Pretty Good PrivacyPretty Good Privacy““To PGP or not to PGPTo PGP or not to PGP?? “ “
PPhil Zimmermannhil Zimmermann
What are we going to What are we going to do ?do ?
Background & ConceptBackground & Concept– Why Is PGP Popular?Why Is PGP Popular?– PGP’s algorithmsPGP’s algorithms
Operational DescriptionOperational Description– Inside look on operationsInside look on operations
Key ManagementKey Management– The problem & SolutionThe problem & Solution
Web Of TrustWeb Of Trust
Pretty Good PrivacyPretty Good Privacy
First released in First released in 19911991, developed by , developed by Phil ZimmermanPhil Zimmerman, , provoked export control and patent infringement provoked export control and patent infringement controversy.controversy.
PGP PGP provides a provides a confidentiality confidentiality andand authentication authentication service service
- can be used for - can be used for electronic mailelectronic mail and and file storagefile storage applications.applications.
Available as Available as plug-in for popular e-mail clientsplug-in for popular e-mail clients, can also , can also be used as stand-alone software.be used as stand-alone software.
- microsoft exchange- microsoft exchange - outlook- outlook
Why Is PGP PopularWhy Is PGP Popular??
Based on Based on well knowwell knownn algorithms algorithms - - “The main idea”“The main idea”– These algorithm have survived extensive public review and are These algorithm have survived extensive public review and are
considered extremely secure.considered extremely secure.– Integrated these algorithms into a general-purpose applicationIntegrated these algorithms into a general-purpose application
It is availiable free on a It is availiable free on a variety of platformsvariety of platforms (Windows, UNIX, Macintosh, etc.)(Windows, UNIX, Macintosh, etc.)– Open and free code.Open and free code.
Wide range of applicabilityWide range of applicability from corporations that from corporations that wish to select and enforce a standerized secure to wish to select and enforce a standerized secure to individualsindividuals
IndependentIndependent – meaning Not developed or controlled – meaning Not developed or controlled by governmental or standards organizationsby governmental or standards organizations
- - Based on mutual trust between clientsBased on mutual trust between clients
Operational Operational DescriptionDescription
Actual operations of PGP consist of Actual operations of PGP consist of five services:five services:
• AuthenticationAuthentication – DSS/SHADSS/SHA or or RSA/SHARSA/SHA
• ConfidentialityConfidentiality – CASTCAST or or IDEAIDEA or or RSARSA oror 3DES3DES
• CompressionCompression – A message may be compressed, for storage or transmission A message may be compressed, for storage or transmission
using using ZIPZIP
• E-mail compatibilityE-mail compatibility– To provide transparency for e-mail applications, an encrypted To provide transparency for e-mail applications, an encrypted
message message may be converted to an ASCII using may be converted to an ASCII using Radix-64Radix-64
• SegmentationSegmentation– To accommodate maximum message size limitations.To accommodate maximum message size limitations.
Authentication/Digital Authentication/Digital SignatureSignature Sender Sender creates a messagecreates a message Sender Sender generates a hash code of the messagegenerates a hash code of the message - uses - uses SHA-1SHA-1 algorithm in order to generates 160-bit hash algorithm in order to generates 160-bit hash
codecode Hash code encryptedHash code encrypted with with RSARSA (sender’s private key) (sender’s private key) - the result is prepended to the message- the result is prepended to the message Receiver Receiver recover the hash coderecover the hash code - uses RSA with the sender’s public key - uses RSA with the sender’s public key Receiver Receiver generates new hash codegenerates new hash code of the message and of the message and
comparescompares the two codes. the two codes.If the two match, the message is accepted as authentic.If the two match, the message is accepted as authentic.
