Using GOST Algorithms for XML Digital Signatures CryptoPro

18, Suschevsky val Moscow 127018 Russian Federation +7 (495) 995-48-20 spv@cryptopro.ru

CryptoPro

18, Suschevsky val Moscow 127018 Russian Federation +7 (495) 995-48-20 mparamonova@cryptopro.ru

CryptoPro

18, Suschevsky val Moscow 127018 Russian Federation +7 (495) 995-48-20 xmv@cryptopro.ru

CryptoPro

18, Suschevsky val Moscow 127018 Russian Federation +7 (495) 995-48-20 makarov@cryptopro.ru

General Network Working Group gost, cryptography, XML, digital signature This document defines new algorithm identifiers for GOST cryptographic algorithms and methods of including GOST-based digital signature and hash-based message authentication code (HMAC) within the XML document. All statements in this document are techically equivalent to .

This document specifies identifiers (see ) for the following Russian digital signature and hash algorithms (GOST algorithms): GOST 34.11-2012 hash algorithm (the English version can be found in ), GOST 34.10-2012 digital signature algorithm (the English version can be found in ). This document specifies identifiers (see ) for GOST-based HMAC transformations defined in the R 50.1.113-2016 (the English version can be found in ). These identifiers are meant to use in XML Digital Signature Syntax (see ). In addition, new methods of carrying GOST-based key material within XML documents are defined (see ). Also included are namespace identifiers, prefixes and XML schema definition required to make specification complete (see ).

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in .

This document uses XML elements from four different XML schemas (see Table 1). Every XML schema is assigned to one XML namespace. The following XML namespace identifier MUST be used as targetNamespace in the XML schema preamble:

The other XML namespaces are external. Their identifiers are specified in XML schema preamble in corresponding attributes. Table 1 lists full set of XML namespaces used in this document, identifiers and assigned prefixes. Table 1 also defines abbreviations for corresponding XML schemas.

Any element or attribute whose name starts with the prefix from the Table 1 is considered to belong to the corresponding XML schema. This document uses prefixes to prevent possible collisions with elements of same names from different namespaces. Chosen prefixes have no special meaning and MAY be replaced by others. The CPXMLSEC schema extends DS schema to support GOST algorithms. The CPXMLSEC schema uses XS schema elements (see and ). The DS schema and DSIG11 schema definitions are described in accordance with . The subsequent CPXMLSEC schema preamble is to be used with XML Schema definitions given in the remaining sections of this document.

]]>

For GOST R 34.11-2012 algorithm with 256-bit hash code the following identifier MUST be used:

The following sample includes GOST R 34.11-2012 algorithm with 256-bit hash code in ds:DigestMethod element:

]]> The hash code MUST be represented in little-endian and base64-encoded , then it is included in the ds:DigestValue element (see Section 4.4.3.6 of ).

For GOST R 34.11-2012 algorithm with 512-bit hash code the following identifier MUST be used:

The following sample includes GOST R 34.11-2012 algorithm with 512-bit hash code in the ds:DigestMethod element:

]]> The hash code MUST be represented in little-endian and base64-encoded , then it is included in the ds:DigestValue element (see Section 4.4.3.6 of ).

The following identifier MUST be used for GOST R 34.11-94 algorithm to provide backward compatibility:

The ds:DigestMethod element MAY include a descendant element named cpxmlsec:NamedParameters to specify hash algorithm parameters. If present, hash algorithm parameters MUST be included in the "URI" attribute of the cpxmlsec:NamedParameters element. Parameters are indicated by OIDs and MUST be formatted in accordance with . OIDs defined in section 8.2 of MAY be used. If the cpxmlsec:NamedParameters element is not included, id-GostR3411-94-CryptoProParamSet (see ) MUST be presumed. The cpxmlsec:NamedParameters element is described by the following XML schema definition:

]]> The following sample includes GOST R 34.11-94 algorithm in the ds:DigestMethod element:

]]> The hash code MUST be represented in little-endian and base64-encoded , then it is included in the ds:DigestValue element (see Section 4.4.3.6 of ).

For GOST R 34.10-2012 algorithm with 256-bit private key the following identifier MUST be used (without line break in the identifier):

The following sample includes GOST R 34.10-2012 algorithm with 256-bit private key in the ds:SignatureMethod element (without line break in the attribute value):

]]> Digital signature value MUST be represented in accordance with and base64-encoded , then it is included in the ds:SignatureValue element (see Section 4.3 of ).

For GOST R 34.10-2012 algorithm with 512-bit private key the following identifier MUST be used (without line break in the identifier):

The following sample includes GOST R 34.10-2012 algorithm with 512-bit private key in the ds:SignatureMethod element (without line break in the attribute value):

]]> Digital signature value MUST be represented in accordance with and base64-encoded , then it is included in ds:SignatureValue element (see Section 4.3 of ).

The following identifier MUST be used for GOST R 34.10-2001 algorithm to provide backward compatibility:

The following sample includes GOST R 34.10-2001 algorithm in the ds:SignatureMethod element:

]]> Digital signature value MUST be represented in accordance with and base64-encoded , then it is included in the ds:SignatureValue element (see Section 4.3 of ).

