SLCORE-2239 Add on-demand plugin signature verification

Author: Krosovok

backend/core/pom.xml

@@ -94,6 +94,14 @@
       <groupId>com.google.guava</groupId>
       <artifactId>guava</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcpg-jdk18on</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcprov-jdk18on</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.apache.httpcomponents.client5</groupId>
       <artifactId>httpclient5</artifactId>
@@ -157,7 +165,59 @@
     </dependency>
   </dependencies>
 
+  <build>
+    <resources>
+      <resource>
+        <directory>src/main/resources</directory>
+        <filtering>true</filtering>
+        <includes>
+          <include>ondemand-plugins.properties</include>
+        </includes>
+      </resource>
+      <resource>
+        <directory>src/main/resources</directory>
+        <filtering>false</filtering>
+        <excludes>
+          <exclude>ondemand-plugins.properties</exclude>
+        </excludes>
+      </resource>
+    </resources>
 
+    <plugins>
+      <plugin>
+        <groupId>com.googlecode.maven-download-plugin</groupId>
+        <artifactId>download-maven-plugin</artifactId>
+        <executions>
+          <execution>
+            <id>download-cfamily-signature</id>
+            <phase>generate-resources</phase>
+            <goals>
+              <goal>wget</goal>
+            </goals>
+            <configuration>
+              <url>https://binaries.sonarsource.com/CommercialDistribution/sonar-cfamily-plugin/sonar-cfamily-plugin-${cfamily.version}.jar.asc</url>
+              <outputDirectory>${project.build.outputDirectory}</outputDirectory>
+              <outputFileName>sonar-cpp-plugin.jar.asc</outputFileName>
+              <skipCache>false</skipCache>
+            </configuration>
+          </execution>
+          <execution>
+            <id>download-csharp-signature</id>
+            <phase>generate-resources</phase>
+            <goals>
+              <goal>wget</goal>
+            </goals>
+            <configuration>
+              <url>https://binaries.sonarsource.com/Distribution/sonar-csharp-plugin/sonar-csharp-plugin-${csharp.version}.jar.asc</url>
+              <outputDirectory>${project.build.outputDirectory}</outputDirectory>
+              <outputFileName>sonar-cs-plugin.jar.asc</outputFileName>
+              <skipCache>false</skipCache>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
 
   <profiles>
     <!-- Workaround for https://issues.apache.org/jira/projects/MJAR/issues/MJAR-138 -->

backend/core/src/main/java/org/sonarsource/sonarlint/core/plugin/ondemand/OnDemandPluginSignatureVerifier.java