Note:Note: - PGP - PGP only encryptes the hash-codeonly encryptes the hash-code of the message: of the message: more efficient in more efficient in running timerunning time and in and in transfer timetransfer time
AuthenticationAuthentication/Digital /Digital signaturesignature
MessageM
H EP | |
Private keyKRa
ZIP UNZIPDP
Compare
H
MessageM
Source A Destination B
Public keyKRb
PGP Signed MessagePGP Signed Message
-----BEGIN PGP SIGNED MESSAGE----------BEGIN PGP SIGNED MESSAGE-----Hash: SHA1Hash: SHA1This is simply the text of the message. This is simply the text of the message. It has not been encrypted, simply signedIt has not been encrypted, simply signed
-----BEGIN PGP SIGNATURE----------BEGIN PGP SIGNATURE-----Version: Version: PGPfreeware 6.5.3 for non-commercial PGPfreeware 6.5.3 for non-commercial
use <http://www.pgp.com> use <http://www.pgp.com>
iEYEARECAAYFAj5Ha6AACgkQ99/iEYEARECAAYFAj5Ha6AACgkQ99/KQPj2cRNHsQCffKf64LwWQMfRIiKUfs6QrokB7tKQPj2cRNHsQCffKf64LwWQMfRIiKUfs6QrokB7twAnR5gDobzGapPgyLKQ0gLklj1WIIp=gXadwAnR5gDobzGapPgyLKQ0gLklj1WIIp=gXad
-----END PGP SIGNATURE----------END PGP SIGNATURE-----
Confidentiality/Confidentiality/EncryptionEncryption
Sender generates Sender generates messagemessage and also a and also a session keysession key - The session key is a random 128-bit number to be used as a session - The session key is a random 128-bit number to be used as a session key key for this message onlyfor this message only
Sender Sender encryptes the messageencryptes the message - - Uses CAST-128 (IDEA or 3DES) algorithm Uses CAST-128 (IDEA or 3DES) algorithm with the session keywith the session key Sender Sender encryptes the Session keyencryptes the Session key with RSA and prepended to the with RSA and prepended to the
messagemessage Receiver Receiver decrypt the session keydecrypt the session key
- uses RSA with its private key- uses RSA with its private key Receiver Receiver decrypt the messagedecrypt the message with the Session key with the Session key Note:Note: - PGP - PGP does not simply using RSAdoes not simply using RSA to encrypt the message directly. to encrypt the message directly. - Using CAST128 - Using CAST128 force us to share a keyforce us to share a key - using public-key algorithm solves the session key - using public-key algorithm solves the session key distrinution problem.distrinution problem. - Given - Given “Store-and-forward”“Store-and-forward” nature of e-mail, the use of handshaking to assure that both nature of e-mail, the use of handshaking to assure that both sides have the same session key is not practical.sides have the same session key is not practical. - The use of on-time conventional keys - The use of on-time conventional keys strengthens what is already a strongstrengthens what is already a strong conventional conventional encryption approach. only a small amount of plaintext is encrypted with each key and encryption approach. only a small amount of plaintext is encrypted with each key and there is no relationship among keys.there is no relationship among keys.
ConfidentialityConfidentiality//EncryptionEncryption
Public keyKUb
MessageM
Session keyKs
EC
EP
| |ZIPMessage
MDC
Session keyKs
DP
Private keyKRb
MessageM
UNZIP
Source A Destination B
Confidentiality Confidentiality & & AuthenticationAuthentication
MH EP | |
Private keyKRa
ZIP
Public keyKUb
EC
EP
| |DC
Session keyKs
DP
Private keyKRb
MUNZIP
Session keyKs DP
Compare
HM
Public keyKRb
Source A Destination B
•PGP PGP first signs the message and then encrypts it:first signs the message and then encrypts it: - more convenient to store a signature with a plaintext version of a - more convenient to store a signature with a plaintext version of a
messagemessage - for purposes of third party verification- for purposes of third party verification
CompressionCompression
Saving spaceSaving space both for e-mail transmission and for file storage both for e-mail transmission and for file storage PGP uses ZIP to compress the messagePGP uses ZIP to compress the message
PGP compress the message PGP compress the message afterafter applying the signature but applying the signature but beforebefore message encryption: message encryption:
SignatureSignature ZipZip EncryptionEncryption• One One can store only the uncompressedcan store only the uncompressed message with the signature for message with the signature for
future verification. In case the order was opposite:future verification. In case the order was opposite: - it would be necessary either to store a compressed version of the message or to- it would be necessary either to store a compressed version of the message or to recompress the message each time when verification is requiredrecompress the message each time when verification is required• Compression algorithms are differentCompression algorithms are different – the algorithm is not deterministic. – the algorithm is not deterministic. - sign after compress will would constrain all PGP implementations to the same- sign after compress will would constrain all PGP implementations to the same compression algorithmcompression algorithm• Encryption is applied after compression to Encryption is applied after compression to strengthen cryptographic strengthen cryptographic
securitysecurity - compressed message has less redundancy than original plaintext- compressed message has less redundancy than original plaintext
