Azure Confidential Computing: Secure Key Release - Part 2
In this post
Last year, I delved into the intricacies of the Secure Key Release process used in Azure Confidential Computing. I managed to release an encrypted private RSA key from an Azure Key Vault, but unfortunately at the time, I was unable to decrypt it. It’s been almost a year since I last explored this topic. After some additional exploration and learning, I’ve returned with additional insights that I’d like to share!
If you’re entirely new to Azure Confidential Computing or need a refresher, feel free to check out my previous articles on this topic:
If you’d rather watch a YouTube video which incorporates many elements from these blog posts, feel free to take a look at the session I recorded for Azure Back To School 2022, named Exploring Azure Confidential Computing.
These should provide a solid foundation for understanding the concepts we’ll be delving into today.
What’s Secure Key Release again?
No worries if you’re not familiar with Secure Key Release (SKR) yet; I’ve got you covered. I’ll give you a quick rundown, but if you’re itching for more details, you can dive into either the Microsoft docs or check out the first part of this blog series.
In a Confidential Computing setting, it is recommended that the data encryption and decryption keys are released to an application that’s running inside of an attested Trusted Execution Environment (TEE). On Microsoft Azure, we can use an Azure Key Vault instance to release those keys, as long as it’s an Azure Key Vault Premium or Azure Key Vault Managed HSM.
π‘ An example of a practical application would be in multi-party Machine Learning scenarios. In such cases, two parties, both the data owner and the inference model owner, can collaborate by securely transmitting their confidential data to an application running inside of a TEE. When the inference server is launched, it acquires two symmetric keys, one for the image data and another for the inference model, using the SKR feature. The server then retrieves the encrypted inference model and decrypts it using the symmetric key obtained for the model.
During the process of handling web requests, the server verifies whether the requested image file is encrypted. If it is encrypted, the server will use the data’s symmetric key to decrypt the image file and forwards it to the inference engine.
Never heard of Azure Key Vault? Well, it is a very useful service that you will often find when a company uses the Azure cloud. I typically use Key Vault whenever I’m in a scenario where I have to store and access a specific sensitive configuration value, better known as a secret, securely. On top of this, objects stored in Azure Key Vault are versioned. So whenever you create a new instance of an object, a new version is created. Azure Key Vault can do quite a bit more than just simply store secrets. It has built-in support for handling X.509 certificates and many other cryptographic key operations.
For the longest time, Key Vault did not allow you to acquire the private key of the asymmetric key pair that it generates for you, though you could still get the public portion of the key! Many of the cryptographic operations that Key Vault offers use the private key portion, such as encrypting data, signing a hash, and wrapping another key. You could invoke these operations via REST (or any other Azure SDK/CLI) from inside a script or an application, and the Key Vault would do the heavy lifting for you. I should also note that a Managed HSM can even generate symmetric keys and has support for a few symmetric key algorithms.
Azure Confidential Computing lets you create the conditions for being able to get a private key out of the Key Vault. It can securely release a key to a trusted execution environment. This can be a portion of application code that is running in an Intel SGX enclave or any other “traditional” application that is running as part of a Confidential Virtual Machine. Two properties must be configured correctly for a key to be released to the TEE:
- Secure Key Release Policy: A key must have a corresponding Secure Key Release Policy. The Trusted Execution Environment (TEE) is required to provide an attestation result that aligns with the policy’s requirements. For example, the policy can verify that the TEE is running in a specific Azure region or using particular firmware.
- Key marked as
exportable
: The key in question must be explicitly marked as ’exportable.’ Key release is not feasible for existing keys within your Key Vault unless this condition is met.
π‘ The Key Vault itself will need an Azure RBAC assignment that allows a security principal (user/group/service principal/Managed Identity) that allows it to execute the data action
Microsoft.KeyVault/vaults/keys/release/action
. Alternatively, you could use a Key Vault Access Policy that allows therelease
operation to be used by a security principal.
The process of attestation allows you to verify the integrity of a confidential computing environment, ensuring that firmware, software, or hardware on which workloads run is both genuine and secure before granting them access to sensitive data. In this process, a verifier assesses the trustworthiness of an attester, a potentially untrusted peer, by looking at the evidence it has provided. Microsoft Azure Attestation service is used as the verifier in this process and will return the attestation result.
π‘ Attestation provides an answer to the question: βHow do we know that something is running in the intended operating state?β
The Key Vault SKR policies have a very similar structure to Azure Policy, the main difference being that they are implemented with slightly different grammar. The idea here is that when we pass the attestation results in the form of a JSON Web Token (JWT) to Key Vault, it will, in turn, look at the JWT and check whether or not the attested platform report matches parts of the policy. If the policy is met, the key should be released.
TLDR; SKR allows for targeted access to encryption keys, specifically only authorized applications that are running inside a known and trusted Trusted Execution Environment. The SKR policies that are defined when creating exportable Azure Key Vault key objects determine and control access to these keys.
The missing puzzle pieces
Last time I wrote about the inner workings of how the SKR mechanism works for Confidential Computing, I was able to obtain a string of ciphertext, as part of the response from the Azure Key Vault release operation. To decrypt the key I deduced that I had to perform a CKM_RSA_AES_KEY_UNWRAP
operation. It boils down to splitting the $.response.key.key.key_hsm.ciphertext
value I got back from Key Vault. If I did this correctly it would yield two components:
- An encrypted AES key
- Can be decrypted using an ephemeral key, generated by the Confidential VM’s vTPM.
- An encrypted private RSA key
- Can be decrypted using the decrypted AES key.
However, I was unable to decrypt the AES key, which is used to decrypt the released private key. The Azure documentation surrounding this particular subject seemed to be relatively scarce. Fortunately for me, the confidential compute team took some of my criticism to heart and together with folks we updated the documentation! On top of this, the team decided to open-source the remaining components that were used to create the Microsoft Azure Guest Attestation library, which was used in the Windows and Linux client applications. This was great because the added transparency brought clarity to many aspects of the Guest Attestation library’s inner workings.
Over time, a new sample application was added that performs an SKR operation, which included the source code with the algorithm used for performing SKR, which includes the process of decrypting the private key with the AES key. It starts similar to how my script did things, but it can decrypt the ciphertext that holds the private key data from Azure Key Vault.
I tried to replicate many of the steps that were done by the SKR sample app using the excellent tpm2-tools
. Unfortunately, I hit a roadblock here as well. I was able to create an ephemeral RSA key, but for some reason, I was unable to decrypt the binary file using tpm2_rsadecrypt
. The command kept reminding me that I was trying to decrypt something too large for my 4096-bit RSA key. My binary file contained 2640 bytes of data, so the tpm2_rsadecrypt
wasn’t exactly wrong either as the RSA key could only handle 512 bytes (4096-bits). I’ve tried chunking the binary file up into multiple smaller pieces, but I’d end with a different error altogether.
π€ At this point, I had to explore alternative solutions, especially since my evenings are limited.
This is where the SKR sample app came to the rescue. A closer look at the source code revealed that it tackled the same 2640 bytes of data using a function similar to tpm2_rsadecrypt
. The code does not simply invoke these individual applications from tpm2-tools
, instead it utilized the tpm2-tss
stack, which is an “OSS implementation of the TCG TPM2 Software Stack” and is written in C. More digging revealed that the code decryption algorithm would ultimately call into the Esys_RSA_Decrypt
function. The reason behind its success where my attempts failed still remain a bit elusive. I was not able to get the decrytion process to work using tpm2_rsadecrypt
but at least I could grasp the method by dissecting the source code.
At the very least I was able to learn by examining the source code and how it’s being accomplished. Once the byte array for the AES key has been decrypted, OpenSSL is used to decrypt/unwrap the remaining customer-managed key (CMK) bytes. I thought this was an incredibly interesting piece of code to walk through.
Once the AES key’s byte array was decrypted, OpenSSL came into play. It performed the crucial task of unwrapping the remaining customer-managed key (CMK) bytes, a process that I, of course, found immensely interesting to explore.
The decision to open-source these components has been a significant help for me as it sheds light on the inner workings of the SKR process and how it could be done.
Learning about TPMs
As I was going through the code, it dawned on me that I’d have to learn much more about Trusted Platform Modules (TPMs). While I knew they played a crucial role in security and cryptographic functions, I lacked knowledge about how to interact with them. So, as with many new challenges, I decided to roll up my sleeves and dive in.
A Trusted Platform Module is a microchip designed to handle, sometimes essential, security-related functions, primarily revolving around encryption keys. Typically installed on a computer’s motherboard, the TPM communicates with the rest of the system through a dedicated hardware bus. In the realm of Microsoft Azure, you encounter a virtualized incarnation of the hardware Trusted Platform Module, compliant with TPM2.0 specifications.
It acts as a dedicated, secure vault for keys and measurements. In the context of a confidential virtual machine or a Generation 2 Azure VM with Trusted Launch enabled, each instance has its dedicated virtual TPM (vTPM). The vTPM is a virtualized counterpart of the hardware TPM, compliant with TPM2.0 standards. Within a confidential VM, the vTPM operates inside a hardware-based, safeguarded memory region.
For Azure confidential VMs, this architecture ensures that each VM has its unique vTPM instance, isolated and encrypted using AMD SEV-SNP. Fun fact: an Azure confidential VM’s vTPM instance remains isolated from the hosting environment and all other VMs within the system.
π‘ Microsoft has an interesting docs page on virtual TPMs in Confidential VMs.
Gaining a solid understanding of how TPMs function proved to be complex, but I managed to grasp this intricate subject more quickly thanks to some excellent resources I came across. Here’s a list of resources that helped me:
- Microsoft - TPM fundamentals
- Red Hat - What Can You Do with a TPM?
- TPM2-Software community - Remote Attestation with TPM2 tools
- Will Arthur & David Challener - A practical guide to TPM2
Building the Microsoft SKR sample app
Let’s try to retrieve the private key from Azure Key Vault. To set everything up, we’ll need to provision a few Azure services. We’ll use the infrastructure-as-code (BICEP) file created from the another SKR-related blog, which you can find it over on the GitHub repository. Here’s what we’ll accomplish:
π “First, we need a confidential virtual machine with a system-assigned managed identity enabled, along with a Premium Key Vault. Second, we will also set a Key Vault access policy that lets the CVM perform the
release
key operation. Finally, we must load in our release policy, base64-encode it and ship it off to Key Vault at the same time we’re performing our request to create a key. Speaking of which, the key will be an exportable RSA key, backed by an HSM. (RSA-HSM)”
targetScope = 'resourceGroup'
@description('Required. Specifies the Azure location where the key vault should be created.')
param location string = resourceGroup().location
@description('Required. Admin username of the Virtual Machine.')
param adminUsername string
@description('Required. Password or ssh key for the Virtual Machine.')
@secure()
param adminPasswordOrKey string
@description('Optional. Type of authentication to use on the Virtual Machine.')
@allowed([
'password'
'sshPublicKey'
])
param authenticationType string = 'password'
@description('Not before date in seconds since 1970-01-01T00:00:00Z.')
param keyNotBefore int = dateTimeToEpoch(utcNow())
@description('Expiry date in seconds since 1970-01-01T00:00:00Z.')
param keyExpiration int = dateTimeToEpoch(dateTimeAdd(utcNow(), 'P1Y'))
module cvm 'confidential-vm.bicep' = {
name: 'cvm'
params:{
adminUsername: adminUsername
adminPasswordOrKey: adminPasswordOrKey
authenticationType: authenticationType
location: location
vmName: 'skr-cvm'
osImageName: 'Ubuntu 20.04 LTS Gen 2'
vmSize: 'Standard_DC2as_v5'
securityType: 'DiskWithVMGuestState'
bootDiagnostics: false
osDiskType: 'Premium_LRS'
}
}
module akv 'keyvault.bicep' = {
name: 'akv'
params:{
keyVaultName: 'skr-kv${uniqueString(resourceGroup().id)}'
location: location
objectId: cvm.outputs.systemAssignedPrincipalId
keyName: 'myskrkey'
keyType: 'RSA-HSM'
keySize: 4096
keyExportable: true // Enables release
keyEnabled: true
keyOps: ['encrypt','decrypt'] /// encrypt and decrypt only works with RSA keys, not EC keys
keyNotBefore:keyNotBefore
keyExpiration: keyExpiration
releasePolicyContentType: 'application/json; charset=utf-8'
releasePolicyData: loadFileAsBase64('assets/cvm-release-policy.json')
}
}
Once the Azure infrastructure has been deployed successfully, you may go ahead and connect to the Linux virtual machine. Currently, there are instructions for building the Microsoft SKR sample app on Linux. Before we can proceed, we’ll need to install all the required dependencies to build the SKR sample application:
sudo apt-get install -y build-essential
sudo apt-get install -y libssl-dev libcurl4-openssl-dev libjsoncpp-dev libboost-all-dev nlohmann-json3-dev cmake
We also need to obtain the Microsoft Azure Guest Attestation library, which, at the time of writing this blog, is at version 1.0.5. The source code for the attestation library was also made available in Microsoft’s azure/confidential-computing-cvm-guest-attestation
repository.
wget https://packages.microsoft.com/repos/azurecore/pool/main/a/azguestattestation1/azguestattestation1_1.0.5_amd64.deb
sudo dpkg -i azguestattestation1_1.0.5_amd64.deb
You’ll want to git clone
the repository as well:
git clone https://github.com/Azure/confidential-computing-cvm-guest-attestation.git
cd confidential-computing-cvm-guest-attestation
Once the dependencies are installed, and the repository is cloned, we can proceed to build the SKR sample app. I’ll build a debug version to showcase some behind-the-scenes actions. If you plan to use this in production, ensure to set the MAKE_BUILD_TYPE
project configuration to Release
:
cd cvm-securekey-release-app/
mkdir build && cd build
# Debug for more tracing output and define TRACE constant in CMakeLists.txt
cmake .. -DCMAKE_BUILD_TYPE=Debug
# Alternatively we could just as easily build a Release version, too.
# cmake .. -DCMAKE_BUILD_TYPE=Release
We can start the build process by running the make
command:
make
# -- The C compiler identification is GNU 11.4.0
# -- The CXX compiler identification is GNU 11.4.0
# -- Detecting C compiler ABI info
# -- Detecting C compiler ABI info - done
# -- Check for working C compiler: /usr/bin/cc - skipped
# -- Detecting C compile features
# -- Detecting C compile features - done
# -- Detecting CXX compiler ABI info
# -- Detecting CXX compiler ABI info - done
# -- Check for working CXX compiler: /usr/bin/c++ - skipped
# -- Detecting CXX compile features
# -- Detecting CXX compile features - done
# -- Configuring done
# -- Generating done
# -- Build files have been written to: /home/azureuser/confidential-computing-cvm-guest-attestation/cvm-securekey-release-app/build
# [ 25%] Building CXX object CMakeFiles/AzureAttestSKR.dir/AttestationUtil.cpp.o
# π Possibly a couple of warnings about functions, variables, and types marked as deprecated
# [ 50%] Building CXX object CMakeFiles/AzureAttestSKR.dir/Logger.cpp.o
# [ 75%] Building CXX object CMakeFiles/AzureAttestSKR.dir/Main.cpp.o
# [100%] Linking CXX executable AzureAttestSKR
# [100%] Built target AzureAttestSKR
Now, we should be able to run AzureAttestSKR
. You’ll want to run this as a user with sufficient privileges as it is required to access the vTPM device. Let’s explore the parameters to pass to the binary:
Usage:
Release RSA or EC key:
./AzureAttestSKR -a <attestation-endpoint> -n <optional-nonce> -k KeyURL -c (imds|sp) -r
Release RSA key and wrap/unwrap symmetric key:
./AzureAttestSKR -a <attestation-endpoint> -n <optional-nonce> -k KEYURL -c (imds|sp) -s symkey|base64(wrappedSymKey) -w|-u (Wrap|Unwrap)
This looks very straightforward, we’ll pass in the shared attestation endpoint for West-Europe, the URL to the exportable RSA key (you can also include its version). We will also use the Azure Instance Metadata Service to acquire an access token for Azure Key Vault, which will work because we have enabled the managed identity option for the confidential virtual machine and permitted the managed identity to perform the release
operation on keys inside this particular Key Vault.
sudo ./AzureAttestSKR -a https://sharedweu.weu.attest.azure.net -k https://skr-kvhlqxr3zi5bzck.vault.azure.net/keys/myskrkey/53ac0f0371594be490a0cb4a86934e54 -c imds -r
Executing this application will provide us with a wealth of useful information. Let’s break down the output:
Main started
attestation_url: https://sharedweu.weu.attest.azure.net
key_enc_key_url: https://skr-kvhlqxr3zi5bzck.vault.azure.net/keys/myskrkey/53ac0f0371594be490a0cb4a86934e54
akv_credential_source: 0
op: 3
Entering Util::ReleaseKey()
Entering Util::doSKR()
The sample app will attempt to get a platform report attested by the Microsoft Azure Attestation service. The response we get back from MAA is in fact, a JSON Web Token (JWT). A JWT typically consists of three parts, is Base64URL-encoded (not Base64), separated by dots:
- A JSON Object Signing and Encryption (JOSE) header
- A JSON Web Signature (JWS) payload, a.k.a. a set of claims.
- A JWS signature
Entering Util::GetMAAToken()
Exiting Util::GetMAAToken()
MAA Token: eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vc2hhcmVkd2V1LndldS5hdHRlc3QuYXp1cmUubmV0L2NlcnRzIiwia2lkIjoiZFJLaCtoQmNXVWZRaW1TbDNJdjZaaFN0VzNUU090MFRod2lUZ1VVcVpBbz0iLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2OTgyMDgwNzQsImlhdCI6MTY5ODE3OTI3NCwiaXNzIjoiaHR0cHM6Ly9zaGFyZWR3ZXUud2V1LmF0dGVzdC5henVyZS5uZXQiLCJqdGkiOiI1NzgyZmNiYTQxYmRlYzVlNDRiMjk1MDY2YmJhNmUyNmIzNDFkOTgyYWMyMDEzMDkyYzA2YzA3MDIwZDhlMDM0IiwibmJmIjoxNjk4MTc5Mjc0LCJzZWN1cmVib290Ijp0cnVlLCJ4LW1zLWF0dGVzdGF0aW9uLXR5cGUiOiJhenVyZXZtIiwieC1tcy1henVyZXZtLWF0dGVzdGF0aW9uLXByb3RvY29sLXZlciI6IjIuMCIsIngtbXMtYXp1cmV2bS1hdHRlc3RlZC1wY3JzIjpbMCwxLDIsMyw0LDUsNiw3XSwieC1tcy1henVyZXZtLWJvb3RkZWJ1Zy1lbmFibGVkIjpmYWxzZSwieC1tcy1henVyZXZtLWRidmFsaWRhdGVkIjp0cnVlLCJ4LW1zLWF6dXJldm0tZGJ4dmFsaWRhdGVkIjp0cnVlLCJ4LW1zLWF6dXJldm0tZGVidWdnZXJzZGlzYWJsZWQiOnRydWUsIngtbXMtYXp1cmV2bS1kZWZhdWx0LXNlY3VyZWJvb3RrZXlzdmFsaWRhdGVkIjp0cnVlLCJ4LW1zLWF6dXJldm0tZWxhbS1lbmFibGVkIjpmYWxzZSwieC1tcy1henVyZXZtLWZsaWdodHNpZ25pbmctZW5hYmxlZCI6ZmFsc2UsIngtbXMtYXp1cmV2bS1odmNpLXBvbGljeSI6MCwieC1tcy1henVyZXZtLWh5cGVydmlzb3JkZWJ1Zy1lbmFibGVkIjpmYWxzZSwieC1tcy1henVyZXZtLWlzLXdpbmRvd3MiOmZhbHNlLCJ4LW1zLWF6dXJldm0ta2VybmVsZGVidWctZW5hYmxlZCI6ZmFsc2UsIngtbXMtYXp1cmV2bS1vc2J1aWxkIjoiTm90QXBwbGljYXRpb24iLCJ4LW1zLWF6dXJldm0tb3NkaXN0cm8iOiJVYnVudHUiLCJ4LW1zLWF6dXJldm0tb3N0eXBlIjoiTGludXgiLCJ4LW1zLWF6dXJldm0tb3N2ZXJzaW9uLW1ham9yIjoyMCwieC1tcy1henVyZXZtLW9zdmVyc2lvbi1taW5vciI6NCwieC1tcy1henVyZXZtLXNpZ25pbmdkaXNhYmxlZCI6dHJ1ZSwieC1tcy1henVyZXZtLXRlc3RzaWduaW5nLWVuYWJsZWQiOmZhbHNlLCJ4LW1zLWF6dXJldm0tdm1pZCI6IkE2MkVEQzY4LTUwQTgtNEQzQi1BRjc1LTg3MERCODM2QTVCNSIsIngtbXMtaXNvbGF0aW9uLXRlZSI6eyJ4LW1zLWF0dGVzdGF0aW9uLXR5cGUiOiJzZXZzbnB2bSIsIngtbXMtY29tcGxpYW5jZS1zdGF0dXMiOiJhenVyZS1jb21wbGlhbnQtY3ZtIiwieC1tcy1ydW50aW1lIjp7ImtleXMiOlt7ImUiOiJBUUFCIiwia2V5X29wcyI6WyJzaWduIl0sImtpZCI6IkhDTEFrUHViIiwia3R5IjoiUlNBIiwibiI6ImtCaEdzQUFBTjZtaHJxZlV5czBKUjYxT0dHeWhEV2RPNENZWUhfQXZ6VUZQSmRrVkZ4YTZFQ3VZVHlfT2lXcUpfNEdCaGdzRE9NUEVqQ0xnSEgzS1ZGbVN0b0VyeWtfM3ozV3c0Y3BKTThneld5RXozekoxNmVVNTktSzlnSW9nVF9BWFZfamxUQ25Kd01za1BLcjl3WkxQbW9EWHp4M1E5TU9MZTZ0UHlEZ2I2Mlh4cjR1RVJiajJiTy1xVmY1NWsyRWZiS0FtMHo1UEtnRGUtVGZ6amtIT2VhY0Z5S3FRZ0ZxOEFzaXlVVlRnNmgtTlBHWkVRSXg4bjhKT0VZMXk3Y1VtZWVsN28zcHhBVXZRYi1pTmFodUl2MzJHRmRyTE1tX0pqRVh1eDlvTFY2Vm5oeFlEMHJCc3RRQ1RfUk1IdzVnVEtsWExLdWxFM3lpMDJfeUdvUSJ9LHsiZSI6IkFRQUIiLCJrZXlfb3BzIjpbImVuY3J5cHQiXSwia2lkIjoiSENMRWtQdWIiLCJrdHkiOiJSU0EiLCJuIjoic2RnWElBQUEzTVgwd1BUUG50bkNyaHFaS1Fta3dNY2hTbEgzTTN3eHhjTGdib2Y0UWhFN3JmczdBU3FCVkNvS0NBZ3NiR0xzNHI0SVN3R0lzbXRBak4tV214SlBvTE92TEZydDlSSEE1WUk0ZHlsQTBoSlZMNGc5RVM2U0pvazMxWEFtZkVLR0l1Ykt5Rl9JdWMwUUtvbTg3UjVDVVBSTS1iaEE1cktNX3lTUFJfaWs5S3N6OXRxZlBGZDQ1blFseXpjY25MT0NJMlE2THQweVdpUGlzb0s3aDQ0LXNfV242MjdfR1QxMUZCcG1odjVvXzVVNGdFYXlzWG1kejgzeV90c3c0RmNpeHBEa1B5VG1hZFRyazEzU3h4NzQ1TTVnUHk3al81NGJLUjhEeXIybWNqckxLTzZ5NHZ4anpxV1BfTlN3a2VlNVpzNm9NRFdMYURiRjlRIn1dLCJ1c2VyLWRhdGEiOiIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCIsInZtLWNvbmZpZ3VyYXRpb24iOnsiY29uc29sZS1lbmFibGVkIjp0cnVlLCJzZWN1cmUtYm9vdCI6dHJ1ZSwidHBtLWVuYWJsZWQiOnRydWUsInZtVW5pcXVlSWQiOiJBNjJFREM2OC01MEE4LTREM0ItQUY3NS04NzBEQjgzNkE1QjUifX0sIngtbXMtc2V2c25wdm0tYXV0aG9ya2V5ZGlnZXN0IjoiMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwieC1tcy1zZXZzbnB2bS1ib290bG9hZGVyLXN2biI6MywieC1tcy1zZXZzbnB2bS1mYW1pbHlJZCI6IjAxMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwieC1tcy1zZXZzbnB2bS1ndWVzdHN2biI6NSwieC1tcy1zZXZzbnB2bS1ob3N0ZGF0YSI6IjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJ4LW1zLXNldnNucHZtLWlka2V5ZGlnZXN0IjoiMDM1NjIxNTg4MmE4MjUyNzlhODViMzAwYjBiNzQyOTMxZDExM2JmN2UzMmRkZTJlNTBmZmRlN2VjNzQzY2E0OTFlY2RkN2YzMzZkYzI4YTZlMGIyYmI1N2FmN2E0NGEzIiwieC1tcy1zZXZzbnB2bS1pbWFnZUlkIjoiMDIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJ4LW1zLXNldnNucHZtLWlzLWRlYnVnZ2FibGUiOmZhbHNlLCJ4LW1zLXNldnNucHZtLWxhdW5jaG1lYXN1cmVtZW50IjoiNTY3NTVkMjM1NTZkYTFlZDYyYzM0YjA0NmZmNTA5YjA4MTkzZmIyNzdlYWQ3ZGUzYThjMmQwMjg4NTdmNDI0Y2NjNGRhNTVlOTJhODYzNWEwMjEyYjg0NjBjOTk1MzRhIiwieC1tcy1zZXZzbnB2bS1taWNyb2NvZGUtc3ZuIjoyMDYsIngtbXMtc2V2c25wdm0tbWlncmF0aW9uLWFsbG93ZWQiOmZhbHNlLCJ4LW1zLXNldnNucHZtLXJlcG9ydGRhdGEiOiIyNzBiNDAxMTMxNDAyNDZmYThmODQyZTA5MDg2YzIwMDliZDE3OTUyMGU4MGZiNjg4MzZkMmQ4YjM2ZWQzMTQzMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCIsIngtbXMtc2V2c25wdm0tcmVwb3J0aWQiOiIxYjRkYzZiNjJiMzFjYTU1YzQ2YTViMmRjZTA3M2U4OTc4NzZiMzI3MDYwYjQ1ZjRjNDlmZTE3ZTg0ZjY3OTc3IiwieC1tcy1zZXZzbnB2bS1zbXQtYWxsb3dlZCI6dHJ1ZSwieC1tcy1zZXZzbnB2bS1zbnBmdy1zdm4iOjgsIngtbXMtc2V2c25wdm0tdGVlLXN2biI6MCwieC1tcy1zZXZzbnB2bS12bXBsIjowfSwieC1tcy1wb2xpY3ktaGFzaCI6IndtOW1IbHZUVTgyZThVcW9PeTFZajFGQlJTTmtmZTk5LTY5SVlEcTllV3MiLCJ4LW1zLXJ1bnRpbWUiOnsiY2xpZW50LXBheWxvYWQiOnsibm9uY2UiOiJRVVJGTURFd01RPT0ifSwia2V5cyI6W3siZSI6IkFRQUIiLCJrZXlfb3BzIjpbImVuY3J5cHQiXSwia2lkIjoiVHBtRXBoZW1lcmFsRW5jcnlwdGlvbktleSIsImt0eSI6IlJTQSIsIm4iOiI1VGJJcFFBQXkybjRvcGl1MUFnZGlxV250S1ByRV9mdnJEUklEMHNFOXlrZ01SVE0wYmZpOUFvYlV6d1h2N28xVW10Z1ZxYWN6XzE3T01tanp1ZEdfMGdUTUs5TFVEbWk0YlNRYlR1SWZrOUphX2ZaWVRJLUZBamhFbVRoZFU1aUJldXg5ai1DNk1VbjdIVHZnOFZoTTZOYVcxNlQtUU5sczcyYm9YVTZzN28wcm9VT3NwSVVIRHdCSFJkczVWeXg4d29kUDJ1cF9XRjh5dDBReEV0SDdxa0MxSG11RFdoNWV1TVdBdm1mcWdKakxLb3hwMUhPRWZaNzNJMGFWSDFPNDBXMFZvdnoyb2Rpa1I5UnFwRFF3dnhwNjVCRHc5UmZwNlFTNFpYVUdyRlZKTjZSZmgxZmVrRmFkVkhlRGo1LWRvNTJ0MUhNMVJYZm16S1F1QVpQRFEifV19LCJ4LW1zLXZlciI6IjEuMCJ9.TzN-clXaEoH3fzV6o5Gl_ErVFFVGd9EgPxr54VrhX1D3KdogTtU_jgnoZU6XsxWYIAo5kEE1oiOj09mULf6PzEEmDqXg-v8qZlXu_vkxKNaB3K1D7ncVetb6pAZIjWgvByEXLUbSVxKAJ3_gLRVY4BJRJ7wZEyA-wJ-rqPzAN9ZOHnkUo7dXf4FCpR6CrnDcHqOF3WsmiomfM9uRVGlSOcivQOcVowTehM0IU5-3VXRX3KRLh5rtNsFfDF8claHt45WS5qT2n3TtZMwrM3kSrUS8-_G__EHBu7JkFKwWLZd2B_4g2LyWVbOhFznhKCv0j-cFvUlNY3YdNhqbU1EWlg
You can take this result and analyze it using a tool like jwt.io to inspect its contents. However, I strongly recommend that you keep these tokens away from third parties. The decoding process is relatively straightforward; you simply split the token into sections and perform Base64URL decoding on each of them. This process will yield the following results:
// Header
{
"alg": "RS256",
"jku": "https://sharedweu.weu.attest.azure.net/certs",
"kid": "dRKh+hBcWUfQimSl3Iv6ZhStW3TSOt0ThwiTgUUqZAo=",
"typ": "JWT"
}
//Payload
{
"exp": 1698208074,
"iat": 1698179274,
"iss": "https://sharedweu.weu.attest.azure.net",
"jti": "5782fcba41bdec5e44b295066bba6e26b341d982ac2013092c06c07020d8e034",
"nbf": 1698179274,
"secureboot": true,
"x-ms-attestation-type": "azurevm",
"x-ms-azurevm-attestation-protocol-ver": "2.0",
"x-ms-azurevm-attested-pcrs": [
0,
1,
2,
3,
4,
5,
6,
7
],
"x-ms-azurevm-bootdebug-enabled": false,
"x-ms-azurevm-dbvalidated": true,
"x-ms-azurevm-dbxvalidated": true,
"x-ms-azurevm-debuggersdisabled": true,
"x-ms-azurevm-default-securebootkeysvalidated": true,
"x-ms-azurevm-elam-enabled": false,
"x-ms-azurevm-flightsigning-enabled": false,
"x-ms-azurevm-hvci-policy": 0,
"x-ms-azurevm-hypervisordebug-enabled": false,
"x-ms-azurevm-is-windows": false,
"x-ms-azurevm-kerneldebug-enabled": false,
"x-ms-azurevm-osbuild": "NotApplication",
"x-ms-azurevm-osdistro": "Ubuntu",
"x-ms-azurevm-ostype": "Linux",
"x-ms-azurevm-osversion-major": 20,
"x-ms-azurevm-osversion-minor": 4,
"x-ms-azurevm-signingdisabled": true,
"x-ms-azurevm-testsigning-enabled": false,
"x-ms-azurevm-vmid": "A62EDC68-50A8-4D3B-AF75-870DB836A5B5",
"x-ms-isolation-tee": {
"x-ms-attestation-type": "sevsnpvm",
"x-ms-compliance-status": "azure-compliant-cvm",
"x-ms-runtime": {
"keys": [
{
"e": "AQAB",
"key_ops": [
"sign"
],
"kid": "HCLAkPub",
"kty": "RSA",
"n": "kBhGsAAAN6mhrqfUys0JR61OGGyhDWdO4CYYH_AvzUFPJdkVFxa6ECuYTy_OiWqJ_4GBhgsDOMPEjCLgHH3KVFmStoEryk_3z3Ww4cpJM8gzWyEz3zJ16eU59-K9gIogT_AXV_jlTCnJwMskPKr9wZLPmoDXzx3Q9MOLe6tPyDgb62Xxr4uERbj2bO-qVf55k2EfbKAm0z5PKgDe-TfzjkHOeacFyKqQgFq8AsiyUVTg6h-NPGZEQIx8n8JOEY1y7cUmeel7o3pxAUvQb-iNahuIv32GFdrLMm_JjEXux9oLV6VnhxYD0rBstQCT_RMHw5gTKlXLKulE3yi02_yGoQ"
},
{
"e": "AQAB",
"key_ops": [
"encrypt"
],
"kid": "HCLEkPub",
"kty": "RSA",
"n": "sdgXIAAA3MX0wPTPntnCrhqZKQmkwMchSlH3M3wxxcLgbof4QhE7rfs7ASqBVCoKCAgsbGLs4r4ISwGIsmtAjN-WmxJPoLOvLFrt9RHA5YI4dylA0hJVL4g9ES6SJok31XAmfEKGIubKyF_Iuc0QKom87R5CUPRM-bhA5rKM_ySPR_ik9Ksz9tqfPFd45nQlyzccnLOCI2Q6Lt0yWiPisoK7h44-s_Wn627_GT11FBpmhv5o_5U4gEaysXmdz83y_tsw4FcixpDkPyTmadTrk13Sxx745M5gPy7j_54bKR8Dyr2mcjrLKO6y4vxjzqWP_NSwkee5Zs6oMDWLaDbF9Q"
}
],
"user-data": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"vm-configuration": {
"console-enabled": true,
"secure-boot": true,
"tpm-enabled": true,
"vmUniqueId": "A62EDC68-50A8-4D3B-AF75-870DB836A5B5"
}
},
"x-ms-sevsnpvm-authorkeydigest": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"x-ms-sevsnpvm-bootloader-svn": 3,
"x-ms-sevsnpvm-familyId": "01000000000000000000000000000000",
"x-ms-sevsnpvm-guestsvn": 5,
"x-ms-sevsnpvm-hostdata": "0000000000000000000000000000000000000000000000000000000000000000",
"x-ms-sevsnpvm-idkeydigest": "0356215882a825279a85b300b0b742931d113bf7e32dde2e50ffde7ec743ca491ecdd7f336dc28a6e0b2bb57af7a44a3",
"x-ms-sevsnpvm-imageId": "02000000000000000000000000000000",
"x-ms-sevsnpvm-is-debuggable": false,
"x-ms-sevsnpvm-launchmeasurement": "56755d23556da1ed62c34b046ff509b08193fb277ead7de3a8c2d028857f424ccc4da55e92a8635a0212b8460c99534a",
"x-ms-sevsnpvm-microcode-svn": 206,
"x-ms-sevsnpvm-migration-allowed": false,
"x-ms-sevsnpvm-reportdata": "270b40113140246fa8f842e09086c2009bd179520e80fb68836d2d8b36ed31430000000000000000000000000000000000000000000000000000000000000000",
"x-ms-sevsnpvm-reportid": "1b4dc6b62b31ca55c46a5b2dce073e897876b327060b45f4c49fe17e84f67977",
"x-ms-sevsnpvm-smt-allowed": true,
"x-ms-sevsnpvm-snpfw-svn": 8,
"x-ms-sevsnpvm-tee-svn": 0,
"x-ms-sevsnpvm-vmpl": 0
},
"x-ms-policy-hash": "wm9mHlvTU82e8UqoOy1Yj1FBRSNkfe99-69IYDq9eWs",
"x-ms-runtime": {
"client-payload": {
"nonce": "QURFMDEwMQ==" // π At the time of writing the sample app does not randomly generate
// a nonce value but uses a constant string value "ADE0101".
