXK^vCE(EwuDzxF2Y=7OgD_4{n&g3=6ac-?i9cx!o|O6);e8 z(*|{^XAsq^V~R+>9$w#jEQJ25@ja%3jE(}Vild?I&d-FzjU_P)IXmrSzg!ljv2 zA0-(`wYCMiTQ0lX2-5t!X;l*LwC`H#&x455&LMFJ`nZc}>Wm7t2cygL8H9E9+ z-aIw>p7(4-ZXUWJMdT63q$^TEPo79dDrI$B2qiA{sb8-UQ-9I}->`Umjx{i6Uuc+uLKjV%6?1jn5T1~scbRmJ#>sYJKJDqgD zt#gPrua?r~n16d&6UmSA20r%(TD(?oiZ0(IF`Y2M1$e|MvmX%YvpYT({MF=7%8S+3 zCk#r)_PM&dCx`2o_{nc?oJDV5JOZ=zDrwUrx1q<@geBp49-LQwGI zsq@RopF8Zj$P^h01B`mr>Q|0^^(*L%GN@N8%RDn2Lw;(igFXx|@e3*Css>Rn?oB6P zHOu?yVUQb>>eDr`ZUvE-YqvG-)p<>D<-KS1C#amDOaDBFuVqeaPNuh9t|h0}W}}ew zmJ0gyt*BlutXOsSQW}2mPf=+oqey!Z;X$3xQ5JfvY^N8UBetZ2e z<;Rql65Yg^mDGCQeY+Te*Db}$_m_NSO|CX)!DR-BAC^;{gv^$asl4ut-5pi=xw*(v z_-GtHZ}7MMS-W)ciXLT(cEj5K2s5R6)fch3;E2 zP;j*-E&v```R~WoHCX1qQp#L2kh@!9JQAYT>3@Nw^;vMW9J}8a6gd- z4o(C&=wG)b^u3Al#>XM)Ut2DklQo4jP4a=vGNNQzz7U+c8`BZo>zooLqi(9a91-H9frc31f?eZz1gKB0bRJC@U?B--l) zd%Isq+*UQ!d};_vSMgo08I_|Nxj8>bquxH=0z?;R6PY^XwpQaQvo8WdX38`ucUVcq9Z-;)I&=L+)pRiZghU8+5aJyKZaF36V+>+42Zbw z%(uw)|54ZZ)>6D%7>cvev>AGmmD$aTyvf{d%8K&b^}9P@a<=L*pp4V^?(5NKq+J>K zEtiZ^0kH-8fGwQf`WM$$c#XkCe|kfgy?OuoubRi+FW`$9{hCdEkgNeYdiik;XSjZR zDUug%hE&B1tT!$4QWsamU_Hm8L}eFesGsrvG-}T|{|H1okoSl;mj?vNgWE#2|9-IF z6!G8>H@)ld{RA3j>hQOweoWUtx@8oU`ZwzSFU{V%=)cm~bQKbaix&ZuRfjFDi)@8& z^)?|S!W|;R?~#b-$6_)LpM|F%uG=Vw$;AlUX^^_LwzySg4fN+~R6-^}GX5W5{x=Ag{8a-}CatgDvOyc%WZURq_hGrGwtF;B7Y3=W!eNgjpn$KFUQtPg zP9Y2R5WYfhS)R%fg1gF2PQ~^8u#xj>t;)Q*^(%qCqGyuS%(>hEOk!i3q(Qd*&LJWy z_DW|BX{4-*wU+=>y6FB4bZc|hA#|Y9&z`lbAWK|)Edj-L-j3w{q%2VK50INIY?06< zrocQD$<_z3g=|KxS7)=(CQR0O?Nx;UxrpQD|EuiSXaYS$ik-PK1SUw|26ryysk!>- zA*1NIxH(Z4*$J>ykM(cAH^uae*KExAjMEfDT(T~GO6RJRkx-K{T~iaKmAw5rS2FS} z^6%*KRN8dE(okhqjjxltE5Wxvnz3yrlU9&1I-$FVnECdD4}Lb}#R3CQ$!b7X2L7(Q z^#JS+9J!po-*(1@Gkhh9ud&?+wdoD;$yYCHFogc($#X@wev0}Ff*OaX4|v-eh2H~* z6mVnrbb;q4kF3Eaxv@YjUrpFlai{rB48DynPvRASFO@%JXZGw%8+PQ%)&E(=%Andn zO_f%R&q{(*k1}eE-IORr=nX-k;GBh*tq|+qY3dFb# zB3V$kb)<6(;o|u#Cn4g?rfI8nhy-QC*8sSWJMhtS*e@w;q4|JWZhpW3%ks8W2_lcJ z1pSi`zX)BBx1`j}?L`qwYndPly@&I0HXVK=7FCkT`(o+Z>OedaliSV<-lHo>w(XFS z!oz$!^9xCk8H4$Zf<&ddk@gH|gc5P`R|3WW{u}p=lAQK*JEtMli~@dz!0+LtPkRHC zOtKrpkHXzU^`<>RtcNWQ!0L!?_(ZwJzz&OaLSqoA<%@M}&2@FSzYA3rruBg01kE;_ z^s&&51-zI9a{6J1U-aJ+Q2^VIoZatIV=wpm<$N|q)jQ$`hAHj}FHeOGcQ*1bF_y3u za4!e^1jqPcVxN@F@QhVsup$rlb^!m~OoTitSy%FDZH{ zZq|wyZ@SfAux^I*Voh93^M#qwUrK3pk}*4e9MRrJ>0I)-yD@)qY=2$Qf8}``gc-dV zN%`2;8tuM`wAdZztq$^^06!H}Trb*OtX#$NpGcJQf8W|;cvMF#sOO zR*i{fKF{{HYdT4f^aB2|UY1O9Tfz7wl17JP@TP5yPj0x z2$@NZqVXv0wb6W2nR0Vtt`=%WoGSmW0i_ZQAFha>zs@DS>n5i(rY9<~zAx`6rAcQW z@Q2U7st9{-Jl9t0Ku?Sa|4&tv!@YBwr$CABmA1|u&1|;=e|F)!J7Fl-UZ`VK5)E%r z2&vh1ax2EQ?aIs1#KAV%S39ZhRkE|JD$Php1FU7}ls5C(*{B3$ ztNr4ux>C|#*d<5;LkUqRQ77Q zaUz%HV~sJY)+zgvD9G$?9{_kz&mTiS(!^bk5uZW!+sxEe>iSPczY97;no2Vl{xAM- z_MiN}Brggmd2P0B+b~6hx^n}+VfUxdg+!yPcD|