Example of ZIP (LZ77) Example of ZIP (LZ77) SchemeScheme
The brown fox jumped over the brown foxy jumping frog
The brown fox jumped over 0b26d13d y 0b27d5ding frog
13 5
26
27
•The main assumptionThe main assumption is that words and phrases within a text is that words and phrases within a text stream (image patterns I the case of GIF) are stream (image patterns I the case of GIF) are likely to be repeatedlikely to be repeated• When a repetition occurs, When a repetition occurs, the repeated sequence can be replaced by a short onethe repeated sequence can be replaced by a short one• Over time, Over time, codes are reusedcodes are reused to capture new sequencesto capture new sequences
E-mail CompatibilityE-mail Compatibility
When PGP is used, At least part of the block to When PGP is used, At least part of the block to be transmitted is encryptedbe transmitted is encrypted– The resulting block will consist of a The resulting block will consist of a stream of arbitraty 8-bit octetsstream of arbitraty 8-bit octets– Many electronic mail systems only permit the use of blocks consisting Many electronic mail systems only permit the use of blocks consisting
of of ASCII textASCII text
To provide transparency for e-mail applications, To provide transparency for e-mail applications, an encrypted message may be converted to an an encrypted message may be converted to an ASCII string using ASCII string using radix 64radix 64 conversion conversion
The use of Radix-64 expands a message The use of Radix-64 expands a message by 33%by 33% - In fact, the compression should be more than enough to compensate- In fact, the compression should be more than enough to compensate for the radix-64 expansionfor the radix-64 expansion
Encoding Binary Encoding Binary Data into Radix-64 Data into Radix-64 FormatFormat
The scheme used is radix-64 conversion, which expands The scheme used is radix-64 conversion, which expands the message by 33%.the message by 33%.
Radix-64 blindly convertsRadix-64 blindly converts the input stream to radix-64 the input stream to radix-64 format regardless of content, even if the input happens to format regardless of content, even if the input happens to be ASCII text.be ASCII text.
- - certain level of confidentialitycertain level of confidentiality - if the message is signed - if the message is signed but not encrypted, the output will be unreadable to the but not encrypted, the output will be unreadable to the casual observer casual observer
Segmentation and Segmentation and ReassemblyReassembly
E-mail facilities are often restricted to a E-mail facilities are often restricted to a maximum message lengthmaximum message length
- for example 50,000 octets.- for example 50,000 octets.
Longer messages must be broken up into segments, Longer messages must be broken up into segments, which will be mailed separately.which will be mailed separately.
PGP automatically subdivides a messagePGP automatically subdivides a message that is that is too large into segments that are small enough too large into segments that are small enough to send via e-mail.to send via e-mail.
The segmentation is done The segmentation is done after all of the other after all of the other processing,processing, including the Raidx-64 conversion. including the Raidx-64 conversion.
- thus, the session key component and signature component appear - thus, the session key component and signature component appear only onceonly once
The receiver strips off all e-mail headersThe receiver strips off all e-mail headers and and reassemble the block.reassemble the block.
Key RequirementsKey Requirements
PGP PGP makes use of four types of keys:makes use of four types of keys: - one-time session conventional keys, public keys, private keys ,- one-time session conventional keys, public keys, private keys , passphrase-based conventional keyspassphrase-based conventional keys Three seperate requirements:Three seperate requirements:
A means of A means of generating unpredictable session keysgenerating unpredictable session keys is is neededneeded
Any user may have Any user may have multiple public-key/private-keymultiple public-key/private-key pairs pairs - may wish to - may wish to change his keychange his key pair from time to time pair from time to time - in order to - in order to interact with different groupsinteract with different groups - simply to - simply to enhance securityenhance security by limiting tha anount material encrypted with any by limiting tha anount material encrypted with any
one keyone key some means is needed for identifying particular keyssome means is needed for identifying particular keys
Each PGP entity Each PGP entity must maintain data basemust maintain data base of: of: - a file of- a file of its own key pairs its own key pairs - a file of - a file of public keys of correspondentspublic keys of correspondents
Session Key Session Key GenerationGeneration
The Problem :The Problem : generating unpredictable session keysgenerating unpredictable session keys Session keys are generatedSession keys are generated using CAST-128 itself:using CAST-128 itself:
– This is a PGP specific random number generation This is a PGP specific random number generation techniquetechnique
– getting as input:getting as input: two 64-bit blockstwo 64-bit blocks that are treated that are treated as plaintextas plaintext to be encrypted. to be encrypted.