@@ -0,0 +1,138 @@
+/*
+ * SonarLint Core - Implementation
+ * Copyright (C) 2016-2025 SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonarsource.sonarlint.core.plugin.ondemand;
+
+import java.io.BufferedInputStream;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Path;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openpgp.PGPCompressedData;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPObjectFactory;
+import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
+import org.bouncycastle.openpgp.PGPSignatureList;
+import org.bouncycastle.openpgp.PGPUtil;
+import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
+import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
+import org.sonarsource.sonarlint.core.commons.log.SonarLintLogger;
+
+/**
+ * Verifies the PGP signature of downloaded plugins using the SonarSource public key.
+ */
+class OnDemandPluginSignatureVerifier {
+
+  private static final SonarLintLogger LOG = SonarLintLogger.get();
+  private static final String SONAR_PUBLIC_KEY = "sonarsource-public.key";
+  private static final BouncyCastleProvider BOUNCY_CASTLE_PROVIDER = new BouncyCastleProvider();
+
+  boolean verify(Path jarFile, String pluginKey) {
+    var keyRing = loadPublicKeyRing();
+    if (keyRing == null) {
+      return false;
+    }
+    var isValid = verifyPgpSignature(jarFile, pluginKey, keyRing);
+    if (isValid) {
+      LOG.debug("Plugin file signature verified successfully");
+    }
+    return isValid;
+  }
+
+  private PGPPublicKeyRingCollection loadPublicKeyRing() {
+    try (var keyStream = getClass().getClassLoader().getResourceAsStream(SONAR_PUBLIC_KEY)) {
+      if (keyStream == null) {
+        throw new FileNotFoundException("PGP key not found in resources: " + SONAR_PUBLIC_KEY);
+      }
+
+      var decoder = PGPUtil.getDecoderStream(new BufferedInputStream(keyStream));
+      return new PGPPublicKeyRingCollection(decoder, new JcaKeyFingerprintCalculator());
+    } catch (IOException | PGPException e) {
+      LOG.error("Error loading public key ring", e);
+      return null;
+    }
+  }
+
+  private InputStream loadBundledSignature(String pluginKey) {
+    var signatureFileName = String.format("sonar-%s-plugin.jar.asc", pluginKey);
+    return getClass().getClassLoader().getResourceAsStream(signatureFileName);
+  }
+
+  private boolean verifyPgpSignature(Path dataFile, String pluginKey, PGPPublicKeyRingCollection keyRing) {
+    try (var signatureStream = loadBundledSignature(pluginKey)) {
+      if (signatureStream == null) {
+        LOG.error("Could not find bundled signature for plugin: {}", pluginKey);
+        return false;
+      }
+
+      try (var decoderStream = PGPUtil.getDecoderStream(new BufferedInputStream(signatureStream))) {
+        var pgpFact = new PGPObjectFactory(decoderStream, new JcaKeyFingerprintCalculator());
+
+        // Handle both compressed and uncompressed signature formats
+        var signatureList = extractSignatureList(pgpFact);
+        if (signatureList == null || signatureList.isEmpty()) {
+          LOG.error("No signatures found in signature file");
+          return false;
+        }
+
+        var signature = signatureList.get(0);
+        var publicKey = keyRing.getPublicKey(signature.getKeyID());
+        if (publicKey == null) {
+          LOG.error("Public key not found for signature keyID={}", signature.getKeyID());
+          return false;
+        }
+
+        signature.init(new JcaPGPContentVerifierBuilderProvider().setProvider(BOUNCY_CASTLE_PROVIDER), publicKey);
+
+        try (var dataIn = new FileInputStream(dataFile.toFile())) {
+          var buffer = new byte[8192];
+          int bytesRead;
+          while ((bytesRead = dataIn.read(buffer)) != -1) {
+            signature.update(buffer, 0, bytesRead);
+          }
+        }
+
+        return signature.verify();
+      }
+    } catch (IOException | PGPException e) {
+      LOG.error("Error verifying PGP signature", e);
+      return false;
+    }
+  }
+
+  private static PGPSignatureList extractSignatureList(PGPObjectFactory pgpFact) {
+    try {
+      var obj = pgpFact.nextObject();
+      if (obj instanceof PGPCompressedData compressedData) {
+        var innerFactory = new PGPObjectFactory(compressedData.getDataStream(), new JcaKeyFingerprintCalculator());
+        var innerObj = innerFactory.nextObject();
+        if (innerObj instanceof PGPSignatureList signatureList) {
+          return signatureList;
+        }
+      } else if (obj instanceof PGPSignatureList signatureList) {
+        return signatureList;
+      }
+    } catch (IOException | PGPException e) {
+      LOG.error("Error extracting signature list", e);
+    }
+    return null;
+  }
+}

backend/core/src/main/resources/ondemand-plugins.properties

@@ -0,0 +1,2 @@
+cfamily.version=${cfamily.version}
+cs.version=${csharp.version}