GOST R 34.11-2012 algorithm MAY be used in HMAC mechanism in accordance with section 6.3.1 and section 4.1.1 .

For GOST R 34.11-2012 algorithm with 256-bit hash code the following identifier MUST be used:

The following sample includes GOST R 34.11-2012 algorithm with 256-bit hash code in the ds:SignatureMethod element:

]]> The HMAC_GOSTR3411_2012_256 algorithm result (section 4.1.1 ) MUST be represented in little-endian and base64-encoded , then it is included in the ds:SignatureValue element (see Section 4.3 of ).

For GOST R 34.11-2012 algorithm with 512-bit hash code the following identifier MUST be used:

The following sample includes GOST R 34.11-2012 algorithm with 512-bit hash code in the ds:SignatureMethod element:

]]> The HMAC_GOSTR3411_2012_512 algorithm result (section 4.1.2 ) MUST be represented in little-endian and base64-encoded , then it is included in the ds:SignatureValue element (see Section 4.3 of ).

The information about GOST-based key material or HMAC symmetric key MAY be included in XML digital signature in any way in accordance with . In addition, this document defines new ways to enclose public keys of GOST algorithms: in descendants of the dsig11:DEREncodedKeyValue element (see Section 4.5.9 of ), in the ds:KeyValue element (see ) and using the "Type" atrribute of the ds:RetrievalMethod element (see ).

The dsig11:DEREncodedKeyValue element is a descendant of the ds:KeyInfo (see Section 4.5 of ) element. To include the public key and its parameters into the dsig11:DEREncodedKeyValue element, the SubjectPublicKeyInfo structure MUST be used. This structure MUST be encoded in accordance with . Then this key material MUST be represented in accordance with Section 4.5.9 of .

The ds:KeyValue element is a descendant of the ds:KeyInfo (see Section 4.5 of ) element. This element contains the public key and its parameters. For GOST algorithms one of the following extra descendants MUST be included in the ds:KeyValue element: cpxmlsec:GOSTR34102012-256-KeyValue element; cpxmlsec:GOSTR34102012-512-KeyValue element; cpxmlsec:GOSTR34102001KeyValue element. The extended ds:KeyValue element is described by the following XML schema definition:

]]> Each of cpxmlsec:GOSTR34102012-256-KeyValue, cpxmlsec:GOSTR34102012-512-KeyValue and cpxmlsec:GOSTR34102001KeyValue elements have cpxmlsec:GOSTKeyValueType type (see schema definition below) and MUST contain the following descendants: cpxmlsec:NamedCurve element - contains an elliptic curve identifier; cpxmlsec:PublicKey element - contains a public key. Each of cpxmlsec:NamedCurve and cpxmlsec:PublicKey elements belong to cpxmlsec namespace. The cpxmlsec:NamedCurve element has dsig11:NamedCurveType type. The cpxmlsec:PublicKey element has dsig11:ECPointType type. Both types belong to DSIG11 schema . Each of cpxmlsec:GOSTR34102012-256-KeyValue, cpxmlsec:GOSTR34102012-512-KeyValue and cpxmlsec:GOSTR34102001KeyValue elements are described by the following XML schema definition:

]]> Each of cpxmlsec:GOSTR34102012-256-KeyValue, cpxmlsec:GOSTR34102012-512-KeyValue and cpxmlsec:GOSTR34102001KeyValue elements MUST be represented in accordance with -.

The elliptic curve identifier (public key parameters) MUST be included in the "URI" attribute of the cpxmlsec:NamedCurve element (see ). In case of public key parameters described by OIDs they SHOULD be represented in accordance with . OID identifiers for GOST algorithms are defined in . The public key MUST be included in the cpxmlsec:GOSTR34102012-256-KeyValue element. It MUST be represented in the same way as subjectPublicKey field of SubjectPublicKeyInfo structure without enclosing in OCTET STRING and DER encoding. This string MUST be base64-encoded and included in the cpxmlsec:GOSTR34102012-256-KeyValue element similar to the ds:RSAKeyValue (see ). The XML schema of cpxmlsec:GOSTR34102012-256-KeyValue and cpxmlsec:PublicKey elements is defined in . The following sample includes key material in the cpxmlsec:GOSTR34102012-256-KeyValue element:

]]>

The elliptic curve identifier (public key parameters) MUST be included in the "URI" attribute of the cpxmlsec:NamedCurve element (see ). In case of public key parameters described by OIDs they SHOULD be represented in accordance with . OID identifiers for GOST algorithms are defined in . The public key MUST be included in cpxmlsec:GOSTR34102012-512-KeyValue element. It MUST be represented in the same way as subjectPublicKey field of SubjectPublicKeyInfo structure without enclosing in OCTET STRING and DER encoding. This string MUST be base64-encoded and included in the cpxmlsec:GOSTR34102012-512-KeyValue element similar to the ds:RSAKeyValue (see ). The XML schema of cpxmlsec:GOSTR34102012-512-KeyValue and cpxmlsec:PublicKey elements is defined in . The following sample includes key material in the cpxmlsec:GOSTR34102012-512-KeyValue element:

]]>

The elliptic curve identifier (public key parameters) MUST be included in the "URI" attribute of the cpxmlsec:NamedCurve element (see ). In case of public key parameters described by OIDs they SHOULD be represented in accordance with . OID identifiers for GOST algorithms are defined in section 8.4 of . The public key MUST be included in cpxmlsec:GOSTR34102001KeyValue element. It MUST be represented in the same way as subjectPublicKey field of SubjectPublicKeyInfo structure without enclosing in OCTET STRING and DER encoding. This string MUST be base64-encoded and included in the cpxmlsec:GOSTR34102001KeyValue similar to the ds:RSAKeyValue (see ). The XML schema of cpxmlsec:GOSTR34102001KeyValue and cpxmlsec:PublicKey elements is defined in . The following sample includes key material in the cpxmlsec:GOSTR34102001KeyValue element:

]]>

The GOST public key MAY be referenced in the ds:RetrievalMethod element. In this case the public key reference MUST be included in the "URI" attribute. If the "Type" attribute is present one of the following identifiers MUST be used. For GOST R 34.10-2012 algorithm with 256-bit private key:

For GOST R 34.10-2012 algorithm with 512-bit private key:

For GOST R 34.10-2001 algorithm:

This section registers a new XML sub-namespace, "urn:ietf:params:xml:ns:cpxmlsec" (see ) per the guidelines in : URI: urn:ietf:params:xml:ns:cpxmlsec Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Paramonova (mparamonova@cryptopro.ru). XML: None. Namespace URIs do not represent an XML specification.

This section registers a new XML sub-namespace identifier, "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256" (see ) per the guidelines in : URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256 Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Paramonova (mparamonova@cryptopro.ru). XML:

GOST R 34.11-2012 algorithm with 256-bit hash code in DigestMethod element

Namespace identifier for GOST R 34.11-2012 algorithm with 256-bit hash code in DigestMethod element

urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256

See Section 4.1.1 in draft-smirnov-xmldsig-05.

]]>

This section registers a new XML sub-namespace identifier, "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512" (see ) per the guidelines in : URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512 Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Paramonova (mparamonova@cryptopro.ru). XML:

GOST R 34.11-2012 algorithm with 512-bit hash code in DigestMethod element

Namespace identifier for GOST R 34.11-2012 algorithm with 512-bit hash code in DigestMethod element

urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512

See Section 4.1.2 in draft-smirnov-xmldsig-05.

]]>

This section registers a new XML sub-namespace identifier, "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411" (see ) per the guidelines in : URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411 Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Paramonova (mparamonova@cryptopro.ru). XML:

GOST R 34.11-94 algorithm in DigestMethod element

Namespace identifier for GOST R 34.11-94 algorithm in DigestMethod element

urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411

See Section 4.1.3 in draft-smirnov-xmldsig-05.

]]>

This section registers a new XML sub-namespace identifier, "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-256" (see ) per the guidelines in : URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-256 Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Paramonova (mparamonova@cryptopro.ru). XML:

GOST R 34.10-2012 algorithm with 256-bit key in SignatureMethod element

Namespace identifier for GOST R 34.10-2012 algorithm with 256-bit key in SignatureMethod element

urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-256

See Section 4.2.1 in draft-smirnov-xmldsig-05.

]]>

This section registers a new XML sub-namespace identifier, "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-512" (see ) per the guidelines in : URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-512 Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Paramonova (mparamonova@cryptopro.ru). XML:

GOST R 34.10-2012 algorithm with 512-bit key in SignatureMethod element

Namespace identifier for GOST R 34.10-2012 algorithm with 512-bit key in SignatureMethod element

urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-512

See Section 4.2.2 in draft-smirnov-xmldsig-05.

]]>

This section registers a new XML sub-namespace identifier, "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411" (see ) per the guidelines in : URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411 Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Paramonova (mparamonova@cryptopro.ru). XML:

GOST R 34.10-2001 algorithm in SignatureMethod element

Namespace identifier for GOST R 34.10-2001 algorithm in SignatureMethod element

urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411

See Section 4.2.3 in draft-smirnov-xmldsig-05.

]]>

This section registers a new XML sub-namespace identifier, "urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-256" (see ) per the guidelines in : URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-256 Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Paramonova (mparamonova@cryptopro.ru). XML:

GOST R 34.11-2012 algorithm with 256-bit key in SignatureMethod element

Namespace identifier for GOST R 34.11-2012 algorithm with 256-bit key in SignatureMethod element

urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-256

See Section 4.3.1 in draft-smirnov-xmldsig-05.

]]>

This section registers a new XML sub-namespace identifier, "urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-512" (see ) per the guidelines in : URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-512 Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Paramonova (mparamonova@cryptopro.ru). XML:

GOST R 34.11-2012 algorithm with 512-bit key in SignatureMethod element

Namespace identifier for GOST R 34.11-2012 algorithm with 512-bit key in SignatureMethod element

urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-512

See Section 4.3.2 in draft-smirnov-xmldsig-05.