- based on keystroke stream generated by the user - based on keystroke stream generated by the user 128-bit key128-bit key
- random input that also combined with previous session key- random input that also combined with previous session key output from CAST-128.output from CAST-128.
The result, scrambling of CAST-128, is to produceThe result, scrambling of CAST-128, is to produce a sequence of session keys that is effectively unpredictablea sequence of session keys that is effectively unpredictable
Key IdentifiersKey Identifiers
The Problem:The Problem: user may have multiple public- user may have multiple public-key/private-key pairs key/private-key pairs
One simple solutionOne simple solution would be to transmit the public would be to transmit the public key with the message.key with the message.- Would work but an RSA key may be three hundreds ofWould work but an RSA key may be three hundreds of
decimal digits in length (1024 bits)decimal digits in length (1024 bits) PGP solutionPGP solution associate a associate a short identifiershort identifier with each with each
public key that is unique.public key that is unique. then only the much shorter key ID would need then only the much shorter key ID would need
to beto be transmitted.transmitted. The key ID associated with each public key consists The key ID associated with each public key consists
of its least significant 64 bitsof its least significant 64 bits That is the ID of KU is That is the ID of KU is (KU mod 2(KU mod 26464))
Format of PGP Format of PGP MessageMessage
Session Key Session Key ComponentComponent
SignatureSignature
MessageMessage
EEKUbKUb
EEKRaKRa
ZIPZIPEEksks R64R64
Timestamp
Key Id of Senders Public Key
Leading Two Octets of Message Digest
Message Digest
Filename
Time Stamp
Data
Session Key
Key Id of Recipients Public Key
PGP Key RingsPGP Key Rings
The problem:The problem: must maintain a database in order to must maintain a database in order to supports multiple public/private keys.supports multiple public/private keys.
The Solution :The Solution : Keys stored locally in a Keys stored locally in a PGP Key PGP Key
RingRing – essentially a database of keys. – essentially a database of keys. Two rings:Two rings:
- Private-key ring:- Private-key ring: stores the public/private key pairs stores the public/private key pairs ownedowned
by that nodeby that node - Public-key ring:- Public-key ring: stores the public keys of other users stores the public keys of other users
knownknown at this nodeat this node
Private keys stored in encrypted form; decryption key Private keys stored in encrypted form; decryption key determined by user-entered passphrase.determined by user-entered passphrase.
Key RingsKey Rings
TimestamTimestampp
Key IDKey ID** Public Public KeyKey
Encrypted Encrypted Private Private
KeyKey
User IDUser ID**
• • •
• • •
• • •
• • •
• • •
TTii KUKUii mod mod 226464
KUKUii EEH(PH(Pii))[KR[KRii]] User User ii
• • •
• • •
• • •
• • •
• • •
Private-Key Private-Key RingRing
Key RingsKey Rings
TimestamTimestampp
Key Key IDID**
PubliPublic Keyc Key
OwneOwner r
TrustTrust
User User IDID**
Key Key LegitimacLegitimac
yy
Signature(Signature(s)s)
Signature Signature Trust(s)Trust(s)
• • •
• • •
• • •
• • •
• • •
• • •
• • •
• • •
TiTi KUKUii momod d 226464
KUKUii User User ii
• • •
• • •
• • •
• • •
• • •
• • •
• • •
• • •
Public-Key Public-Key RingRing
Message GenerationMessage Generation
Public keyKRb
IDbSelect
Public-Key ring
MessageM
H EP | |
Messagedigest
Message
RNG
Session keyKs
EC
Signature + message
EP
Encrypted Signature+ message
| |
IDa Select
Private-Key ring
DC
HPassphase
EncryptedPrivate key
Output
Key ID
Private keyKRa
ReceptionReception
Receiver'sReceiver's
key IDkey ID
EncryptedEncrypted
Session keySession key
EncryptedEncrypted
MessageMessage+ +
SignatureSignature
Public keyKRb
Select
Public-Key ring
DP
Select
Private-Key ring
DC
HPassphase
EncryptedPrivate key
Session keyKs
DP
Private keyKRb
DC
Sender’Sender’ss
Key IDKey ID
EncryptEncrypteded
DigestDigest
MessagMessagee
Compare
H
Public Key Public Key Management ProblemManagement Problem The Problem:The Problem: A’s key ring contains a A’s key ring contains a
public key attributed to B but that the public key attributed to B but that the key is, in fact, owned by Ckey is, in fact, owned by C
Two threats now exist:Two threats now exist:• C can send messages to A and fake B’s C can send messages to A and fake B’s
signaturesignature, so that A will accept the , so that A will accept the message as coming from B !message as coming from B !