backend/core/src/main/resources/sonarsource-public.key

@@ -0,0 +1,112 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: Hockeypuck 2.2
+Comment: Hostname:
+
+xsFNBGCGrYsBEAC/Ws37TXMujQ4z2ioXlh5SlrWaCzdN5RSBAQEKaiuuQeuwdWku
+bsnhI2f7YgxfJh2if6hCsGeWx3Wd2paLT9IqJbnIltOzHQkYXajIJrJVDep31wQD
+FsjQS8DWdRGkrldc2ClWZs1PAGC4Snp9bNYrnlE8Z1uHVnmN2R0aQ3v7PGw2qpQ9
+XxsQl9m30hMDb4IZBOKy92PC+xNpb6dgee3HJ8uJ2t/nTUCuP1FsMPGP3crbK9po
+UOUigIWMKNnYTyHbx+p22EQIn3iKQU4DQTeZm1/rUnfuULp2Zhl+fTs6U/czCrdr
+7DN4MCzthK7DMhDHH7/uVk53+e0oe0FJZSxYE1ppjvLz4Ox7xMHrlOMFIqb9JOgn
+exUDV34KcPByHqY4ff7IL94Tx7YAwEplnJYBEfb0sYfmjai4PCFj74gjjCmhQUm8
+5Cbm23JvDGck9W75wc6qj7wcFpZrFtfpOsz10YsprM5TcmK9rEIV+o+bRqoNs5hS
++heZmdz7LoWJgarJnlkPjDDOXW54bA5kS8ARlkxllzZ+f0BwaN/HBNbVv3gkBHUX
+YOxphjESdv/WByNQMgzoIBiUt02RqAJg9PECLJSjSfFzd2F9g7Lmc0TUdA/kLEZm
+DqgrDjPkfkwnSqCglI38Z/gcVoSDN2iYhEIfuGoZXbjG4IDVuFYyGZjimQARAQAB
+zShTb25hclNvdXJjZSBTLkEuIDxpbmZyYUBzb25hcnNvdXJjZS5jb20+wsGUBBMB
+CgA+FiEEZ58e6SsZYJ3oFv3oHbGY+TUl7BoFAmCGrYsCGwEFCQlmAYAFCwkIBwIG
+FQoJCAsCBBYCAwECHgECF4AACgkQHbGY+TUl7Bpn+w/8DZjbw5SqguIMnIN1lmZC
+DCNSKk7CJNpkO7ZjXYZo9ZzGlULse4wlqoW5cVH3NiOATV4BnQQotSoeBr8RFdh0
+TI+Zbt2wKv3j4+LxIlalfnYrj77SRh43qqmAKxVS5HAdEXfHNfBtNV88CJTTByX/
+PAw7vIbI+6YwwIP/ps33GrESjDZNefdLuTvq3FwrTNicoWnXrIFbs01lNfy6NTfk
+5ZrVHjmTQxHrh0VY4vNZNQYnTzET3fMmhudlIxXPuuNSPl2X1UaTVFNHSwK/IsOr
+m8oWZfG++HgbVmR9YG1Ci7tYTBc+gbp8xel5FjzKcBLQfZwqsnz/Gn3PlPCwKXNI
+uq0Gp925P86scOlCz73Wfy8vde3rc6j+hzlgKuwgunJvl+cyWAyTdvTkcpCN6QJk
+R6ZuXrNkqCzbxT0NNoWEHSDJmJ8ECqJRfza6ag7lReWaT/dGZ/R9a19pbGmGXuqq
+qcwE9hRognxejhAn7mfVpLEsGJwrQEeVQCKQVFIZkFpUr3oYOIPppGxguM97ZNvY
+uZnHq9UwufRMR83h0XWWdTqurYoAcHkjeXH0DKXkM9kQg86FSf/KSWj9cI8/q3en
+VM+HboxrzY8Cc91IwXLOgV1ipowwy8fcnyU8GD+P3bvh1J/nVgzm+NTJ4RIfbDDq
+4Q6vWIDIAfqnRK3aTr2atSTOwU0EaSxelAEQAMjFbyhLN7gPxyvuKGcBP5L7b4UK