// You can base64-decode this to see it.
},
"keys": [
{
"e": "AQAB",
"key_ops": [
"encrypt"
],
"kid": "TpmEphemeralEncryptionKey",
"kty": "RSA",
"n": "5TbIpQAAy2n4opiu1AgdiqWntKPrE_fvrDRID0sE9ykgMRTM0bfi9AobUzwXv7o1UmtgVqacz_17OMmjzudG_0gTMK9LUDmi4bSQbTuIfk9Ja_fZYTI-FAjhEmThdU5iBeux9j-C6MUn7HTvg8VhM6NaW16T-QNls72boXU6s7o0roUOspIUHDwBHRds5Vyx8wodP2up_WF8yt0QxEtH7qkC1HmuDWh5euMWAvmfqgJjLKoxp1HOEfZ73I0aVH1O40W0Vovz2odikR9RqpDQwvxp65BDw9Rfp6QS4ZXUGrFVJN6Rfh1fekFadVHeDj5-do52t1HM1RXfmzKQuAZPDQ"
}
]
},
"x-ms-ver": "1.0"
}
Next up, we will need to ask the Instance Metadata Service for an access token that we can use to authenticate to the Azure Key Vault instance that is hosting the key. The IMDS is a service that lives alongside your virtual machine and provides a ton of information about the virtual machine that’s calling into it.
π‘ If you want an overview of just how much information you can get from your VM, take a look at the IMDS documentation.
Calling the IMDS happens over a RESTful endpoint. We can combine Azure Managed Identity for this specific virtual machine and a role-based access control (RBAC) assignment on the Azure Key Vault to allow this specific VM to request the key to be released using the access token we got from the IMDS.
Entering Util::GetIMDSToken()
AKV resource suffix found in KEKUrl
IMDS token URL: http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://vault.azure.net
Response: {"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjlHbW55RlBraGMzaE91UjIybXZTdmduTG83WSIsImtpZCI6IjlHbW55RlBraGMzaE91UjIybXZTdmduTG83WSJ9.eyJ<omitted>.<signature>","client_id":"00b70883-2d5c-4d23-8875-5c4da1577040","expires_in":"86325","expires_on":"1698265599","ext_expires_in":"86399","not_before":"1698178899","resource":"https://vault.azure.net","token_type":"Bearer"}
Access Token: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjlHbW55RlBraGMzaE91UjIybXZTdmduTG83WSIsImtpZCI6IjlHbW55RlBraGMzaE91UjIybXZTdmduTG83WSJ9.eyJ<omitted>.<signature>
Exiting Util::GetIMDSToken()
AkvMsiAccessToken: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjlHbW55RlBraGMzaE91UjIybXZTdmduTG83WSIsImtpZCI6IjlHbW55RlBraGMzaE91UjIybXZTdmduTG83WSJ9.eyJ<omitted>.<signature>
As this access_token
contains some information about my tenant, I’ve opted to exclude its contents. Nevertheless, for your convenience, I’ve redacted certain details from the Base64URL-decoded response.
// Header
{
"typ": "JWT",
"alg": "RS256",
"x5t": "9GmnyFPkhc3hOuR22mvSvgnLo7Y",
"kid": "9GmnyFPkhc3hOuR22mvSvgnLo7Y"
}
// Payload
{
"aud": "https://vault.azure.net",
"iss": "https://sts.windows.net/00000000-0000-0000-0000-000000000000/",
"iat": 1698178899,
"nbf": 1698178899,
"exp": 1698265599,
"aio": "E2FgYBA+FSrCHt87Z79ld6zlippYAA==",
"appid": "00b70883-2d5c-4d23-8875-5c4da1577040",
"appidacr": "2",
"idp": "https://sts.windows.net/00000000-0000-0000-0000-000000000000/",
"oid": "03eb6268-eb34-45ba-84ab-501a7b6dd06c",
"rh": "0.AU4AbhIuQwC0HUq00sVe_Xj5hzmzqM-ighpHo8kPwL56QJNOAAA.",
"sub": "03eb6268-eb34-45ba-84ab-501a7b6dd06c",
"tid": "00000000-0000-0000-0000-000000000000",
"uti": "sMylI0BiQ0-IOrMJQolhAA",
"ver": "1.0",
"xms_mirid": "/subscriptions/11111111-1111-1111-1111-111111111111/resourcegroups/tvl-skrp2-blog/providers/Microsoft.Compute/virtualMachines/skr-cvm"
}
Now all we need to do is to add the access token as a “bearer token” to an “authorization” HTTP header and request for the key to be released!
Entering Util::GetKeyVaultSKRurl()
Request URI: https://skr-kvhlqxr3zi5bzck.vault.azure.net/keys/myskrkey/53ac0f0371594be490a0cb4a86934e54/release?api-version=7.3
Exiting Util::GetKeyVaultSKRurl()
Entering Util::GetKeyVaultResponse()
Bearer token: Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjlHbW55RlBraGMzaE91UjIybXZTdmduTG83WSIsImtpZCI6IjlHbW55RlBraGMzaE91UjIybXZTdmduTG83WSJ9.eyJ<omitted>.<signature>
SKR response: {"value":"eyJhbGciOiJSUzI1NiIsImtpZCI6IkFFMkRDQzc2NEJDNDhCMTkwRkE4Mjk2NDJGMTc0RDJEODkyMjgyMkYiLCJ4NXQiOiJyaTNNZGt2RWl4a1BxQ2xrTHhkTkxZa2lnaTgiLCJ0eXAiOiJKV1QiLCJ4NXQjUzI1NiI6ImdvU1NRdGxvTjBURFpkbGY4M3I2TC0wU29oSkEzajJKZU43aWU3WUtCZDgiLCJ4NWMiOlsiTUlJUlhUQ0NEMFdnQXdJQkFnSVRNd0RaTmpUYUxIOHhweHpTRXdBQUFOazJOREFOQmdrcWhraUc5dzBCQVF3RkFEQlpNUXN3Q1FZRFZRUUdFd0pWVXpFZU1Cd0dBMVVFQ2hNVlRXbGpjbTl6YjJaMElFTnZjbkJ2Y21GMGFXOXVNU293S0FZRFZRUURFeUZOYVdOeWIzTnZablFnUVhwMWNtVWdWRXhUSUVsemMzVnBibWNnUTBFZ01EVXdIaGNOTWpNeE1EQTJNVEkwTXpBeFdoY05NalF3TmpJM01qTTFPVFU1V2pCbU1Rc3dDUVlEVlFRR0V3SlZVekVMTUFrR0ExVUVDQk1DVjBFeEVEQU9CZ05WQkFjVEIxSmxaRzF2Ym1ReEhqQWNCZ05WQkFvVEZVMXBZM0p2YzI5bWRDQkRiM0p3YjNKaGRHbHZiakVZTUJZR0ExVUVBeE1QZG1GMWJIUXVZWHAxY21VdWJtVjBNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTU2TlZxMHdkMkJKVWRUdmlkMUp6S3hwRVlZT2s4elNOQ2xtVFd1QS9BaE5YL3NFTzFmcVU2bkxTcTdXRTBSSFltK1RsTGl2cWVpTkt0Y0FsN05uTjVtdjZKc0ZJNHVyMzJFMWdHSVJpSDFnSDNDM2ZITW16TTJNQTdnUjFCdEEya1FEeHptZVZGdWFOd2Y1dEdPZndWZUhTeFpJb21ENnE0cG1wQ3pnSXVIZ29tZjlxRzFGNVYya01WdlVsaGN2djNzeExQOG9qWHlROWp5cWpWL20vdjBML0VjeStkN215WTZMeVRQT0tKQmlUNEtjRm90ZVNuTENSV25kczZLeWcvMEQ2eTdNbGRTRS9DUmdqM3FEQ2RmY0MySGV6NC9FOE5jTDBLVENrN09mLzdqVXJwcmpoK2VKekMveUg4QzU3R0J6b0x1cFhINVBVUjdGQzdrM2hVUUlEQVFBQm80SU5EekNDRFFzd2dnRjhCZ29yQmdFRUFkWjVBZ1FDQklJQmJBU0NBV2dCWmdCMUFIYi9pRDhLdHZ1VlVjSmh6UFdIdWpTMHBNMjdLZHhvUWdxZjVtZE1XanAwQUFBQml3VU1kcE1BQUFRREFFWXdSQUlnTkdMUGU1WU5tSnRSdzhTUy9ITGdudFk1RU8wN0NRWUF6ajRKK3hTeXI3SUNJRGdoYWlndlYxM0d3YnJkUzAvUXgwZEg3SjVRT3o1Nzl5RXRtYW5BcTNFakFIWUEycmEvYXorMXRpS2ZtOEs3WEd2b2NKRnhiTHRSaElVMHZhUTlNRWpYKzZzQUFBR0xCUXgyOVFBQUJBTUFSekJGQWlFQWxwNENrWDBjczNXNmdReGs4dkFlbkJOcmJBSS8vWUF3TUttZmwvRXcyN29DSUZDSzdkNUVnMSttUjZGQUdYM0NkRzdkdXJsSHhsNVlUUXVQSVJvQzlKRVhBSFVBU0xEamE5cW1SelFQNVdvQytwMHc2eHhTQWN0VzNTeUIyYnUvcXpuWWhITUFBQUdMQlF4M2RRQUFCQU1BUmpCRUFpQllpazZuaWxudWNYamxPNklMZHBrWEpJSVI2cEwvZWRJRVlGM3l2Q2NqL1FJZ1RSK1JxR0c5L2Q2dzRRS2FnZk8vZ2duMFlnOTZoTlViVE5ZSUJRaitqa0l3SndZSkt3WUJCQUdDTnhVS0JCb3dHREFLQmdnckJnRUZCUWNEQWpBS0JnZ3JCZ0VGQlFjREFUQThCZ2tyQmdFRUFZSTNGUWNFTHpBdEJpVXJCZ0VFQVlJM0ZRaUh2ZGNiZ2VmclJvS0JuUzZPMEF5SDhOb2RYWUtFNVdtQzg2YytBZ0ZrQWdFbU1JR3VCZ2dyQmdFRkJRY0JBUVNCb1RDQm5qQnRCZ2dyQmdFRkJRY3dBb1poYUhSMGNEb3ZMM2QzZHk1dGFXTnliM052Wm5RdVkyOXRMM0JyYVc5d2N5OWpaWEowY3k5TmFXTnliM052Wm5RbE1qQkJlblZ5WlNVeU1GUk1VeVV5TUVsemMzVnBibWNsTWpCRFFTVXlNREExSlRJd0xTVXlNSGh6YVdkdUxtTnlkREF0QmdnckJnRUZCUWN3QVlZaGFIUjBjRG92TDI5dVpXOWpjM0F1YldsamNtOXpiMlowTG1OdmJTOXZZM053TUIwR0ExVWREZ1FXQkJRNGFVc2p0dFZQM1ZVaXhocVFFMVU4VG1HVCtEQU9CZ05WSFE4QkFmOEVCQU1DQmFBd2dna2tCZ05WSFJFRWdna2JNSUlKRjRJUGRtRjFiSFF1WVhwMWNtVXVibVYwZ2hFcUxuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTJZWFZzZEdOdmNtVXVZWHAxY21VdWJtVjBnaFFxTG5veExuWmhkV3gwTG1GNmRYSmxMbTVsZElJVUtpNTZNaTUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGQ291ZWpNdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hRcUxubzBMblpoZFd4MExtRjZkWEpsTG01bGRJSVVLaTU2TlM1MllYVnNkQzVoZW5WeVpTNXVaWFNDRkNvdWVqWXVkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoUXFMbm8zTG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlVS2k1Nk9DNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZDb3Vlamt1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5veE1DNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3VlakV4TG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk1USXVkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm94TXk1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqRTBMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2TVRVdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxub3hOaTUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpFM0xuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZNVGd1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5veE9TNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3Vlakl3TG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk1qRXVkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm95TWk1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqSXpMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2TWpRdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxub3lOUzUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpJMkxuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZNamN1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5veU9DNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3Vlakk1TG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk16QXVkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm96TVM1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqTXlMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2TXpNdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxub3pOQzUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpNMUxuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZNell1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5vek55NTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3Vlak00TG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk16a3VkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm8wTUM1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqUXhMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2TkRJdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxubzBNeTUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpRMExuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZORFV1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5vME5pNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3VlalEzTG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk5EZ3VkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm8wT1M1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqVXdMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2TlRFdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxubzFNaTUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpVekxuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZOVFF1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5vMU5TNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3VlalUyTG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk5UY3VkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm8xT0M1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqVTVMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2TmpBdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxubzJNUzUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpZeUxuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZOak11ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5vMk5DNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3VlalkxTG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk5qWXVkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm8yTnk1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqWTRMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2TmprdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxubzNNQzUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpjeExuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZOekl1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5vM015NTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3VlamMwTG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk56VXVkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm8zTmk1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqYzNMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2TnpndWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxubzNPUzUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpnd0xuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZPREV1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5vNE1pNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3Vlamd6TG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk9EUXVkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm80TlM1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqZzJMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2T0RjdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxubzRPQzUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpnNUxuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZPVEF1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5vNU1TNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3Vlamt5TG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk9UTXVkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm81TkM1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqazFMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2T1RZdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxubzVOeTUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWprNExuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZPVGt1ZG1GMWJIUXVZWHAxY21VdWJtVjBNQXdHQTFVZEV3RUIvd1FDTUFBd1pBWURWUjBmQkYwd1d6QlpvRmVnVllaVGFIUjBjRG92TDNkM2R5NXRhV055YjNOdlpuUXVZMjl0TDNCcmFXOXdjeTlqY213dlRXbGpjbTl6YjJaMEpUSXdRWHAxY21VbE1qQlVURk1sTWpCSmMzTjFhVzVuSlRJd1EwRWxNakF3TlM1amNtd3daZ1lEVlIwZ0JGOHdYVEJSQmd3ckJnRUVBWUkzVElOOUFRRXdRVEEvQmdnckJnRUZCUWNDQVJZemFIUjBjRG92TDNkM2R5NXRhV055YjNOdlpuUXVZMjl0TDNCcmFXOXdjeTlFYjJOekwxSmxjRzl6YVhSdmNua3VhSFJ0TUFnR0JtZUJEQUVDQWpBZkJnTlZIU01FR0RBV2dCVEhzcHgvSE9PNFd1L3BhQnFvWFpUQkpsSnFhREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVIQXdFd0RRWUpLb1pJaHZjTkFRRU1CUUFEZ2dJQkFBQ043c09KVlJBaVNucnFYWldaZHdLZzM0RmRqWHE0TjI2TG5tcWlMZld3cDc5RWdhdFEwZXlKeloyYnlZYVNQUk1Jc1p5WU1zNFNZVTVNbC9rQWRRNmcvbFdVdy9LMEtDZzV3RzRvazV0cHVPamhLVE9mTzR2VzhYZS96UlRGcFZUd1p4amx4cllHTStGNEtYUUlmVTVVQTN3cGliNW40Qjl6K0hFTW42dk9qUnUvdWw1TlRVQVFoVFJUQ2pQalZEUzZhUWpyK0gzQmtrdUM0MG9OcEpwU0lQTm9NY0FiQW1ocnIvVlFtREM2WmYvTWlRVTVCdzIvdTZZb3h1R1Zab0RMZ1NaV2xCZWx6cnNFaUxRZG8rNm1TT0p5Vm5OMGZrSzdHOXQ0anJmQmRlZW01cnlzcTIxVk9OeTU4ekNMSjRqblZnUnlVd2NXZmVQOWtSMWNyOTd1bDNLc1huSkZKSGphRXJ6dUZnR3dmb29URUliam9Ba1h2QUszNzQ5TWovMDE0WjRwTkRYckcwbkJEWUlYS1VsN1ZWSGt1N253WmZ3a3BtQXk0OFc5MGhMR1RlcHh3Nnpyc0dacTBzYzErc29raW40OVJPYXVYV2ZXZWpWUTNIbzNld2lTQ0pKNFlyWS8zZTdvSHJYQ1V1WEJ0eFkvMzBaUUt3a2xhV2QwL1VZSmx1Zjd1bit5MERkQlc2V3FadkJRUTdtblZITTU3OHNSVFF1MWV6a2VuTVk0aG1qQlR1bE1lSHJyb2pZVk1VcHdWUVprQWlXTFBrRnRoVjFhMUdIYnJaWFpHMndQUDljcldqdjAxVldzcFg1Ri9jazR0Tm1KUEptVVZ5SHRQQnlFVUVwcmVTd05KUE1sbHJFQW5sN2Z0ZUZxMForL0o2K0FxQXNXdWJPMyIsIk1JSUY4ekNDQk51Z0F3SUJBZ0lRRFh2dDZYMkNDWlo2VW1NYmk5MFl2VEFOQmdrcWhraUc5dzBCQVF3RkFEQmhNUXN3Q1FZRFZRUUdFd0pWVXpFVk1CTUdBMVVFQ2hNTVJHbG5hVU5sY25RZ1NXNWpNUmt3RndZRFZRUUxFeEIzZDNjdVpHbG5hV05sY25RdVkyOXRNU0F3SGdZRFZRUURFeGRFYVdkcFEyVnlkQ0JIYkc5aVlXd2dVbTl2ZENCSE1qQWVGdzB5TURBM01qa3hNak13TURCYUZ3MHlOREEyTWpjeU16VTVOVGxhTUZreEN6QUpCZ05WQkFZVEFsVlRNUjR3SEFZRFZRUUtFeFZOYVdOeWIzTnZablFnUTI5eWNHOXlZWFJwYjI0eEtqQW9CZ05WQkFNVElVMXBZM0p2YzI5bWRDQkJlblZ5WlNCVVRGTWdTWE56ZFdsdVp5QkRRU0F3TlRDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnSVBBRENDQWdvQ2dnSUJBS3BsRFRtUTlhZndWUFFlbER1dStOa3hOSjA4NENOS25yWjIxQUJld0UrVVU0R0tEbnd5Z1pkSzZhZ05TTXM1VW9jaFVFRHp6OUNwZFY1dGRQekwxNE8vR2VFMmdPNS9hVUZUVU1HOWM2bmV5eGs1dHExV2RLc1BraXRQd3M2VjhNV2E1ZDFML3k0UkZoWkhVc2d4eFV5U2xZbEdwTmNIaGhzeXI3RXZGZWNaR0ExTWZzaXRBV1ZwNmhpV0FOa1dLSU5mUmNkdDNaMkEyM2htTUg5TVJTR0JjY0hpUHV6d3JWc1NtTHd2dDNXbFJEZ09iSmtFNDB0Rll2SjZHWEFRaWFHSENJV1NWT2JnTzN6ajZ4a2RiRUZNbUovenIyV2V0NUtFY1VEdFVCaEE0ZFVVb2FQVno2OXU0NlY1NlZzY3kzbFh1MVlsc2s4NGo1bFVQTGRzQXh0dWx0UDRPUFFvT1Rwblk4a3hXa0g2a2dPNWdUS0UzSFJ2b1ZJalU0eEowSlE3NDZ6eS84R2RRQTM2U2FOaXo0VTN1MTB6RlpnMlJrdjJkTDFMdjU4RVhMMDJyNXE1Qi9uaFZIL00xam9UdnBSdmFlRXBBSmhrSUE5TmtwdmJHRXBTZGNBME9ydE9PZUd0cnNpT3lNQllranBCNW53MGNKWTFRSE9yM25JdkoyT25ZK09LSmJEU3JoRnFXc2s4LzFxNloxV052T056N3RlMXBBdEhlcmRQaTVwQ0hlaVhDTnB2K2ZhZHdQMGs4Y3phZjJWczE5bllzZ1duNXVJeUxRTDhFZWhkQnpDYk9LSnk5c2w4NlM0RnFlNEhHeUF0bXFHbGFXT3NxMkE2Ty9wYU1pM0JTbVdURGJnUExDUEJiUHRlL2JzdUFFRjRhamtQRUVTM0dIUDlBZ01CQUFHamdnR3RNSUlCcVRBZEJnTlZIUTRFRmdRVXg3S2NmeHpqdUZydjZXZ2FxRjJVd1NaU2FtZ3dId1lEVlIwakJCZ3dGb0FVVGlKVUlCaVY1dU51NWcvNitya1M3UVlYanprd0RnWURWUjBQQVFIL0JBUURBZ0dHTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQVNCZ05WSFJNQkFmOEVDREFHQVFIL0FnRUFNSFlHQ0NzR0FRVUZCd0VCQkdvd2FEQWtCZ2dyQmdFRkJRY3dBWVlZYUhSMGNEb3ZMMjlqYzNBdVpHbG5hV05sY25RdVkyOXRNRUFHQ0NzR0FRVUZCekFDaGpSb2RIUndPaTh2WTJGalpYSjBjeTVrYVdkcFkyVnlkQzVqYjIwdlJHbG5hVU5sY25SSGJHOWlZV3hTYjI5MFJ6SXVZM0owTUhzR0ExVWRId1IwTUhJd042QTFvRE9HTVdoMGRIQTZMeTlqY213ekxtUnBaMmxqWlhKMExtTnZiUzlFYVdkcFEyVnlkRWRzYjJKaGJGSnZiM1JITWk1amNtd3dONkExb0RPR01XaDBkSEE2THk5amNtdzBMbVJwWjJsalpYSjBMbU52YlM5RWFXZHBRMlZ5ZEVkc2IySmhiRkp2YjNSSE1pNWpjbXd3SFFZRFZSMGdCQll3RkRBSUJnWm5nUXdCQWdFd0NBWUdaNEVNQVFJQ01CQUdDU3NHQVFRQmdqY1ZBUVFEQWdFQU1BMEdDU3FHU0liM0RRRUJEQVVBQTRJQkFRQWUrRytHMlJGZFd0WXhMSUtNUjVIL2FWTkZqTlA3SmRldStvWmFLYUl1N1UzTmlkeWtGcjk5NGpTeE1CTVY3Njh1a0o1L2hMU0tzdWovU0xqbUFmd1JBWit3MFJHcWkva092UFlVbEJyL3NLT3dyM3RWa2c5Y2NaQmVibkJWRytETEtUcDJPeDArallCQ1B4bGE1Rk8yNTJxcGs3LzZ3dDhTWmszZGlTVTEySm03aWYvampraGtHQi9lOFVkZnJLb0x5dER2cVZlaXdQQTVGUHpxS29TcU43NWJ5TGpzSUtKRWROaTA3U1k0NWhOL1JVbnNtSW9BZjkzcWxhSFIvU0pXVlJocld0M0ptZW9CSjJSREs0OTJ6RjZUR3UxbW9oNGFFNmUwMFlrd1RQV3JldXd2YUxCMjIwdldtdGdaUHMrRFNJYjJkOWhQQmRDSmd2Y2hvMWM3IiwiTUlJRGpqQ0NBbmFnQXdJQkFnSVFBenJ4NXFjUnFhQzdLR1N4SFFuNjVUQU5CZ2txaGtpRzl3MEJBUXNGQURCaE1Rc3dDUVlEVlFRR0V3SlZVekVWTUJNR0ExVUVDaE1NUkdsbmFVTmxjblFnU1c1ak1Sa3dGd1lEVlFRTEV4QjNkM2N1WkdsbmFXTmxjblF1WTI5dE1TQXdIZ1lEVlFRREV4ZEVhV2RwUTJWeWRDQkhiRzlpWVd3Z1VtOXZkQ0JITWpBZUZ3MHhNekE0TURFeE1qQXdNREJhRncwek9EQXhNVFV4TWpBd01EQmFNR0V4Q3pBSkJnTlZCQVlUQWxWVE1SVXdFd1lEVlFRS0V3eEVhV2RwUTJWeWRDQkpibU14R1RBWEJnTlZCQXNURUhkM2R5NWthV2RwWTJWeWRDNWpiMjB4SURBZUJnTlZCQU1URjBScFoybERaWEowSUVkc2IySmhiQ0JTYjI5MElFY3lNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXV6Zk5OTng3YThteWFKQ3RTblgvUnJvaENnaU45UmxVeWZ1STIvT3U4anFKa1R4NjVxc0dHbXZQckMzb1hna2tSTHBpbW43V282aCs0RlIxSUFXc1VMZWNZeHBzTU56YUh4bXgxeDdlL2RmZ3k1U0RONjdzSDBOTzNYc3MwcjB1cFMva3FiaXRPdFNacExZbDZadHJBR0NTWVA5UElVa1k5MmVRcTJFR25JL3l1dW0wNlpJeWE3WHpWK2hkRzgyTUhhdVZCSlZKOHpVdGx1TkpiZDEzNC90SlM3U3NWUWVwajVXenRDTzdURzFGOFBhcHNwVXd0UDFNVll3blNsY1VmSUtkelhPUzB4WktCZ3lNVU5HUEhnbStGNkhtSWNyOWcrVVF2SU9sQ3NSbktQWnpGQlE5Um5iRGh4U0pJVFJOcnc5RkRLWkpvYnE3bk1XeE00TXBoUUlEQVFBQm8wSXdRREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTRHQTFVZER3RUIvd1FFQXdJQmhqQWRCZ05WSFE0RUZnUVVUaUpVSUJpVjV1TnU1Zy82K3JrUzdRWVhqemt3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUdCbktKUnZEa2hqNnpIZDZtY1kxWWw5UE1XTFNuL3B2dHNyRjkrd1gzTjNLaklUT1lGblFvUWo4a1ZuTmV5SXYvaVBzR0VNTktTdUlFeUV4dHY0TmVGMjJkK21RcnZIUkFpR2Z6WjBKRnJhYkEwVVdUVzk4a25kdGgvSnN3MUhLajJaTDd0Y3U3WFVJT0daWDFOR0ZkdG9tL0R6TU5VK01lS05oSjdqaXRyYWxqNDFFNlZmOFBsd1VIQkhRUkZYR1U3QWo2NEd4SlVURnk4YkpaOTE4ckdPbWFGdkU3RkJjZjZJS3NoUEVDQlYxL01VUmVYZ1JQVHFoNVV5a3c3K1UwYjZMSjMvaXlLNVM5a0pSYVRlcExpYVdOMGJmVktmamxsRGlJR2tuaWJWYjYzZERjWTNmZTBEa2h2bGQxOTI3anlOeEYxV1c2TFpabTZ6TlRmbE1yWT0iXX0.eyJyZXF1ZXN0Ijp7ImFwaS12ZXJzaW9uIjoiNy4zIiwiZW5jIjoiQ0tNX1JTQV9BRVNfS0VZX1dSQVAiLCJraWQiOiJodHRwczovL3Nrci1rdmhscXhyM3ppNWJ6Y2sudmF1bHQuYXp1cmUubmV0L2tleXMvbXlza3JrZXkvNTNhYzBmMDM3MTU5NGJlNDkwYTBjYjRhODY5MzRlNTQiLCJub25jZSI6IkFERTAxMDEifSwicmVzcG9uc2UiOnsia2V5Ijp7ImtleSI6eyJraWQiOiJodHRwczovL3Nrci1rdmhscXhyM3ppNWJ6Y2sudmF1bHQuYXp1cmUubmV0L2tleXMvbXlza3JrZXkvNTNhYzBmMDM3MTU5NGJlNDkwYTBjYjRhODY5MzRlNTQiLCJrdHkiOiJSU0EtSFNNIiwia2V5X29wcyI6WyJlbmNyeXB0IiwiZGVjcnlwdCJdLCJuIjoic2VZWTRrQnUwVzI1ZU1WWGpvdTFHVWFEN20zc2pnQkhLY3BLamJlVENVQjN2VTFFRk1tYkY0VHhaZ1l0ZHloWjc5Tjc1Si1kZWFnZlRiU0RsNjJOZ0xYSjNQck5odXR3VWthNFZLTzVwTVB0R2N4LVdxMmVYTDg5c1N1MTlkN1JXd1p1QmZwdnJYVU1sdDkxSExPM05xS2pXOFQ5eUhBRE4yRDBCUEc2bG1JVlRxUUdUdEx1SEFTN0pzZ2tMSl9tQ2x3UEJOTUJNcmUtaFRJbW5uRXJ1T2o4RGtyUG9rbnNzUElnR2o2eF8wVHJMbUZ2X0R6a0tENnhFYjdiMm9ocTVPeTMwOWFjWlpNUHdWY2dvLXI5MXFzVE4xUG9YdkpxV2J3NVpHYXJhU0tudmdoY1ZSa3lfX0lVT29ITERmTF9YSWxjOW5BMHRQMW82eW5jZEJWYUNqT1ZmU2dKZk5