• Any encrypted Any encrypted message from A to B can be message from A to B can be read by C !read by C !
Public Key Public Key Management Problem Management Problem (cont.) (cont.) Possible solutions:Possible solutions:
• Physically get the key from BPhysically get the key from B• Verify a key by telephoneVerify a key by telephone• Obtain B’s public key from a mutual trusted individualObtain B’s public key from a mutual trusted individual• Obtains B’s public key from a trusted certifying authorityObtains B’s public key from a trusted certifying authority
That would violate PGP’s spirit as an That would violate PGP’s spirit as an E-mail security scheme for the masses:E-mail security scheme for the masses:• It should be possible for people to It should be possible for people to exchange keysexchange keys
electronically electronically with others whom they have never metwith others whom they have never met and and may not even knowmay not even know
• Every one who uses this scheme Every one who uses this scheme trusts the central trusts the central authorityauthority
PGP Key ManagementPGP Key Management
PGP Solution:PGP Solution: adopts a different trust model – the adopts a different trust model – the “web of trust”“web of trust”
No centralised authority like a root of trust !No centralised authority like a root of trust ! The concept of the web of trust:The concept of the web of trust:
• The concept:The concept: Individuals Individuals sign one another’s public keyssign one another’s public keys and and create an interconnected community of public-key users.create an interconnected community of public-key users.
• These “certificates” are These “certificates” are stored along with keys in key ringsstored along with keys in key rings - A signature testifies that the User ID associated with this public key is- A signature testifies that the User ID associated with this public key is validvalid - A signature is formed using the private key of the signer- A signature is formed using the private key of the signer
• PGP computes a PGP computes a trust leveltrust level for each public key in key ring. for each public key in key ring.• Users take partUsers take part in the assignment of the trust level in the assignment of the trust level
Trust in Public Key Trust in Public Key RingRing
Each user collects signed keysEach user collects signed keys and stores these in the public- key and stores these in the public- key ring.ring.
Each entry in the ring has:Each entry in the ring has:
- Key legitimacy field- Key legitimacy field Measures theMeasures the degree to which thisdegree to which this PGP user trusts that the key is valid for its user. PGP user trusts that the key is valid for its user.
TheThe higher the level of trust, the stronger is the binding of this user ID to this keyhigher the level of trust, the stronger is the binding of this user ID to this key
- Signature trust field- Signature trust field Measures how far the Measures how far the PGP user trusts the signer to certify public keys.PGP user trusts the signer to certify public keys. (The key (The key legitimacy field for an entry derives from the signature trust fields.) legitimacy field for an entry derives from the signature trust fields.)
- Owner trust field- Owner trust field Indicates the degree to which this Indicates the degree to which this PGP user trusts the key's owner to sign other PGP user trusts the key's owner to sign other
public-public- key certificates.key certificates. PGP doesn't compute this level of trust; the PGP user assigns it. PGP doesn't compute this level of trust; the PGP user assigns it.
YouYou can think of a signature trust field as a cached copy of the owner trust field fromcan think of a signature trust field as a cached copy of the owner trust field from another entry. another entry.