]]>

This section registers a new XML sub-namespace identifier, "urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-256-keyvalue" (see ) per the guidelines in : URI: urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-256-keyvalue Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Paramonova (mparamonova@cryptopro.ru). XML:

GOST R 34.10-2012 256-bit public key at external location

Namespace identifier for GOST R 34.10-2012 256-bit public key at external location

urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-256-keyvalue

See Section 5.3 in draft-smirnov-xmldsig-05.

]]>

This section registers a new XML sub-namespace identifier, "urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-512-keyvalue" (see ) per the guidelines in : URI: urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-512-keyvalue Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Paramonova (mparamonova@cryptopro.ru). XML:

GOST R 34.10-2012 512-bit public key at external location

Namespace identifier for GOST R 34.10-2012 512-bit public key at external location

urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-512-keyvalue

See Section 5.3 in draft-smirnov-xmldsig-05.

]]>

This section registers a new XML sub-namespace identifier, "urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102001-keyvalue" (see ) per the guidelines in : URI: urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102001-keyvalue Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Paramonova (mparamonova@cryptopro.ru). XML:

GOST R 34.10-2001 public key at external location

Namespace identifier for GOST R 34.10-2001 public key at external location

urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102001-keyvalue

See Section 5.3 in draft-smirnov-xmldsig-05.

]]>

This section registers an XML schema per the guidelines in : URI: urn:ietf:params:xml:schema:cpxmlsec Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Paramonova (mparamonova@cryptopro.ru). XML: The XML schema can be found in .

XML Signature Syntax and Processing The World Wide Web Consortium (W3C) XML Schema Part 1: Structures Second Edition The World Wide Web Consortium (W3C) Using Russian algorithms of digital signature with XML-based protocols and messages Technical Committee 26 "Cryptography and Security Mechanisms" XML Schema Part 2: Datatypes Second Edition The World Wide Web Consortium (W3C) Information technology. Cryptographic information security. Usage of GOST R 34.10-2012 and GOST R 34.11-2012 algorithms in certificate, CRL and PKCS#10 certificate request in X.509 public key infrastructure Federal Agency on Technical Regulating and Metrology Information technology. Cryptographic data security. Signature and verification processes of [electronic] digital signature Federal Agency on Technical Regulating and Metrology Information technology. Cryptographic Data Security. Hashing function Federal Agency on Technical Regulating and Metrology Information technology. Cryptographic Data Security. Guidelines on the Cryptographic Algorithms, Accompanying the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012 Federal Agency on Technical Regulating and Metrology

]> ]]>

Note: Line breaks in the coordinates, identifiers, XML elements or in the attribute values MUST be ignored.

The following sample was constructed using the X.509 certificate from Appendix A of . X-coordinate of public key:

Y-coordinate of public key:

Corresponding private key (d):

K value:

H-bar value:

Signed XML document:

Data 9QLsxPPo7LlX6IXqwzjcNDmbFuCCGivQ1s61hcPuITM= jcQJhWtWbTCV7bjFky5vGXXUFigc74FXRi79lZnFHK7pMjpeiN2H+3xyQ4O//n zs1Ln/oqwzvu9zpaH3Q0BPaw==

ut/Qw1MUq9KPqkdHC2xAF3K7TugHfo9n525D2s5mFZdD5pwf90/i4v F0mFmr9nfRwMYP4o0Pg1mOn5RlaXNYrQ==

]]> Base64-encoded signed XML document: 77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0dXJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgICAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1cm46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwMjAxMi1nb3N0cjM0MTEyMDEy LTI1NiIgLz4NCiAgICAgICAgIDxSZWZlcmVuY2UgVVJJPSIjVG9TaWduIj4NCiAgICAgICAg ICAgIDxUcmFuc2Zvcm1zPg0KICAgICAgICAgICAgICAgPFRyYW5zZm9ybSBBbGdvcml0aG09 Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1IiAvPg0K ICAgICAgICAgICAgPC9UcmFuc2Zvcm1zPg0KICAgICAgICAgICAgPERpZ2VzdE1ldGhvZCBB bGdvcml0aG09InVybjppZXRmOnBhcmFtczp4bWw6bnM6Y3B4bWxzZWM6YWxnb3JpdGhtczpn b3N0cjM0MTEyMDEyLTI1NiIgLz4NCiAgICAgICAgICAgIDxEaWdlc3RWYWx1ZT45UUxzeFBQ bzdMbFg2SVhxd3pqY05EbWJGdUNDR2l2UTFzNjFoY1B1SVRNPTwvRGlnZXN0VmFsdWU+DQog ICAgICAgICA8L1JlZmVyZW5jZT4NCiAgICAgIDwvU2lnbmVkSW5mbz4NCiAgICAgIDxTaWdu YXR1cmVWYWx1ZT5qY1FKaFd0V2JUQ1Y3YmpGa3k1dkdYWFVGaWdjNzRGWFJpNzlsWm5GSEs3 cE1qcGVpTjJIKzN4eVE0Ty8vbnpzMUxuL29xd3p2dTl6cGFIM1EwQlBhdz09PC9TaWduYXR1 cmVWYWx1ZT4NCiAgICAgIDxLZXlJbmZvPg0KICAgICAgICAgPEtleVZhbHVlPg0KICAgICAg ICAgICAgPEdPU1RSMzQxMDIwMTItMjU2LUtleVZhbHVlIHhtbG5zPSJ1cm46aWV0ZjpwYXJh bXM6eG1sOm5zOmNweG1sc2VjIj4NCiAgICAgICAgICAgICAgIDxOYW1lZEN1cnZlIFVSST0i dXJuOm9pZDoxLjIuNjQzLjIuMi4zNi4wIiAvPg0KICAgICAgICAgICAgICAgPFB1YmxpY0tl eT51dC9RdzFNVXE5S1Bxa2RIQzJ4QUYzSzdUdWdIZm85bjUyNUQyczVtRlpkRDVwd2Y5MC9p NHZGMG1GbXI5bmZSd01ZUDRvMFBnMW1PbjVSbGFYTllyUT09PC9QdWJsaWNLZXk+DQogICAg ICAgICAgICA8L0dPU1RSMzQxMDIwMTItMjU2LUtleVZhbHVlPg0KICAgICAgICAgPC9LZXlW YWx1ZT4NCiAgICAgIDwvS2V5SW5mbz4NCiAgIDwvU2lnbmF0dXJlPg0KPC9yb290Pg==