nQmFyMFVWOGZrWjhTeVc3OW56NGYwVC16Q3hYdzNFQldjakktVlJrWVFTQllPVkNvMFdxd09FWXh0VGx0ZXJpRXZmaXdZanR0ak10ZmxrOFFKOU5qczhacTdZUUo2RVgzVHFlRDNkTFNJSi1mUHJuaHlvNjB0Z3o3X2hxUHR5cWZvbE1sZnRDbFV6SGR4X1JRZXdydTBBTXpPN2JUVk94R0J2VkhDb0RTUjBoZHhUUVkzR1BORElJZVlJZjBMM3lrNUxyM1ExNXk4a0lTblotR1FkTWhERV9uUDF2ZEI1RE90cXJWSDVod2FwT2xhZlp5ZnhVNG9oeWJNQ0R2V2V0SVFwTmxPWUcyZnBBX0FXbEx0V2hUS3J0MDdFSXZfa3cySnVHTHdZRlV3MVJWVXpOeEU2UGhTN0M3V01fTmNxRG1mSk8wZmpiZ1ExdjgiLCJlIjoiQVFBQiIsImtleV9oc20iOiJleUp6WTJobGJXRmZkbVZ5YzJsdmJpSTZJakV1TUNJc0ltaGxZV1JsY2lJNmV5SnJhV1FpT2lKVWNHMUZjR2hsYldWeVlXeEZibU55ZVhCMGFXOXVTMlY1SWl3aVlXeG5Jam9pWkdseUlpd2laVzVqSWpvaVEwdE5YMUpUUVY5QlJWTmZTMFZaWDFkU1FWQWlmU3dpWTJsd2FHVnlkR1Y0ZENJNklqSm5TVWcyT1VWdFNsRlVPVE4yVDJ0RGNGWm1PWG93YW5CWWRUQnJTMkZqV21GalJEWldTakJCTmkxSlZUVjBTamM0VkVvMGRqUnZPRTlOVlVFeFgzRTBWRXg2U1dKcWJUUTRaVVJoZVROM2MwdEpOMmxUV1RSRk1HRnZkRWg2UVVJM1RuVndWVlpIYTNCTU4zTTFNekpmY0VjMVFsRmlUazl6TURCNWJrNVVaV2t3TVdoU1IweERUbFpEVEV4bVpXTTRiSFJ1TVZSWllUWnVhWGsxVUVGb2F6ZG5hR3hvVFdKalVEVkZXV3R3VFhONk56UndRbTFuUTNRNE5teDVlVEJWYVRGZmVXbE5PVkZ4ZDBoR2FIQlBhMnRHZGxoUFEzWmtZM1JPVVdFd09GWkNOMXB0Y2xodWNrTkJUa1pIYUdkWFNIaENUVGx2Y0hoalUybHpaWEZOTkZKQ1pqbHhhRkJNWmpobExUbGxkUzFaVmxkS016TmhiblZQU2s1bFpVZDNTMUJaVDE5ZmNtbGpTV1Z1U21oS1FVZHZlVWs0TnpFMVVVTkRkVUUwVTNVME9XOUJTbmd3TjFGdmNEVlRkVE5rU205NFJqRktRVnB1UzNSTk1YaEJVMlprVmxnMFZIQlJaWEJOU2poNVdIYzBMVWhIWVdaaU5HNU9kR2hWV1VkME0weGlYMDgwTjJkRFozWjNVVkZWTVhCNFdGZ3hTVUpOUlRsUlJIaG1iazlXV0VjMldqSmtPVTVLVjJ4VExXMUNWVlJXVldwM2RWTnBRVkkxWWpOaGRIRnhVMnBuV25aTVpIRlBOVTFwWTNaNk5HMVBkVmhIYVcxb2NIZ3dWak10VlU5cldHRk1jV1k0Wm10MWFHOHhRVzF6WmxOelZtdHhhbXh1Y0RObWFHcENUWE5SUkZoMk5IWjJWek5ETnpOUlJsTldZVjloV1ZaeFJEVkNXRWhwZVRadk5rOU9hMVp0WW5Vd1ZEZEhSalJ4ZUdOVlVFWXpaVkk0UjNsMFIwcHpiblJZZVdwWU1qUXlPVkZEUkRkR1J6SmZRbUYzUzA1WlVHTmFjRWR0ZGtVdFJFWlZiamx3TVRWamMwVmthRXB0WlU5SVlrMUdVMTk1UjFvMmRsRjNibTE1V1hkRWR6QjZSM1ZxV21SMlNEWkhjRUpEVFdkM1pGcDZYemg1VTBZd1lreE9hRkY1ZGxWUU5ubG1RMWd6U25CNlMxYzNVVU5CY1U5dmFIaG1UakJSVEVaQmJ6QlFXVWRxWVhSM2VEWjJhR1UwYnpsTGRUZ3pPRWs1Tm1wcFlUWTJabDlIWWtKck5YbEdlbXhsTXpOTlVIbG5XV1p3Vlc5aFExZ3hSbXgzT1RCMmRrZDVXRzh0Ym5WeVdHdDNhM2wwU1ROYWFYZGliRkoxVTNWcmFYcEhiRUZaY3pOZlNuY3hjMlJQVW5sZmNuRkxNbVZpV0ZWYVdrMWpaRm8yY1dKaFNqZ3RlVk5RYUVrMVlqQmZaM0ZXUWtscE9HVlBSRWM0ZUhwWk4wUnRUSEZYYkVKQ1ZXbG9lV3BFZFZSU1IyZEdibk5zU1dwcWFXOVlXbmRwUldGZlJDMUxNemhHUms5TFEzSnZSVE5rZVZGdlNVdHRlSGcyYzFoTlptbDNWRUppVVRBd1MwSktiVkk0YldabmRIZHZWR3RyZWpsTFFrUlVRaTFtVEhwQ05GWlhPV1kyZVdOa2IzVnlPVUpUUzJ0TlZFbFFTMUZtTVdKWWFVRXRNMFprT0ROMFNFeGxVMlJNV1VOMWVWbFFTa3R1UmtVd0xYVnZjRkZETTFveFdqRjZjMGxSUlZvNGEwaHRYMHd4V1c1VU1tVkJYM1pUYWpSYWNVVkdSVE5XYWpjemFsODVlbVZUV0dGdU1tRktRVU5pTVZwS1pqTnhaV0ZWTmsxUGVqWkxWaTFWV0dSWmVWUk9TalY1YzJKMk9Va3RkRzFwT0RSNlduTkdOWGhGUlc1M2JqQk1iREJMY1dvdFRIWmZSRkZSZEdaalNYVlZkbVpaYTBKdFFXb3hZamt5VDNGMFpXMXFhME5qWlZVMVZHVnBOVU5ETkdkVE9WRkhRMnRwVVRSTE9VVTJhQzFLU21GWVkwSlBTQzFNYkZKdUxXRnlWREpuZDFsTFUxOWxWWEV0UTFOMFdGOUljRjlEU1RZMWJYRlJialozVmtGeVlrVk5jVVZpZDNaaFJVMXplVlJHVGxWb2NVUjFSelUwUlRWdlJWSTJlbTkwTVZsTFJGa3pURUk0YjNCaU56aGlVR2s0WkhSVWRWUTRaemxHTW0xQ2FXcEtURUZKYWxsMVNEa3pTRXRhWmsxbmJWSlpSRU54YUZvMVF6aFRPV2xQTFdSNVFVTlllWFZ2ZWpkM01VeFBibWhTTkZZeWJuVTViVzh0TTI5a1FqbHpOa2xqYURoTUxWcGlTWGh4TkdwWmFqbERaVWRGV1ROd05qVnRjQzFLVmpBd1NrVldXakpNTXpoWldqVlZNRm95Y1ZCVFRUZFhNM0Z1WlRkNE9XOTVVWGxGU2xkWlRURXpMVFZUUmpKT1VXZElYMkYwVlhOYVRFaEdNbFJzUmtOa2RGUjFkVU5YV0d4MVRUaENkR2x2Tld0dVJrUXRSVjluTFhCeFRHZG1TbnBxV0ZCWGVpMHRTMjQwVG5VM2JubDBka1p2WnpkMFZrSnBNVUp1UlMwemNYYzFNa05rWkc5WU1WWklUWFJ0Vm05SVRVODVRVVowTkRsNVpqQnpValJJYVZORE4wcENObGN5YmxsdWJpMTFkM2d0ZUVnMlYwWkNkWGRRYmpCT1FUQnllVFZNWVZOVFJub3dhamRsVG10TGQybE5TMnRGYWtkVlozQXpjV2RSUmxsNmNuWlZSbFpYUjFaalVVZzRaVmh2WWpoUlNXTTFSMnAzUVUxNWIwRmFOMU5yVDFWSExXRmhkbkZaVW5KbVNVZFViVU5uYUVKWmVtbExZME5vYm1ReFdXc3pNREZ1VjJ0aVRrUXdjVGRxUkRFdE5XbEZSVVJ3WkVSdE5YRmtjM2t6UTJGdVF6TldOVGN6UVdOWFdFbG5RVEZHZFhkVlZXY3hRamxUWTI1MGVWOTRWV0p4V0dGcVJVRXRaa2hLU1MxT2QwZzRaMGg0Ym1OTmJXUllhMUpZUm5OckxWTXlURGwwUTFJMU5tOVJiMDFJZW1GdFZYaFFUMU10VFROdllrVnlla3BoVFhJM1pXZEpORzgwYlVSVFN6QjJURmg2UkZaaU4yRmhWa0ptVm1RMGFrWndhemhRY0hKVVJtUklSakpTVEZOMkxXUnlWbnBZVmxGQ2NXRnhhWGhMZGpaV2NFOUNPR1pDY0V0cU5qYzJXVVI2Y1Vaa01FYzNOR0l5Y0ZSMmRHWTVXa2xqWXpCTVoyTjFUM0ZMT0dsNE1FbG1RMlpwUlhoSk56UmpWbEpYYVU5TWRGazRTbFZqYVRKRlIwUnJUSEJuVVZkMk5XZzRPRk15WTJOWlVHWmhOMWxxWW1kVFdYQTFaV2hRT1V0clpFVmZiek5TWDFWb2RuVjNhM2N4Y2psSVVsOTNRMUpNVmtneFIxTm1jVEF4TW5Sbk5WSXdiMkY2VERZdFNEazBTVW81T1c1R2NFa3lUMGh3ZVVsd1dFRnJjRGRZUldkaGFuRjNURnA1UWt4V01YRllNVmd3WWs1dVYxQldNRTVTV1ZabmRUUm5ZMGxUU1dacWNXWlNWRkJIWDNkbmNtVmhjVzFST0RKcWRIbFhhVGg0Tm1vNVlrVjRkVk5wUkhNMU0wNTBZWGRSVFdkWU5tNUJTVzVHWm1Oa1dITllUVXBSUjA5WGFWUnBkeTF4VW14UVVXRnBjWE5VUWxCU01pMVhZaTA1Um1Kb2Nqa3RlRFV5ZG1SNmRGSnpXVmwzVjJweFMxWm9ka3hWYjJRMlRHTjJTa1JVZVVWWlNHVm9MVkpzUmpJM1F6VkdhbFZKTm1FMmJUTjVSakJuVlRCZlFscFRkM1pFWjJka1p6ZHplbVJCWjFkMVl6VmphMnBRUW1vMVlVTm5iMkZ3VlU5SlpsSm9lVmx3WTI5QmRtNTFXVzl1UVZSa1NrRnhVR013TjB4bE1XOVBNMk5xYVc1SU5WZGZPV1l4V0RObmFEVlJlSGx6VlZkTmJXcDNOSE5uYVd4U2RUaHlNbFJEUWtaQ1h5MUZZbTVaVFVZMVZFbHRkUzE1V21Gd1VHMVJRMUl4U2tKcmJUaGhObDlwVTFSRGJrWnpUMmhmY1hCSk5sVktWRE42TURCYWJYbDRRMnBPVEU5VWMxWlFVVU5WUm1veldrZDVXVEJUVGxWdWJGcDRjMHR3T1V4UGIyNWZjR1JWYlRCVmNsRlZjbTVxU21wTmJXSnZXR2RWYXpZMFVYTlVVa1F6YkhJMGQyWTJTVTkwZW1kcFFsQmxSM0oyYkd4cFZrVndUMGd4WHpoUVVXa3RXVWQwTkZWcVgwSm5MVlpzVEhKc1lXNHhaSE5rZW5rNWFITTJkV2xaTkhsSlIwRlpUR0o2T0RWWGFYcG9jR2RZYWtSeVNHNUhVMGs1V1ZWb2NVcElPRGxoVkVGSlVUVjRabnBDZDBKbVgzRlRWa2RuZG10SlpYb3dSV00zTVZOVVZrSnRjVm96WW5sT2NWQm5TRFZEZDFaVmVtOVFNMjA0UjBWUlVEZ3RUazlyZUVOelZHVkJTR05PTjAxNVNuSlRZVmszTkd0NmJtbFFVVEJZY1ZoRlRURTRiVjlrY1dWWE1qbEpiVVZYTkZwYWNVeEJWMWRWU1cxNWVWODJURXh0TjBOeGVrbE9ablpNYzNkWldITklOM2czWTJwWVZYaEZVWFl4UlZwaGNtNXhRME5KWkZwaE4zcGplblpzVFdJdExWTm5URzlrZVZFdFZHaHlka1JyTTNGbWJsZzFZazR6WkVoZk5XeExiRzlUVVdaaFQzVnhTMU4zYXpKZk4yZG1VMFJLZDJWNGQxbFVSV0YwVjNWV2NWbG5kR3RFTXpkMVZUUkpOWEJGWjNodU5tdFdVbXhIZDJsb1VUVXRjVXhoVFdadVpYWnBRbFEwTVROQmFtbE9ZVTkyUVd4ZlMxaGFjVzVSYXpsWVZXbEZWbTR4UTBKcGMzZE1WVjltZW1oM1VXRkplSGhaVFZCSk5XOWpiMWcwUnpCV1oxZFJYMVozWDJ0eGRXWm5jRTVKZVZZd2JYUTJlbTlhWVV4NldGSm5jVWhRYlc1blowOHlXbkJ4V1ZSdU1tMXpTWEJKVm5KalFsWlNVVEo2VkMxT1ZuUjZOR1J4WVRVM1RHdDNPVlJhVkdwU1RtZHRYMVV0ZEY4NGVVVlJjV3REWjNKa1NXbGZNWGsxVkRsbWFFdDRXVGN3V25relNHczJObk5MTlROQ2FsOU9jVmQxUjFoTVJUbHJSMTltZG1WeWVWQXdlbTVrZGpKT1pIZGFkRTFTYm1oRVlXUnlNbFZhVVdzMWRXODRlVUpVT1dwQ1puQnZRbmMyVTJGQ2RVVm5TM05MTlVkaGRYaEVVRVZ4YW01dmJHa3RjWG8yVWxoSE0xbE5kVU5TWDFoRFMzUmxkM2x5UzNkSGRFaFpVVXBWZEV0clZrSkVXV05yTXpacE1GZE9hakpuZG5SRGJtOWxla2s0Y3podGEwOUhTVWRNU210M1UwbHlZV2gwVWxGMk1UQlFMVE5GY21KNGJWZ3pNa3c1UW1wWldHWm1OM1pFTjNKdVNsVjROMWxZTXpVd1JVVlZRa3hMV0Vrd2JHOTNVVE5qZVRsVGRqWnRNWFZyV0RKMFkzb3RTMWN0Vm5wNFVTMWljbE52UlRGdWMyUnBkSFo0VkZwYWExTm5kSEJpZVZaWldEUTBiMmhOTVc1dGJsOHdUV3BOWmt0WmEzUnNTMjE0WVcxR1ZrODFibEJXVkZSVlJXUlZURll3UjJGNFFuTnBSbTVXY1hKZmNYSkhXSFpXVFd0MU5XZzBOVEZyV0RSeldYWk9YMVJuT1RGeFRqQXRTbUl6VVhoaFNrcGFZMHh0V0RWbFdGWTJPSFZyYUdaNWFUaFZiVUUwYlVWaldYbHJZMlJRTFVNd2JqWldkRUpSTldReGRISXphME5rWWs5RFptdFFibE5HY0hkUmNXWjRXblJ5TjAxQlFWQkdjMEZIY25BeFRVaHdXSFoxYW1KVFIyVjRUalExZVZaSlFrbDVYemR6Wmw5VmVsTm9Vbmd6UlRobFdrSWlmUSJ9LCJhdHRyaWJ1dGVzIjp7ImVuYWJsZWQiOnRydWUsIm5iZiI6MTY5ODE3ODc4OCwiZXhwIjoxNzI5NzE0Nzg4LCJjcmVhdGVkIjoxNjk4MTc4OTE2LCJ1cGRhdGVkIjoxNjk4MTc4OTE2LCJyZWNvdmVyeUxldmVsIjoiUmVjb3ZlcmFibGUrUHVyZ2VhYmxlIiwicmVjb3ZlcmFibGVEYXlzIjo5MCwiZXhwb3J0YWJsZSI6dHJ1ZX0sInJlbGVhc2VfcG9saWN5Ijp7ImRhdGEiOiJleUoyWlhKemFXOXVJam9pTVM0d0xqQWlMQ0poYm5sUFppSTZXM3NpWVhWMGFHOXlhWFI1SWpvaWFIUjBjSE02THk5emFHRnlaV1IzWlhVdWQyVjFMbUYwZEdWemRDNWhlblZ5WlM1dVpYUWlMQ0poYkd4UFppSTZXM3NpWTJ4aGFXMGlPaUo0TFcxekxXbHpiMnhoZEdsdmJpMTBaV1V1ZUMxdGN5MWhkSFJsYzNSaGRHbHZiaTEwZVhCbElpd2laWEYxWVd4eklqb2ljMlYyYzI1d2RtMGlmU3g3SW1Oc1lXbHRJam9pZUMxdGN5MXBjMjlzWVhScGIyNHRkR1ZsTG5ndGJYTXRZMjl0Y0d4cFlXNWpaUzF6ZEdGMGRYTWlMQ0psY1hWaGJITWlPaUpoZW5WeVpTMWpiMjF3YkdsaGJuUXRZM1p0SW4xZGZWMTkiLCJpbW11dGFibGUiOmZhbHNlfX19fQ.D9NNPhlppZxl00R6hV8lFeZhRHpjQYkXA0-J2hdmXnWTXY9RtN1Wtdw1IG2ThyOt2pFVbY10r8Wbc7TzedpxGOZL6Lkou5KtZLe1GShRILkj-Wl_MtoNM5t2G32TUTY2V-RGk6n0ZcZiCb26YLxKUFg5-Vd8nL72DIfSNNstkOLy7gVGDt4CJy_V3mrIBkNmg4RRMuTIyC0QSvFfoWBE6WxUgGYafM0JmiJPDjpWqGSvVQQsOL7nDjiCfpz8rNJb-uP3_oeLKafr8malvtyzwNfom5-BGGfy-9m-W68X7oooHQS8hD2enZS4mi31QHoNIsiJtFbzNgHIuZ2SfU7uvw"}
Exiting Util::GetKeyVaultResponse()
SKR token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkFFMkRDQzc2NEJDNDhCMTkwRkE4Mjk2NDJGMTc0RDJEODkyMjgyMkYiLCJ4NXQiOiJyaTNNZGt2RWl4a1BxQ2xrTHhkTkxZa2lnaTgiLCJ0eXAiOiJKV1QiLCJ4NXQjUzI1NiI6ImdvU1NRdGxvTjBURFpkbGY4M3I2TC0wU29oSkEzajJKZU43aWU3WUtCZDgiLCJ4NWMiOlsiTUlJUlhUQ0NEMFdnQXdJQkFnSVRNd0RaTmpUYUxIOHhweHpTRXdBQUFOazJOREFOQmdrcWhraUc5dzBCQVF3RkFEQlpNUXN3Q1FZRFZRUUdFd0pWVXpFZU1Cd0dBMVVFQ2hNVlRXbGpjbTl6YjJaMElFTnZjbkJ2Y21GMGFXOXVNU293S0FZRFZRUURFeUZOYVdOeWIzTnZablFnUVhwMWNtVWdWRXhUSUVsemMzVnBibWNnUTBFZ01EVXdIaGNOTWpNeE1EQTJNVEkwTXpBeFdoY05NalF3TmpJM01qTTFPVFU1V2pCbU1Rc3dDUVlEVlFRR0V3SlZVekVMTUFrR0ExVUVDQk1DVjBFeEVEQU9CZ05WQkFjVEIxSmxaRzF2Ym1ReEhqQWNCZ05WQkFvVEZVMXBZM0p2YzI5bWRDQkRiM0p3YjNKaGRHbHZiakVZTUJZR0ExVUVBeE1QZG1GMWJIUXVZWHAxY21VdWJtVjBNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTU2TlZxMHdkMkJKVWRUdmlkMUp6S3hwRVlZT2s4elNOQ2xtVFd1QS9BaE5YL3NFTzFmcVU2bkxTcTdXRTBSSFltK1RsTGl2cWVpTkt0Y0FsN05uTjVtdjZKc0ZJNHVyMzJFMWdHSVJpSDFnSDNDM2ZITW16TTJNQTdnUjFCdEEya1FEeHptZVZGdWFOd2Y1dEdPZndWZUhTeFpJb21ENnE0cG1wQ3pnSXVIZ29tZjlxRzFGNVYya01WdlVsaGN2djNzeExQOG9qWHlROWp5cWpWL20vdjBML0VjeStkN215WTZMeVRQT0tKQmlUNEtjRm90ZVNuTENSV25kczZLeWcvMEQ2eTdNbGRTRS9DUmdqM3FEQ2RmY0MySGV6NC9FOE5jTDBLVENrN09mLzdqVXJwcmpoK2VKekMveUg4QzU3R0J6b0x1cFhINVBVUjdGQzdrM2hVUUlEQVFBQm80SU5EekNDRFFzd2dnRjhCZ29yQmdFRUFkWjVBZ1FDQklJQmJBU0NBV2dCWmdCMUFIYi9pRDhLdHZ1VlVjSmh6UFdIdWpTMHBNMjdLZHhvUWdxZjVtZE1XanAwQUFBQml3VU1kcE1BQUFRREFFWXdSQUlnTkdMUGU1WU5tSnRSdzhTUy9ITGdudFk1RU8wN0NRWUF6ajRKK3hTeXI3SUNJRGdoYWlndlYxM0d3YnJkUzAvUXgwZEg3SjVRT3o1Nzl5RXRtYW5BcTNFakFIWUEycmEvYXorMXRpS2ZtOEs3WEd2b2NKRnhiTHRSaElVMHZhUTlNRWpYKzZzQUFBR0xCUXgyOVFBQUJBTUFSekJGQWlFQWxwNENrWDBjczNXNmdReGs4dkFlbkJOcmJBSS8vWUF3TUttZmwvRXcyN29DSUZDSzdkNUVnMSttUjZGQUdYM0NkRzdkdXJsSHhsNVlUUXVQSVJvQzlKRVhBSFVBU0xEamE5cW1SelFQNVdvQytwMHc2eHhTQWN0VzNTeUIyYnUvcXpuWWhITUFBQUdMQlF4M2RRQUFCQU1BUmpCRUFpQllpazZuaWxudWNYamxPNklMZHBrWEpJSVI2cEwvZWRJRVlGM3l2Q2NqL1FJZ1RSK1JxR0c5L2Q2dzRRS2FnZk8vZ2duMFlnOTZoTlViVE5ZSUJRaitqa0l3SndZSkt3WUJCQUdDTnhVS0JCb3dHREFLQmdnckJnRUZCUWNEQWpBS0JnZ3JCZ0VGQlFjREFUQThCZ2tyQmdFRUFZSTNGUWNFTHpBdEJpVXJCZ0VFQVlJM0ZRaUh2ZGNiZ2VmclJvS0JuUzZPMEF5SDhOb2RYWUtFNVdtQzg2YytBZ0ZrQWdFbU1JR3VCZ2dyQmdFRkJRY0JBUVNCb1RDQm5qQnRCZ2dyQmdFRkJRY3dBb1poYUhSMGNEb3ZMM2QzZHk1dGFXTnliM052Wm5RdVkyOXRMM0JyYVc5d2N5OWpaWEowY3k5TmFXTnliM052Wm5RbE1qQkJlblZ5WlNVeU1GUk1VeVV5TUVsemMzVnBibWNsTWpCRFFTVXlNREExSlRJd0xTVXlNSGh6YVdkdUxtTnlkREF0QmdnckJnRUZCUWN3QVlZaGFIUjBjRG92TDI5dVpXOWpjM0F1YldsamNtOXpiMlowTG1OdmJTOXZZM053TUIwR0ExVWREZ1FXQkJRNGFVc2p0dFZQM1ZVaXhocVFFMVU4VG1HVCtEQU9CZ05WSFE4QkFmOEVCQU1DQmFBd2dna2tCZ05WSFJFRWdna2JNSUlKRjRJUGRtRjFiSFF1WVhwMWNtVXVibVYwZ2hFcUxuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTJZWFZzZEdOdmNtVXVZWHAxY21VdWJtVjBnaFFxTG5veExuWmhkV3gwTG1GNmRYSmxMbTVsZElJVUtpNTZNaTUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGQ291ZWpNdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hRcUxubzBMblpoZFd4MExtRjZkWEpsTG01bGRJSVVLaTU2TlM1MllYVnNkQzVoZW5WeVpTNXVaWFNDRkNvdWVqWXVkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoUXFMbm8zTG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlVS2k1Nk9DNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZDb3Vlamt1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5veE1DNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3VlakV4TG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk1USXVkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm94TXk1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqRTBMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2TVRVdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxub3hOaTUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpFM0xuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZNVGd1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5veE9TNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3Vlakl3TG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk1qRXVkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm95TWk1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqSXpMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2TWpRdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxub3lOUzUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpJMkxuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZNamN1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5veU9DNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3Vlakk1TG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk16QXVkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm96TVM1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqTXlMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2TXpNdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxub3pOQzUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpNMUxuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZNell1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5vek55NTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3Vlak00TG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk16a3VkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm8wTUM1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqUXhMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2TkRJdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxubzBNeTUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpRMExuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZORFV1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5vME5pNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3VlalEzTG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk5EZ3VkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm8wT1M1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqVXdMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2TlRFdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxubzFNaTUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpVekxuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZOVFF1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5vMU5TNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3VlalUyTG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk5UY3VkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm8xT0M1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqVTVMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2TmpBdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxubzJNUzUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpZeUxuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZOak11ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5vMk5DNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3VlalkxTG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk5qWXVkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm8yTnk1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqWTRMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2TmprdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxubzNNQzUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpjeExuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZOekl1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5vM015NTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3VlamMwTG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk56VXVkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm8zTmk1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqYzNMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2TnpndWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxubzNPUzUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpnd0xuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZPREV1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5vNE1pNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3Vlamd6TG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk9EUXVkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm80TlM1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqZzJMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2T0RjdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxubzRPQzUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWpnNUxuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZPVEF1ZG1GMWJIUXVZWHAxY21VdWJtVjBnaFVxTG5vNU1TNTJZWFZzZEM1aGVuVnlaUzV1WlhTQ0ZTb3Vlamt5TG5aaGRXeDBMbUY2ZFhKbExtNWxkSUlWS2k1Nk9UTXVkbUYxYkhRdVlYcDFjbVV1Ym1WMGdoVXFMbm81TkM1MllYVnNkQzVoZW5WeVpTNXVaWFNDRlNvdWVqazFMblpoZFd4MExtRjZkWEpsTG01bGRJSVZLaTU2T1RZdWRtRjFiSFF1WVhwMWNtVXVibVYwZ2hVcUxubzVOeTUyWVhWc2RDNWhlblZ5WlM1dVpYU0NGU291ZWprNExuWmhkV3gwTG1GNmRYSmxMbTVsZElJVktpNTZPVGt1ZG1GMWJIUXVZWHAxY21VdWJtVjBNQXdHQTFVZEV3RUIvd1FDTUFBd1pBWURWUjBmQkYwd1d6QlpvRmVnVllaVGFIUjBjRG92TDNkM2R5NXRhV055YjNOdlpuUXVZMjl0TDNCcmFXOXdjeTlqY213dlRXbGpjbTl6YjJaMEpUSXdRWHAxY21VbE1qQlVURk1sTWpCSmMzTjFhVzVuSlRJd1EwRWxNakF3TlM1amNtd3daZ1lEVlIwZ0JGOHdYVEJSQmd3ckJnRUVBWUkzVElOOUFRRXdRVEEvQmdnckJnRUZCUWNDQVJZemFIUjBjRG92TDNkM2R5NXRhV055YjNOdlpuUXVZMjl0TDNCcmFXOXdjeTlFYjJOekwxSmxjRzl6YVhSdmNua3VhSFJ0TUFnR0JtZUJEQUVDQWpBZkJnTlZIU01FR0RBV2dCVEhzcHgvSE9PNFd1L3BhQnFvWFpUQkpsSnFhREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVIQXdFd0RRWUpLb1pJaHZjTkFRRU1CUUFEZ2dJQkFBQ043c09KVlJBaVNucnFYWldaZHdLZzM0RmRqWHE0TjI2TG5tcWlMZld3cDc5RWdhdFEwZXlKeloyYnlZYVNQUk1Jc1p5WU1zNFNZVTVNbC9rQWRRNmcvbFdVdy9LMEtDZzV3RzRvazV0cHVPamhLVE9mTzR2VzhYZS96UlRGcFZUd1p4amx4cllHTStGNEtYUUlmVTVVQTN3cGliNW40Qjl6K0hFTW42dk9qUnUvdWw1TlRVQVFoVFJUQ2pQalZEUzZhUWpyK0gzQmtrdUM0MG9OcEpwU0lQTm9NY0FiQW1ocnIvVlFtREM2WmYvTWlRVTVCdzIvdTZZb3h1R1Zab0RMZ1NaV2xCZWx6cnNFaUxRZG8rNm1TT0p5Vm5OMGZrSzdHOXQ0anJmQmRlZW01cnlzcTIxVk9OeTU4ekNMSjRqblZnUnlVd2NXZmVQOWtSMWNyOTd1bDNLc1huSkZKSGphRXJ6dUZnR3dmb29URUliam9Ba1h2QUszNzQ5TWovMDE0WjRwTkRYckcwbkJEWUlYS1VsN1ZWSGt1N253WmZ3a3BtQXk0OFc5MGhMR1RlcHh3Nnpyc0dacTBzYzErc29raW40OVJPYXVYV2ZXZWpWUTNIbzNld2lTQ0pKNFlyWS8zZTdvSHJYQ1V1WEJ0eFkvMzBaUUt3a2xhV2QwL1VZSmx1Zjd1bit5MERkQlc2V3FadkJRUTdtblZITTU3OHNSVFF1MWV6a2VuTVk0aG1qQlR1bE1lSHJyb2pZVk1VcHdWUVprQWlXTFBrRnRoVjFhMUdIYnJaWFpHMndQUDljcldqdjAxVldzcFg1Ri9jazR0Tm1KUEptVVZ5SHRQQnlFVUVwcmVTd05KUE1sbHJFQW5sN2Z0ZUZxMForL0o2K0FxQXNXdWJPMyIsIk1JSUY4ekNDQk51Z0F3SUJBZ0lRRFh2dDZYMkNDWlo2VW1NYmk5MFl2VEFOQmdrcWhraUc5dzBCQVF3RkFEQmhNUXN3Q1FZRFZRUUdFd0pWVXpFVk1CTUdBMVVFQ2hNTVJHbG5hVU5sY25RZ1NXNWpNUmt3RndZRFZRUUxFeEIzZDNjdVpHbG5hV05sY25RdVkyOXRNU0F3SGdZRFZRUURFeGRFYVdkcFEyVnlkQ0JIYkc5aVlXd2dVbTl2ZENCSE1qQWVGdzB5TURBM01qa3hNak13TURCYUZ3MHlOREEyTWpjeU16VTVOVGxhTUZreEN6QUpCZ05WQkFZVEFsVlRNUjR3SEFZRFZRUUtFeFZOYVdOeWIzTnZablFnUTI5eWNHOXlZWFJwYjI0eEtqQW9CZ05WQkFNVElVMXBZM0p2YzI5bWRDQkJlblZ5WlNCVVRGTWdTWE56ZFdsdVp5QkRRU0F3TlRDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnSVBBRENDQWdvQ2dnSUJBS3BsRFRtUTlhZndWUFFlbER1dStOa3hOSjA4NENOS25yWjIxQUJld0UrVVU0R0tEbnd5Z1pkSzZhZ05TTXM1VW9jaFVFRHp6OUNwZFY1dGRQekwxNE8vR2VFMmdPNS9hVUZUVU1HOWM2bmV5eGs1dHExV2RLc1BraXRQd3M2VjhNV2E1ZDFML3k0UkZoWkhVc2d4eFV5U2xZbEdwTmNIaGhzeXI3RXZGZWNaR0ExTWZzaXRBV1ZwNmhpV0FOa1dLSU5mUmNkdDNaMkEyM2htTUg5TVJTR0JjY0hpUHV6d3JWc1NtTHd2dDNXbFJEZ09iSmtFNDB0Rll2SjZHWEFRaWFHSENJV1NWT2JnTzN6ajZ4a2RiRUZNbUovenIyV2V0NUtFY1VEdFVCaEE0ZFVVb2FQVno2OXU0NlY1NlZzY3kzbFh1MVlsc2s4NGo1bFVQTGRzQXh0dWx0UDRPUFFvT1Rwblk4a3hXa0g2a2dPNWdUS0UzSFJ2b1ZJalU0eEowSlE3NDZ6eS84R2RRQTM2U2FOaXo0VTN1MTB6RlpnMlJrdjJkTDFMdjU4RVhMMDJyNXE1Qi9uaFZIL00xam9UdnBSdmFlRXBBSmhrSUE5TmtwdmJHRXBTZGNBME9ydE9PZUd0cnNpT3lNQllranBCNW53MGNKWTFRSE9yM25JdkoyT25ZK09LSmJEU3JoRnFXc2s4LzFxNloxV052T056N3RlMXBBdEhlcmRQaTVwQ0hlaVhDTnB2K2ZhZHdQMGs4Y3phZjJWczE5bllzZ1duNXVJeUxRTDhFZWhkQnpDYk9LSnk5c2w4NlM0RnFlNEhHeUF0bXFHbGFXT3NxMkE2Ty9wYU1pM0JTbVdURGJnUExDUEJiUHRlL2JzdUFFRjRhamtQRUVTM0dIUDlBZ01CQUFHamdnR3RNSUlCcVRBZEJnTlZIUTRFRmdRVXg3S2NmeHpqdUZydjZXZ2FxRjJVd1NaU2FtZ3dId1lEVlIwakJCZ3dGb0FVVGlKVUlCaVY1dU51NWcvNitya1M3UVlYanprd0RnWURWUjBQQVFIL0JBUURBZ0dHTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQVNCZ05WSFJNQkFmOEVDREFHQVFIL0FnRUFNSFlHQ0NzR0FRVUZCd0VCQkdvd2FEQWtCZ2dyQmdFRkJRY3dBWVlZYUhSMGNEb3ZMMjlqYzNBdVpHbG5hV05sY25RdVkyOXRNRUFHQ0NzR0FRVUZCekFDaGpSb2RIUndPaTh2WTJGalpYSjBjeTVrYVdkcFkyVnlkQzVqYjIwdlJHbG5hVU5sY25SSGJHOWlZV3hTYjI5MFJ6SXVZM0owTUhzR0ExVWRId1IwTUhJd042QTFvRE9HTVdoMGRIQTZMeTlqY213ekxtUnBaMmxqWlhKMExtTnZiUzlFYVdkcFEyVnlkRWRzYjJKaGJGSnZiM1JITWk1amNtd3dONkExb0RPR01XaDBkSEE2THk5amNtdzBMbVJwWjJsalpYSjBMbU52YlM5RWFXZHBRMlZ5ZEVkc2IySmhiRkp2YjNSSE1pNWpjbXd3SFFZRFZSMGdCQll3RkRBSUJnWm5nUXdCQWdFd0NBWUdaNEVNQVFJQ01CQUdDU3NHQVFRQmdqY1ZBUVFEQWdFQU1BMEdDU3FHU0liM0RRRUJEQVVBQTRJQkFRQWUrRytHMlJGZFd0WXhMSUtNUjVIL2FWTkZqTlA3SmRldStvWmFLYUl1N1UzTmlkeWtGcjk5NGpTeE1CTVY3Njh1a0o1L2hMU0tzdWovU0xqbUFmd1JBWit3MFJHcWkva092UFlVbEJyL3NLT3dyM3RWa2c5Y2NaQmVibkJWRytETEtUcDJPeDArallCQ1B4bGE1Rk8yNTJxcGs3LzZ3dDhTWmszZGlTVTEySm03aWYvampraGtHQi9lOFVkZnJLb0x5dER2cVZlaXdQQTVGUHpxS29TcU43NWJ5TGpzSUtKRWROaTA3U1k0NWhOL1JVbnNtSW9BZjkzcWxhSFIvU0pXVlJocld0M0ptZW9CSjJSREs0OTJ6RjZUR3UxbW9oNGFFNmUwMFlrd1RQV3JldXd2YUxCMjIwdldtdGdaUHMrRFNJYjJkOWhQQmRDSmd2Y2hvMWM3IiwiTUlJRGpqQ0NBbmFnQXdJQkFnSVFBenJ4NXFjUnFhQzdLR1N4SFFuNjVUQU5CZ2txaGtpRzl3MEJBUXNGQURCaE1Rc3dDUVlEVlFRR0V3SlZVekVWTUJNR0ExVUVDaE1NUkdsbmFVTmxjblFnU1c1ak1Sa3dGd1lEVlFRTEV4QjNkM2N1WkdsbmFXTmxjblF1WTI5dE1TQXdIZ1lEVlFRREV4ZEVhV2RwUTJWeWRDQkhiRzlpWVd3Z1VtOXZkQ0JITWpBZUZ3MHhNekE0TURFeE1qQXdNREJhRncwek9EQXhNVFV4TWpBd01EQmFNR0V4Q3pBSkJnTlZCQVlUQWxWVE1SVXdFd1lEVlFRS0V3eEVhV2RwUTJWeWRDQkpibU14R1RBWEJnTlZCQXNURUhkM2R5NWthV2RwWTJWeWRDNWpiMjB4SURBZUJnTlZCQU1URjBScFoybERaWEowSUVkc2IySmhiQ0JTYjI5MElFY3lNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXV6Zk5OTng3YThteWFKQ3RTblgvUnJvaENnaU45UmxVeWZ1STIvT3U4anFKa1R4NjVxc0dHbXZQckMzb1hna2tSTHBpbW43V282aCs0RlIxSUFXc1VMZWNZeHBzTU56YUh4bXgxeDdlL2RmZ3k1U0RONjdzSDBOTzNYc3MwcjB1cFMva3FiaXRPdFNacExZbDZadHJBR0NTWVA5UElVa1k5MmVRcTJFR25JL3l1dW0wNlpJeWE3WHpWK2hkRzgyTUhhdVZCSlZKOHpVdGx1TkpiZDEzNC90SlM3U3NWUWVwajVXenRDTzdURzFGOFBhcHNwVXd0UDFNVll3blNsY1VmSUtkelhPUzB4WktCZ3lNVU5HUEhnbStGNkhtSWNyOWcrVVF2SU9sQ3NSbktQWnpGQlE5Um5iRGh4U0pJVFJOcnc5RkRLWkpvYnE3bk1XeE00TXBoUUlEQVFBQm8wSXdRREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTRHQTFVZER3RUIvd1FFQXdJQmhqQWRCZ05WSFE0RUZnUVVUaUpVSUJpVjV1TnU1Zy82K3JrUzdRWVhqemt3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUdCbktKUnZEa2hqNnpIZDZtY1kxWWw5UE1XTFNuL3B2dHNyRjkrd1gzTjNLaklUT1lGblFvUWo4a1ZuTmV5SXYvaVBzR0VNTktTdUlFeUV4dHY0TmVGMjJkK21RcnZIUkFpR2Z6WjBKRnJhYkEwVVdUVzk4a25kdGgvSnN3MUhLajJaTDd0Y3U3WFVJT0daWDFOR0ZkdG9tL0R6TU5VK01lS05oSjdqaXRyYWxqNDFFNlZmOFBsd1VIQkhRUkZYR1U3QWo2NEd4SlVURnk4YkpaOTE4ckdPbWFGdkU3RkJjZjZJS3NoUEVDQlYxL01VUmVYZ1JQVHFoNVV5a3c3K1UwYjZMSjMvaXlLNVM5a0pSYVRlcExpYVdOMGJmVktmamxsRGlJR2tuaWJWYjYzZERjWTNmZTBEa2h2bGQxOTI3anlOeEYxV1c2TFpabTZ6TlRmbE1yWT0iXX0.eyJyZXF1ZXN0Ijp7ImFwaS12ZXJzaW9uIjoiNy4zIiwiZW5jIjoiQ0tNX1JTQV9BRVNfS0VZX1dSQVAiLCJraWQiOiJodHRwczovL3Nrci1rdmhscXhyM3ppNWJ6Y2sudmF1bHQuYXp1cmUubmV0L2tleXMvbXlza3JrZXkvNTNhYzBmMDM3MTU5NGJlNDkwYTBjYjRhODY5MzRlNTQiLCJub25jZSI6IkFERTAxMDEifSwicmVzcG9uc2UiOnsia2V5Ijp7ImtleSI6eyJraWQiOiJodHRwczovL3Nrci1rdmhscXhyM3ppNWJ6Y2sudmF1bHQuYXp1cmUubmV0L2tleXMvbXlza3JrZXkvNTNhYzBmMDM3MTU5NGJlNDkwYTBjYjRhODY5MzRlNTQiLCJrdHkiOiJSU0EtSFNNIiwia2V5X29wcyI6WyJlbmNyeXB0IiwiZGVjcnlwdCJdLCJuIjoic2VZWTRrQnUwVzI1ZU1WWGpvdTFHVWFEN20zc2pnQkhLY3BLamJlVENVQjN2VTFFRk1tYkY0VHhaZ1l0ZHloWjc5Tjc1Si1kZWFnZlRiU0RsNjJOZ0xYSjNQck5odXR3VWthNFZLTzVwTVB0R2N4LVdxMmVYTDg5c1N1MTlkN1JXd1p1QmZwdnJYVU1sdDkxSExPM05xS2pXOFQ5eUhBRE4yRDBCUEc2bG1JVlRxUUdUdEx1SEFTN0pzZ2tMSl9tQ2x3UEJOTUJNcmUtaFRJbW5uRXJ1T2o4RGtyUG9rbnNzUElnR2o2eF8wVHJMbUZ2X0R6a0tENnhFYjdiMm9ocTVPeTMwOWFjWlpNUHdWY2dvLXI5MXFzVE4xUG9YdkpxV2J3NVpHYXJhU0tudmdoY1ZSa3lfX0lVT29ITERmTF9YSWxjOW5BMHRQMW82eW5jZEJWYUNqT1ZmU2dKZk5nQmFyMFVWOGZrWjhTeVc3OW56NGYwVC16Q3hYdzNFQldjakktVlJrWVFTQllPVkNvMFdxd09FWXh0VGx0ZXJpRXZmaXdZanR0ak10ZmxrOFFKOU5qczhacTdZUUo2RVgzVHFlRDNkTFNJSi1mUHJuaHlvNjB0Z3o3X2hxUHR5cWZvbE1sZnRDbFV6SGR4X1JRZXdydTBBTXpPN2JUVk94R0J2VkhDb0RTUjBoZHhUUVkzR1BORElJZVlJZjBMM3lrNUxyM1ExNXk4a0lTblotR1FkTWhERV9uUDF2ZEI1RE90cXJWSDVod2FwT2xhZlp5ZnhVNG9oeWJNQ0R2V2V0SVFwTmxPWUcyZnBBX0FXbEx0V2hUS3J0MDdFSXZfa3cySnVHTHdZRlV3MVJWVXpOeEU2UGhTN0M3V01fTmNxRG1mSk8wZmpiZ1ExdjgiLCJlIjoiQVFBQiIsImtleV9oc20iOiJleUp6WTJobGJXRmZkbVZ5YzJsdmJpSTZJakV1TUNJc0ltaGxZV1JsY2lJNmV5SnJhV1FpT2lKVWNHMUZjR2hsYldWeVlXeEZibU55ZVhCMGFXOXVTMlY1SWl3aVlXeG5Jam9pWkdseUlpd2laVzVqSWpvaVEwdE5YMUpUUVY5QlJWTmZTMFZaWDFkU1FWQWlmU3dpWTJsd2FHVnlkR1Y0ZENJNklqSm5TVWcyT1VWdFNsRlVPVE4yVDJ0RGNGWm1PWG93YW5CWWRUQnJTMkZqV21GalJEWldTakJCTmkxSlZUVjBTamM0VkVvMGRqUnZPRTlOVlVFeFgzRTBWRXg2U1dKcWJUUTRaVVJoZVROM2MwdEpOMmxUV1RSRk1HRnZkRWg2UVVJM1RuVndWVlpIYTNCTU4zTTFNekpmY0VjMVFsRmlUazl6TURCNWJrNVVaV2t3TVdoU1IweERUbFpEVEV4bVpXTTRiSFJ1TVZSWllUWnVhWGsxVUVGb2F6ZG5hR3hvVFdKalVEVkZXV3R3VFhONk56UndRbTFuUTNRNE5teDVlVEJWYVRGZmVXbE5PVkZ4ZDBoR2FIQlBhMnRHZGxoUFEzWmtZM1JPVVdFd09GWkNOMXB0Y2xodWNrTkJUa1pIYUdkWFNIaENUVGx2Y0hoalUybHpaWEZOTkZKQ1pqbHhhRkJNWmpobExUbGxkUzFaVmxkS016TmhiblZQU2s1bFpVZDNTMUJaVDE5ZmNtbGpTV1Z1U21oS1FVZHZlVWs0TnpFMVVVTkRkVUUwVTNVME9XOUJTbmd3TjFGdmNEVlRkVE5rU205NFJqRktRVnB1UzNSTk1YaEJVMlprVmxnMFZIQlJaWEJOU2poNVdIYzBMVWhIWVdaaU5HNU9kR2hWV1VkME0weGlYMDgwTjJkRFozWjNVVkZWTVhCNFdGZ3hTVUpOUlRsUlJIaG1iazlXV0VjMldqSmtPVTVLVjJ4VExXMUNWVlJXVldwM2RWTnBRVkkxWWpOaGRIRnhVMnBuV25aTVpIRlBOVTFwWTNaNk5HMVBkVmhIYVcxb2NIZ3dWak10VlU5cldHRk1jV1k0Wm10MWFHOHhRVzF6WmxOelZtdHhhbXh1Y0RObWFHcENUWE5SUkZoMk5IWjJWek5ETnpOUlJsTldZVjloV1ZaeFJEVkNXRWhwZVRadk5rOU9hMVp0WW5Vd1ZEZEhSalJ4ZUdOVlVFWXpaVkk0UjNsMFIwcHpiblJZZVdwWU1qUXlPVkZEUkRkR1J6SmZRbUYzUzA1WlVHTmFjRWR0ZGtVdFJFWlZiamx3TVRWamMwVmthRXB0WlU5SVlrMUdVMTk1UjFvMmRsRjNibTE1V1hkRWR6QjZSM1ZxV21SMlNEWkhjRUpEVFdkM1pGcDZYemg1VTBZd1lreE9hRkY1ZGxWUU5ubG1RMWd6U25CNlMxYzNVVU5CY1U5dmFIaG1UakJSVEVaQmJ6QlFXVWRxWVhSM2VEWjJhR1UwYnpsTGRUZ3pPRWs1Tm1wcFlUWTJabDlIWWtKck5YbEdlbXhsTXpOTlVIbG5XV1p3Vlc5aFExZ3hSbXgzT1RCMmRrZDVXRzh0Ym5WeVdHdDNhM2wwU1ROYWFYZGliRkoxVTNWcmFYcEhiRUZaY3pOZlNuY3hjMlJQVW5sZmNuRkxNbVZpV0ZWYVdrMWpaRm8yY1dKaFNqZ3RlVk5RYUVrMVlqQmZaM0ZXUWtscE9HVlBSRWM0ZUhwWk4wUnRUSEZYYkVKQ1ZXbG9lV3BFZFZSU1IyZEdibk5zU1dwcWFXOVlXbmRwUldGZlJDMUxNemhHUms5TFEzSnZSVE5rZVZGdlNVdHRlSGcyYzFoTlptbDNWRUppVVRBd1MwSktiVkk0YldabmRIZHZWR3RyZWpsTFFrUlVRaTFtVEhwQ05GWlhPV1kyZVdOa2IzVnlPVUpUUzJ0TlZFbFFTMUZtTVdKWWFVRXRNMFprT0ROMFNFeGxVMlJNV1VOMWVWbFFTa3R1UmtVd0xYVnZjRkZETTFveFdqRjZjMGxSUlZvNGEwaHRYMHd4V1c1VU1tVkJYM1pUYWpSYWNVVkdSVE5XYWpjemFsODVlbVZUV0dGdU1tRktRVU5pTVZwS1pqTnhaV0ZWTmsxUGVqWkxWaTFWV0dSWmVWUk9TalY1YzJKMk9Va3RkRzFwT0RSNlduTkdOWGhGUlc1M2JqQk1iREJMY1dvdFRIWmZSRkZSZEdaalNYVlZkbVpaYTBKdFFXb3hZamt5VDNGMFpXMXFhME5qWlZVMVZHVnBOVU5ETkdkVE9WRkhRMnRwVVRSTE9VVTJhQzFLU21GWVkwSlBTQzFNYkZKdUxXRnlWREpuZDFsTFUxOWxWWEV0UTFOMFdGOUljRjlEU1RZMWJYRlJialozVmtGeVlrVk5jVVZpZDNaaFJVMXplVlJHVGxWb2NVUjFSelUwUlRWdlJWSTJlbTkwTVZsTFJGa3pURUk0YjNCaU56aGlVR2s0WkhSVWRWUTRaemxHTW0xQ2FXcEtURUZKYWxsMVNEa3pTRXRhWmsxbmJWSlpSRU54YUZvMVF6aFRPV2xQTFdSNVFVTlllWFZ2ZWpkM01VeFBibWhTTkZZeWJuVTViVzh0TTI5a1FqbHpOa2xqYURoTUxWcGlTWGh4TkdwWmFqbERaVWRGV1ROd05qVnRjQzFLVmpBd1NrVldXakpNTXpoWldqVlZNRm95Y1ZCVFRUZFhNM0Z1WlRkNE9XOTVVWGxGU2xkWlRURXpMVFZUUmpKT1VXZElYMkYwVlhOYVRFaEdNbFJzUmtOa2RGUjFkVU5YV0d4MVRUaENkR2x2Tld0dVJrUXRSVjluTFhCeFRHZG1TbnBxV0ZCWGVpMHRTMjQwVG5VM2JubDBka1p2WnpkMFZrSnBNVUp1UlMwemNYYzFNa05rWkc5WU1WWklUWFJ0Vm05SVRVODVRVVowTkRsNVpqQnpValJJYVZORE4wcENObGN5YmxsdWJpMTFkM2d0ZUVnMlYwWkNkWGRRYmpCT1FUQnllVFZNWVZOVFJub3dhamRsVG10TGQybE5TMnRGYWtkVlozQXpjV2RSUmxsNmNuWlZSbFpYUjFaalVVZzRaVmh2WWpoUlNXTTFSMnAzUVUxNWIwRmFOMU5yVDFWSExXRmhkbkZaVW5KbVNVZFViVU5uYUVKWmVtbExZME5vYm1ReFdXc3pNREZ1VjJ0aVRrUXdjVGRxUkRFdE5XbEZSVVJ3WkVSdE5YRmtjM2t6UTJGdVF6TldOVGN6UVdOWFdFbG5RVEZHZFhkVlZXY3hRamxUWTI1MGVWOTRWV0p4V0dGcVJVRXRaa2hLU1MxT2QwZzRaMGg0Ym1OTmJXUllhMUpZUm5OckxWTXlURGwwUTFJMU5tOVJiMDFJZW1GdFZYaFFUMU10VFROdllrVnlla3BoVFhJM1pXZEpORzgwYlVSVFN6QjJURmg2UkZaaU4yRmhWa0ptVm1RMGFrWndhemhRY0hKVVJtUklSakpTVEZOMkxXUnlWbnBZVmxGQ2NXRnhhWGhMZGpaV2NFOUNPR1pDY0V0cU5qYzJXVVI2Y1Vaa01FYzNOR0l5Y0ZSMmRHWTVXa2xqWXpCTVoyTjFUM0ZMT0dsNE1FbG1RMlpwUlhoSk56UmpWbEpYYVU5TWRGazRTbFZqYVRKRlIwUnJUSEJuVVZkMk5XZzRPRk15WTJOWlVHWmhOMWxxWW1kVFdYQTFaV2hRT1V0clpFVmZiek5TWDFWb2RuVjNhM2N4Y2psSVVsOTNRMUpNVmtneFIxTm1jVEF4TW5Sbk5WSXdiMkY2VERZdFNEazBTVW81T1c1R2NFa3lUMGh3ZVVsd1dFRnJjRGRZUldkaGFuRjNURnA1UWt4V01YRllNVmd3WWs1dVYxQldNRTVTV1ZabmRUUm5ZMGxUU1dacWNXWlNWRkJIWDNkbmNtVmhjVzFST0RKcWRIbFhhVGg0Tm1vNVlrVjRkVk5wUkhNMU0wNTBZWGRSVFdkWU5tNUJTVzVHWm1Oa1dITllUVXBSUjA5WGFWUnBkeTF4VW14UVVXRnBjWE5VUWxCU01pMVhZaTA1Um1Kb2Nqa3RlRFV5ZG1SNmRGSnpXVmwzVjJweFMxWm9ka3hWYjJRMlRHTjJTa1JVZVVWWlNHVm9MVkpzUmpJM1F6VkdhbFZKTm1FMmJUTjVSakJuVlRCZlFscFRkM1pFWjJka1p6ZHplbVJCWjFkMVl6VmphMnBRUW1vMVlVTm5iMkZ3VlU5SlpsSm9lVmx3WTI5QmRtNTFXVzl1UVZSa1NrRnhVR013TjB4bE1XOVBNMk5xYVc1SU5WZGZPV1l4V0RObmFEVlJlSGx6VlZkTmJXcDNOSE5uYVd4U2RUaHlNbFJEUWtaQ1h5MUZZbTVaVFVZMVZFbHRkUzE1V21Gd1VHMVJRMUl4U2tKcmJUaGhObDlwVTFSRGJrWnpUMmhmY1hCSk5sVktWRE42TURCYWJYbDRRMnBPVEU5VWMxWlFVVU5WUm1veldrZDVXVEJUVGxWdWJGcDRjMHR3T1V4UGIyNWZjR1JWYlRCVmNsRlZjbTVxU21wTmJXSnZXR2RWYXpZMFVYTlVVa1F6YkhJMGQyWTJTVTkwZW1kcFFsQmxSM0oyYkd4cFZrVndUMGd4WHpoUVVXa3RXVWQwTkZWcVgwSm5MVlpzVEhKc1lXNHhaSE5rZW5rNWFITTJkV2xaTkhsSlIwRlpUR0o2T0RWWGFYcG9jR2RZYWtSeVNHNUhVMGs1V1ZWb2NVcElPRGxoVkVGSlVUVjRabnBDZDBKbVgzRlRWa2RuZG10SlpYb3dSV00zTVZOVVZrSnRjVm96WW5sT2NWQm5TRFZEZDFaVmVtOVFNMjA0UjBWUlVEZ3RUazlyZUVOelZHVkJTR05PTjAxNVNuSlRZVmszTkd0NmJtbFFVVEJZY1ZoRlRURTRiVjlrY1dWWE1qbEpiVVZYTkZwYWNVeEJWMWRWU1cxNWVWODJURXh0TjBOeGVrbE9ablpNYzNkWldITklOM2czWTJwWVZYaEZVWFl4UlZwaGNtNXhRME5KWkZwaE4zcGplblpzVFdJdExWTm5URzlrZVZFdFZHaHlka1JyTTNGbWJsZzFZazR6WkVoZk5XeExiRzlUVVdaaFQzVnhTMU4zYXpKZk4yZG1VMFJLZDJWNGQxbFVSV0YwVjNWV2NWbG5kR3RFTXpkMVZUUkpOWEJGWjNodU5tdFdVbXhIZDJsb1VUVXRjVXhoVFdadVpYWnBRbFEwTVROQmFtbE9ZVTkyUVd4ZlMxaGFjVzVSYXpsWVZXbEZWbTR4UTBKcGMzZE1WVjltZW1oM1VXRkplSGhaVFZCSk5XOWpiMWcwUnpCV1oxZFJYMVozWDJ0eGRXWm5jRTVKZVZZd2JYUTJlbTlhWVV4NldGSm5jVWhRYlc1blowOHlXbkJ4V1ZSdU1tMXpTWEJKVm5KalFsWlNVVEo2VkMxT1ZuUjZOR1J4WVRVM1RHdDNPVlJhVkdwU1RtZHRYMVV0ZEY4NGVVVlJjV3REWjNKa1NXbGZNWGsxVkRsbWFFdDRXVGN3V25relNHczJObk5MTlROQ2FsOU9jVmQxUjFoTVJUbHJSMTltZG1WeWVWQXdlbTVrZGpKT1pIZGFkRTFTYm1oRVlXUnlNbFZhVVdzMWRXODRlVUpVT1dwQ1puQnZRbmMyVTJGQ2RVVm5TM05MTlVkaGRYaEVVRVZ4YW01dmJHa3RjWG8yVWxoSE0xbE5kVU5TWDFoRFMzUmxkM2x5UzNkSGRFaFpVVXBWZEV0clZrSkVXV05yTXpacE1GZE9hakpuZG5SRGJtOWxla2s0Y3podGEwOUhTVWRNU210M1UwbHlZV2gwVWxGMk1UQlFMVE5GY21KNGJWZ3pNa3c1UW1wWldHWm1OM1pFTjNKdVNsVjROMWxZTXpVd1JVVlZRa3hMV0Vrd2JHOTNVVE5qZVRsVGRqWnRNWFZyV0RKMFkzb3RTMWN0Vm5wNFVTMWljbE52UlRGdWMyUnBkSFo0VkZwYWExTm5kSEJpZVZaWldEUTBiMmhOTVc1dGJsOHdUV3BOWmt0WmEzUnNTMjE0WVcxR1ZrODFibEJXVkZSVlJXUlZURll3UjJGNFFuTnBSbTVXY1hKZmNYSkhXSFpXVFd0MU5XZzBOVEZyV0RSeldYWk9YMVJuT1RGeFRqQXRTbUl6VVhoaFNrcGFZMHh0V0RWbFdGWTJPSFZyYUdaNWFUaFZiVUUwYlVWaldYbHJZMlJRTFVNd2JqWldkRUpSTldReGRISXphME5rWWs5RFptdFFibE5HY0hkUmNXWjRXblJ5TjAxQlFWQkdjMEZIY25BeFRVaHdXSFoxYW1KVFIyVjRUalExZVZaSlFrbDVYemR6Wmw5VmVsTm9Vbmd6UlRobFdrSWlmUSJ9LCJhdHRyaWJ1dGVzIjp7ImVuYWJsZWQiOnRydWUsIm5iZiI6MTY5ODE3ODc4OCwiZXhwIjoxNzI5NzE0Nzg4LCJjcmVhdGVkIjoxNjk4MTc4OTE2LCJ1cGRhdGVkIjoxNjk4MTc4OTE2LCJyZWNvdmVyeUxldmVsIjoiUmVjb3ZlcmFibGUrUHVyZ2VhYmxlIiwicmVjb3ZlcmFibGVEYXlzIjo5MCwiZXhwb3J0YWJsZSI6dHJ1ZX0sInJlbGVhc2VfcG9saWN5Ijp7ImRhdGEiOiJleUoyWlhKemFXOXVJam9pTVM0d0xqQWlMQ0poYm5sUFppSTZXM3NpWVhWMGFHOXlhWFI1SWpvaWFIUjBjSE02THk5emFHRnlaV1IzWlhVdWQyVjFMbUYwZEdWemRDNWhlblZ5WlM1dVpYUWlMQ0poYkd4UFppSTZXM3NpWTJ4aGFXMGlPaUo0TFcxekxXbHpiMnhoZEdsdmJpMTBaV1V1ZUMxdGN5MWhkSFJsYzNSaGRHbHZiaTEwZVhCbElpd2laWEYxWVd4eklqb2ljMlYyYzI1d2RtMGlmU3g3SW1Oc1lXbHRJam9pZUMxdGN5MXBjMjlzWVhScGIyNHRkR1ZsTG5ndGJYTXRZMjl0Y0d4cFlXNWpaUzF6ZEdGMGRYTWlMQ0psY1hWaGJITWlPaUpoZW5WeVpTMWpiMjF3YkdsaGJuUXRZM1p0SW4xZGZWMTkiLCJpbW11dGFibGUiOmZhbHNlfX19fQ.D9NNPhlppZxl00R6hV8lFeZhRHpjQYkXA0-J2hdmXnWTXY9RtN1Wtdw1IG2ThyOt2pFVbY10r8Wbc7TzedpxGOZL6Lkou5KtZLe1GShRILkj-Wl_MtoNM5t2G32TUTY2V-RGk6n0ZcZiCb26YLxKUFg5-Vd8nL72DIfSNNstkOLy7gVGDt4CJy_V3mrIBkNmg4RRMuTIyC0QSvFfoWBE6WxUgGYafM0JmiJPDjpWqGSvVQQsOL7nDjiCfpz8rNJb-uP3_oeLKafr8malvtyzwNfom5-BGGfy-9m-W68X7oooHQS8hD2enZS4mi31QHoNIsiJtFbzNgHIuZ2SfU7uvw
Again, this is just another JWT token. So the same principles apply here, we can separate each section and Base64URL-decode them. Fortunately the sample application will also display the Base64URL-decoded response.
Entering Util::SplitString()
Exiting Util::SplitString()
SKR token payload: {"request":{"api-version":"7.3","enc":"CKM_RSA_AES_KEY_WRAP","kid":"https://skr-kvhlqxr3zi5bzck.vault.azure.net/keys/myskrkey/53ac0f0371594be490a0cb4a86934e54","nonce":"ADE0101"},"response":{"key":{"key":{"kid":"https://skr-kvhlqxr3zi5bzck.vault.azure.net/keys/myskrkey/53ac0f0371594be490a0cb4a86934e54","kty":"RSA-HSM","key_ops":["encrypt","decrypt"],"n":"seYY4kBu0W25eMVXjou1GUaD7m3sjgBHKcpKjbeTCUB3vU1EFMmbF4TxZgYtdyhZ79N75J-deagfTbSDl62NgLXJ3PrNhutwUka4VKO5pMPtGcx-Wq2eXL89sSu19d7RWwZuBfpvrXUMlt91HLO3NqKjW8T9yHADN2D0BPG6lmIVTqQGTtLuHAS7JsgkLJ_mClwPBNMBMre-hTImnnEruOj8DkrPoknssPIgGj6x_0TrLmFv_DzkKD6xEb7b2ohq5Oy309acZZMPwVcgo-r91qsTN1PoXvJqWbw5ZGaraSKnvghcVRky__IUOoHLDfL_XIlc9nA0tP1o6yncdBVaCjOVfSgJfNgBar0UV8fkZ8SyW79nz4f0T-zCxXw3EBWcjI-VRkYQSBYOVCo0WqwOEYxtTlteriEvfiwYjttjMtflk8QJ9Njs8Zq7YQJ6EX3TqeD3dLSIJ-fPrnhyo60tgz7_hqPtyqfolMlftClUzHdx_RQewru0AMzO7bTVOxGBvVHCoDSR0hdxTQY3GPNDIIeYIf0L3yk5Lr3Q15y8kISnZ-GQdMhDE_nP1vdB5DOtqrVH5hwapOlafZyfxU4ohybMCDvWetIQpNlOYG2fpA_AWlLtWhTKrt07EIv_kw2JuGLwYFUw1RVUzNxE6PhS7C7WM_NcqDmfJO0fjbgQ1v8","e":"AQAB","key_hsm":"eyJzY2hlbWFfdmVyc2lvbiI6IjEuMCIsImhlYWRlciI6eyJraWQiOiJUcG1FcGhlbWVyYWxFbmNyeXB0aW9uS2V5IiwiYWxnIjoiZGlyIiwiZW5jIjoiQ0tNX1JTQV9BRVNfS0VZX1dSQVAifSwiY2lwaGVydGV4dCI6IjJnSUg2OUVtSlFUOTN2T2tDcFZmOXowanBYdTBrS2FjWmFjRDZWSjBBNi1JVTV0Sjc4VEo0djRvOE9NVUExX3E0VEx6SWJqbTQ4ZURheTN3c0tJN2lTWTRFMGFvdEh6QUI3TnVwVVZHa3BMN3M1MzJfcEc1QlFiTk9zMDB5bk5UZWkwMWhSR0xDTlZDTExmZWM4bHRuMVRZYTZuaXk1UEFoazdnaGxoTWJjUDVFWWtwTXN6NzRwQm1nQ3Q4Nmx5eTBVaTFfeWlNOVFxd0hGaHBPa2tGdlhPQ3ZkY3ROUWEwOFZCN1ptclhuckNBTkZHaGdXSHhCTTlvcHhjU2lzZXFNNFJCZjlxaFBMZjhlLTlldS1ZVldKMzNhbnVPSk5lZUd3S1BZT19fcmljSWVuSmhKQUdveUk4NzE1UUNDdUE0U3U0OW9BSngwN1FvcDVTdTNkSm94RjFKQVpuS3RNMXhBU2ZkVlg0VHBRZXBNSjh5WHc0LUhHYWZiNG5OdGhVWUd0M0xiX080N2dDZ3Z3UVFVMXB4WFgxSUJNRTlRRHhmbk9WWEc2WjJkOU5KV2xTLW1CVVRWVWp3dVNpQVI1YjNhdHFxU2pnWnZMZHFPNU1pY3Z6NG1PdVhHaW1ocHgwVjMtVU9rWGFMcWY4Zmt1aG8xQW1zZlNzVmtxamxucDNmaGpCTXNRRFh2NHZ2VzNDNzNRRlNWYV9hWVZxRDVCWEhpeTZvNk9Oa1ZtYnUwVDdHRjRxeGNVUEYzZVI4R3l0R0pzbnRYeWpYMjQyOVFDRDdGRzJfQmF3S05ZUGNacEdtdkUtREZVbjlwMTVjc0VkaEptZU9IYk1GU195R1o2dlF3bm15WXdEdzB6R3VqWmR2SDZHcEJDTWd3ZFp6Xzh5U0YwYkxOaFF5dlVQNnlmQ1gzSnB6S1c3UUNBcU9vaHhmTjBRTEZBbzBQWUdqYXR3eDZ2aGU0bzlLdTgzOEk5NmppYTY2Zl9HYkJrNXlGemxlMzNNUHlnWWZwVW9hQ1gxRmx3OTB2dkd5WG8tbnVyWGt3a3l0STNaaXdibFJ1U3VraXpHbEFZczNfSncxc2RPUnlfcnFLMmViWFVaWk1jZFo2cWJhSjgteVNQaEk1YjBfZ3FWQklpOGVPREc4eHpZN0RtTHFXbEJCVWloeWpEdVRSR2dGbnNsSWpqaW9YWndpRWFfRC1LMzhGRk9LQ3JvRTNkeVFvSUtteHg2c1hNZml3VEJiUTAwS0JKbVI4bWZndHdvVGtrejlLQkRUQi1mTHpCNFZXOWY2eWNkb3VyOUJTS2tNVElQS1FmMWJYaUEtM0ZkODN0SExlU2RMWUN1eVlQSktuRkUwLXVvcFFDM1oxWjF6c0lRRVo4a0htX0wxWW5UMmVBX3ZTajRacUVGRTNWajczal85emVTWGFuMmFKQUNiMVpKZjNxZWFVNk1PejZLVi1VWGRZeVROSjV5c2J2OUktdG1pODR6WnNGNXhFRW53bjBMbDBLcWotTHZfRFFRdGZjSXVVdmZZa0JtQWoxYjkyT3F0ZW1qa0NjZVU1VGVpNUNDNGdTOVFHQ2tpUTRLOUU2aC1KSmFYY0JPSC1MbFJuLWFyVDJnd1lLU19lVXEtQ1N0WF9IcF9DSTY1bXFRbjZ3VkFyYkVNcUVid3ZhRU1zeVRGTlVocUR1RzU0RTVvRVI2em90MVlLRFkzTEI4b3BiNzhiUGk4ZHRUdVQ4ZzlGMm1CaWpKTEFJall1SDkzSEtaZk1nbVJZRENxaFo1QzhTOWlPLWR5QUNYeXVvejd3MUxPbmhSNFYybnU5bW8tM29kQjlzNkljaDhMLVpiSXhxNGpZajlDZUdFWTNwNjVtcC1KVjAwSkVWWjJMMzhZWjVVMFoycVBTTTdXM3FuZTd4OW95UXlFSldZTTEzLTVTRjJOUWdIX2F0VXNaTEhGMlRsRkNkdFR1dUNXWGx1TThCdGlvNWtuRkQtRV9nLXBxTGdmSnpqWFBXei0tS240TnU3bnl0dkZvZzd0VkJpMUJuRS0zcXc1MkNkZG9YMVZITXRtVm9ITU85QUZ0NDl5ZjBzUjRIaVNDN0pCNlcybllubi11d3gteEg2V0ZCdXdQbjBOQTByeTVMYVNTRnowajdlTmtLd2lNS2tFakdVZ3AzcWdRRll6cnZVRlZXR1ZjUUg4ZVhvYjhRSWM1R2p3QU15b0FaN1NrT1VHLWFhdnFZUnJmSUdUbUNnaEJZemlLY0NobmQxWWszMDFuV2tiTkQwcTdqRDEtNWlFRURwZERtNXFkc3kzQ2FuQzNWNTczQWNXWElnQTFGdXdVVWcxQjlTY250eV94VWJxWGFqRUEtZkhKSS1Od0g4Z0h4bmNNbWRYa1JYRnNrLVMyTDl0Q1I1Nm9Rb01IemFtVXhQT1MtTTNvYkVyekphTXI3ZWdJNG80bURTSzB2TFh6RFZiN2FhVkJmVmQ0akZwazhQcHJURmRIRjJSTFN2LWRyVnpYVlFCcWFxaXhLdjZWcE9COGZCcEtqNjc2WUR6cUZkMEc3NGIycFR2dGY5WkljYzBMZ2N1T3FLOGl4MElmQ2ZpRXhJNzRjVlJXaU9MdFk4SlVjaTJFR0RrTHBnUVd2NWg4OFMyY2NZUGZhN1lqYmdTWXA1ZWhQOUtrZEVfbzNSX1VodnV3a3cxcjlIUl93Q1JMVkgxR1NmcTAxMnRnNVIwb2F6TDYtSDk0SUo5OW5GcEkyT0hweUlwWEFrcDdYRWdhanF3TFp5QkxWMXFYMVgwYk5uV1BWME5SWVZndTRnY0lTSWZqcWZSVFBHX3dncmVhcW1RODJqdHlXaTh4Nmo5YkV4dVNpRHM1M050YXdRTWdYNm5BSW5GZmNkWHNYTUpRR09XaVRpdy1xUmxQUWFpcXNUQlBSMi1XYi05RmJocjkteDUydmR6dFJzWVl3V2pxS1ZodkxVb2Q2TGN2SkRUeUVZSGVoLVJsRjI3QzVGalVJNmE2bTN5RjBnVTBfQlpTd3ZEZ2dkZzdzemRBZ1d1YzVja2pQQmo1YUNnb2FwVU9JZlJoeVlwY29Bdm51WW9uQVRkSkFxUGMwN0xlMW9PM2NqaW5INVdfOWYxWDNnaDVReHlzVVdNbWp3NHNnaWxSdThyMlRDQkZCXy1FYm5ZTUY1VEltdS15WmFwUG1RQ1IxSkJrbThhNl9pU1RDbkZzT2hfcXBJNlVKVDN6MDBabXl4Q2pOTE9Uc1ZQUUNVRmozWkd5WTBTTlVubFp4c0twOUxPb25fcGRVbTBVclFVcm5qSmpNbWJvWGdVazY0UXNUUkQzbHI0d2Y2SU90emdpQlBlR3J2bGxpVkVwT0gxXzhQUWktWUd0NFVqX0JnLVZsTHJsYW4xZHNkenk5aHM2dWlZNHlJR0FZTGJ6ODVXaXpocGdYakRySG5HU0k5WVVocUpIODlhVEFJUTV4ZnpCd0JmX3FTVkdndmtJZXowRWM3MVNUVkJtcVozYnlOcVBnSDVDd1ZVem9QM204R0VRUDgtTk9reENzVGVBSGNON015SnJTYVk3NGt6bmlQUTBYcVhFTTE4bV9kcWVXMjlJbUVXNFpacUxBV1dVSW15eV82TExtN0NxeklOZnZMc3dZWHNIN3g3Y2pYVXhFUXYxRVphcm5xQ0NJZFphN3pjenZsTWItLVNnTG9keVEtVGhydkRrM3Fmblg1Yk4zZEhfNWxLbG9TUWZhT3VxS1N3azJfN2dmU0RKd2V4d1lURWF0V3VWcVlndGtEMzd1VTRJNXBFZ3huNmtWUmxHd2loUTUtcUxhTWZuZXZpQlQ0MTNBamlOYU92QWxfS1hacW5RazlYVWlFVm4xQ0Jpc3dMVV9memh3UWFJeHhZTVBJNW9jb1g0RzBWZ1dRX1Z3X2txdWZncE5JeVYwbXQ2em9aYUx6WFJncUhQbW5nZ08yWnBxWVRuMm1zSXBJVnJjQlZSUTJ6VC1OVnR6NGRxYTU3TGt3OVRaVGpSTmdtX1UtdF84eUVRcWtDZ3JkSWlfMXk1VDlmaEt4WTcwWnkzSGs2NnNLNTNCal9OcVd1R1hMRTlrR19mdmVyeVAwem5kdjJOZHdadE1SbmhEYWRyMlVaUWs1dW84eUJUOWpCZnBvQnc2U2FCdUVnS3NLNUdhdXhEUEVxam5vbGktcXo2UlhHM1lNdUNSX1hDS3Rld3lyS3dHdEhZUUpVdEtrVkJEWWNrMzZpMFdOajJndnRDbm9lekk4czhta09HSUdMSmt3U0lyYWh0UlF2MTBQLTNFcmJ4bVgzMkw5QmpZWGZmN3ZEN3JuSlV4N1lYMzUwRUVVQkxLWEkwbG93UTNjeTlTdjZtMXVrWDJ0Y3otS1ctVnp4US1iclNvRTFuc2RpdHZ4VFpaa1NndHBieVZZWDQ0b2hNMW5tbl8wTWpNZktZa3RsS214YW1GVk81blBWVFRVRWRVTFYwR2F4QnNpRm5WcXJfcXJHWHZWTWt1NWg0NTFrWDRzWXZOX1RnOTFxTjAtSmIzUXhhSkpaY0xtWDVlWFY2OHVraGZ5aThVbUE0bUVjWXlrY2RQLUMwbjZWdEJRNWQxdHIza0NkYk9DZmtQblNGcHdRcWZ4WnRyN01BQVBGc0FHcnAxTUhwWHZ1amJTR2V4TjQ1eVZJQkl5XzdzZl9VelNoUngzRThlWkIifQ"},"attributes":{"enabled":true,"nbf":1698178788,"exp":1729714788,"created":1698178916,"updated":1698178916,"recoveryLevel":"Recoverable+Purgeable","recoverableDays":90,"exportable":true},"release_policy":{"data":"eyJ2ZXJzaW9uIjoiMS4wLjAiLCJhbnlPZiI6W3siYXV0aG9yaXR5IjoiaHR0cHM6Ly9zaGFyZWR3ZXUud2V1LmF0dGVzdC5henVyZS5uZXQiLCJhbGxPZiI6W3siY2xhaW0iOiJ4LW1zLWlzb2xhdGlvbi10ZWUueC1tcy1hdHRlc3RhdGlvbi10eXBlIiwiZXF1YWxzIjoic2V2c25wdm0ifSx7ImNsYWltIjoieC1tcy1pc29sYXRpb24tdGVlLngtbXMtY29tcGxpYW5jZS1zdGF0dXMiLCJlcXVhbHMiOiJhenVyZS1jb21wbGlhbnQtY3ZtIn1dfV19","immutable":false}}}}
I’ve gone ahead and formatted this response and also included the header section. The header section will include the public certificates that are associated with our Key Vault Instance and must be used to validate the JWT signature of the response.