+kDSPPqBXHmv1KiEspKSF2cy84F6xdcbfuk3/V0wieu7/1S4Ro7CawBAS8U0VcXEw
+X0MdbBaB0nlVV1QwAsF2e9bDbVpFZb9kOiBWRwXLANJu0NnH0CW3IB4ba23JS+72
+0P6d3Jf3ylvF/I/7HvNGyjxRQ4B7wGX+IzK9rVf/UjQ9ce8oDVIv6gki1z28fCGm
+nv05fIvWTcU1+yUWP4cnDtfOGjHh/ISps6cfPM2xruhCVGQ5UQD5Jabswx5ZXCsa
+HLRRBinhlElfPFBlc5e123RWRjgfrOGQtnkom7agCHmUlbWL2QEFrw3Jab/xspXW
+8oGhMyfKHFlpC/Tni5b17AL22r2v5XFe//uSJGh70zRLIk+xjg3YmW6/jfxbESTF
+dHdi8f5l08ALveuJ4I8sIMct42+HMkqiZVuIeg1IlyVzQv8FAZAuiGSMUlomNsLj
+HO9yk9Y6We7dVG9Fben0oAh7R4b+ZqyWy0rbh8SJeu3v+CT/hLmO/Ag0xo3zBv+X
+wgB5RYRhr7fVCEUMOkUO7yYxvlt/r+HRzMgV9lTIlVF9UZCQIpluvVWWiE9DXpbR
+lYVRy+FTaQmDKJBO3+QBR5jEzI5EKUuRFeBdzT0SBudBdE3r3AZl5uOwzTcSqLAp
+mryAdW+/vZAlS2tJABEBAAHCw7IEGAEKACYWIQRnnx7pKxlgnegW/egdsZj5NSXs
+GgUCaSxelAIbAgUJAeEzgAJACRAdsZj5NSXsGsF0IAQZAQoAHRYhBNFDbA26zqSH
+Aq+Xw2Px3XdTuLMVBQJpLF6UAAoJEGPx3XdTuLMVX2gP/jxQKk8JHjosAhpd1eyv
+/99x255Fx46KNpSTus2VKg0ffB+kDKqN5plbPExa6MEC/oxnGBio14ennnYLOIap
+ecx3WBJYh59wsjlDUwgOLsA+tfzyo6nBW/UIgYVZEATNkhbCuw3lQFZHW5e+be+K
+xuGBZqDH5IKJGL3XodyVNesND1phusLhMco34zVVc5LvRyJ5CzZgjXTIOzx1qbX0
+uJalpYsd4LnChQNuzpRv31zO1d8FG5kE39osU6VNJh7fnDCnbXuj3FvZnPos26rT
+HNafdg+e+/8dOOvwt4UJ2tFAlLhiF/wQxFixhz1b4zXEOYRKuRn1XKm6XDaAT1Kp
+/zlmTQ2F0ObftNjaO9l6mTlunGey5CHUAZ2tAsdDwYIqewIrjjF0o+geMjlKmflI
+h5gkkcxNDXEagjkJXMzL8pzs8+g1B1cg1NHL9hsjp5VqhLD10J48n6C3nhwP1noB
+eM3GtKtcK6gK6IYxn3Fou7ABCbRhQXQVAci7iPJ4nW2ySQeQmeLl4lGxWPWZct9I
+LtH8ly+m2+7h7srMwDjRPeA3Owc7JgdLXdWdG7F4zppW4JqWvXIJ3wAJ+KFof6p6
+WrEPWfHVM1qieTdchenPufH3CA474vYH/+l4ie+URXT9v2gukJ4LMVfrTxqJhUPw
+S4k6EOF/2sAi3EcXKDF4o+iEkqUQALGe/o8fng1biW6wD4z2fDu8zp3iU4ldNpst
+QMTX4QsTzsZee6lQoQQ6G+m3IOgQo7EKFEV6rxpMamyQbg2YW8WfypowlfGXAAJ8
+x5mm+tdN4D6uvJidX2MyKAiAspP12Jc2T+Bap+e5TLi955Lk/RzcXgn7MUAZOD74
+HND3/SFOg6mrZT1FPj4Qe5bArjONogYJoHo4/sNJMxKJ2g7WrBAILpgQBAHUts1f