The following sample was constructed using the X.509 certificate from Appendix A of . X-coordinate of public key:

Y-coordinate of public key:

Corresponding private key (d):

K value:

H-bar value:

Signed XML document:

Data wiOFD9D7zKHNlo58t/9tUtCJA5ZO9vmDhMlt3HIkyXZvQxIp5PE+txwsI AVfUIOULvGTFxAZlwuHTB+qD5s54g== dn+oWg6n3wJ20kBmO1GvURc4SuZ3h3nKXYWy4uHdmeS2nlTlNWFKca4fTBlc+fp nCS8IEVNFX25Ndh4UXJLLNl2/L0wtancFiA+xRYzFgzUGW+pWIfyfvBdsSspbwe ZyJUWajqN3lDRZDchycEApNlqDpTtes8BpNrXSh+Cpg+c=

ExkPVQojORURgkPDBM9hdXQDaoWhLssGvAm8Tp072hiaRUFV0MJMLy xQCoe4ZOeNrzhLcaSrUwl3xn/OJ0YTB/0PW2XgHNnjv8oca7EIUwbn 2tRbqLtqHv41DmhukQLVFL0c4TU6aURhpdfhCGNr881LmvY/Tpf4AK MvyzSkCH4=

]]> Base64-encoded signed XML document: 77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0dXJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgICAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1cm46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwMjAxMi1nb3N0cjM0MTEyMDEy LTUxMiIgLz4NCiAgICAgICAgIDxSZWZlcmVuY2UgVVJJPSIjVG9TaWduIj4NCiAgICAgICAg ICAgIDxUcmFuc2Zvcm1zPg0KICAgICAgICAgICAgICAgPFRyYW5zZm9ybSBBbGdvcml0aG09 Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1IiAvPg0K ICAgICAgICAgICAgPC9UcmFuc2Zvcm1zPg0KICAgICAgICAgICAgPERpZ2VzdE1ldGhvZCBB bGdvcml0aG09InVybjppZXRmOnBhcmFtczp4bWw6bnM6Y3B4bWxzZWM6YWxnb3JpdGhtczpn b3N0cjM0MTEyMDEyLTUxMiIgLz4NCiAgICAgICAgICAgIDxEaWdlc3RWYWx1ZT53aU9GRDlE N3pLSE5sbzU4dC85dFV0Q0pBNVpPOXZtRGhNbHQzSElreVhadlF4SXA1UEUrdHh3c0lBVmZV SU9VTHZHVEZ4QVpsd3VIVEIrcUQ1czU0Zz09PC9EaWdlc3RWYWx1ZT4NCiAgICAgICAgIDwv UmVmZXJlbmNlPg0KICAgICAgPC9TaWduZWRJbmZvPg0KICAgICAgPFNpZ25hdHVyZVZhbHVl PmRuK29XZzZuM3dKMjBrQm1PMUd2VVJjNFN1WjNoM25LWFlXeTR1SGRtZVMybmxUbE5XRktj YTRmVEJsYytmcG5DUzhJRVZORlgyNU5kaDRVWEpMTE5sMi9MMHd0YW5jRmlBK3hSWXpGZ3pV R1crcFdJZnlmdkJkc1NzcGJ3ZVp5SlVXYWpxTjNsRFJaRGNoeWNFQXBObHFEcFR0ZXM4QnBO clhTaCtDcGcrYz08L1NpZ25hdHVyZVZhbHVlPg0KICAgICAgPEtleUluZm8+DQogICAgICAg ICA8S2V5VmFsdWU+DQogICAgICAgICAgICA8R09TVFIzNDEwMjAxMi01MTItS2V5VmFsdWUg eG1sbnM9InVybjppZXRmOnBhcmFtczp4bWw6bnM6Y3B4bWxzZWMiPg0KICAgICAgICAgICAg ICAgPE5hbWVkQ3VydmUgVVJJPSJ1cm46b2lkOjEuMi42NDMuNy4xLjIuMS4yLjIiIC8+DQog ICAgICAgICAgICAgICA8UHVibGljS2V5PkV4a1BWUW9qT1JVUmdrUERCTTloZFhRRGFvV2hM c3NHdkFtOFRwMDcyaGlhUlVGVjBNSk1MeXhRQ29lNFpPZU5yemhMY2FTclV3bDN4bi9PSjBZ VEIvMFBXMlhnSE5uanY4b2NhN0VJVXdibjJ0UmJxTHRxSHY0MURtaHVrUUxWRkwwYzRUVTZh VVJocGRmaENHTnI4ODFMbXZZL1RwZjRBS012eXpTa0NIND08L1B1YmxpY0tleT4NCiAgICAg ICAgICAgIDwvR09TVFIzNDEwMjAxMi01MTItS2V5VmFsdWU+DQogICAgICAgICA8L0tleVZh bHVlPg0KICAgICAgPC9LZXlJbmZvPg0KICAgPC9TaWduYXR1cmU+DQo8L3Jvb3Q+