// header
{
"alg": "RS256",
"kid": "AE2DCC764BC48B190FA829642F174D2D8922822F",
"x5t": "ri3MdkvEixkPqClkLxdNLYkigi8",
"typ": "JWT",
"x5t#S256": "goSSQtloN0TDZdlf83r6L-0SohJA3j2JeN7ie7YKBd8",
"x5c": [
"MIIRXTCCD0WgAwIBAgITMwDZNjTaLH8xpxzSEwAAANk2NDANBgkqhkiG9w0BAQwFADBZMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSowKAYDVQQDEyFNaWNyb3NvZnQgQXp1cmUgVExTIElzc3VpbmcgQ0EgMDUwHhcNMjMxMDA2MTI0MzAxWhcNMjQwNjI3MjM1OTU5WjBmMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEYMBYGA1UEAxMPdmF1bHQuYXp1cmUubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56NVq0wd2BJUdTvid1JzKxpEYYOk8zSNClmTWuA/AhNX/sEO1fqU6nLSq7WE0RHYm+TlLivqeiNKtcAl7NnN5mv6JsFI4ur32E1gGIRiH1gH3C3fHMmzM2MA7gR1BtA2kQDxzmeVFuaNwf5tGOfwVeHSxZIomD6q4pmpCzgIuHgomf9qG1F5V2kMVvUlhcvv3sxLP8ojXyQ9jyqjV/m/v0L/Ecy+d7myY6LyTPOKJBiT4KcFoteSnLCRWnds6Kyg/0D6y7MldSE/CRgj3qDCdfcC2Hez4/E8NcL0KTCk7Of/7jUrprjh+eJzC/yH8C57GBzoLupXH5PUR7FC7k3hUQIDAQABo4INDzCCDQswggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABiwUMdpMAAAQDAEYwRAIgNGLPe5YNmJtRw8SS/HLgntY5EO07CQYAzj4J+xSyr7ICIDghaigvV13GwbrdS0/Qx0dH7J5QOz579yEtmanAq3EjAHYA2ra/az+1tiKfm8K7XGvocJFxbLtRhIU0vaQ9MEjX+6sAAAGLBQx29QAABAMARzBFAiEAlp4CkX0cs3W6gQxk8vAenBNrbAI//YAwMKmfl/Ew27oCIFCK7d5Eg1+mR6FAGX3CdG7durlHxl5YTQuPIRoC9JEXAHUASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGLBQx3dQAABAMARjBEAiBYik6nilnucXjlO6ILdpkXJIIR6pL/edIEYF3yvCcj/QIgTR+RqGG9/d6w4QKagfO/ggn0Yg96hNUbTNYIBQj+jkIwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiHvdcbgefrRoKBnS6O0AyH8NodXYKE5WmC86c+AgFkAgEmMIGuBggrBgEFBQcBAQSBoTCBnjBtBggrBgEFBQcwAoZhaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBBenVyZSUyMFRMUyUyMElzc3VpbmclMjBDQSUyMDA1JTIwLSUyMHhzaWduLmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29uZW9jc3AubWljcm9zb2Z0LmNvbS9vY3NwMB0GA1UdDgQWBBQ4aUsjttVP3VUixhqQE1U8TmGT+DAOBgNVHQ8BAf8EBAMCBaAwggkkBgNVHREEggkbMIIJF4IPdmF1bHQuYXp1cmUubmV0ghEqLnZhdWx0LmF6dXJlLm5ldIIVKi52YXVsdGNvcmUuYXp1cmUubmV0ghQqLnoxLnZhdWx0LmF6dXJlLm5ldIIUKi56Mi52YXVsdC5henVyZS5uZXSCFCouejMudmF1bHQuYXp1cmUubmV0ghQqLno0LnZhdWx0LmF6dXJlLm5ldIIUKi56NS52YXVsdC5henVyZS5uZXSCFCouejYudmF1bHQuYXp1cmUubmV0ghQqLno3LnZhdWx0LmF6dXJlLm5ldIIUKi56OC52YXVsdC5henVyZS5uZXSCFCouejkudmF1bHQuYXp1cmUubmV0ghUqLnoxMC52YXVsdC5henVyZS5uZXSCFSouejExLnZhdWx0LmF6dXJlLm5ldIIVKi56MTIudmF1bHQuYXp1cmUubmV0ghUqLnoxMy52YXVsdC5henVyZS5uZXSCFSouejE0LnZhdWx0LmF6dXJlLm5ldIIVKi56MTUudmF1bHQuYXp1cmUubmV0ghUqLnoxNi52YXVsdC5henVyZS5uZXSCFSouejE3LnZhdWx0LmF6dXJlLm5ldIIVKi56MTgudmF1bHQuYXp1cmUubmV0ghUqLnoxOS52YXVsdC5henVyZS5uZXSCFSouejIwLnZhdWx0LmF6dXJlLm5ldIIVKi56MjEudmF1bHQuYXp1cmUubmV0ghUqLnoyMi52YXVsdC5henVyZS5uZXSCFSouejIzLnZhdWx0LmF6dXJlLm5ldIIVKi56MjQudmF1bHQuYXp1cmUubmV0ghUqLnoyNS52YXVsdC5henVyZS5uZXSCFSouejI2LnZhdWx0LmF6dXJlLm5ldIIVKi56MjcudmF1bHQuYXp1cmUubmV0ghUqLnoyOC52YXVsdC5henVyZS5uZXSCFSouejI5LnZhdWx0LmF6dXJlLm5ldIIVKi56MzAudmF1bHQuYXp1cmUubmV0ghUqLnozMS52YXVsdC5henVyZS5uZXSCFSouejMyLnZhdWx0LmF6dXJlLm5ldIIVKi56MzMudmF1bHQuYXp1cmUubmV0ghUqLnozNC52YXVsdC5henVyZS5uZXSCFSouejM1LnZhdWx0LmF6dXJlLm5ldIIVKi56MzYudmF1bHQuYXp1cmUubmV0ghUqLnozNy52YXVsdC5henVyZS5uZXSCFSouejM4LnZhdWx0LmF6dXJlLm5ldIIVKi56MzkudmF1bHQuYXp1cmUubmV0ghUqLno0MC52YXVsdC5henVyZS5uZXSCFSouejQxLnZhdWx0LmF6dXJlLm5ldIIVKi56NDIudmF1bHQuYXp1cmUubmV0ghUqLno0My52YXVsdC5henVyZS5uZXSCFSouejQ0LnZhdWx0LmF6dXJlLm5ldIIVKi56NDUudmF1bHQuYXp1cmUubmV0ghUqLno0Ni52YXVsdC5henVyZS5uZXSCFSouejQ3LnZhdWx0LmF6dXJlLm5ldIIVKi56NDgudmF1bHQuYXp1cmUubmV0ghUqLno0OS52YXVsdC5henVyZS5uZXSCFSouejUwLnZhdWx0LmF6dXJlLm5ldIIVKi56NTEudmF1bHQuYXp1cmUubmV0ghUqLno1Mi52YXVsdC5henVyZS5uZXSCFSouejUzLnZhdWx0LmF6dXJlLm5ldIIVKi56NTQudmF1bHQuYXp1cmUubmV0ghUqLno1NS52YXVsdC5henVyZS5uZXSCFSouejU2LnZhdWx0LmF6dXJlLm5ldIIVKi56NTcudmF1bHQuYXp1cmUubmV0ghUqLno1OC52YXVsdC5henVyZS5uZXSCFSouejU5LnZhdWx0LmF6dXJlLm5ldIIVKi56NjAudmF1bHQuYXp1cmUubmV0ghUqLno2MS52YXVsdC5henVyZS5uZXSCFSouejYyLnZhdWx0LmF6dXJlLm5ldIIVKi56NjMudmF1bHQuYXp1cmUubmV0ghUqLno2NC52YXVsdC5henVyZS5uZXSCFSouejY1LnZhdWx0LmF6dXJlLm5ldIIVKi56NjYudmF1bHQuYXp1cmUubmV0ghUqLno2Ny52YXVsdC5henVyZS5uZXSCFSouejY4LnZhdWx0LmF6dXJlLm5ldIIVKi56NjkudmF1bHQuYXp1cmUubmV0ghUqLno3MC52YXVsdC5henVyZS5uZXSCFSouejcxLnZhdWx0LmF6dXJlLm5ldIIVKi56NzIudmF1bHQuYXp1cmUubmV0ghUqLno3My52YXVsdC5henVyZS5uZXSCFSouejc0LnZhdWx0LmF6dXJlLm5ldIIVKi56NzUudmF1bHQuYXp1cmUubmV0ghUqLno3Ni52YXVsdC5henVyZS5uZXSCFSouejc3LnZhdWx0LmF6dXJlLm5ldIIVKi56NzgudmF1bHQuYXp1cmUubmV0ghUqLno3OS52YXVsdC5henVyZS5uZXSCFSouejgwLnZhdWx0LmF6dXJlLm5ldIIVKi56ODEudmF1bHQuYXp1cmUubmV0ghUqLno4Mi52YXVsdC5henVyZS5uZXSCFSouejgzLnZhdWx0LmF6dXJlLm5ldIIVKi56ODQudmF1bHQuYXp1cmUubmV0ghUqLno4NS52YXVsdC5henVyZS5uZXSCFSouejg2LnZhdWx0LmF6dXJlLm5ldIIVKi56ODcudmF1bHQuYXp1cmUubmV0ghUqLno4OC52YXVsdC5henVyZS5uZXSCFSouejg5LnZhdWx0LmF6dXJlLm5ldIIVKi56OTAudmF1bHQuYXp1cmUubmV0ghUqLno5MS52YXVsdC5henVyZS5uZXSCFSouejkyLnZhdWx0LmF6dXJlLm5ldIIVKi56OTMudmF1bHQuYXp1cmUubmV0ghUqLno5NC52YXVsdC5henVyZS5uZXSCFSouejk1LnZhdWx0LmF6dXJlLm5ldIIVKi56OTYudmF1bHQuYXp1cmUubmV0ghUqLno5Ny52YXVsdC5henVyZS5uZXSCFSouejk4LnZhdWx0LmF6dXJlLm5ldIIVKi56OTkudmF1bHQuYXp1cmUubmV0MAwGA1UdEwEB/wQCMAAwZAYDVR0fBF0wWzBZoFegVYZTaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwQXp1cmUlMjBUTFMlMjBJc3N1aW5nJTIwQ0ElMjAwNS5jcmwwZgYDVR0gBF8wXTBRBgwrBgEEAYI3TIN9AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMAgGBmeBDAECAjAfBgNVHSMEGDAWgBTHspx/HOO4Wu/paBqoXZTBJlJqaDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEMBQADggIBAACN7sOJVRAiSnrqXZWZdwKg34FdjXq4N26LnmqiLfWwp79EgatQ0eyJzZ2byYaSPRMIsZyYMs4SYU5Ml/kAdQ6g/lWUw/K0KCg5wG4ok5tpuOjhKTOfO4vW8Xe/zRTFpVTwZxjlxrYGM+F4KXQIfU5UA3wpib5n4B9z+HEMn6vOjRu/ul5NTUAQhTRTCjPjVDS6aQjr+H3BkkuC40oNpJpSIPNoMcAbAmhrr/VQmDC6Zf/MiQU5Bw2/u6YoxuGVZoDLgSZWlBelzrsEiLQdo+6mSOJyVnN0fkK7G9t4jrfBdeem5rysq21VONy58zCLJ4jnVgRyUwcWfeP9kR1cr97ul3KsXnJFJHjaErzuFgGwfooTEIbjoAkXvAK3749Mj/014Z4pNDXrG0nBDYIXKUl7VVHku7nwZfwkpmAy48W90hLGTepxw6zrsGZq0sc1+sokin49ROauXWfWejVQ3Ho3ewiSCJJ4YrY/3e7oHrXCUuXBtxY/30ZQKwklaWd0/UYJluf7un+y0DdBW6WqZvBQQ7mnVHM578sRTQu1ezkenMY4hmjBTulMeHrrojYVMUpwVQZkAiWLPkFthV1a1GHbrZXZG2wPP9crWjv01VWspX5F/ck4tNmJPJmUVyHtPByEUEpreSwNJPMllrEAnl7fteFq0Z+/J6+AqAsWubO3",
"MIIF8zCCBNugAwIBAgIQDXvt6X2CCZZ6UmMbi90YvTANBgkqhkiG9w0BAQwFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0yMDA3MjkxMjMwMDBaFw0yNDA2MjcyMzU5NTlaMFkxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKjAoBgNVBAMTIU1pY3Jvc29mdCBBenVyZSBUTFMgSXNzdWluZyBDQSAwNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKplDTmQ9afwVPQelDuu+NkxNJ084CNKnrZ21ABewE+UU4GKDnwygZdK6agNSMs5UochUEDzz9CpdV5tdPzL14O/GeE2gO5/aUFTUMG9c6neyxk5tq1WdKsPkitPws6V8MWa5d1L/y4RFhZHUsgxxUySlYlGpNcHhhsyr7EvFecZGA1MfsitAWVp6hiWANkWKINfRcdt3Z2A23hmMH9MRSGBccHiPuzwrVsSmLwvt3WlRDgObJkE40tFYvJ6GXAQiaGHCIWSVObgO3zj6xkdbEFMmJ/zr2Wet5KEcUDtUBhA4dUUoaPVz69u46V56Vscy3lXu1Ylsk84j5lUPLdsAxtultP4OPQoOTpnY8kxWkH6kgO5gTKE3HRvoVIjU4xJ0JQ746zy/8GdQA36SaNiz4U3u10zFZg2Rkv2dL1Lv58EXL02r5q5B/nhVH/M1joTvpRvaeEpAJhkIA9NkpvbGEpSdcA0OrtOOeGtrsiOyMBYkjpB5nw0cJY1QHOr3nIvJ2OnY+OKJbDSrhFqWsk8/1q6Z1WNvONz7te1pAtHerdPi5pCHeiXCNpv+fadwP0k8czaf2Vs19nYsgWn5uIyLQL8EehdBzCbOKJy9sl86S4Fqe4HGyAtmqGlaWOsq2A6O/paMi3BSmWTDbgPLCPBbPte/bsuAEF4ajkPEES3GHP9AgMBAAGjggGtMIIBqTAdBgNVHQ4EFgQUx7KcfxzjuFrv6WgaqF2UwSZSamgwHwYDVR0jBBgwFoAUTiJUIBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290RzIuY3J0MHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMi5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMi5jcmwwHQYDVR0gBBYwFDAIBgZngQwBAgEwCAYGZ4EMAQICMBAGCSsGAQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBDAUAA4IBAQAe+G+G2RFdWtYxLIKMR5H/aVNFjNP7Jdeu+oZaKaIu7U3NidykFr994jSxMBMV768ukJ5/hLSKsuj/SLjmAfwRAZ+w0RGqi/kOvPYUlBr/sKOwr3tVkg9ccZBebnBVG+DLKTp2Ox0+jYBCPxla5FO252qpk7/6wt8SZk3diSU12Jm7if/jjkhkGB/e8UdfrKoLytDvqVeiwPA5FPzqKoSqN75byLjsIKJEdNi07SY45hN/RUnsmIoAf93qlaHR/SJWVRhrWt3JmeoBJ2RDK492zF6TGu1moh4aE6e00YkwTPWreuwvaLB220vWmtgZPs+DSIb2d9hPBdCJgvcho1c7",
"MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTflMrY="
]
}
// body
{
"request": {
"api-version": "7.3",
"enc": "CKM_RSA_AES_KEY_WRAP",
"kid": "https://skr-kvhlqxr3zi5bzck.vault.azure.net/keys/myskrkey/53ac0f0371594be490a0cb4a86934e54",
"nonce": "ADE0101"
},
"response": {
"key": {
"key": {
"kid": "https://skr-kvhlqxr3zi5bzck.vault.azure.net/keys/myskrkey/53ac0f0371594be490a0cb4a86934e54",
"kty": "RSA-HSM",
"key_ops": [
"encrypt",
"decrypt"
],
"n": "seYY4kBu0W25eMVXjou1GUaD7m3sjgBHKcpKjbeTCUB3vU1EFMmbF4TxZgYtdyhZ79N75J-deagfTbSDl62NgLXJ3PrNhutwUka4VKO5pMPtGcx-Wq2eXL89sSu19d7RWwZuBfpvrXUMlt91HLO3NqKjW8T9yHADN2D0BPG6lmIVTqQGTtLuHAS7JsgkLJ_mClwPBNMBMre-hTImnnEruOj8DkrPoknssPIgGj6x_0TrLmFv_DzkKD6xEb7b2ohq5Oy309acZZMPwVcgo-r91qsTN1PoXvJqWbw5ZGaraSKnvghcVRky__IUOoHLDfL_XIlc9nA0tP1o6yncdBVaCjOVfSgJfNgBar0UV8fkZ8SyW79nz4f0T-zCxXw3EBWcjI-VRkYQSBYOVCo0WqwOEYxtTlteriEvfiwYjttjMtflk8QJ9Njs8Zq7YQJ6EX3TqeD3dLSIJ-fPrnhyo60tgz7_hqPtyqfolMlftClUzHdx_RQewru0AMzO7bTVOxGBvVHCoDSR0hdxTQY3GPNDIIeYIf0L3yk5Lr3Q15y8kISnZ-GQdMhDE_nP1vdB5DOtqrVH5hwapOlafZyfxU4ohybMCDvWetIQpNlOYG2fpA_AWlLtWhTKrt07EIv_kw2JuGLwYFUw1RVUzNxE6PhS7C7WM_NcqDmfJO0fjbgQ1v8",
"e": "AQAB",
"key_hsm": "eyJzY2hlbWFfdmVyc2lvbiI6IjEuMCIsImhlYWRlciI6eyJraWQiOiJUcG1FcGhlbWVyYWxFbmNyeXB0aW9uS2V5IiwiYWxnIjoiZGlyIiwiZW5jIjoiQ0tNX1JTQV9BRVNfS0VZX1dSQVAifSwiY2lwaGVydGV4dCI6IjJnSUg2OUVtSlFUOTN2T2tDcFZmOXowanBYdTBrS2FjWmFjRDZWSjBBNi1JVTV0Sjc4VEo0djRvOE9NVUExX3E0VEx6SWJqbTQ4ZURheTN3c0tJN2lTWTRFMGFvdEh6QUI3TnVwVVZHa3BMN3M1MzJfcEc1QlFiTk9zMDB5bk5UZWkwMWhSR0xDTlZDTExmZWM4bHRuMVRZYTZuaXk1UEFoazdnaGxoTWJjUDVFWWtwTXN6NzRwQm1nQ3Q4Nmx5eTBVaTFfeWlNOVFxd0hGaHBPa2tGdlhPQ3ZkY3ROUWEwOFZCN1ptclhuckNBTkZHaGdXSHhCTTlvcHhjU2lzZXFNNFJCZjlxaFBMZjhlLTlldS1ZVldKMzNhbnVPSk5lZUd3S1BZT19fcmljSWVuSmhKQUdveUk4NzE1UUNDdUE0U3U0OW9BSngwN1FvcDVTdTNkSm94RjFKQVpuS3RNMXhBU2ZkVlg0VHBRZXBNSjh5WHc0LUhHYWZiNG5OdGhVWUd0M0xiX080N2dDZ3Z3UVFVMXB4WFgxSUJNRTlRRHhmbk9WWEc2WjJkOU5KV2xTLW1CVVRWVWp3dVNpQVI1YjNhdHFxU2pnWnZMZHFPNU1pY3Z6NG1PdVhHaW1ocHgwVjMtVU9rWGFMcWY4Zmt1aG8xQW1zZlNzVmtxamxucDNmaGpCTXNRRFh2NHZ2VzNDNzNRRlNWYV9hWVZxRDVCWEhpeTZvNk9Oa1ZtYnUwVDdHRjRxeGNVUEYzZVI4R3l0R0pzbnRYeWpYMjQyOVFDRDdGRzJfQmF3S05ZUGNacEdtdkUtREZVbjlwMTVjc0VkaEptZU9IYk1GU195R1o2dlF3bm15WXdEdzB6R3VqWmR2SDZHcEJDTWd3ZFp6Xzh5U0YwYkxOaFF5dlVQNnlmQ1gzSnB6S1c3UUNBcU9vaHhmTjBRTEZBbzBQWUdqYXR3eDZ2aGU0bzlLdTgzOEk5NmppYTY2Zl9HYkJrNXlGemxlMzNNUHlnWWZwVW9hQ1gxRmx3OTB2dkd5WG8tbnVyWGt3a3l0STNaaXdibFJ1U3VraXpHbEFZczNfSncxc2RPUnlfcnFLMmViWFVaWk1jZFo2cWJhSjgteVNQaEk1YjBfZ3FWQklpOGVPREc4eHpZN0RtTHFXbEJCVWloeWpEdVRSR2dGbnNsSWpqaW9YWndpRWFfRC1LMzhGRk9LQ3JvRTNkeVFvSUtteHg2c1hNZml3VEJiUTAwS0JKbVI4bWZndHdvVGtrejlLQkRUQi1mTHpCNFZXOWY2eWNkb3VyOUJTS2tNVElQS1FmMWJYaUEtM0ZkODN0SExlU2RMWUN1eVlQSktuRkUwLXVvcFFDM1oxWjF6c0lRRVo4a0htX0wxWW5UMmVBX3ZTajRacUVGRTNWajczal85emVTWGFuMmFKQUNiMVpKZjNxZWFVNk1PejZLVi1VWGRZeVROSjV5c2J2OUktdG1pODR6WnNGNXhFRW53bjBMbDBLcWotTHZfRFFRdGZjSXVVdmZZa0JtQWoxYjkyT3F0ZW1qa0NjZVU1VGVpNUNDNGdTOVFHQ2tpUTRLOUU2aC1KSmFYY0JPSC1MbFJuLWFyVDJnd1lLU19lVXEtQ1N0WF9IcF9DSTY1bXFRbjZ3VkFyYkVNcUVid3ZhRU1zeVRGTlVocUR1RzU0RTVvRVI2em90MVlLRFkzTEI4b3BiNzhiUGk4ZHRUdVQ4ZzlGMm1CaWpKTEFJall1SDkzSEtaZk1nbVJZRENxaFo1QzhTOWlPLWR5QUNYeXVvejd3MUxPbmhSNFYybnU5bW8tM29kQjlzNkljaDhMLVpiSXhxNGpZajlDZUdFWTNwNjVtcC1KVjAwSkVWWjJMMzhZWjVVMFoycVBTTTdXM3FuZTd4OW95UXlFSldZTTEzLTVTRjJOUWdIX2F0VXNaTEhGMlRsRkNkdFR1dUNXWGx1TThCdGlvNWtuRkQtRV9nLXBxTGdmSnpqWFBXei0tS240TnU3bnl0dkZvZzd0VkJpMUJuRS0zcXc1MkNkZG9YMVZITXRtVm9ITU85QUZ0NDl5ZjBzUjRIaVNDN0pCNlcybllubi11d3gteEg2V0ZCdXdQbjBOQTByeTVMYVNTRnowajdlTmtLd2lNS2tFakdVZ3AzcWdRRll6cnZVRlZXR1ZjUUg4ZVhvYjhRSWM1R2p3QU15b0FaN1NrT1VHLWFhdnFZUnJmSUdUbUNnaEJZemlLY0NobmQxWWszMDFuV2tiTkQwcTdqRDEtNWlFRURwZERtNXFkc3kzQ2FuQzNWNTczQWNXWElnQTFGdXdVVWcxQjlTY250eV94VWJxWGFqRUEtZkhKSS1Od0g4Z0h4bmNNbWRYa1JYRnNrLVMyTDl0Q1I1Nm9Rb01IemFtVXhQT1MtTTNvYkVyekphTXI3ZWdJNG80bURTSzB2TFh6RFZiN2FhVkJmVmQ0akZwazhQcHJURmRIRjJSTFN2LWRyVnpYVlFCcWFxaXhLdjZWcE9COGZCcEtqNjc2WUR6cUZkMEc3NGIycFR2dGY5WkljYzBMZ2N1T3FLOGl4MElmQ2ZpRXhJNzRjVlJXaU9MdFk4SlVjaTJFR0RrTHBnUVd2NWg4OFMyY2NZUGZhN1lqYmdTWXA1ZWhQOUtrZEVfbzNSX1VodnV3a3cxcjlIUl93Q1JMVkgxR1NmcTAxMnRnNVIwb2F6TDYtSDk0SUo5OW5GcEkyT0hweUlwWEFrcDdYRWdhanF3TFp5QkxWMXFYMVgwYk5uV1BWME5SWVZndTRnY0lTSWZqcWZSVFBHX3dncmVhcW1RODJqdHlXaTh4Nmo5YkV4dVNpRHM1M050YXdRTWdYNm5BSW5GZmNkWHNYTUpRR09XaVRpdy1xUmxQUWFpcXNUQlBSMi1XYi05RmJocjkteDUydmR6dFJzWVl3V2pxS1ZodkxVb2Q2TGN2SkRUeUVZSGVoLVJsRjI3QzVGalVJNmE2bTN5RjBnVTBfQlpTd3ZEZ2dkZzdzemRBZ1d1YzVja2pQQmo1YUNnb2FwVU9JZlJoeVlwY29Bdm51WW9uQVRkSkFxUGMwN0xlMW9PM2NqaW5INVdfOWYxWDNnaDVReHlzVVdNbWp3NHNnaWxSdThyMlRDQkZCXy1FYm5ZTUY1VEltdS15WmFwUG1RQ1IxSkJrbThhNl9pU1RDbkZzT2hfcXBJNlVKVDN6MDBabXl4Q2pOTE9Uc1ZQUUNVRmozWkd5WTBTTlVubFp4c0twOUxPb25fcGRVbTBVclFVcm5qSmpNbWJvWGdVazY0UXNUUkQzbHI0d2Y2SU90emdpQlBlR3J2bGxpVkVwT0gxXzhQUWktWUd0NFVqX0JnLVZsTHJsYW4xZHNkenk5aHM2dWlZNHlJR0FZTGJ6ODVXaXpocGdYakRySG5HU0k5WVVocUpIODlhVEFJUTV4ZnpCd0JmX3FTVkdndmtJZXowRWM3MVNUVkJtcVozYnlOcVBnSDVDd1ZVem9QM204R0VRUDgtTk9reENzVGVBSGNON015SnJTYVk3NGt6bmlQUTBYcVhFTTE4bV9kcWVXMjlJbUVXNFpacUxBV1dVSW15eV82TExtN0NxeklOZnZMc3dZWHNIN3g3Y2pYVXhFUXYxRVphcm5xQ0NJZFphN3pjenZsTWItLVNnTG9keVEtVGhydkRrM3Fmblg1Yk4zZEhfNWxLbG9TUWZhT3VxS1N3azJfN2dmU0RKd2V4d1lURWF0V3VWcVlndGtEMzd1VTRJNXBFZ3huNmtWUmxHd2loUTUtcUxhTWZuZXZpQlQ0MTNBamlOYU92QWxfS1hacW5RazlYVWlFVm4xQ0Jpc3dMVV9memh3UWFJeHhZTVBJNW9jb1g0RzBWZ1dRX1Z3X2txdWZncE5JeVYwbXQ2em9aYUx6WFJncUhQbW5nZ08yWnBxWVRuMm1zSXBJVnJjQlZSUTJ6VC1OVnR6NGRxYTU3TGt3OVRaVGpSTmdtX1UtdF84eUVRcWtDZ3JkSWlfMXk1VDlmaEt4WTcwWnkzSGs2NnNLNTNCal9OcVd1R1hMRTlrR19mdmVyeVAwem5kdjJOZHdadE1SbmhEYWRyMlVaUWs1dW84eUJUOWpCZnBvQnc2U2FCdUVnS3NLNUdhdXhEUEVxam5vbGktcXo2UlhHM1lNdUNSX1hDS3Rld3lyS3dHdEhZUUpVdEtrVkJEWWNrMzZpMFdOajJndnRDbm9lekk4czhta09HSUdMSmt3U0lyYWh0UlF2MTBQLTNFcmJ4bVgzMkw5QmpZWGZmN3ZEN3JuSlV4N1lYMzUwRUVVQkxLWEkwbG93UTNjeTlTdjZtMXVrWDJ0Y3otS1ctVnp4US1iclNvRTFuc2RpdHZ4VFpaa1NndHBieVZZWDQ0b2hNMW5tbl8wTWpNZktZa3RsS214YW1GVk81blBWVFRVRWRVTFYwR2F4QnNpRm5WcXJfcXJHWHZWTWt1NWg0NTFrWDRzWXZOX1RnOTFxTjAtSmIzUXhhSkpaY0xtWDVlWFY2OHVraGZ5aThVbUE0bUVjWXlrY2RQLUMwbjZWdEJRNWQxdHIza0NkYk9DZmtQblNGcHdRcWZ4WnRyN01BQVBGc0FHcnAxTUhwWHZ1amJTR2V4TjQ1eVZJQkl5XzdzZl9VelNoUngzRThlWkIifQ"
},
"attributes": {
"enabled": true,
"nbf": 1698178788,
"exp": 1729714788,
"created": 1698178916,
"updated": 1698178916,
"recoveryLevel": "Recoverable+Purgeable",
"recoverableDays": 90,
"exportable": true
},
"release_policy": {
"data": "eyJ2ZXJzaW9uIjoiMS4wLjAiLCJhbnlPZiI6W3siYXV0aG9yaXR5IjoiaHR0cHM6Ly9zaGFyZWR3ZXUud2V1LmF0dGVzdC5henVyZS5uZXQiLCJhbGxPZiI6W3siY2xhaW0iOiJ4LW1zLWlzb2xhdGlvbi10ZWUueC1tcy1hdHRlc3RhdGlvbi10eXBlIiwiZXF1YWxzIjoic2V2c25wdm0ifSx7ImNsYWltIjoieC1tcy1pc29sYXRpb24tdGVlLngtbXMtY29tcGxpYW5jZS1zdGF0dXMiLCJlcXVhbHMiOiJhenVyZS1jb21wbGlhbnQtY3ZtIn1dfV19",
"immutable": false
}
}
}
}
There are two things here that should be noted:
- The
$.response.key.release_policy
property contains the Base64URL-encoded string data of our key’s release policy. - The
$.response.key.key.key_hsm
property contains a Base64URL-encoded JSON object that the key’s metadata, along with the private RSA key.