Trust in Public Key Trust in Public Key RingRing
Key Legitimacy Field (computed by PGP)Key Legitimacy Field (computed by PGP) Signature Trust Field (copies of OTF)Signature Trust Field (copies of OTF) Owner Trust Field (assigned by the user)Owner Trust Field (assigned by the user)
TimestamTimestampp
Key Key ID*ID*
PubliPublic Keyc Key
OwneOwner r TrustTrust
User User ID*ID*
Key Key LegitimacyLegitimacy
Signature(Signature(s)s)
SignaturSignature e Trust(s)Trust(s)
• • •
• • •
• • •
• • •
• • •
• • •
• • •
• • •
TTii KUi KUi momod d 226464
KUKUii Trust Trust flagflagii
User User ii
TrustTrustflagflagii
• • •
• • •
• • •
• • •
• • •
• • •
• • •
• • •
Public-Key Public-Key RingRing
Adding a new public Adding a new public key to your public-key key to your public-key ring:ring:
Owner trust field: Owner trust field: (signed other keys)(signed other keys) - If you - If you own the key - ultimate trustown the key - ultimate trust is automatically assigned. is automatically assigned. - If you - If you don’t own the key - PGP asks the user:don’t own the key - PGP asks the user: unknown, untrusted, marginally trusted, or completely trustedunknown, untrusted, marginally trusted, or completely trusted Signature trust field: Signature trust field: (trusts the signer)(trusts the signer) PGP searches the public-key ring to see if the author of this signature is PGP searches the public-key ring to see if the author of this signature is
among the known public-key owners. among the known public-key owners. - If so, the owner trust value for this owner is assigned to the signature - If so, the owner trust value for this owner is assigned to the signature
trust trust field for this signature. field for this signature. OWNERTRUST SIGTRUSTOWNERTRUST SIGTRUST - If not, an unknown-user value is assigned. - If not, an unknown-user value is assigned. key-legitimacy: key-legitimacy: (the key is valid for its user)(the key is valid for its user) On the basis of the signature trust fieldsOn the basis of the signature trust fields present in this entry. present in this entry.
- If at least one signature has a value of ultimate trust, then the key - If at least one signature has a value of ultimate trust, then the key legitimacy value is legitimacy value is set to completeset to complete- Otherwise, - Otherwise, PGP computes a weighted sumPGP computes a weighted sum of the trust values. of the trust values.
1/X is given to signatures that are always trusted 1/X is given to signatures that are always trusted 1/Y is given to signatures that are usually trusted1/Y is given to signatures that are usually trusted X and Y are user-configurable parameters. X and Y are user-configurable parameters.
PGP Trust Model PGP Trust Model ExampleExample
Revoking Public Revoking Public KeysKeys
When When exposure suspectsexposure suspects or simply or simply avoiding the use of the avoiding the use of the same key for an extended periodsame key for an extended period
The owner The owner issue a key revocation certificateissue a key revocation certificate– Signed by the ownerSigned by the owner , with the corresponding private key , with the corresponding private key– Same form of normal signatureSame form of normal signature certificate but includes an certificate but includes an
indicator that the purpose of this certificate is to revoke the indicator that the purpose of this certificate is to revoke the use of this public keyuse of this public key
The owner should The owner should disseminate this certificate disseminate this certificate as widely and as widely and as quickly as possible opponentas quickly as possible opponent
NOTE:NOTE:An opponent who has compromised the private-key of an An opponent who has compromised the private-key of an
ownerownercan also issue such a certificate. However, this would deny thecan also issue such a certificate. However, this would deny theopponent as well as the legitimate owner the use of the public opponent as well as the legitimate owner the use of the public Key – seems much less likely threat.Key – seems much less likely threat.
Next: S/MIME…Next: S/MIME…
Radix-64 Conversion Radix-64 Conversion TableTable
6-bit6-bit
ValueValue
CharactCharacterer
EncodinEncodingg
6-bit6-bit
ValueValue
CharactCharacterer
EncodinEncodingg
6-bit6-bit
ValueValue
CharactCharacterer
EncodinEncodingg
6-bit6-bit
ValueValue
CharactCharacterer
encodinencodingg
00
11
22
33
44
55
66
77
88
99
1010
1111
1212
1313
1414
1515
AA
BB
CC
DD
EE
FF
GG
HH
II
JJ
KK
LL
MM
NN
OO
PP
1616
1717
1818
1919
2020
2121
2222
2323
2424
2525
2626
2727
2828
2929
3030
3131
RR
SS
TT
UU
VV
WW
XX
YY
ZZ
aa
bb
cc
dd
ee
ff
3232
3333
3434
3535
3636
3737
3838
3939
4040
4141
4242
4343
4444
4545
4646
4747
gg
hh
ii
jj
kk
ll
mm
nn
oo
pp
rr
ss
tt
uu
vv
4848
4949
5050
5151
5252
5353
5454
5555
5656
5757
5858
5959
6060
6161
6262
6363
((padpad))
ww
xx
yy
zz
00
11
22
33
44
55
66
77
88
99
++
//
==
Radix-64 Encoding