The following sample was constructed using the X.509 certificate from section 4.2 of . X-coordinate of public key:

Y-coordinate of public key:

Corresponding private key (d):

K value:

H-bar value:

Signed XML document:

Data FVQbzF2djfNNJO3JG0OLfSODlZkibTcUmF2DS4nnuPY= n2UHtdu25fPzJNYyojbNTq52V1D3UBVQqI5xNhdYopDpMjpeiN2H+3xyQ4O//nz s1Ln/oqwzvu9zpaH3Q0BPaw== hJVodWACGkB1CM0TjDGJLP3lBQN6Q1z0bSsP508yfleP68wWuZWIA9 CafIWuD+SN6qa7flbHy7DfD2a8yuoaYA== ]]> Base64-encoded signed XML document: 77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0dXJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgICAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1cm46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwMjAwMS1nb3N0cjM0MTEiIC8+ DQogICAgICAgICA8UmVmZXJlbmNlIFVSST0iI1RvU2lnbiI+DQogICAgICAgICAgICA8VHJh bnNmb3Jtcz4NCiAgICAgICAgICAgICAgIDxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8v d3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIgLz4NCiAgICAgICAg ICAgIDwvVHJhbnNmb3Jtcz4NCiAgICAgICAgICAgIDxEaWdlc3RNZXRob2QgQWxnb3JpdGht PSJ1cm46aWV0ZjpwYXJhbXM6eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEx IiAvPg0KICAgICAgICAgICAgPERpZ2VzdFZhbHVlPkZWUWJ6RjJkamZOTkpPM0pHME9MZlNP RGxaa2liVGNVbUYyRFM0bm51UFk9PC9EaWdlc3RWYWx1ZT4NCiAgICAgICAgIDwvUmVmZXJl bmNlPg0KICAgICAgPC9TaWduZWRJbmZvPg0KICAgICAgPFNpZ25hdHVyZVZhbHVlPm4yVUh0 ZHUyNWZQekpOWXlvamJOVHE1MlYxRDNVQlZRcUk1eE5oZFlvcERwTWpwZWlOMkgrM3h5UTRP Ly9uenMxTG4vb3F3enZ1OXpwYUgzUTBCUGF3PT08L1NpZ25hdHVyZVZhbHVlPg0KICAgICAg PEtleUluZm8+DQogICAgICAgICA8S2V5VmFsdWU+DQogICAgICAgICAgICA8R09TVFIzNDEw MjAwMUtleVZhbHVlIHhtbG5zPSJ1cm46aWV0ZjpwYXJhbXM6eG1sOm5zOmNweG1sc2VjIj4N CiAgICAgICAgICAgICAgIDxOYW1lZEN1cnZlIFVSST0idXJuOm9pZDoxLjIuNjQzLjIuMi4z Ni4wIiAvPg0KICAgICAgICAgICAgICAgPFB1YmxpY0tleT5oSlZvZFdBQ0drQjFDTTBUakRH SkxQM2xCUU42UTF6MGJTc1A1MDh5ZmxlUDY4d1d1WldJQTlDYWZJV3VEK1NONnFhN2ZsYkh5 N0RmRDJhOHl1b2FZQT09PC9QdWJsaWNLZXk+DQogICAgICAgICAgICA8L0dPU1RSMzQxMDIw MDFLZXlWYWx1ZT4NCiAgICAgICAgIDwvS2V5VmFsdWU+DQogICAgICA8L0tleUluZm8+DQog ICA8L1NpZ25hdHVyZT4NCjwvcm9vdD4=

The following sample was constructed using the X.509 certificate from Appendix A of . X-coordinate of public key:

Y-coordinate of public key:

Corresponding private key (d):

K value:

H-bar value:

Signed XML document:

Data 9QLsxPPo7LlX6IXqwzjcNDmbFuCCGivQ1s61hcPuITM= jcQJhWtWbTCV7bjFky5vGXXUFigc74FXRi79lZnFHK7pMjpeiN2H+3xyQ4O//nz s1Ln/oqwzvu9zpaH3Q0BPaw== MIICYjCCAg+gAwIBAgIBATAKBggqhQMHAQEDAjBWMSkwJwYJKoZIhvcNA QkBFhpHb3N0UjM0MTAtMjAxMkBleGFtcGxlLmNvbTEpMCcGA1UEAxMgR2 9zdFIzNDEwLTIwMTIgKDI1NiBiaXQpIGV4YW1wbGUwHhcNMTMxMTA1MTQ wMjM3WhcNMzAxMTAxMTQwMjM3WjBWMSkwJwYJKoZIhvcNAQkBFhpHb3N0 UjM0MTAtMjAxMkBleGFtcGxlLmNvbTEpMCcGA1UEAxMgR29zdFIzNDEwL TIwMTIgKDI1NiBiaXQpIGV4YW1wbGUwZjAfBggqhQMHAQEBATATBgcqhQ MCAiQABggqhQMHAQECAgNDAARAut/Qw1MUq9KPqkdHC2xAF3K7TugHfo9 n525D2s5mFZdD5pwf90/i4vF0mFmr9nfRwMYP4o0Pg1mOn5RlaXNYraOB wDCBvTAdBgNVHQ4EFgQU1fIeN1HaPbw+XWUzbkJ+kHJUT0AwCwYDVR0PB AQDAgHGMA8GA1UdEwQIMAYBAf8CAQEwfgYDVR0BBHcwdYAU1fIeN1HaPb w+XWUzbkJ+kHJUT0ChWqRYMFYxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQ xMC0yMDEyQGV4YW1wbGUuY29tMSkwJwYDVQQDEyBHb3N0UjM0MTAtMjAx MiAoMjU2IGJpdCkgZXhhbXBsZYIBATAKBggqhQMHAQEDAgNBAF5bm4BbA RR6hJLEoWJkOsYV3Hd7kXQQjz3CdqQfmHrz6TI6Xojdh/t8ckODv/587N S5/6KsM77vc6Wh90NAT2s= ]]> Base64-encoded signed XML document: 77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0dXJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgICAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1cm46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwMjAxMi1nb3N0cjM0MTEyMDEy LTI1NiIgLz4NCiAgICAgICAgIDxSZWZlcmVuY2UgVVJJPSIjVG9TaWduIj4NCiAgICAgICAg ICAgIDxUcmFuc2Zvcm1zPg0KICAgICAgICAgICAgICAgPFRyYW5zZm9ybSBBbGdvcml0aG09 Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1IiAvPg0K ICAgICAgICAgICAgPC9UcmFuc2Zvcm1zPg0KICAgICAgICAgICAgPERpZ2VzdE1ldGhvZCBB bGdvcml0aG09InVybjppZXRmOnBhcmFtczp4bWw6bnM6Y3B4bWxzZWM6YWxnb3JpdGhtczpn b3N0cjM0MTEyMDEyLTI1NiIgLz4NCiAgICAgICAgICAgIDxEaWdlc3RWYWx1ZT45UUxzeFBQ bzdMbFg2SVhxd3pqY05EbWJGdUNDR2l2UTFzNjFoY1B1SVRNPTwvRGlnZXN0VmFsdWU+DQog ICAgICAgICA8L1JlZmVyZW5jZT4NCiAgICAgIDwvU2lnbmVkSW5mbz4NCiAgICAgIDxTaWdu YXR1cmVWYWx1ZT5qY1FKaFd0V2JUQ1Y3YmpGa3k1dkdYWFVGaWdjNzRGWFJpNzlsWm5GSEs3 cE1qcGVpTjJIKzN4eVE0Ty8vbnpzMUxuL29xd3p2dTl6cGFIM1EwQlBhdz09PC9TaWduYXR1 cmVWYWx1ZT4NCiAgICAgIDxLZXlJbmZvPg0KICAgICAgICAgPFg1MDlEYXRhPg0KICAgICAg ICAgICAgPFg1MDlDZXJ0aWZpY2F0ZT5NSUlDWWpDQ0FnK2dBd0lCQWdJQkFUQUtCZ2dxaFFN SEFRRURBakJXTVNrd0p3WUpLb1pJaHZjTkFRa0JGaHBIYjNOMFVqTTBNVEF0TWpBeE1rQmxl R0Z0Y0d4bExtTnZiVEVwTUNjR0ExVUVBeE1nUjI5emRGSXpOREV3TFRJd01USWdLREkxTmlC aWFYUXBJR1Y0WVcxd2JHVXdIaGNOTVRNeE1UQTFNVFF3TWpNM1doY05NekF4TVRBeE1UUXdN ak0zV2pCV01Ta3dKd1lKS29aSWh2Y05BUWtCRmhwSGIzTjBVak0wTVRBdE1qQXhNa0JsZUdG dGNHeGxMbU52YlRFcE1DY0dBMVVFQXhNZ1IyOXpkRkl6TkRFd0xUSXdNVElnS0RJMU5pQmlh WFFwSUdWNFlXMXdiR1V3WmpBZkJnZ3FoUU1IQVFFQkFUQVRCZ2NxaFFNQ0FpUUFCZ2dxaFFN SEFRRUNBZ05EQUFSQXV0L1F3MU1VcTlLUHFrZEhDMnhBRjNLN1R1Z0hmbzluNTI1RDJzNW1G WmRENXB3ZjkwL2k0dkYwbUZtcjluZlJ3TVlQNG8wUGcxbU9uNVJsYVhOWXJhT0J3RENCdlRB ZEJnTlZIUTRFRmdRVTFmSWVOMUhhUGJ3K1hXVXpia0ora0hKVVQwQXdDd1lEVlIwUEJBUURB Z0hHTUE4R0ExVWRFd1FJTUFZQkFmOENBUUV3ZmdZRFZSMEJCSGN3ZFlBVTFmSWVOMUhhUGJ3 K1hXVXpia0ora0hKVVQwQ2hXcVJZTUZZeEtUQW5CZ2txaGtpRzl3MEJDUUVXR2tkdmMzUlNN elF4TUMweU1ERXlRR1Y0WVcxd2JHVXVZMjl0TVNrd0p3WURWUVFERXlCSGIzTjBVak0wTVRB dE1qQXhNaUFvTWpVMklHSnBkQ2tnWlhoaGJYQnNaWUlCQVRBS0JnZ3FoUU1IQVFFREFnTkJB RjVibTRCYkFSUjZoSkxFb1dKa09zWVYzSGQ3a1hRUWp6M0NkcVFmbUhyejZUSTZYb2pkaC90 OGNrT0R2LzU4N05TNS82S3NNNzd2YzZXaDkwTkFUMnM9PC9YNTA5Q2VydGlmaWNhdGU+DQog ICAgICAgICA8L1g1MDlEYXRhPg0KICAgICAgPC9LZXlJbmZvPg0KICAgPC9TaWduYXR1cmU+ DQo8L3Jvb3Q+