Let’s return to the output.
SKR key_hsm: eyJzY2hlbWFfdmVyc2lvbiI6IjEuMCIsImhlYWRlciI6eyJraWQiOiJUcG1FcGhlbWVyYWxFbmNyeXB0aW9uS2V5IiwiYWxnIjoiZGlyIiwiZW5jIjoiQ0tNX1JTQV9BRVNfS0VZX1dSQVAifSwiY2lwaGVydGV4dCI6IjJnSUg2OUVtSlFUOTN2T2tDcFZmOXowanBYdTBrS2FjWmFjRDZWSjBBNi1JVTV0Sjc4VEo0djRvOE9NVUExX3E0VEx6SWJqbTQ4ZURheTN3c0tJN2lTWTRFMGFvdEh6QUI3TnVwVVZHa3BMN3M1MzJfcEc1QlFiTk9zMDB5bk5UZWkwMWhSR0xDTlZDTExmZWM4bHRuMVRZYTZuaXk1UEFoazdnaGxoTWJjUDVFWWtwTXN6NzRwQm1nQ3Q4Nmx5eTBVaTFfeWlNOVFxd0hGaHBPa2tGdlhPQ3ZkY3ROUWEwOFZCN1ptclhuckNBTkZHaGdXSHhCTTlvcHhjU2lzZXFNNFJCZjlxaFBMZjhlLTlldS1ZVldKMzNhbnVPSk5lZUd3S1BZT19fcmljSWVuSmhKQUdveUk4NzE1UUNDdUE0U3U0OW9BSngwN1FvcDVTdTNkSm94RjFKQVpuS3RNMXhBU2ZkVlg0VHBRZXBNSjh5WHc0LUhHYWZiNG5OdGhVWUd0M0xiX080N2dDZ3Z3UVFVMXB4WFgxSUJNRTlRRHhmbk9WWEc2WjJkOU5KV2xTLW1CVVRWVWp3dVNpQVI1YjNhdHFxU2pnWnZMZHFPNU1pY3Z6NG1PdVhHaW1ocHgwVjMtVU9rWGFMcWY4Zmt1aG8xQW1zZlNzVmtxamxucDNmaGpCTXNRRFh2NHZ2VzNDNzNRRlNWYV9hWVZxRDVCWEhpeTZvNk9Oa1ZtYnUwVDdHRjRxeGNVUEYzZVI4R3l0R0pzbnRYeWpYMjQyOVFDRDdGRzJfQmF3S05ZUGNacEdtdkUtREZVbjlwMTVjc0VkaEptZU9IYk1GU195R1o2dlF3bm15WXdEdzB6R3VqWmR2SDZHcEJDTWd3ZFp6Xzh5U0YwYkxOaFF5dlVQNnlmQ1gzSnB6S1c3UUNBcU9vaHhmTjBRTEZBbzBQWUdqYXR3eDZ2aGU0bzlLdTgzOEk5NmppYTY2Zl9HYkJrNXlGemxlMzNNUHlnWWZwVW9hQ1gxRmx3OTB2dkd5WG8tbnVyWGt3a3l0STNaaXdibFJ1U3VraXpHbEFZczNfSncxc2RPUnlfcnFLMmViWFVaWk1jZFo2cWJhSjgteVNQaEk1YjBfZ3FWQklpOGVPREc4eHpZN0RtTHFXbEJCVWloeWpEdVRSR2dGbnNsSWpqaW9YWndpRWFfRC1LMzhGRk9LQ3JvRTNkeVFvSUtteHg2c1hNZml3VEJiUTAwS0JKbVI4bWZndHdvVGtrejlLQkRUQi1mTHpCNFZXOWY2eWNkb3VyOUJTS2tNVElQS1FmMWJYaUEtM0ZkODN0SExlU2RMWUN1eVlQSktuRkUwLXVvcFFDM1oxWjF6c0lRRVo4a0htX0wxWW5UMmVBX3ZTajRacUVGRTNWajczal85emVTWGFuMmFKQUNiMVpKZjNxZWFVNk1PejZLVi1VWGRZeVROSjV5c2J2OUktdG1pODR6WnNGNXhFRW53bjBMbDBLcWotTHZfRFFRdGZjSXVVdmZZa0JtQWoxYjkyT3F0ZW1qa0NjZVU1VGVpNUNDNGdTOVFHQ2tpUTRLOUU2aC1KSmFYY0JPSC1MbFJuLWFyVDJnd1lLU19lVXEtQ1N0WF9IcF9DSTY1bXFRbjZ3VkFyYkVNcUVid3ZhRU1zeVRGTlVocUR1RzU0RTVvRVI2em90MVlLRFkzTEI4b3BiNzhiUGk4ZHRUdVQ4ZzlGMm1CaWpKTEFJall1SDkzSEtaZk1nbVJZRENxaFo1QzhTOWlPLWR5QUNYeXVvejd3MUxPbmhSNFYybnU5bW8tM29kQjlzNkljaDhMLVpiSXhxNGpZajlDZUdFWTNwNjVtcC1KVjAwSkVWWjJMMzhZWjVVMFoycVBTTTdXM3FuZTd4OW95UXlFSldZTTEzLTVTRjJOUWdIX2F0VXNaTEhGMlRsRkNkdFR1dUNXWGx1TThCdGlvNWtuRkQtRV9nLXBxTGdmSnpqWFBXei0tS240TnU3bnl0dkZvZzd0VkJpMUJuRS0zcXc1MkNkZG9YMVZITXRtVm9ITU85QUZ0NDl5ZjBzUjRIaVNDN0pCNlcybllubi11d3gteEg2V0ZCdXdQbjBOQTByeTVMYVNTRnowajdlTmtLd2lNS2tFakdVZ3AzcWdRRll6cnZVRlZXR1ZjUUg4ZVhvYjhRSWM1R2p3QU15b0FaN1NrT1VHLWFhdnFZUnJmSUdUbUNnaEJZemlLY0NobmQxWWszMDFuV2tiTkQwcTdqRDEtNWlFRURwZERtNXFkc3kzQ2FuQzNWNTczQWNXWElnQTFGdXdVVWcxQjlTY250eV94VWJxWGFqRUEtZkhKSS1Od0g4Z0h4bmNNbWRYa1JYRnNrLVMyTDl0Q1I1Nm9Rb01IemFtVXhQT1MtTTNvYkVyekphTXI3ZWdJNG80bURTSzB2TFh6RFZiN2FhVkJmVmQ0akZwazhQcHJURmRIRjJSTFN2LWRyVnpYVlFCcWFxaXhLdjZWcE9COGZCcEtqNjc2WUR6cUZkMEc3NGIycFR2dGY5WkljYzBMZ2N1T3FLOGl4MElmQ2ZpRXhJNzRjVlJXaU9MdFk4SlVjaTJFR0RrTHBnUVd2NWg4OFMyY2NZUGZhN1lqYmdTWXA1ZWhQOUtrZEVfbzNSX1VodnV3a3cxcjlIUl93Q1JMVkgxR1NmcTAxMnRnNVIwb2F6TDYtSDk0SUo5OW5GcEkyT0hweUlwWEFrcDdYRWdhanF3TFp5QkxWMXFYMVgwYk5uV1BWME5SWVZndTRnY0lTSWZqcWZSVFBHX3dncmVhcW1RODJqdHlXaTh4Nmo5YkV4dVNpRHM1M050YXdRTWdYNm5BSW5GZmNkWHNYTUpRR09XaVRpdy1xUmxQUWFpcXNUQlBSMi1XYi05RmJocjkteDUydmR6dFJzWVl3V2pxS1ZodkxVb2Q2TGN2SkRUeUVZSGVoLVJsRjI3QzVGalVJNmE2bTN5RjBnVTBfQlpTd3ZEZ2dkZzdzemRBZ1d1YzVja2pQQmo1YUNnb2FwVU9JZlJoeVlwY29Bdm51WW9uQVRkSkFxUGMwN0xlMW9PM2NqaW5INVdfOWYxWDNnaDVReHlzVVdNbWp3NHNnaWxSdThyMlRDQkZCXy1FYm5ZTUY1VEltdS15WmFwUG1RQ1IxSkJrbThhNl9pU1RDbkZzT2hfcXBJNlVKVDN6MDBabXl4Q2pOTE9Uc1ZQUUNVRmozWkd5WTBTTlVubFp4c0twOUxPb25fcGRVbTBVclFVcm5qSmpNbWJvWGdVazY0UXNUUkQzbHI0d2Y2SU90emdpQlBlR3J2bGxpVkVwT0gxXzhQUWktWUd0NFVqX0JnLVZsTHJsYW4xZHNkenk5aHM2dWlZNHlJR0FZTGJ6ODVXaXpocGdYakRySG5HU0k5WVVocUpIODlhVEFJUTV4ZnpCd0JmX3FTVkdndmtJZXowRWM3MVNUVkJtcVozYnlOcVBnSDVDd1ZVem9QM204R0VRUDgtTk9reENzVGVBSGNON015SnJTYVk3NGt6bmlQUTBYcVhFTTE4bV9kcWVXMjlJbUVXNFpacUxBV1dVSW15eV82TExtN0NxeklOZnZMc3dZWHNIN3g3Y2pYVXhFUXYxRVphcm5xQ0NJZFphN3pjenZsTWItLVNnTG9keVEtVGhydkRrM3Fmblg1Yk4zZEhfNWxLbG9TUWZhT3VxS1N3azJfN2dmU0RKd2V4d1lURWF0V3VWcVlndGtEMzd1VTRJNXBFZ3huNmtWUmxHd2loUTUtcUxhTWZuZXZpQlQ0MTNBamlOYU92QWxfS1hacW5RazlYVWlFVm4xQ0Jpc3dMVV9memh3UWFJeHhZTVBJNW9jb1g0RzBWZ1dRX1Z3X2txdWZncE5JeVYwbXQ2em9aYUx6WFJncUhQbW5nZ08yWnBxWVRuMm1zSXBJVnJjQlZSUTJ6VC1OVnR6NGRxYTU3TGt3OVRaVGpSTmdtX1UtdF84eUVRcWtDZ3JkSWlfMXk1VDlmaEt4WTcwWnkzSGs2NnNLNTNCal9OcVd1R1hMRTlrR19mdmVyeVAwem5kdjJOZHdadE1SbmhEYWRyMlVaUWs1dW84eUJUOWpCZnBvQnc2U2FCdUVnS3NLNUdhdXhEUEVxam5vbGktcXo2UlhHM1lNdUNSX1hDS3Rld3lyS3dHdEhZUUpVdEtrVkJEWWNrMzZpMFdOajJndnRDbm9lekk4czhta09HSUdMSmt3U0lyYWh0UlF2MTBQLTNFcmJ4bVgzMkw5QmpZWGZmN3ZEN3JuSlV4N1lYMzUwRUVVQkxLWEkwbG93UTNjeTlTdjZtMXVrWDJ0Y3otS1ctVnp4US1iclNvRTFuc2RpdHZ4VFpaa1NndHBieVZZWDQ0b2hNMW5tbl8wTWpNZktZa3RsS214YW1GVk81blBWVFRVRWRVTFYwR2F4QnNpRm5WcXJfcXJHWHZWTWt1NWg0NTFrWDRzWXZOX1RnOTFxTjAtSmIzUXhhSkpaY0xtWDVlWFY2OHVraGZ5aThVbUE0bUVjWXlrY2RQLUMwbjZWdEJRNWQxdHIza0NkYk9DZmtQblNGcHdRcWZ4WnRyN01BQVBGc0FHcnAxTUhwWHZ1amJTR2V4TjQ1eVZJQkl5XzdzZl9VelNoUngzRThlWkIifQ
Encrypted bytes length: 2640
Encrypted bytes: 2gIH69EmJQT93vOkCpVf9z0jpXu0kKacZacD6VJ0A6-IU5tJ78TJ4v4o8OMUA1_q4TLzIbjm48eDay3wsKI7iSY4E0aotHzAB7NupUVGkpL7s532_pG5BQbNOs00ynNTei01hRGLCNVCLLfec8ltn1TYa6niy5PAhk7ghlhMbcP5EYkpMsz74pBmgCt86lyy0Ui1_yiM9QqwHFhpOkkFvXOCvdctNQa08VB7ZmrXnrCANFGhgWHxBM9opxcSiseqM4RBf9qhPLf8e-9eu-YVWJ33anuOJNeeGwKPYO__ricIenJhJAGoyI8715QCCuA4Su49oAJx07Qop5Su3dJoxF1JAZnKtM1xASfdVX4TpQepMJ8yXw4-HGafb4nNthUYGt3Lb_O47gCgvwQQU1pxXX1IBME9QDxfnOVXG6Z2d9NJWlS-mBUTVUjwuSiAR5b3atqqSjgZvLdqO5Micvz4mOuXGimhpx0V3-UOkXaLqf8fkuho1AmsfSsVkqjlnp3fhjBMsQDXv4vvW3C73QFSVa_aYVqD5BXHiy6o6ONkVmbu0T7GF4qxcUPF3eR8GytGJsntXyjX2429QCD7FG2_BawKNYPcZpGmvE-DFUn9p15csEdhJmeOHbMFS_yGZ6vQwnmyYwDw0zGujZdvH6GpBCMgwdZz_8ySF0bLNhQyvUP6yfCX3JpzKW7QCAqOohxfN0QLFAo0PYGjatwx6vhe4o9Ku838I96jia66f_GbBk5yFzle33MPygYfpUoaCX1Flw90vvGyXo-nurXkwkytI3ZiwblRuSukizGlAYs3_Jw1sdORy_rqK2ebXUZZMcdZ6qbaJ8-ySPhI5b0_gqVBIi8eODG8xzY7DmLqWlBBUihyjDuTRGgFnslIjjioXZwiEa_D-K38FFOKCroE3dyQoIKmxx6sXMfiwTBbQ00KBJmR8mfgtwoTkkz9KBDTB-fLzB4VW9f6ycdour9BSKkMTIPKQf1bXiA-3Fd83tHLeSdLYCuyYPJKnFE0-uopQC3Z1Z1zsIQEZ8kHm_L1YnT2eA_vSj4ZqEFE3Vj73j_9zeSXan2aJACb1ZJf3qeaU6MOz6KV-UXdYyTNJ5ysbv9I-tmi84zZsF5xEEnwn0Ll0Kqj-Lv_DQQtfcIuUvfYkBmAj1b92OqtemjkCceU5Tei5CC4gS9QGCkiQ4K9E6h-JJaXcBOH-LlRn-arT2gwYKS_eUq-CStX_Hp_CI65mqQn6wVArbEMqEbwvaEMsyTFNUhqDuG54E5oER6zot1YKDY3LB8opb78bPi8dtTuT8g9F2mBijJLAIjYuH93HKZfMgmRYDCqhZ5C8S9iO-dyACXyuoz7w1LOnhR4V2nu9mo-3odB9s6Ich8L-ZbIxq4jYj9CeGEY3p65mp-JV00JEVZ2L38YZ5U0Z2qPSM7W3qne7x9oyQyEJWYM13-5SF2NQgH_atUsZLHF2TlFCdtTuuCWXluM8Btio5knFD-E_g-pqLgfJzjXPWz--Kn4Nu7nytvFog7tVBi1BnE-3qw52CddoX1VHMtmVoHMO9AFt49yf0sR4HiSC7JB6W2nYnn-uwx-xH6WFBuwPn0NA0ry5LaSSFz0j7eNkKwiMKkEjGUgp3qgQFYzrvUFVWGVcQH8eXob8QIc5GjwAMyoAZ7SkOUG-aavqYRrfIGTmCghBYziKcChnd1Yk301nWkbND0q7jD1-5iEEDpdDm5qdsy3CanC3V573AcWXIgA1FuwUUg1B9Scnty_xUbqXajEA-fHJI-NwH8gHxncMmdXkRXFsk-S2L9tCR56oQoMHzamUxPOS-M3obErzJaMr7egI4o4mDSK0vLXzDVb7aaVBfVd4jFpk8PprTFdHF2RLSv-drVzXVQBqaqixKv6VpOB8fBpKj676YDzqFd0G74b2pTvtf9ZIcc0LgcuOqK8ix0IfCfiExI74cVRWiOLtY8JUci2EGDkLpgQWv5h88S2ccYPfa7YjbgSYp5ehP9KkdE_o3R_Uhvuwkw1r9HR_wCRLVH1GSfq012tg5R0oazL6-H94IJ99nFpI2OHpyIpXAkp7XEgajqwLZyBLV1qX1X0bNnWPV0NRYVgu4gcISIfjqfRTPG_wgreaqmQ82jtyWi8x6j9bExuSiDs53NtawQMgX6nAInFfcdXsXMJQGOWiTiw-qRlPQaiqsTBPR2-Wb-9Fbhr9-x52vdztRsYYwWjqKVhvLUod6LcvJDTyEYHeh-RlF27C5FjUI6a6m3yF0gU0_BZSwvDggdg7szdAgWuc5ckjPBj5aCgoapUOIfRhyYpcoAvnuYonATdJAqPc07Le1oO3cjinH5W_9f1X3gh5QxysUWMmjw4sgilRu8r2TCBFB_-EbnYMF5TImu-yZapPmQCR1JBkm8a6_iSTCnFsOh_qpI6UJT3z00ZmyxCjNLOTsVPQCUFj3ZGyY0SNUnlZxsKp9LOon_pdUm0UrQUrnjJjMmboXgUk64QsTRD3lr4wf6IOtzgiBPeGrvlliVEpOH1_8PQi-YGt4Uj_Bg-VlLrlan1dsdzy9hs6uiY4yIGAYLbz85WizhpgXjDrHnGSI9YUhqJH89aTAIQ5xfzBwBf_qSVGgvkIez0Ec71STVBmqZ3byNqPgH5CwVUzoP3m8GEQP8-NOkxCsTeAHcN7MyJrSaY74kzniPQ0XqXEM18m_dqeW29ImEW4ZZqLAWWUImyy_6LLm7CqzINfvLswYXsH7x7cjXUxEQv1EZarnqCCIdZa7zczvlMb--SgLodyQ-ThrvDk3qfnX5bN3dH_5lKloSQfaOuqKSwk2_7gfSDJwexwYTEatWuVqYgtkD37uU4I5pEgxn6kVRlGwihQ5-qLaMfneviBT413AjiNaOvAl_KXZqnQk9XUiEVn1CBiswLU_fzhwQaIxxYMPI5ocoX4G0VgWQ_Vw_kqufgpNIyV0mt6zoZaLzXRgqHPmnggO2ZpqYTn2msIpIVrcBVRQ2zT-NVtz4dqa57Lkw9TZTjRNgm_U-t_8yEQqkCgrdIi_1y5T9fhKxY70Zy3Hk66sK53Bj_NqWuGXLE9kG_fveryP0zndv2NdwZtMRnhDadr2UZQk5uo8yBT9jBfpoBw6SaBuEgKsK5GauxDPEqjnoli-qz6RXG3YMuCR_XCKtewyrKwGtHYQJUtKkVBDYck36i0WNj2gvtCnoezI8s8mkOGIGLJkwSIrahtRQv10P-3ErbxmX32L9BjYXff7vD7rnJUx7YX350EEUBLKXI0lowQ3cy9Sv6m1ukX2tcz-KW-VzxQ-brSoE1nsditvxTZZkSgtpbyVYX44ohM1nmn_0MjMfKYktlKmxamFVO5nPVTTUEdULV0GaxBsiFnVqr_qrGXvVMku5h451kX4sYvN_Tg91qN0-Jb3QxaJJZcLmX5eXV68ukhfyi8UmA4mEcYykcdP-C0n6VtBQ5d1tr3kCdbOCfkPnSFpwQqfxZtr7MAAPFsAGrp1MHpXvujbSGexN45yVIBIy_7sf_UzShRx3E8eZB
The $.response.key.key.key_hsm
property, when Base64URL-decoded has the following content:
{
"schema_version": "1.0",
"header": {
"kid": "TpmEphemeralEncryptionKey",
"alg": "dir",
"enc": "CKM_RSA_AES_KEY_WRAP"
},
"ciphertext": "2gIH69EmJQT93vOkCpVf9z0jpXu0kKacZacD6VJ0A6-IU5tJ78TJ4v4o8OMUA1_q4TLzIbjm48eDay3wsKI7iSY4E0aotHzAB7NupUVGkpL7s532_pG5BQbNOs00ynNTei01hRGLCNVCLLfec8ltn1TYa6niy5PAhk7ghlhMbcP5EYkpMsz74pBmgCt86lyy0Ui1_yiM9QqwHFhpOkkFvXOCvdctNQa08VB7ZmrXnrCANFGhgWHxBM9opxcSiseqM4RBf9qhPLf8e-9eu-YVWJ33anuOJNeeGwKPYO__ricIenJhJAGoyI8715QCCuA4Su49oAJx07Qop5Su3dJoxF1JAZnKtM1xASfdVX4TpQepMJ8yXw4-HGafb4nNthUYGt3Lb_O47gCgvwQQU1pxXX1IBME9QDxfnOVXG6Z2d9NJWlS-mBUTVUjwuSiAR5b3atqqSjgZvLdqO5Micvz4mOuXGimhpx0V3-UOkXaLqf8fkuho1AmsfSsVkqjlnp3fhjBMsQDXv4vvW3C73QFSVa_aYVqD5BXHiy6o6ONkVmbu0T7GF4qxcUPF3eR8GytGJsntXyjX2429QCD7FG2_BawKNYPcZpGmvE-DFUn9p15csEdhJmeOHbMFS_yGZ6vQwnmyYwDw0zGujZdvH6GpBCMgwdZz_8ySF0bLNhQyvUP6yfCX3JpzKW7QCAqOohxfN0QLFAo0PYGjatwx6vhe4o9Ku838I96jia66f_GbBk5yFzle33MPygYfpUoaCX1Flw90vvGyXo-nurXkwkytI3ZiwblRuSukizGlAYs3_Jw1sdORy_rqK2ebXUZZMcdZ6qbaJ8-ySPhI5b0_gqVBIi8eODG8xzY7DmLqWlBBUihyjDuTRGgFnslIjjioXZwiEa_D-K38FFOKCroE3dyQoIKmxx6sXMfiwTBbQ00KBJmR8mfgtwoTkkz9KBDTB-fLzB4VW9f6ycdour9BSKkMTIPKQf1bXiA-3Fd83tHLeSdLYCuyYPJKnFE0-uopQC3Z1Z1zsIQEZ8kHm_L1YnT2eA_vSj4ZqEFE3Vj73j_9zeSXan2aJACb1ZJf3qeaU6MOz6KV-UXdYyTNJ5ysbv9I-tmi84zZsF5xEEnwn0Ll0Kqj-Lv_DQQtfcIuUvfYkBmAj1b92OqtemjkCceU5Tei5CC4gS9QGCkiQ4K9E6h-JJaXcBOH-LlRn-arT2gwYKS_eUq-CStX_Hp_CI65mqQn6wVArbEMqEbwvaEMsyTFNUhqDuG54E5oER6zot1YKDY3LB8opb78bPi8dtTuT8g9F2mBijJLAIjYuH93HKZfMgmRYDCqhZ5C8S9iO-dyACXyuoz7w1LOnhR4V2nu9mo-3odB9s6Ich8L-ZbIxq4jYj9CeGEY3p65mp-JV00JEVZ2L38YZ5U0Z2qPSM7W3qne7x9oyQyEJWYM13-5SF2NQgH_atUsZLHF2TlFCdtTuuCWXluM8Btio5knFD-E_g-pqLgfJzjXPWz--Kn4Nu7nytvFog7tVBi1BnE-3qw52CddoX1VHMtmVoHMO9AFt49yf0sR4HiSC7JB6W2nYnn-uwx-xH6WFBuwPn0NA0ry5LaSSFz0j7eNkKwiMKkEjGUgp3qgQFYzrvUFVWGVcQH8eXob8QIc5GjwAMyoAZ7SkOUG-aavqYRrfIGTmCghBYziKcChnd1Yk301nWkbND0q7jD1-5iEEDpdDm5qdsy3CanC3V573AcWXIgA1FuwUUg1B9Scnty_xUbqXajEA-fHJI-NwH8gHxncMmdXkRXFsk-S2L9tCR56oQoMHzamUxPOS-M3obErzJaMr7egI4o4mDSK0vLXzDVb7aaVBfVd4jFpk8PprTFdHF2RLSv-drVzXVQBqaqixKv6VpOB8fBpKj676YDzqFd0G74b2pTvtf9ZIcc0LgcuOqK8ix0IfCfiExI74cVRWiOLtY8JUci2EGDkLpgQWv5h88S2ccYPfa7YjbgSYp5ehP9KkdE_o3R_Uhvuwkw1r9HR_wCRLVH1GSfq012tg5R0oazL6-H94IJ99nFpI2OHpyIpXAkp7XEgajqwLZyBLV1qX1X0bNnWPV0NRYVgu4gcISIfjqfRTPG_wgreaqmQ82jtyWi8x6j9bExuSiDs53NtawQMgX6nAInFfcdXsXMJQGOWiTiw-qRlPQaiqsTBPR2-Wb-9Fbhr9-x52vdztRsYYwWjqKVhvLUod6LcvJDTyEYHeh-RlF27C5FjUI6a6m3yF0gU0_BZSwvDggdg7szdAgWuc5ckjPBj5aCgoapUOIfRhyYpcoAvnuYonATdJAqPc07Le1oO3cjinH5W_9f1X3gh5QxysUWMmjw4sgilRu8r2TCBFB_-EbnYMF5TImu-yZapPmQCR1JBkm8a6_iSTCnFsOh_qpI6UJT3z00ZmyxCjNLOTsVPQCUFj3ZGyY0SNUnlZxsKp9LOon_pdUm0UrQUrnjJjMmboXgUk64QsTRD3lr4wf6IOtzgiBPeGrvlliVEpOH1_8PQi-YGt4Uj_Bg-VlLrlan1dsdzy9hs6uiY4yIGAYLbz85WizhpgXjDrHnGSI9YUhqJH89aTAIQ5xfzBwBf_qSVGgvkIez0Ec71STVBmqZ3byNqPgH5CwVUzoP3m8GEQP8-NOkxCsTeAHcN7MyJrSaY74kzniPQ0XqXEM18m_dqeW29ImEW4ZZqLAWWUImyy_6LLm7CqzINfvLswYXsH7x7cjXUxEQv1EZarnqCCIdZa7zczvlMb--SgLodyQ-ThrvDk3qfnX5bN3dH_5lKloSQfaOuqKSwk2_7gfSDJwexwYTEatWuVqYgtkD37uU4I5pEgxn6kVRlGwihQ5-qLaMfneviBT413AjiNaOvAl_KXZqnQk9XUiEVn1CBiswLU_fzhwQaIxxYMPI5ocoX4G0VgWQ_Vw_kqufgpNIyV0mt6zoZaLzXRgqHPmnggO2ZpqYTn2msIpIVrcBVRQ2zT-NVtz4dqa57Lkw9TZTjRNgm_U-t_8yEQqkCgrdIi_1y5T9fhKxY70Zy3Hk66sK53Bj_NqWuGXLE9kG_fveryP0zndv2NdwZtMRnhDadr2UZQk5uo8yBT9jBfpoBw6SaBuEgKsK5GauxDPEqjnoli-qz6RXG3YMuCR_XCKtewyrKwGtHYQJUtKkVBDYck36i0WNj2gvtCnoezI8s8mkOGIGLJkwSIrahtRQv10P-3ErbxmX32L9BjYXff7vD7rnJUx7YX350EEUBLKXI0lowQ3cy9Sv6m1ukX2tcz-KW-VzxQ-brSoE1nsditvxTZZkSgtpbyVYX44ohM1nmn_0MjMfKYktlKmxamFVO5nPVTTUEdULV0GaxBsiFnVqr_qrGXvVMku5h451kX4sYvN_Tg91qN0-Jb3QxaJJZcLmX5eXV68ukhfyi8UmA4mEcYykcdP-C0n6VtBQ5d1tr3kCdbOCfkPnSFpwQqfxZtr7MAAPFsAGrp1MHpXvujbSGexN45yVIBIy_7sf_UzShRx3E8eZB"
}
According to the sample code, the “encrypted bytes length” should be 2640 bytes. This is correct, we can also check this using PowerShell quite easily.
function ConvertTo-ByteArray {
param (
[string]$Base64UrlEncodedData
)
$Base64EncodedString = ConvertTo-Base64EncodedString -Base64UrlEncodedData $Base64UrlEncodedData
return [Convert]::FromBase64String($Base64EncodedString)
}
function ConvertTo-Base64EncodedString {
param (
[string]$Base64UrlEncodedData
)
$Base64EncodedString = $Base64UrlEncodedData.Replace('-', '+').Replace('_', '/')
switch ($Base64EncodedString.Length % 4) {
0 { break; }
2 { $Base64EncodedString += '=='; break; }
3 { $Base64EncodedString += '='; break; }
}
return $Base64EncodedString
}
$ciperText = "2gIH69EmJQT93vOkCpVf9z0jpXu0kKacZacD6VJ0A6-IU5tJ78TJ4v4o8OMUA1_q4TLzIbjm48eDay3wsKI7iSY4E0aotHzAB7NupUVGkpL7s532_pG5BQbNOs00ynNTei01hRGLCNVCLLfec8ltn1TYa6niy5PAhk7ghlhMbcP5EYkpMsz74pBmgCt86lyy0Ui1_yiM9QqwHFhpOkkFvXOCvdctNQa08VB7ZmrXnrCANFGhgWHxBM9opxcSiseqM4RBf9qhPLf8e-9eu-YVWJ33anuOJNeeGwKPYO__ricIenJhJAGoyI8715QCCuA4Su49oAJx07Qop5Su3dJoxF1JAZnKtM1xASfdVX4TpQepMJ8yXw4-HGafb4nNthUYGt3Lb_O47gCgvwQQU1pxXX1IBME9QDxfnOVXG6Z2d9NJWlS-mBUTVUjwuSiAR5b3atqqSjgZvLdqO5Micvz4mOuXGimhpx0V3-UOkXaLqf8fkuho1AmsfSsVkqjlnp3fhjBMsQDXv4vvW3C73QFSVa_aYVqD5BXHiy6o6ONkVmbu0T7GF4qxcUPF3eR8GytGJsntXyjX2429QCD7FG2_BawKNYPcZpGmvE-DFUn9p15csEdhJmeOHbMFS_yGZ6vQwnmyYwDw0zGujZdvH6GpBCMgwdZz_8ySF0bLNhQyvUP6yfCX3JpzKW7QCAqOohxfN0QLFAo0PYGjatwx6vhe4o9Ku838I96jia66f_GbBk5yFzle33MPygYfpUoaCX1Flw90vvGyXo-nurXkwkytI3ZiwblRuSukizGlAYs3_Jw1sdORy_rqK2ebXUZZMcdZ6qbaJ8-ySPhI5b0_gqVBIi8eODG8xzY7DmLqWlBBUihyjDuTRGgFnslIjjioXZwiEa_D-K38FFOKCroE3dyQoIKmxx6sXMfiwTBbQ00KBJmR8mfgtwoTkkz9KBDTB-fLzB4VW9f6ycdour9BSKkMTIPKQf1bXiA-3Fd83tHLeSdLYCuyYPJKnFE0-uopQC3Z1Z1zsIQEZ8kHm_L1YnT2eA_vSj4ZqEFE3Vj73j_9zeSXan2aJACb1ZJf3qeaU6MOz6KV-UXdYyTNJ5ysbv9I-tmi84zZsF5xEEnwn0Ll0Kqj-Lv_DQQtfcIuUvfYkBmAj1b92OqtemjkCceU5Tei5CC4gS9QGCkiQ4K9E6h-JJaXcBOH-LlRn-arT2gwYKS_eUq-CStX_Hp_CI65mqQn6wVArbEMqEbwvaEMsyTFNUhqDuG54E5oER6zot1YKDY3LB8opb78bPi8dtTuT8g9F2mBijJLAIjYuH93HKZfMgmRYDCqhZ5C8S9iO-dyACXyuoz7w1LOnhR4V2nu9mo-3odB9s6Ich8L-ZbIxq4jYj9CeGEY3p65mp-JV00JEVZ2L38YZ5U0Z2qPSM7W3qne7x9oyQyEJWYM13-5SF2NQgH_atUsZLHF2TlFCdtTuuCWXluM8Btio5knFD-E_g-pqLgfJzjXPWz--Kn4Nu7nytvFog7tVBi1BnE-3qw52CddoX1VHMtmVoHMO9AFt49yf0sR4HiSC7JB6W2nYnn-uwx-xH6WFBuwPn0NA0ry5LaSSFz0j7eNkKwiMKkEjGUgp3qgQFYzrvUFVWGVcQH8eXob8QIc5GjwAMyoAZ7SkOUG-aavqYRrfIGTmCghBYziKcChnd1Yk301nWkbND0q7jD1-5iEEDpdDm5qdsy3CanC3V573AcWXIgA1FuwUUg1B9Scnty_xUbqXajEA-fHJI-NwH8gHxncMmdXkRXFsk-S2L9tCR56oQoMHzamUxPOS-M3obErzJaMr7egI4o4mDSK0vLXzDVb7aaVBfVd4jFpk8PprTFdHF2RLSv-drVzXVQBqaqixKv6VpOB8fBpKj676YDzqFd0G74b2pTvtf9ZIcc0LgcuOqK8ix0IfCfiExI74cVRWiOLtY8JUci2EGDkLpgQWv5h88S2ccYPfa7YjbgSYp5ehP9KkdE_o3R_Uhvuwkw1r9HR_wCRLVH1GSfq012tg5R0oazL6-H94IJ99nFpI2OHpyIpXAkp7XEgajqwLZyBLV1qX1X0bNnWPV0NRYVgu4gcISIfjqfRTPG_wgreaqmQ82jtyWi8x6j9bExuSiDs53NtawQMgX6nAInFfcdXsXMJQGOWiTiw-qRlPQaiqsTBPR2-Wb-9Fbhr9-x52vdztRsYYwWjqKVhvLUod6LcvJDTyEYHeh-RlF27C5FjUI6a6m3yF0gU0_BZSwvDggdg7szdAgWuc5ckjPBj5aCgoapUOIfRhyYpcoAvnuYonATdJAqPc07Le1oO3cjinH5W_9f1X3gh5QxysUWMmjw4sgilRu8r2TCBFB_-EbnYMF5TImu-yZapPmQCR1JBkm8a6_iSTCnFsOh_qpI6UJT3z00ZmyxCjNLOTsVPQCUFj3ZGyY0SNUnlZxsKp9LOon_pdUm0UrQUrnjJjMmboXgUk64QsTRD3lr4wf6IOtzgiBPeGrvlliVEpOH1_8PQi-YGt4Uj_Bg-VlLrlan1dsdzy9hs6uiY4yIGAYLbz85WizhpgXjDrHnGSI9YUhqJH89aTAIQ5xfzBwBf_qSVGgvkIez0Ec71STVBmqZ3byNqPgH5CwVUzoP3m8GEQP8-NOkxCsTeAHcN7MyJrSaY74kzniPQ0XqXEM18m_dqeW29ImEW4ZZqLAWWUImyy_6LLm7CqzINfvLswYXsH7x7cjXUxEQv1EZarnqCCIdZa7zczvlMb--SgLodyQ-ThrvDk3qfnX5bN3dH_5lKloSQfaOuqKSwk2_7gfSDJwexwYTEatWuVqYgtkD37uU4I5pEgxn6kVRlGwihQ5-qLaMfneviBT413AjiNaOvAl_KXZqnQk9XUiEVn1CBiswLU_fzhwQaIxxYMPI5ocoX4G0VgWQ_Vw_kqufgpNIyV0mt6zoZaLzXRgqHPmnggO2ZpqYTn2msIpIVrcBVRQ2zT-NVtz4dqa57Lkw9TZTjRNgm_U-t_8yEQqkCgrdIi_1y5T9fhKxY70Zy3Hk66sK53Bj_NqWuGXLE9kG_fveryP0zndv2NdwZtMRnhDadr2UZQk5uo8yBT9jBfpoBw6SaBuEgKsK5GauxDPEqjnoli-qz6RXG3YMuCR_XCKtewyrKwGtHYQJUtKkVBDYck36i0WNj2gvtCnoezI8s8mkOGIGLJkwSIrahtRQv10P-3ErbxmX32L9BjYXff7vD7rnJUx7YX350EEUBLKXI0lowQ3cy9Sv6m1ukX2tcz-KW-VzxQ-brSoE1nsditvxTZZkSgtpbyVYX44ohM1nmn_0MjMfKYktlKmxamFVO5nPVTTUEdULV0GaxBsiFnVqr_qrGXvVMku5h451kX4sYvN_Tg91qN0-Jb3QxaJJZcLmX5eXV68ukhfyi8UmA4mEcYykcdP-C0n6VtBQ5d1tr3kCdbOCfkPnSFpwQqfxZtr7MAAPFsAGrp1MHpXvujbSGexN45yVIBIy_7sf_UzShRx3E8eZB"
$ciperBytes = ConvertTo-ByteArray -Base64UrlEncodedData $ciperText
"Encrypted bytes length: {0}" -f $ciperBytes.Length | Write-Host
# Encrypted bytes length: 2640 π₯³
Last year, I successfully reached this stage using PowerShell, but now it’s time to let the tpm2-tss
and curl
libraries shine as they perform the final steps in the decryption process. Initially, I found the process of CKM_RSA_AES_KEY_UNWRAP
on the private key a bit unclear. Luckily, I stumbled upon some valuable clues in Key Vault’s Bring your own key specification documentation, specifically concerning the encoding (enc) used:
β οΈ Note: these clues are related to the WRAPPING process, not the UNwrapping process. But I assumed that I had to perform these steps in reverse order.