+B+AZoShaFZ9UqAhnspzvI03XU9PUhPN50djdv1NachiRo6KNKCadvdWBo1ZAZsos
+cWLLFnx4miVcgRrmrErkQ/8tidtT3zRcEQE0DvWUat7nXJ7VVwbafhbTwA9v8O+U
+3b9pDjlPBcy3hN3NRd8043XVQOzhTxPFwAof6g6ChqT6ANrZ8JN8DyKwUKCje8SX
+r96otE0K2jEtvJiqXeFTNxMlJ9aO2kdwpnN+58fYAp6FGwXtIU7pNAOCEfaCTmo1
+LMuvW4WmjH6uvRlw8erhrUzqbikEzMwsxec02iZjfC8fhBBJxOZMDvPArjDKsYjl
+uBxYw6MBaBH4mkLQJWHubPQ6lUSEzEEtz76vfCQijh6JTI4kKH3MQfug11d3+NfP
+wfUCvYAaXxJlaY2kt9zY8GzUOy8AUuQN48cIlm70lGYYBE6lT+xgKqQMJ4Nn+m4t
+decWOnlnzsFNBGCGrk4BEACTD/+Nk/tDzN3viBmw0GvgWWyeyfVKuhXTYgp1NA2Z
+ugcsz9ZFjzQegH+jwekWc4JFSQTFHpxqog94eQ7UKzk3LaYeCMiPpuxyxsY8MSZo
+oAOcysRabkvVHNLFhCKiiTu7E8NkOlCT9v2+f/1aatFnM+D///1/RTR0MJ7lz3Eu
+QWtC6gC0MQBydHoN9Ofov07j8RSVXBBf7TfZjl+uYfpYEkP5++bnWLw1WMv8Acea
+XyCjoJ/3L5GfrIHoNmpRujj8FLAZV0YOdpQCEwMn6gfJrcWXcPLcg3vmmYLhOWqj
+9kZoqE7Npejtzp9S4Yi9wM0ZTG+TTk2zec7dw7RstxTLEEJ8dx9IyXAkoNf8etlC
+9f9KuTnLK23lsi3cvjs58WzYxtl6MQS9x8U9QBlb86K8GMDYiwRrPyDusVvzwe0l
+Zgrt7SboQP5+hD+wY92tJde9JQbYSVcIQwgRGPZGYIZ+DEo5g4SWBVp/y+pFTVd2
+dFmbu8D2RLunI+hy7zjBEXbdRCxhyI16/lGG5wecg6Y4N26w3trUHymeTdAPQ+5s
+wE9F2MTz1D/FQrrb/pGa/6FcgusLvAvTJNCK/NAQNWx9ZJ1/teGCO8n2vhPi2995
+0id4V93HdLcCy2PBAL4ltAp4gCBjXXRXZuou2jC+syfB/o8kln0/1sblBVlheopM
+bQARAQABwsF2BCgBCgAgFiEEZ58e6SsZYJ3oFv3oHbGY+TUl7BoFAmksXlcCHQIA
+CgkQHbGY+TUl7Br/gQ//dL3MGWJo5mjTCsZ+GG/faFGtzO2k6CbwDQooH4fq4ZUf
+I3yEFWDqm7lrKRvt40MnYmP6wDyObjcRXbbHoyXTZriDfz88u4tayVxLXa/t2hVB
+2WxUQ8pjobZrq2HXnRGyFZcQjaKhS1u6qKovp45nTuPgVHCr8d7tZYYnY5EGkNz9
+zUokkCc9yJNuS6VftyEZ7Lbv7kVluAz48Q5lJ2RBBOPa+a6SEI/Vlz431ZUCxnz8
+W/m6u4NgpvSFHjDvpr7N+NGNZM7tdjZy3HTG/k7vnxUqAYR2NNd/xXOFT6LUTuAK
+DlO4n08lPW+/DOlqynVJXamHjXvMKlMlVNRANb9C2xt9yEsIrl0+6jMM/IFdaONX
+B5uqDUciCgEYR032MAg7L88kgOC3pjUjNkOZQB6YColoRhmhKiA1f46AxLObUWVe
+XwDueyIbhPdFie91F02gGwvsXF+Gp4RmcbG1G98oCVMR5Qb/eklL1Xr4wr9geRaO