The following sample was constructed using the X.509 certificate from Appendix A of . X-coordinate of public key:

Y-coordinate of public key:

Corresponding private key:

K value:

H-bar value:

Signed XML document:

Data 9QLsxPPo7LlX6IXqwzjcNDmbFuCCGivQ1s61hcPuITM= jcQJhWtWbTCV7bjFky5vGXXUFigc74FXRi79lZnFHK7pMjpeiN2H+3xyQ4O//nz s1Ln/oqwzvu9zpaH3Q0BPaw== MGYwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIDQwAEQLrf0MNT FKvSj6pHRwtsQBdyu07oB36PZ+duQ9rOZhWXQ+acH/dP4uLxdJhZq/Z30cDG D+KND4NZjp+UZWlzWK0= ]]> Base64-encoded signed XML document: 77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0dXJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgICAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1cm46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwMjAxMi1nb3N0cjM0MTEyMDEy LTI1NiIgLz4NCiAgICAgICAgIDxSZWZlcmVuY2UgVVJJPSIjVG9TaWduIj4NCiAgICAgICAg ICAgIDxUcmFuc2Zvcm1zPg0KICAgICAgICAgICAgICAgPFRyYW5zZm9ybSBBbGdvcml0aG09 Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1IiAvPg0K ICAgICAgICAgICAgPC9UcmFuc2Zvcm1zPg0KICAgICAgICAgICAgPERpZ2VzdE1ldGhvZCBB bGdvcml0aG09InVybjppZXRmOnBhcmFtczp4bWw6bnM6Y3B4bWxzZWM6YWxnb3JpdGhtczpn b3N0cjM0MTEyMDEyLTI1NiIgLz4NCiAgICAgICAgICAgIDxEaWdlc3RWYWx1ZT45UUxzeFBQ bzdMbFg2SVhxd3pqY05EbWJGdUNDR2l2UTFzNjFoY1B1SVRNPTwvRGlnZXN0VmFsdWU+DQog ICAgICAgICA8L1JlZmVyZW5jZT4NCiAgICAgIDwvU2lnbmVkSW5mbz4NCiAgICAgIDxTaWdu YXR1cmVWYWx1ZT5qY1FKaFd0V2JUQ1Y3YmpGa3k1dkdYWFVGaWdjNzRGWFJpNzlsWm5GSEs3 cE1qcGVpTjJIKzN4eVE0Ty8vbnpzMUxuL29xd3p2dTl6cGFIM1EwQlBhdz09PC9TaWduYXR1 cmVWYWx1ZT4NCiAgICAgIDxLZXlJbmZvPg0KICAgICAgICAgPERFUkVuY29kZWRLZXlWYWx1 ZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwOS94bWxkc2lnMTEjIj5NR1l3SHdZSUtv VURCd0VCQVFFd0V3WUhLb1VEQWdJa0FBWUlLb1VEQndFQkFnSURRd0FFUUxyZjBNTlRGS3ZT ajZwSFJ3dHNRQmR5dTA3b0IzNlBaK2R1UTlyT1poV1hRK2FjSC9kUDR1THhkSmhacS9aMzBj REdEK0tORDROWmpwK1VaV2x6V0swPTwvREVSRW5jb2RlZEtleVZhbHVlPg0KICAgICAgPC9L ZXlJbmZvPg0KICAgPC9TaWduYXR1cmU+DQo8L3Jvb3Q+

We thank Ekaterina Griboedova and Evgeny Alekseev for their useful comments.