The bytes for the plaintext key are then transformed using the CKM_RSA_AES_KEY_WRAP mechanism:
- An ephemeral AES key is generated and encrypted with the wrapping RSA key using RSA-OAEP with SHA1.
- The encoded plaintext key is encrypted using the AES key using AES Key Wrap with Padding.
- The encrypted AES key and the encrypted plaintext key are concatenated to produce the final ciphertext blob.
As I examined the final steps of the algorithm employed by the sample application, things began to fall into place. It’s important to emphasize once more that the value for $.response.key.key.key_hsm.ciphertext
is, as mentioned, a concatenation of two encrypted byte arrays, which have been Base64URL-encoded. It’s worth noting that the encrypted byte array size was previously determined to be 2640 bytes.
# After base64URL-decoding the ciphertext, we are left with:
<encrypted-byte-array-of-AES-key><encrypted-byte-array-of-RSA-key>
# Encrypted bytes length: 2640
First, we need to obtain and decrypt the AES transfer key using an ephemeral vTPM key. With the decrypted AES key, we can proceed with decrypting our private RSA key.
In this section of the code, a specific amount of bytes are decrypted by an ephemeral key generated by the vTPM.
The number of bytes we need to decrypt depends on the size of the RSA key. In this instance, with a 4096-bit key, we divide it by 8 to get a size of 512 bytes, as so: 4096-bits / 8 = 512 bytes
. If my math is correct, it results in the following breakdown:
- Encrypted byte array AES key
- Starting index: 0
- End index: 511
- Length: 512 bytes
- Encrypted byte array RSA key
- Starting index: 512
- End index: 2639
- Length: 2128 bytes
Decrypted Transfer key: giX9iA2RcG5zJ78pbn6p3vUL4DJOKWmYB7yF6GQP078
Afterwards, the remaining bytes from the ciphertext byte array, starting from offset 512 are decrypted by the decrypt_aes_key_unwrap() function. The result is a decrypted and completely functional CMK private key.
Entering decrypt_aes_key_unwrap()
Exiting decrypt_aes_key_unwrap()
CMK private key has length=2375
Decrypted CMK in base64url: MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCx5hjiQG7Rbbl4xVeOi7UZRoPubeyOAEcpykqNt5MJQHe9TUQUyZsXhPFmBi13KFnv03vkn515qB9NtIOXrY2Atcnc-s2G63BSRrhUo7mkw-0ZzH5arZ5cvz2xK7X13tFbBm4F-m-tdQyW33Ucs7c2oqNbxP3IcAM3YPQE8bqWYhVOpAZO0u4cBLsmyCQsn-YKXA8E0wEyt76FMiaecSu46PwOSs-iSeyw8iAaPrH_ROsuYW_8POQoPrERvtvaiGrk7LfT1pxlkw_BVyCj6v3WqxM3U-he8mpZvDlkZqtpIqe-CFxVGTL_8hQ6gcsN8v9ciVz2cDS0_WjrKdx0FVoKM5V9KAl82AFqvRRXx-RnxLJbv2fPh_RP7MLFfDcQFZyMj5VGRhBIFg5UKjRarA4RjG1OW16uIS9-LBiO22My1-WTxAn02OzxmrthAnoRfdOp4Pd0tIgn58-ueHKjrS2DPv-Go-3Kp-iUyV-0KVTMd3H9FB7Cu7QAzM7ttNU7EYG9UcKgNJHSF3FNBjcY80Mgh5gh_QvfKTkuvdDXnLyQhKdn4ZB0yEMT-c_W90HkM62qtUfmHBqk6Vp9nJ_FTiiHJswIO9Z60hCk2U5gbZ-kD8BaUu1aFMqu3TsQi_-TDYm4YvBgVTDVFVTM3ETo-FLsLtYz81yoOZ8k7R-NuBDW_wIDAQABAoICAH22hE8eCTGlwDNAASeSQl-iHQkYVNnkCGXXted_mkAndnYna7zk2tw77fqS0v4pXaTEZgChar7Vt4lJztQYqK4TyJqIAUUeizkZEJl_OWjdq2dXwtKBbi9MVWQl52fgFUGlwYon91M0K7lSH4gw13-cXqQzCMPjo-I2eTolOB2dIkF4V5zMIcda8IXvWODP_dfERji6g1Y70j59uhytDKCWw8e1xhSA-OnxsA3b0Bz7rtYPtPsibHikFKzdmq9LR36OaTkhp1OAINoXn9E19jsEmYe3m7W8yLqw8D2q7-ZTvwXjEpxwOkHz56eQoNUyqpHR4AemMxjTGplT8510mTL6vgliWMp85wf04QC2Ybk6mmH_PPjvkjvlyq9TpNFV66ZR3A_JqGL-kZbgFFcS9-40gKew5gDSKNRIoRURgb0k80NQJqrtRuvE_xlUsMg0YhHOz-7x93eTqBrya3hiuuuQ9MsMbGVdePlnaw9s5DaMw5zuT5gSaYparsIFBlP4leKbHDgMQ3O7WZWMJZU_M-KGw5JCSPxl8OGxEhhjEI5HK2sic8KMWDDk1aY8YRRDbFkNYCgjD7gQhicVxMyh7UQ-LDt_I6djq_FHznrXIAO1Nyy-Z-oD8G0LerfLkK0yzFUEnwalXyOyujgF-PKVnbiZ8d20X9NDHjrmJtEEzYeBAoIBAQD659EPTOaOLXmCR6cRIjbkTOGiuqz8T8oemBbBfdMe_YQfNEeRX4Wg4T0GgLIlNm6rjwKL92Xe2rGGsoacwsd_iMxEtDAWaTPltjRDspDuFLBdc3xdJVBalRuKN2Y7dzoSJjTOnLYNA4xd7ksDs3ejl-wGcJN3LpYtTww7JI0oN0rMx0map4mg061NQwarqdbcHq2HwU4zUf632U81i30WxyiH5Y3n10LDL0IwcyDkTjmnwEa2vzJEEIThE2FJ6y6Mp2EDiX1XCKyH2GsS479vshVfqRYLxBdco3nwdX7x6KqDYiWiTx5pYoCodrhLVt5EqxqB4YbRNjkWcE6awh0HAoIBAQC1gsxrr0s2Z_hT6YlFfjljLzxTQG_R8BQcZyZQetudtTV4dVPvD_GD9xDDJdf7BLxqAaaAIGKdSU9yNEuf1S7yB-qL4hE94hrFuF7qgMO0s-3g5v6-Ned0ShqALA5yRMckRJRhXseEIS5Fed0NdwlKk01n0tp7vspAX065_JpIZtHx0XFaTgwmxBeIKNH_u2rdoemGbm_6HoLXBtNUnQOOGrIpbX6OjSz9dN-ADnulViytKe4ubz3ukwc3Nx4nNWVzn5SgzTKBmg0rkGNvi_Dj1PJyHP6V8ncnkzE3aynNNyTdAzjcgbO-IhYS5ifAOClg2JVczIAorZB_EloogPBJAoIBAQDvzo0EIK3jihcuq6lEOP1Z6xllXSJk7SXzY82sFcSpRAj5ghA9I50mjOC0zGB4LLROCJuYh1a4TzGJ2ivKvGfMv0TtDYNAiEBv91uwsITQ6LlAOFbO-BD64rS1wAlYILZCDn4-U420loWcaVsNKITauSN_bC2lpcMnfvvjsyWvIFm_q2HwDNz_-BEVXVCM1gFj1XZp4BoL9vyLX4nTVYSzNprIeGDPC_DleM-8Wu0_CH0WljGADPHQGDHIpatA6SVOjdOte8VuX_32wKRmI4MfEIhZK9TEXiEuC5lKeCJit8vxUudBYHlipCDv4rh2WYqK-zaUmKcwYrDhf2nBhHIVAoIBAAeuz6RHOTHGWNaEbhEI9LjkCPOlKJaESPWi0BZb_OvB_c9pd_IIhLqHPKhl86xmWOtLwpZtyH7L2ZcF66WKSoBoIV9mZEBwT53K3gmjBaWicBEy9dlrQq7DbDe8pafkjWFVnco5Tsyi8uhx7g9h2HzVm1Mns6PFQZ5T6mso7Abgg0ZvDRM7dnw1lKFoyOrALhfPgKj2B7tYi0U6vrs4IixjqOLkBZVXGG5qAgPTmRw4d4-k1LYWc1Kj2oxVwur58Z9hQ9NCnD6sHJ6Zb_wKulmKa_C0lXoXVz_PlSe5W32aNe888a0zuD32B2UpZMlYFzhIMppI9avDHPij-Dj6rDECggEBAO4M0izQJcmeOPZdjIAM_nbzFr8e7WjD4G-mHWsEbjZWXt7jK95gLkpUZg1jtwxnSj6KLmxeNUto9BIuX3NA2BBQ4WBpn2p3Bpz5nprUx1AdU6AkDHvKFFxjB4a0n0j4q8hKQDVv5_KM-CaQgCFgGRUXB0WJUy9QOC4rTkuqtTfEmE7B3Erh9I6LYxbssFgdbjJ5C3dooITPU_-S0aCk2F7EhLeLSMK9MNqggB6yYif7QRIXwAnmcj926cDTQiQI7hGxSY6NHxdF6dUO4kD9_wjZjrJEe5_0hbN3Z6agQmMif5CRIiDqt2PmshW8xdPeIXQ3cMSUSe69CKowX4auXKs
Decrypted CMK in hex: 30820943020100300d06092a864886f70d01010105000482092d308209290201000282020100b1e618e2406ed16db978c5578e8bb5194683ee6dec8e004729ca4a8db793094077bd4d4414c99b1784f166062d772859efd37be49f9d79a81f4db48397ad8d80b5c9dcfacd86eb705246b854a3b9a4c3ed19cc7e5aad9e5cbf3db12bb5f5ded15b066e05fa6fad750c96df751cb3b736a2a35bc4fdc870033760f404f1ba9662154ea4064ed2ee1c04bb26c8242c9fe60a5c0f04d30132b7be8532269e712bb8e8fc0e4acfa249ecb0f2201a3eb1ff44eb2e616ffc3ce4283eb111bedbda886ae4ecb7d3d69c65930fc15720a3eafdd6ab133753e85ef26a59bc396466ab6922a7be085c551932fff2143a81cb0df2ff5c895cf67034b4fd68eb29dc74155a0a33957d28097cd8016abd1457c7e467c4b25bbf67cf87f44fecc2c57c3710159c8c8f9546461048160e542a345aac0e118c6d4e5b5eae212f7e2c188edb6332d7e593c409f4d8ecf19abb61027a117dd3a9e0f774b48827e7cfae7872a3ad2d833eff86a3edcaa7e894c95fb42954cc7771fd141ec2bbb400ccceedb4d53b1181bd51c2a03491d217714d063718f34320879821fd0bdf29392ebdd0d79cbc9084a767e19074c84313f9cfd6f741e433adaab547e61c1aa4e95a7d9c9fc54e288726cc083bd67ad210a4d94e606d9fa40fc05a52ed5a14caaedd3b108bff930d89b862f0605530d51554ccdc44e8f852ec2ed633f35ca8399f24ed1f8db810d6ff0203010001028202007db6844f1e0931a5c03340012792425fa21d091854d9e40865d7b5e77f9a40277676276bbce4dadc3bedfa92d2fe295da4c46600a16abed5b78949ced418a8ae13c89a8801451e8b391910997f3968ddab6757c2d2816e2f4c556425e767e01541a5c18a27f753342bb9521f8830d77f9c5ea43308c3e3a3e236793a25381d9d224178579ccc21c75af085ef58e0cffdd7c44638ba83563bd23e7dba1cad0ca096c3c7b5c61480f8e9f1b00ddbd01cfbaed60fb4fb226c78a414acdd9aaf4b477e8e693921a7538020da179fd135f63b049987b79bb5bcc8bab0f03daaefe653bf05e3129c703a41f3e7a790a0d532aa91d1e007a63318d31a9953f39d749932fabe096258ca7ce707f4e100b661b93a9a61ff3cf8ef923be5caaf53a4d155eba651dc0fc9a862fe9196e0145712f7ee3480a7b0e600d228d448a1151181bd24f3435026aaed46ebc4ff1954b0c8346211cecfeef1f77793a81af26b7862baeb90f4cb0c6c655d78f9676b0f6ce4368cc39cee4f9812698a5aaec2050653f895e29b1c380c4373bb59958c25953f33e286c3924248fc65f0e1b1121863108e472b6b2273c28c5830e4d5a63c6114436c590d6028230fb810862715c4cca1ed443e2c3b7f23a763abf147ce7ad72003b5372cbe67ea03f06d0b7ab7cb90ad32cc55049f06a55f23b2ba3805f8f2959db899f1ddb45fd3431e3ae626d104cd87810282010100fae7d10f4ce68e2d798247a7112236e44ce1a2baacfc4fca1e9816c17dd31efd841f3447915f85a0e13d0680b225366eab8f028bf765dedab186b2869cc2c77f88cc44b430166933e5b63443b290ee14b05d737c5d25505a951b8a37663b773a122634ce9cb60d038c5dee4b03b377a397ec067093772e962d4f0c3b248d28374accc7499aa789a0d3ad4d4306aba9d6dc1ead87c14e3351feb7d94f358b7d16c72887e58de7d742c32f42307320e44e39a7c046b6bf32441084e1136149eb2e8ca76103897d5708ac87d86b12e3bf6fb2155fa9160bc4175ca379f0757ef1e8aa836225a24f1e696280a876b84b56de44ab1a81e186d1363916704e9ac21d070282010100b582cc6baf4b3667f853e989457e39632f3c53406fd1f0141c6726507adb9db535787553ef0ff183f710c325d7fb04bc6a01a68020629d494f72344b9fd52ef207ea8be2113de21ac5b85eea80c3b4b3ede0e6febe35e7744a1a802c0e7244c7244494615ec784212e4579dd0d77094a934d67d2da7bbeca405f4eb9fc9a4866d1f1d1715a4e0c26c4178828d1ffbb6adda1e9866e6ffa1e82d706d3549d038e1ab2296d7e8e8d2cfd74df800e7ba5562cad29ee2e6f3dee930737371e273565739f94a0cd32819a0d2b90636f8bf0e3d4f2721cfe95f277279331376b29cd3724dd0338dc81b3be221612e627c0382960d8955ccc8028ad907f125a2880f0490282010100efce8d0420ade38a172eaba94438fd59eb19655d2264ed25f363cdac15c4a94408f982103d239d268ce0b4cc60782cb44e089b988756b84f3189da2bcabc67ccbf44ed0d834088406ff75bb0b084d0e8b9403856cef810fae2b4b5c0095820b6420e7e3e538db496859c695b0d2884dab9237f6c2da5a5c3277efbe3b325af2059bfab61f00cdcfff811155d508cd60163d57669e01a0bf6fc8b5f89d35584b3369ac87860cf0bf0e578cfbc5aed3f087d169631800cf1d01831c8a5ab40e9254e8dd3ad7bc56e5ffdf6c0a46623831f1088592bd4c45e212e0b994a782262b7cbf152e741607962a420efe2b876598a8afb369498a73062b0e17f69c18472150282010007aecfa4473931c658d6846e1108f4b8e408f3a528968448f5a2d0165bfcebc1fdcf6977f20884ba873ca865f3ac6658eb4bc2966dc87ecbd99705eba58a4a8068215f666440704f9dcade09a305a5a2701132f5d96b42aec36c37bca5a7e48d61559dca394ecca2f2e871ee0f61d87cd59b5327b3a3c5419e53ea6b28ec06e083466f0d133b767c3594a168c8eac02e17cf80a8f607bb588b453abebb38222c63a8e2e4059557186e6a0203d3991c38778fa4d4b6167352a3da8c55c2eaf9f19f6143d3429c3eac1c9e996ffc0aba598a6bf0b4957a17573fcf9527b95b7d9a35ef3cf1ad33b83df607652964c958173848329a48f5abc31cf8a3f838faac310282010100ee0cd22cd025c99e38f65d8c800cfe76f316bf1eed68c3e06fa61d6b046e36565edee32bde602e4a54660d63b70c674a3e8a2e6c5e354b68f4122e5f7340d81050e160699f6a77069cf99e9ad4c7501d53a0240c7bca145c630786b49f48f8abc84a40356fe7f28cf82690802160191517074589532f50382e2b4e4baab537c4984ec1dc4ae1f48e8b6316ecb0581d6e32790b7768a084cf53ff92d1a0a4d85ec484b78b48c2bd30daa0801eb26227fb411217c009e6723f76e9c0d3422408ee11b1498e8d1f1745e9d50ee240fdff08d98eb2447b9ff485b37767a6a04263227f90912220eab763e6b215bcc5d3de21743770c49449eebd08aa305f86ae5cab
Key release completed successfully.
The released key is of type RSA. It can be used for wrapKey/unwrapKey operations.
We can go a step further and transform the decrypted Base64URL-encoded CMK into a PKCS#8 private key PEM file.
# ConvertTo-Base64EncodedString is define above
$keyBase64 = ConvertTo-Base64EncodedString -Base64UrlEncodedData "MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCx5hjiQG7Rbbl4xVeOi7UZRoPubeyOAEcpykqNt5MJQHe9TUQUyZsXhPFmBi13KFnv03vkn515qB9NtIOXrY2Atcnc-s2G63BSRrhUo7mkw-0ZzH5arZ5cvz2xK7X13tFbBm4F-m-tdQyW33Ucs7c2oqNbxP3IcAM3YPQE8bqWYhVOpAZO0u4cBLsmyCQsn-YKXA8E0wEyt76FMiaecSu46PwOSs-iSeyw8iAaPrH_ROsuYW_8POQoPrERvtvaiGrk7LfT1pxlkw_BVyCj6v3WqxM3U-he8mpZvDlkZqtpIqe-CFxVGTL_8hQ6gcsN8v9ciVz2cDS0_WjrKdx0FVoKM5V9KAl82AFqvRRXx-RnxLJbv2fPh_RP7MLFfDcQFZyMj5VGRhBIFg5UKjRarA4RjG1OW16uIS9-LBiO22My1-WTxAn02OzxmrthAnoRfdOp4Pd0tIgn58-ueHKjrS2DPv-Go-3Kp-iUyV-0KVTMd3H9FB7Cu7QAzM7ttNU7EYG9UcKgNJHSF3FNBjcY80Mgh5gh_QvfKTkuvdDXnLyQhKdn4ZB0yEMT-c_W90HkM62qtUfmHBqk6Vp9nJ_FTiiHJswIO9Z60hCk2U5gbZ-kD8BaUu1aFMqu3TsQi_-TDYm4YvBgVTDVFVTM3ETo-FLsLtYz81yoOZ8k7R-NuBDW_wIDAQABAoICAH22hE8eCTGlwDNAASeSQl-iHQkYVNnkCGXXted_mkAndnYna7zk2tw77fqS0v4pXaTEZgChar7Vt4lJztQYqK4TyJqIAUUeizkZEJl_OWjdq2dXwtKBbi9MVWQl52fgFUGlwYon91M0K7lSH4gw13-cXqQzCMPjo-I2eTolOB2dIkF4V5zMIcda8IXvWODP_dfERji6g1Y70j59uhytDKCWw8e1xhSA-OnxsA3b0Bz7rtYPtPsibHikFKzdmq9LR36OaTkhp1OAINoXn9E19jsEmYe3m7W8yLqw8D2q7-ZTvwXjEpxwOkHz56eQoNUyqpHR4AemMxjTGplT8510mTL6vgliWMp85wf04QC2Ybk6mmH_PPjvkjvlyq9TpNFV66ZR3A_JqGL-kZbgFFcS9-40gKew5gDSKNRIoRURgb0k80NQJqrtRuvE_xlUsMg0YhHOz-7x93eTqBrya3hiuuuQ9MsMbGVdePlnaw9s5DaMw5zuT5gSaYparsIFBlP4leKbHDgMQ3O7WZWMJZU_M-KGw5JCSPxl8OGxEhhjEI5HK2sic8KMWDDk1aY8YRRDbFkNYCgjD7gQhicVxMyh7UQ-LDt_I6djq_FHznrXIAO1Nyy-Z-oD8G0LerfLkK0yzFUEnwalXyOyujgF-PKVnbiZ8d20X9NDHjrmJtEEzYeBAoIBAQD659EPTOaOLXmCR6cRIjbkTOGiuqz8T8oemBbBfdMe_YQfNEeRX4Wg4T0GgLIlNm6rjwKL92Xe2rGGsoacwsd_iMxEtDAWaTPltjRDspDuFLBdc3xdJVBalRuKN2Y7dzoSJjTOnLYNA4xd7ksDs3ejl-wGcJN3LpYtTww7JI0oN0rMx0map4mg061NQwarqdbcHq2HwU4zUf632U81i30WxyiH5Y3n10LDL0IwcyDkTjmnwEa2vzJEEIThE2FJ6y6Mp2EDiX1XCKyH2GsS479vshVfqRYLxBdco3nwdX7x6KqDYiWiTx5pYoCodrhLVt5EqxqB4YbRNjkWcE6awh0HAoIBAQC1gsxrr0s2Z_hT6YlFfjljLzxTQG_R8BQcZyZQetudtTV4dVPvD_GD9xDDJdf7BLxqAaaAIGKdSU9yNEuf1S7yB-qL4hE94hrFuF7qgMO0s-3g5v6-Ned0ShqALA5yRMckRJRhXseEIS5Fed0NdwlKk01n0tp7vspAX065_JpIZtHx0XFaTgwmxBeIKNH_u2rdoemGbm_6HoLXBtNUnQOOGrIpbX6OjSz9dN-ADnulViytKe4ubz3ukwc3Nx4nNWVzn5SgzTKBmg0rkGNvi_Dj1PJyHP6V8ncnkzE3aynNNyTdAzjcgbO-IhYS5ifAOClg2JVczIAorZB_EloogPBJAoIBAQDvzo0EIK3jihcuq6lEOP1Z6xllXSJk7SXzY82sFcSpRAj5ghA9I50mjOC0zGB4LLROCJuYh1a4TzGJ2ivKvGfMv0TtDYNAiEBv91uwsITQ6LlAOFbO-BD64rS1wAlYILZCDn4-U420loWcaVsNKITauSN_bC2lpcMnfvvjsyWvIFm_q2HwDNz_-BEVXVCM1gFj1XZp4BoL9vyLX4nTVYSzNprIeGDPC_DleM-8Wu0_CH0WljGADPHQGDHIpatA6SVOjdOte8VuX_32wKRmI4MfEIhZK9TEXiEuC5lKeCJit8vxUudBYHlipCDv4rh2WYqK-zaUmKcwYrDhf2nBhHIVAoIBAAeuz6RHOTHGWNaEbhEI9LjkCPOlKJaESPWi0BZb_OvB_c9pd_IIhLqHPKhl86xmWOtLwpZtyH7L2ZcF66WKSoBoIV9mZEBwT53K3gmjBaWicBEy9dlrQq7DbDe8pafkjWFVnco5Tsyi8uhx7g9h2HzVm1Mns6PFQZ5T6mso7Abgg0ZvDRM7dnw1lKFoyOrALhfPgKj2B7tYi0U6vrs4IixjqOLkBZVXGG5qAgPTmRw4d4-k1LYWc1Kj2oxVwur58Z9hQ9NCnD6sHJ6Zb_wKulmKa_C0lXoXVz_PlSe5W32aNe888a0zuD32B2UpZMlYFzhIMppI9avDHPij-Dj6rDECggEBAO4M0izQJcmeOPZdjIAM_nbzFr8e7WjD4G-mHWsEbjZWXt7jK95gLkpUZg1jtwxnSj6KLmxeNUto9BIuX3NA2BBQ4WBpn2p3Bpz5nprUx1AdU6AkDHvKFFxjB4a0n0j4q8hKQDVv5_KM-CaQgCFgGRUXB0WJUy9QOC4rTkuqtTfEmE7B3Erh9I6LYxbssFgdbjJ5C3dooITPU_-S0aCk2F7EhLeLSMK9MNqggB6yYif7QRIXwAnmcj926cDTQiQI7hGxSY6NHxdF6dUO4kD9_wjZjrJEe5_0hbN3Z6agQmMif5CRIiDqt2PmshW8xdPeIXQ3cMSUSe69CKowX4auXKs"
$result = [System.Collections.Generic.List[char]]::new()
for ($i = 0; $i -lt $keyBase64.length; $i += 65) {
$result.AddRange([char[]]$keyBase64[$i..($i + 64)]) | Out-Null
if ($i + 65 -lt $keyBase64.length){
$result.Add([System.Environment]::NewLine) | Out-Null
}
}
@"
-----BEGIN PRIVATE KEY-----
$([String]::new($result))
-----END PRIVATE KEY-----
"@ | Out-File -FilePath "private.pem"
Executing this process should yield the resulting PEM file:
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCx5hjiQG7Rbbl4x
VeOi7UZRoPubeyOAEcpykqNt5MJQHe9TUQUyZsXhPFmBi13KFnv03vkn515qB9NtI
OXrY2Atcnc+s2G63BSRrhUo7mkw+0ZzH5arZ5cvz2xK7X13tFbBm4F+m+tdQyW33U
cs7c2oqNbxP3IcAM3YPQE8bqWYhVOpAZO0u4cBLsmyCQsn+YKXA8E0wEyt76FMiae
cSu46PwOSs+iSeyw8iAaPrH/ROsuYW/8POQoPrERvtvaiGrk7LfT1pxlkw/BVyCj6
v3WqxM3U+he8mpZvDlkZqtpIqe+CFxVGTL/8hQ6gcsN8v9ciVz2cDS0/WjrKdx0FV
oKM5V9KAl82AFqvRRXx+RnxLJbv2fPh/RP7MLFfDcQFZyMj5VGRhBIFg5UKjRarA4
RjG1OW16uIS9+LBiO22My1+WTxAn02OzxmrthAnoRfdOp4Pd0tIgn58+ueHKjrS2D
Pv+Go+3Kp+iUyV+0KVTMd3H9FB7Cu7QAzM7ttNU7EYG9UcKgNJHSF3FNBjcY80Mgh
5gh/QvfKTkuvdDXnLyQhKdn4ZB0yEMT+c/W90HkM62qtUfmHBqk6Vp9nJ/FTiiHJs
wIO9Z60hCk2U5gbZ+kD8BaUu1aFMqu3TsQi/+TDYm4YvBgVTDVFVTM3ETo+FLsLtY
z81yoOZ8k7R+NuBDW/wIDAQABAoICAH22hE8eCTGlwDNAASeSQl+iHQkYVNnkCGXX
ted/mkAndnYna7zk2tw77fqS0v4pXaTEZgChar7Vt4lJztQYqK4TyJqIAUUeizkZE
Jl/OWjdq2dXwtKBbi9MVWQl52fgFUGlwYon91M0K7lSH4gw13+cXqQzCMPjo+I2eT
olOB2dIkF4V5zMIcda8IXvWODP/dfERji6g1Y70j59uhytDKCWw8e1xhSA+OnxsA3
b0Bz7rtYPtPsibHikFKzdmq9LR36OaTkhp1OAINoXn9E19jsEmYe3m7W8yLqw8D2q
7+ZTvwXjEpxwOkHz56eQoNUyqpHR4AemMxjTGplT8510mTL6vgliWMp85wf04QC2Y
bk6mmH/PPjvkjvlyq9TpNFV66ZR3A/JqGL+kZbgFFcS9+40gKew5gDSKNRIoRURgb
0k80NQJqrtRuvE/xlUsMg0YhHOz+7x93eTqBrya3hiuuuQ9MsMbGVdePlnaw9s5Da
Mw5zuT5gSaYparsIFBlP4leKbHDgMQ3O7WZWMJZU/M+KGw5JCSPxl8OGxEhhjEI5H
K2sic8KMWDDk1aY8YRRDbFkNYCgjD7gQhicVxMyh7UQ+LDt/I6djq/FHznrXIAO1N
yy+Z+oD8G0LerfLkK0yzFUEnwalXyOyujgF+PKVnbiZ8d20X9NDHjrmJtEEzYeBAo
IBAQD659EPTOaOLXmCR6cRIjbkTOGiuqz8T8oemBbBfdMe/YQfNEeRX4Wg4T0GgLI
lNm6rjwKL92Xe2rGGsoacwsd/iMxEtDAWaTPltjRDspDuFLBdc3xdJVBalRuKN2Y7
dzoSJjTOnLYNA4xd7ksDs3ejl+wGcJN3LpYtTww7JI0oN0rMx0map4mg061NQwarq
dbcHq2HwU4zUf632U81i30WxyiH5Y3n10LDL0IwcyDkTjmnwEa2vzJEEIThE2FJ6y
6Mp2EDiX1XCKyH2GsS479vshVfqRYLxBdco3nwdX7x6KqDYiWiTx5pYoCodrhLVt5
EqxqB4YbRNjkWcE6awh0HAoIBAQC1gsxrr0s2Z/hT6YlFfjljLzxTQG/R8BQcZyZQ
etudtTV4dVPvD/GD9xDDJdf7BLxqAaaAIGKdSU9yNEuf1S7yB+qL4hE94hrFuF7qg
MO0s+3g5v6+Ned0ShqALA5yRMckRJRhXseEIS5Fed0NdwlKk01n0tp7vspAX065/J
pIZtHx0XFaTgwmxBeIKNH/u2rdoemGbm/6HoLXBtNUnQOOGrIpbX6OjSz9dN+ADnu
lViytKe4ubz3ukwc3Nx4nNWVzn5SgzTKBmg0rkGNvi/Dj1PJyHP6V8ncnkzE3aynN
NyTdAzjcgbO+IhYS5ifAOClg2JVczIAorZB/EloogPBJAoIBAQDvzo0EIK3jihcuq
6lEOP1Z6xllXSJk7SXzY82sFcSpRAj5ghA9I50mjOC0zGB4LLROCJuYh1a4TzGJ2i
vKvGfMv0TtDYNAiEBv91uwsITQ6LlAOFbO+BD64rS1wAlYILZCDn4+U420loWcaVs
NKITauSN/bC2lpcMnfvvjsyWvIFm/q2HwDNz/+BEVXVCM1gFj1XZp4BoL9vyLX4nT
VYSzNprIeGDPC/DleM+8Wu0/CH0WljGADPHQGDHIpatA6SVOjdOte8VuX/32wKRmI
4MfEIhZK9TEXiEuC5lKeCJit8vxUudBYHlipCDv4rh2WYqK+zaUmKcwYrDhf2nBhH
IVAoIBAAeuz6RHOTHGWNaEbhEI9LjkCPOlKJaESPWi0BZb/OvB/c9pd/IIhLqHPKh
l86xmWOtLwpZtyH7L2ZcF66WKSoBoIV9mZEBwT53K3gmjBaWicBEy9dlrQq7DbDe8
pafkjWFVnco5Tsyi8uhx7g9h2HzVm1Mns6PFQZ5T6mso7Abgg0ZvDRM7dnw1lKFoy
OrALhfPgKj2B7tYi0U6vrs4IixjqOLkBZVXGG5qAgPTmRw4d4+k1LYWc1Kj2oxVwu
r58Z9hQ9NCnD6sHJ6Zb/wKulmKa/C0lXoXVz/PlSe5W32aNe888a0zuD32B2UpZMl
YFzhIMppI9avDHPij+Dj6rDECggEBAO4M0izQJcmeOPZdjIAM/nbzFr8e7WjD4G+m
HWsEbjZWXt7jK95gLkpUZg1jtwxnSj6KLmxeNUto9BIuX3NA2BBQ4WBpn2p3Bpz5n
prUx1AdU6AkDHvKFFxjB4a0n0j4q8hKQDVv5/KM+CaQgCFgGRUXB0WJUy9QOC4rTk
uqtTfEmE7B3Erh9I6LYxbssFgdbjJ5C3dooITPU/+S0aCk2F7EhLeLSMK9MNqggB6
yYif7QRIXwAnmcj926cDTQiQI7hGxSY6NHxdF6dUO4kD9/wjZjrJEe5/0hbN3Z6ag
QmMif5CRIiDqt2PmshW8xdPeIXQ3cMSUSe69CKowX4auXKs=
-----END PRIVATE KEY-----
Using OpenSSL, we can inspect the key’s contents and there’s a couple of ways/subcommands to do this. We can either use the asn1parse
command, which is a diagnostic utility that can parse ASN.1 structures or we could also the rsa
command to process RSA keys.