+R9mMX/L1HEWykMX/bmapa+fuXGlOxG+RnJuyFvUVnZmbqCyOmVCRSS55ykUyu5wf
+SoxqJrcmGclvlPvXBr6vmwtfLYUFbqudMULZAWqGI5TWxZlRQqEJmmAD3t5cHhWU
+IMP50VMrn8SuYMhviOkcKzdkB4qYjeebMbCLvWu9rhupeW4ysa3psWxSbE1Sa7fC
+w7IEGAEKACYWIQRnnx7pKxlgnegW/egdsZj5NSXsGgUCYIauTgIbAgUJCWYBgAJA
+CRAdsZj5NSXsGsF0IAQZAQoAHRYhBCsQQmd/2BkMe5/A3CFh1y59zUJYBQJghq5O
+AAoJECFh1y59zUJYd/YP/idnBZt7ClccnTBIf4xXqEfLY9kWU3Xk5B8iPd/piBhP
+JM5/kLqEi1FzxrD6TRP/clApBnqGX3wciUSN9PgGvX/vP2gPl4BfJVn7h9i7SsJ+
+RzwZ+10eiVv/sp0Nl35Ie+2ToXSAKOR8reC7VSseYIKCIZ3d0OnrjpuaB+PRf8Zg
+BtrZjFOM5Us+xHx0gDSWuk94hraJsF98IIWkj3LeS7WG6CFVoTN8jMbGv8V/+GyY
+J4UenPw0yFIJvGa4BWaxPQBHf+zFs01tg5LIiZ1AFHhn95mnaYLi8L2xguqo4faT
+oPqisiXysjlHTAASzRfhShc0MqbQV3hM8ZsM2xezcIng2p9lsuIj7PBagh0tdc7R
+usNwSDKx9VhxsaaRpz6ecxTUtvqQZxVkrZCcdpHvwOcIjbyGwm55qSL5txnpUI7I
+pv9a5DYxWWI5fvAA/Vb7y4Rta76HYLw9BC+ktMAJ9+Hye5s0rTWfxtUZQqKewl7J
+Q+W/f14tWxB/8fqRTwzLiVQF25QFx+2SMAflZ0QDIJ09awrjQLD82xY7N1A3RI/H
+Oba/Jwr7GxZfejxUVL3W+/bBKnSkXadZPPbmM2ZhEcObpjhbfHerRc/CdiekJ9O4
+bWSD6X/w9P4TJYFGTjk3UM6kA5JIJhBVvOOQb6bNO2xA/xwW+pN/olV5t0qCJNxG
+jP8QAJ0nQTG8RSEsx3yUduU2kEHVqTzvLfceH3dMTIxpcFvyiydXRwk2RkcubXqW
+pXpaRWbINBERPsKykIdgYYf98r8T4imyF8CBcIP5Qrth4nVYTEjw3NwIfrIyJn0m
+t9K/A/MQHfaXK7Fh1h4rpFwA5ehHLKtmpMe5s/m2Z0/3VI0Xo0Ls6xRX3jn5mWf6
+O/hnve1dDwxMapCChQxrvvp7JBA7NYJcW6duC90sMZpU83SVT//ysOe6UOl1JSWM
+AcosfYhKBHRQBqOwhNCcUB6vMTmlDYf5KPgIYamaYoGwiTWv9ZaW2Zo0QWPpBvp5
+Qi4dk/69y1XFnDwj73B9OLW4Nu1irVlivsNUVvhgP6zp8/4e1GgQQ4t87iQ5BBQT
+5IYMfZFHEPvb+5gS67i5FeUxNJZ7Dk33tUiPWCEH+kwS4AoM5A5AqZTw9ZslDwQC
+adz7WfP3h3ZeHKrwUuTrYgV/jKlgI0N9+iDRIkMiqwvyFegBJuHKuWzD5p3aO7Rx
+N7xJOf101r7BtYfg8SZWrmWOP3OlhV7NjC3F0Y2Rnk1Yvo3769So4hdutmRo/BXv
+hquGBJz8qYrboUe6QwdrYF/ycAmX5SSfNKZws3vsF4A49i94TOMkX8COXxx2tLsF
++iqdj/MS4Y81F1vz0NQPPIOvu1bQOEU27GDEm44+94lprE3g
+=1ETd
+-----END PGP PUBLIC KEY BLOCK-----