openssl asn1parse -inform pem -in private.pem
# 0:d=0 hl=4 l=2371 cons: SEQUENCE
# 4:d=1 hl=2 l= 1 prim: INTEGER :00
# 7:d=1 hl=2 l= 13 cons: SEQUENCE
# 9:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
# 20:d=2 hl=2 l= 0 prim: NULL
# 22:d=1 hl=4 l=2349 prim: OCTET STRING [HEX DUMP]:308209290201000282020100B1E618E2406ED16DB978C5578E8BB5194683EE6DEC8E004729CA4A8DB793094077BD4D4414C99B1784F166062D772859EFD37BE49F9D79A81F4DB48397AD8D80B5C9DCFACD86EB705246B854A3B9A4C3ED19CC7E5AAD9E5CBF3DB12BB5F5DED15B066E05FA6FAD750C96DF751CB3B736A2A35BC4FDC870033760F404F1BA9662154EA4064ED2EE1C04BB26C8242C9FE60A5C0F04D30132B7BE8532269E712BB8E8FC0E4ACFA249ECB0F2201A3EB1FF44EB2E616FFC3CE4283EB111BEDBDA886AE4ECB7D3D69C65930FC15720A3EAFDD6AB133753E85EF26A59BC396466AB6922A7BE085C551932FFF2143A81CB0DF2FF5C895CF67034B4FD68EB29DC74155A0A33957D28097CD8016ABD1457C7E467C4B25BBF67CF87F44FECC2C57C3710159C8C8F9546461048160E542A345AAC0E118C6D4E5B5EAE212F7E2C188EDB6332D7E593C409F4D8ECF19ABB61027A117DD3A9E0F774B48827E7CFAE7872A3AD2D833EFF86A3EDCAA7E894C95FB42954CC7771FD141EC2BBB400CCCEEDB4D53B1181BD51C2A03491D217714D063718F34320879821FD0BDF29392EBDD0D79CBC9084A767E19074C84313F9CFD6F741E433ADAAB547E61C1AA4E95A7D9C9FC54E288726CC083BD67AD210A4D94E606D9FA40FC05A52ED5A14CAAEDD3B108BFF930D89B862F0605530D51554CCDC44E8F852EC2ED633F35CA8399F24ED1F8DB810D6FF0203010001028202007DB6844F1E0931A5C03340012792425FA21D091854D9E40865D7B5E77F9A40277676276BBCE4DADC3BEDFA92D2FE295DA4C46600A16ABED5B78949CED418A8AE13C89A8801451E8B391910997F3968DDAB6757C2D2816E2F4C556425E767E01541A5C18A27F753342BB9521F8830D77F9C5EA43308C3E3A3E236793A25381D9D224178579CCC21C75AF085EF58E0CFFDD7C44638BA83563BD23E7DBA1CAD0CA096C3C7B5C61480F8E9F1B00DDBD01CFBAED60FB4FB226C78A414ACDD9AAF4B477E8E693921A7538020DA179FD135F63B049987B79BB5BCC8BAB0F03DAAEFE653BF05E3129C703A41F3E7A790A0D532AA91D1E007A63318D31A9953F39D749932FABE096258CA7CE707F4E100B661B93A9A61FF3CF8EF923BE5CAAF53A4D155EBA651DC0FC9A862FE9196E0145712F7EE3480A7B0E600D228D448A1151181BD24F3435026AAED46EBC4FF1954B0C8346211CECFEEF1F77793A81AF26B7862BAEB90F4CB0C6C655D78F9676B0F6CE4368CC39CEE4F9812698A5AAEC2050653F895E29B1C380C4373BB59958C25953F33E286C3924248FC65F0E1B1121863108E472B6B2273C28C5830E4D5A63C6114436C590D6028230FB810862715C4CCA1ED443E2C3B7F23A763ABF147CE7AD72003B5372CBE67EA03F06D0B7AB7CB90AD32CC55049F06A55F23B2BA3805F8F2959DB899F1DDB45FD3431E3AE626D104CD87810282010100FAE7D10F4CE68E2D798247A7112236E44CE1A2BAACFC4FCA1E9816C17DD31EFD841F3447915F85A0E13D0680B225366EAB8F028BF765DEDAB186B2869CC2C77F88CC44B430166933E5B63443B290EE14B05D737C5D25505A951B8A37663B773A122634CE9CB60D038C5DEE4B03B377A397EC067093772E962D4F0C3B248D28374ACCC7499AA789A0D3AD4D4306ABA9D6DC1EAD87C14E3351FEB7D94F358B7D16C72887E58DE7D742C32F42307320E44E39A7C046B6BF32441084E1136149EB2E8CA76103897D5708AC87D86B12E3BF6FB2155FA9160BC4175CA379F0757EF1E8AA836225A24F1E696280A876B84B56DE44AB1A81E186D1363916704E9AC21D070282010100B582CC6BAF4B3667F853E989457E39632F3C53406FD1F0141C6726507ADB9DB535787553EF0FF183F710C325D7FB04BC6A01A68020629D494F72344B9FD52EF207EA8BE2113DE21AC5B85EEA80C3B4B3EDE0E6FEBE35E7744A1A802C0E7244C7244494615EC784212E4579DD0D77094A934D67D2DA7BBECA405F4EB9FC9A4866D1F1D1715A4E0C26C4178828D1FFBB6ADDA1E9866E6FFA1E82D706D3549D038E1AB2296D7E8E8D2CFD74DF800E7BA5562CAD29EE2E6F3DEE930737371E273565739F94A0CD32819A0D2B90636F8BF0E3D4F2721CFE95F277279331376B29CD3724DD0338DC81B3BE221612E627C0382960D8955CCC8028AD907F125A2880F0490282010100EFCE8D0420ADE38A172EABA94438FD59EB19655D2264ED25F363CDAC15C4A94408F982103D239D268CE0B4CC60782CB44E089B988756B84F3189DA2BCABC67CCBF44ED0D834088406FF75BB0B084D0E8B9403856CEF810FAE2B4B5C0095820B6420E7E3E538DB496859C695B0D2884DAB9237F6C2DA5A5C3277EFBE3B325AF2059BFAB61F00CDCFFF811155D508CD60163D57669E01A0BF6FC8B5F89D35584B3369AC87860CF0BF0E578CFBC5AED3F087D169631800CF1D01831C8A5AB40E9254E8DD3AD7BC56E5FFDF6C0A46623831F1088592BD4C45E212E0B994A782262B7CBF152E741607962A420EFE2B876598A8AFB369498A73062B0E17F69C18472150282010007AECFA4473931C658D6846E1108F4B8E408F3A528968448F5A2D0165BFCEBC1FDCF6977F20884BA873CA865F3AC6658EB4BC2966DC87ECBD99705EBA58A4A8068215F666440704F9DCADE09A305A5A2701132F5D96B42AEC36C37BCA5A7E48D61559DCA394ECCA2F2E871EE0F61D87CD59B5327B3A3C5419E53EA6B28EC06E083466F0D133B767C3594A168C8EAC02E17CF80A8F607BB588B453ABEBB38222C63A8E2E4059557186E6A0203D3991C38778FA4D4B6167352A3DA8C55C2EAF9F19F6143D3429C3EAC1C9E996FFC0ABA598A6BF0B4957A17573FCF9527B95B7D9A35EF3CF1AD33B83DF607652964C958173848329A48F5ABC31CF8A3F838FAAC310282010100EE0CD22CD025C99E38F65D8C800CFE76F316BF1EED68C3E06FA61D6B046E36565EDEE32BDE602E4A54660D63B70C674A3E8A2E6C5E354B68F4122E5F7340D81050E160699F6A77069CF99E9AD4C7501D53A0240C7BCA145C630786B49F48F8ABC84A40356FE7F28CF82690802160191517074589532F50382E2B4E4BAAB537C4984EC1DC4AE1F48E8B6316ECB0581D6E32790B7768A084CF53FF92D1A0A4D85EC484B78B48C2BD30DAA0801EB26227FB411217C009E6723F76E9C0D3422408EE11B1498E8D1F1745E9D50EE240FDFF08D98EB2447B9FF485B37767A6A04263227F90912220EAB763E6B215BCC5D3DE21743770C49449EEBD08AA305F86AE5CAB
openssl rsa -in private.pem -noout -text
# Private-Key: (4096 bit, 2 primes)
# modulus:β
# 00:βb1:βe6:β18:βe2:β40:β6e:βd1:β6d:βb9:β78:βc5:β57:β8e:β8b:β
# b5:β19:β46:β83:βee:β6d:βec:β8e:β00:β47:β29:βca:β4a:β8d:βb7:β
# 93:β09:β40:β77:βbd:β4d:β44:β14:βc9:β9b:β17:β84:βf1:β66:β06:β
# 2d:β77:β28:β59:βef:βd3:β7b:βe4:β9f:β9d:β79:βa8:β1f:β4d:βb4:β
# 83:β97:βad:β8d:β80:βb5:βc9:βdc:βfa:βcd:β86:βeb:β70:β52:β46:β
# b8:β54:βa3:βb9:βa4:βc3:βed:β19:βcc:β7e:β5a:βad:β9e:β5c:βbf:β
# 3d:βb1:β2b:βb5:βf5:βde:βd1:β5b:β06:β6e:β05:βfa:β6f:βad:β75:β
# 0c:β96:βdf:β75:β1c:βb3:βb7:β36:βa2:βa3:β5b:βc4:βfd:βc8:β70:β
# 03:β37:β60:βf4:β04:βf1:βba:β96:β62:β15:β4e:βa4:β06:β4e:βd2:β
# ee:β1c:β04:βbb:β26:βc8:β24:β2c:β9f:βe6:β0a:β5c:β0f:β04:βd3:β
# 01:β32:βb7:βbe:β85:β32:β26:β9e:β71:β2b:βb8:βe8:βfc:β0e:β4a:β
# cf:βa2:β49:βec:βb0:βf2:β20:β1a:β3e:βb1:βff:β44:βeb:β2e:β61:β
# 6f:βfc:β3c:βe4:β28:β3e:βb1:β11:βbe:βdb:βda:β88:β6a:βe4:βec:β
# b7:βd3:βd6:β9c:β65:β93:β0f:βc1:β57:β20:βa3:βea:βfd:βd6:βab:β
# 13:β37:β53:βe8:β5e:βf2:β6a:β59:βbc:β39:β64:β66:βab:β69:β22:β
# a7:βbe:β08:β5c:β55:β19:β32:βff:βf2:β14:β3a:β81:βcb:β0d:βf2:β
# ff:β5c:β89:β5c:βf6:β70:β34:βb4:βfd:β68:βeb:β29:βdc:β74:β15:β
# 5a:β0a:β33:β95:β7d:β28:β09:β7c:βd8:β01:β6a:βbd:β14:β57:βc7:β
# e4:β67:βc4:βb2:β5b:βbf:β67:βcf:β87:βf4:β4f:βec:βc2:βc5:β7c:β
# 37:β10:β15:β9c:β8c:β8f:β95:β46:β46:β10:β48:β16:β0e:β54:β2a:β
# 34:β5a:βac:β0e:β11:β8c:β6d:β4e:β5b:β5e:βae:β21:β2f:β7e:β2c:β
# 18:β8e:βdb:β63:β32:βd7:βe5:β93:βc4:β09:βf4:βd8:βec:βf1:β9a:β
# bb:β61:β02:β7a:β11:β7d:βd3:βa9:βe0:βf7:β74:βb4:β88:β27:βe7:β
# cf:βae:β78:β72:βa3:βad:β2d:β83:β3e:βff:β86:βa3:βed:βca:βa7:β
# e8:β94:βc9:β5f:βb4:β29:β54:βcc:β77:β71:βfd:β14:β1e:βc2:βbb:β
# b4:β00:βcc:βce:βed:βb4:βd5:β3b:β11:β81:βbd:β51:βc2:βa0:β34:β
# 91:βd2:β17:β71:β4d:β06:β37:β18:βf3:β43:β20:β87:β98:β21:βfd:β
# 0b:βdf:β29:β39:β2e:βbd:βd0:βd7:β9c:βbc:β90:β84:βa7:β67:βe1:β
# 90:β74:βc8:β43:β13:βf9:βcf:βd6:βf7:β41:βe4:β33:βad:βaa:βb5:β
# 47:βe6:β1c:β1a:βa4:βe9:β5a:β7d:β9c:β9f:βc5:β4e:β28:β87:β26:β
# cc:β08:β3b:βd6:β7a:βd2:β10:βa4:βd9:β4e:β60:β6d:β9f:βa4:β0f:β
# c0:β5a:β52:βed:β5a:β14:βca:βae:βdd:β3b:β10:β8b:βff:β93:β0d:β
# 89:βb8:β62:βf0:β60:β55:β30:βd5:β15:β54:βcc:βdc:β44:βe8:βf8:β
# 52:βec:β2e:βd6:β33:βf3:β5c:βa8:β39:β9f:β24:βed:β1f:β8d:βb8:β
# 10:βd6:βff
# publicExponent:β 65537 (0x10001)
# privateExponent:β
# 7d:βb6:β84:β4f:β1e:β09:β31:βa5:βc0:β33:β40:β01:β27:β92:β42:β
# 5f:βa2:β1d:β09:β18:β54:βd9:βe4:β08:β65:βd7:βb5:βe7:β7f:β9a:β
# 40:β27:β76:β76:β27:β6b:βbc:βe4:βda:βdc:β3b:βed:βfa:β92:βd2:β
# fe:β29:β5d:βa4:βc4:β66:β00:βa1:β6a:βbe:βd5:βb7:β89:β49:βce:β
# d4:β18:βa8:βae:β13:βc8:β9a:β88:β01:β45:β1e:β8b:β39:β19:β10:β
# 99:β7f:β39:β68:βdd:βab:β67:β57:βc2:βd2:β81:β6e:β2f:β4c:β55:β
# 64:β25:βe7:β67:βe0:β15:β41:βa5:βc1:β8a:β27:βf7:β53:β34:β2b:β
# b9:β52:β1f:β88:β30:βd7:β7f:β9c:β5e:βa4:β33:β08:βc3:βe3:βa3:β
# e2:β36:β79:β3a:β25:β38:β1d:β9d:β22:β41:β78:β57:β9c:βcc:β21:β
# c7:β5a:βf0:β85:βef:β58:βe0:βcf:βfd:βd7:βc4:β46:β38:βba:β83:β
# 56:β3b:βd2:β3e:β7d:βba:β1c:βad:β0c:βa0:β96:βc3:βc7:βb5:βc6:β
# 14:β80:βf8:βe9:βf1:βb0:β0d:βdb:βd0:β1c:βfb:βae:βd6:β0f:βb4:β
# fb:β22:β6c:β78:βa4:β14:βac:βdd:β9a:βaf:β4b:β47:β7e:β8e:β69:β
# 39:β21:βa7:β53:β80:β20:βda:β17:β9f:βd1:β35:βf6:β3b:β04:β99:β
# 87:βb7:β9b:βb5:βbc:βc8:βba:βb0:βf0:β3d:βaa:βef:βe6:β53:βbf:β
# 05:βe3:β12:β9c:β70:β3a:β41:βf3:βe7:βa7:β90:βa0:βd5:β32:βaa:β
# 91:βd1:βe0:β07:βa6:β33:β18:βd3:β1a:β99:β53:βf3:β9d:β74:β99:β
# 32:βfa:βbe:β09:β62:β58:βca:β7c:βe7:β07:βf4:βe1:β00:βb6:β61:β
# b9:β3a:β9a:β61:βff:β3c:βf8:βef:β92:β3b:βe5:βca:βaf:β53:βa4:β
# d1:β55:βeb:βa6:β51:βdc:β0f:βc9:βa8:β62:βfe:β91:β96:βe0:β14:β
# 57:β12:βf7:βee:β34:β80:βa7:βb0:βe6:β00:βd2:β28:βd4:β48:βa1:β
# 15:β11:β81:βbd:β24:βf3:β43:β50:β26:βaa:βed:β46:βeb:βc4:βff:β
# 19:β54:βb0:βc8:β34:β62:β11:βce:βcf:βee:βf1:βf7:β77:β93:βa8:β
# 1a:βf2:β6b:β78:β62:βba:βeb:β90:βf4:βcb:β0c:β6c:β65:β5d:β78:β
# f9:β67:β6b:β0f:β6c:βe4:β36:β8c:βc3:β9c:βee:β4f:β98:β12:β69:β
# 8a:β5a:βae:βc2:β05:β06:β53:βf8:β95:βe2:β9b:β1c:β38:β0c:β43:β
# 73:βbb:β59:β95:β8c:β25:β95:β3f:β33:βe2:β86:βc3:β92:β42:β48:β
# fc:β65:βf0:βe1:βb1:β12:β18:β63:β10:β8e:β47:β2b:β6b:β22:β73:β
# c2:β8c:β58:β30:βe4:βd5:βa6:β3c:β61:β14:β43:β6c:β59:β0d:β60:β
# 28:β23:β0f:βb8:β10:β86:β27:β15:βc4:βcc:βa1:βed:β44:β3e:β2c:β
# 3b:β7f:β23:βa7:β63:βab:βf1:β47:βce:β7a:βd7:β20:β03:βb5:β37:β
# 2c:βbe:β67:βea:β03:βf0:β6d:β0b:β7a:βb7:βcb:β90:βad:β32:βcc:β
# 55:β04:β9f:β06:βa5:β5f:β23:βb2:βba:β38:β05:βf8:βf2:β95:β9d:β
# b8:β99:βf1:βdd:βb4:β5f:βd3:β43:β1e:β3a:βe6:β26:βd1:β04:βcd:β
# 87:β81
# prime1:β
# 00:βfa:βe7:βd1:β0f:β4c:βe6:β8e:β2d:β79:β82:β47:βa7:β11:β22:β
# 36:βe4:β4c:βe1:βa2:βba:βac:βfc:β4f:βca:β1e:β98:β16:βc1:β7d:β
# d3:β1e:βfd:β84:β1f:β34:β47:β91:β5f:β85:βa0:βe1:β3d:β06:β80:β
# b2:β25:β36:β6e:βab:β8f:β02:β8b:βf7:β65:βde:βda:βb1:β86:βb2:β
# 86:β9c:βc2:βc7:β7f:β88:βcc:β44:βb4:β30:β16:β69:β33:βe5:βb6:β
# 34:β43:βb2:β90:βee:β14:βb0:β5d:β73:β7c:β5d:β25:β50:β5a:β95:β
# 1b:β8a:β37:β66:β3b:β77:β3a:β12:β26:β34:βce:β9c:βb6:β0d:β03:β
# 8c:β5d:βee:β4b:β03:βb3:β77:βa3:β97:βec:β06:β70:β93:β77:β2e:β
# 96:β2d:β4f:β0c:β3b:β24:β8d:β28:β37:β4a:βcc:βc7:β49:β9a:βa7:β
# 89:βa0:βd3:βad:β4d:β43:β06:βab:βa9:βd6:βdc:β1e:βad:β87:βc1:β
# 4e:β33:β51:βfe:βb7:βd9:β4f:β35:β8b:β7d:β16:βc7:β28:β87:βe5:β
# 8d:βe7:βd7:β42:βc3:β2f:β42:β30:β73:β20:βe4:β4e:β39:βa7:βc0:β
# 46:βb6:βbf:β32:β44:β10:β84:βe1:β13:β61:β49:βeb:β2e:β8c:βa7:β
# 61:β03:β89:β7d:β57:β08:βac:β87:βd8:β6b:β12:βe3:βbf:β6f:βb2:β
# 15:β5f:βa9:β16:β0b:βc4:β17:β5c:βa3:β79:βf0:β75:β7e:βf1:βe8:β
# aa:β83:β62:β25:βa2:β4f:β1e:β69:β62:β80:βa8:β76:βb8:β4b:β56:β
# de:β44:βab:β1a:β81:βe1:β86:βd1:β36:β39:β16:β70:β4e:β9a:βc2:β
# 1d:β07
# prime2:β
# 00:βb5:β82:βcc:β6b:βaf:β4b:β36:β67:βf8:β53:βe9:β89:β45:β7e:β
# 39:β63:β2f:β3c:β53:β40:β6f:βd1:βf0:β14:β1c:β67:β26:β50:β7a:β
# db:β9d:βb5:β35:β78:β75:β53:βef:β0f:βf1:β83:βf7:β10:βc3:β25:β
# d7:βfb:β04:βbc:β6a:β01:βa6:β80:β20:β62:β9d:β49:β4f:β72:β34:β
# 4b:β9f:βd5:β2e:βf2:β07:βea:β8b:βe2:β11:β3d:βe2:β1a:βc5:βb8:β
# 5e:βea:β80:βc3:βb4:βb3:βed:βe0:βe6:βfe:βbe:β35:βe7:β74:β4a:β
# 1a:β80:β2c:β0e:β72:β44:βc7:β24:β44:β94:β61:β5e:βc7:β84:β21:β
# 2e:β45:β79:βdd:β0d:β77:β09:β4a:β93:β4d:β67:βd2:βda:β7b:βbe:β
# ca:β40:β5f:β4e:βb9:βfc:β9a:β48:β66:βd1:βf1:βd1:β71:β5a:β4e:β
# 0c:β26:βc4:β17:β88:β28:βd1:βff:βbb:β6a:βdd:βa1:βe9:β86:β6e:β
# 6f:βfa:β1e:β82:βd7:β06:βd3:β54:β9d:β03:β8e:β1a:βb2:β29:β6d:β
# 7e:β8e:β8d:β2c:βfd:β74:βdf:β80:β0e:β7b:βa5:β56:β2c:βad:β29:β
# ee:β2e:β6f:β3d:βee:β93:β07:β37:β37:β1e:β27:β35:β65:β73:β9f:β
# 94:βa0:βcd:β32:β81:β9a:β0d:β2b:β90:β63:β6f:β8b:βf0:βe3:βd4:β
# f2:β72:β1c:βfe:β95:βf2:β77:β27:β93:β31:β37:β6b:β29:βcd:β37:β
# 24:βdd:β03:β38:βdc:β81:βb3:βbe:β22:β16:β12:βe6:β27:βc0:β38:β
# 29:β60:βd8:β95:β5c:βcc:β80:β28:βad:β90:β7f:β12:β5a:β28:β80:β
# f0:β49
# exponent1:β
# 00:βef:βce:β8d:β04:β20:βad:βe3:β8a:β17:β2e:βab:βa9:β44:β38:β
# fd:β59:βeb:β19:β65:β5d:β22:β64:βed:β25:βf3:β63:βcd:βac:β15:β
# c4:βa9:β44:β08:βf9:β82:β10:β3d:β23:β9d:β26:β8c:βe0:βb4:βcc:β
# 60:β78:β2c:βb4:β4e:β08:β9b:β98:β87:β56:βb8:β4f:β31:β89:βda:β
# 2b:βca:βbc:β67:βcc:βbf:β44:βed:β0d:β83:β40:β88:β40:β6f:βf7:β
# 5b:βb0:βb0:β84:βd0:βe8:βb9:β40:β38:β56:βce:βf8:β10:βfa:βe2:β
# b4:βb5:βc0:β09:β58:β20:βb6:β42:β0e:β7e:β3e:β53:β8d:βb4:β96:β
# 85:β9c:β69:β5b:β0d:β28:β84:βda:βb9:β23:β7f:β6c:β2d:βa5:βa5:β
# c3:β27:β7e:βfb:βe3:βb3:β25:βaf:β20:β59:βbf:βab:β61:βf0:β0c:β
# dc:βff:βf8:β11:β15:β5d:β50:β8c:βd6:β01:β63:βd5:β76:β69:βe0:β
# 1a:β0b:βf6:βfc:β8b:β5f:β89:βd3:β55:β84:βb3:β36:β9a:βc8:β78:β
# 60:βcf:β0b:βf0:βe5:β78:βcf:βbc:β5a:βed:β3f:β08:β7d:β16:β96:β
# 31:β80:β0c:βf1:βd0:β18:β31:βc8:βa5:βab:β40:βe9:β25:β4e:β8d:β
# d3:βad:β7b:βc5:β6e:β5f:βfd:βf6:βc0:βa4:β66:β23:β83:β1f:β10:β
# 88:β59:β2b:βd4:βc4:β5e:β21:β2e:β0b:β99:β4a:β78:β22:β62:βb7:β
# cb:βf1:β52:βe7:β41:β60:β79:β62:βa4:β20:βef:βe2:βb8:β76:β59:β
# 8a:β8a:βfb:β36:β94:β98:βa7:β30:β62:βb0:βe1:β7f:β69:βc1:β84:β
# 72:β15
# exponent2:β
# 07:βae:βcf:βa4:β47:β39:β31:βc6:β58:βd6:β84:β6e:β11:β08:βf4:β
# b8:βe4:β08:βf3:βa5:β28:β96:β84:β48:βf5:βa2:βd0:β16:β5b:βfc:β
# eb:βc1:βfd:βcf:β69:β77:βf2:β08:β84:βba:β87:β3c:βa8:β65:βf3:β
# ac:β66:β58:βeb:β4b:βc2:β96:β6d:βc8:β7e:βcb:βd9:β97:β05:βeb:β
# a5:β8a:β4a:β80:β68:β21:β5f:β66:β64:β40:β70:β4f:β9d:βca:βde:β
# 09:βa3:β05:βa5:βa2:β70:β11:β32:βf5:βd9:β6b:β42:βae:βc3:β6c:β
# 37:βbc:βa5:βa7:βe4:β8d:β61:β55:β9d:βca:β39:β4e:βcc:βa2:βf2:β
# e8:β71:βee:β0f:β61:βd8:β7c:βd5:β9b:β53:β27:βb3:βa3:βc5:β41:β
# 9e:β53:βea:β6b:β28:βec:β06:βe0:β83:β46:β6f:β0d:β13:β3b:β76:β
# 7c:β35:β94:βa1:β68:βc8:βea:βc0:β2e:β17:βcf:β80:βa8:βf6:β07:β
# bb:β58:β8b:β45:β3a:βbe:βbb:β38:β22:β2c:β63:βa8:βe2:βe4:β05:β
# 95:β57:β18:β6e:β6a:β02:β03:βd3:β99:β1c:β38:β77:β8f:βa4:βd4:β
# b6:β16:β73:β52:βa3:βda:β8c:β55:βc2:βea:βf9:βf1:β9f:β61:β43:β
# d3:β42:β9c:β3e:βac:β1c:β9e:β99:β6f:βfc:β0a:βba:β59:β8a:β6b:β
# f0:βb4:β95:β7a:β17:β57:β3f:βcf:β95:β27:βb9:β5b:β7d:β9a:β35:β
# ef:β3c:βf1:βad:β33:βb8:β3d:βf6:β07:β65:β29:β64:βc9:β58:β17:β
# 38:β48:β32:β9a:β48:βf5:βab:βc3:β1c:βf8:βa3:βf8:β38:βfa:βac:β
# 31
# coefficient:β
# 00:βee:β0c:βd2:β2c:βd0:β25:βc9:β9e:β38:βf6:β5d:β8c:β80:β0c:β
# fe:β76:βf3:β16:βbf:β1e:βed:β68:βc3:βe0:β6f:βa6:β1d:β6b:β04:β
# 6e:β36:β56:β5e:βde:βe3:β2b:βde:β60:β2e:β4a:β54:β66:β0d:β63:β
# b7:β0c:β67:β4a:β3e:β8a:β2e:β6c:β5e:β35:β4b:β68:βf4:β12:β2e:β
# 5f:β73:β40:βd8:β10:β50:βe1:β60:β69:β9f:β6a:β77:β06:β9c:βf9:β
# 9e:β9a:βd4:βc7:β50:β1d:β53:βa0:β24:β0c:β7b:βca:β14:β5c:β63:β
# 07:β86:βb4:β9f:β48:βf8:βab:βc8:β4a:β40:β35:β6f:βe7:βf2:β8c:β
# f8:β26:β90:β80:β21:β60:β19:β15:β17:β07:β45:β89:β53:β2f:β50:β
# 38:β2e:β2b:β4e:β4b:βaa:βb5:β37:βc4:β98:β4e:βc1:βdc:β4a:βe1:β
# f4:β8e:β8b:β63:β16:βec:βb0:β58:β1d:β6e:β32:β79:β0b:β77:β68:β
# a0:β84:βcf:β53:βff:β92:βd1:βa0:βa4:βd8:β5e:βc4:β84:βb7:β8b:β
# 48:βc2:βbd:β30:βda:βa0:β80:β1e:βb2:β62:β27:βfb:β41:β12:β17:β
# c0:β09:βe6:β72:β3f:β76:βe9:βc0:βd3:β42:β24:β08:βee:β11:βb1:β
# 49:β8e:β8d:β1f:β17:β45:βe9:βd5:β0e:βe2:β40:βfd:βff:β08:βd9:β
# 8e:βb2:β44:β7b:β9f:βf4:β85:βb3:β77:β67:βa6:βa0:β42:β63:β22:β
# 7f:β90:β91:β22:β20:βea:βb7:β63:βe6:βb2:β15:βbc:βc5:βd3:βde:β
# 21:β74:β37:β70:βc4:β94:β49:βee:βbd:β08:βaa:β30:β5f:β86:βae:β
# 5c:βab
If we’d like, we can even use this private key for performing common cryptographic operations, such as deriving the public key:
openssl rsa -in private.pem -pubout
# writing RSA key
# -----BEGIN PUBLIC KEY-----
# MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAseYY4kBu0W25eMVXjou1
# GUaD7m3sjgBHKcpKjbeTCUB3vU1EFMmbF4TxZgYtdyhZ79N75J+deagfTbSDl62N
# gLXJ3PrNhutwUka4VKO5pMPtGcx+Wq2eXL89sSu19d7RWwZuBfpvrXUMlt91HLO3
# NqKjW8T9yHADN2D0BPG6lmIVTqQGTtLuHAS7JsgkLJ/mClwPBNMBMre+hTImnnEr
# uOj8DkrPoknssPIgGj6x/0TrLmFv/DzkKD6xEb7b2ohq5Oy309acZZMPwVcgo+r9
# 1qsTN1PoXvJqWbw5ZGaraSKnvghcVRky//IUOoHLDfL/XIlc9nA0tP1o6yncdBVa
# CjOVfSgJfNgBar0UV8fkZ8SyW79nz4f0T+zCxXw3EBWcjI+VRkYQSBYOVCo0WqwO
# EYxtTlteriEvfiwYjttjMtflk8QJ9Njs8Zq7YQJ6EX3TqeD3dLSIJ+fPrnhyo60t
# gz7/hqPtyqfolMlftClUzHdx/RQewru0AMzO7bTVOxGBvVHCoDSR0hdxTQY3GPND
# IIeYIf0L3yk5Lr3Q15y8kISnZ+GQdMhDE/nP1vdB5DOtqrVH5hwapOlafZyfxU4o
# hybMCDvWetIQpNlOYG2fpA/AWlLtWhTKrt07EIv/kw2JuGLwYFUw1RVUzNxE6PhS
# 7C7WM/NcqDmfJO0fjbgQ1v8CAwEAAQ==
# -----END PUBLIC KEY-----
In closing
Diving into how Secure Key Release works has been a cool adventure. It’s given me a newfound respect for the folks tackling the complexities of these cryptic solutions. I’m stoked to see the Azure Confidential Compute team putting in the great effort to make Azure confidential computing less of a mystery!
Plus, it’s awesome that they’re sharing their open-source goodies, which has helped me piece everything together better. π
Related posts
- Azure Confidential Computing: Confidential Temp Disk Encryption
- Azure Confidential Computing: Azure RBAC for Secure Key Release
- Azure Confidential Computing: CoCo - Confidential Containers
- Azure Confidential Computing: Secure Key Release
- Key Vault for Azure virtual machines extension
- Azure Confidential Computing: Microsoft Azure Attestation
- Azure Confidential Computing: Verifying Microsoft Azure Attestation JWT tokens
- Windows Containers: Azure Pipeline Agents with Entra Workload ID in Azure Kubernetes Service
- Register Azure Pipeline Agents using Entra Workload ID on Azure Kubernetes Service
- Azure Confidential Computing: Confidential VMs
- Azure Confidential Computing: IaaS
- Azure Confidential Computing