 Welcome it's the get credentials binding project. And this is the second of June at 730 am India standard time. Thanks very much for being here remember we abide by the Jenkins code of conduct. So agenda topics I had questions from the last meeting. We have a task to update Jenkins.io with a more detailed project description and then how things are going with private key with passphrase. How things going private key without passphrase and username password binding prototype on windows. Any other topics for the agenda. So Rishabh you had mentioned that you had some questions are there specific topics you wanted to. Yes, they are around the conversion for my of the open SSH private key around I just have few questions around this topic. So, by that you mean this this material here and decode. Okay, so that's probably best for harsher to answer rather than for me to attempt to answer. That should be. So, should I ask. Yes, yes, go ahead. Okay, so I was reading about open SSH private key and to understand that we want to convert it to a pen format. We want to convert it into a pen format because we know that open SSH versions and bouncy castle API does not support different open SSH versions. So we want to standardize that by converting it into a pen format. Yeah, I mean open SSH now generates keys by default in a new format that is proprietary. So, and the bouncy castle API only supports PEM format, although there are a lot of the formats but bouncy castle only supports PEM so the conversion part has to be specific on the PEM format. Okay, so. So my next question is that, and I'm not sure if this is the right one but my limited knowledge with families that I've always seen certain tickets and primary dot x 519 certificates to pen format it. And about private keys, what we try to do here is that we want to. Especially talking about an open SSH encrypted private key. We try to decrypt it and then convert it into a pen format. Is that what we do. So decrypting will be like when the SSH private key is encrypted by a passphrase. So it will be what we are trying to do is encode it into another format. We won't be decrypting decrypting would be something like showing the underlying structure of that. It is in asni.one something but open SSH don't support that. So your question when I was looking at the question you had in your chat you were saying that to convert it into pen format you need two things and that is the encryption algorithm. And you mentioned one more thing right. It's a format type. format type. Yeah. So, so. Yes. So SSH key gen does not can does not output cannot output pen format. So if you have written the command right it will this command will output the format but if we don't use the option, then it will not it but it will output in a new open SSH format. That's correct. I was just I was just trying to understand what the process is there and why we're doing that. I was also looking at how this could be done and yeah this command can do it and we can convert it into pen. So I wonder if you're asking a similar question to what I was asking in the doc to my understanding is we're trying to decrypt the. We're talking about a password and key right or passphrase key. Yes, yes. So I think my understanding is the reason we want to decrypt it and then re encrypt in another format is so that we don't have to pass a key with a passphrase down to get CLI so that we have to like do terminal dance stuff. So this will convert it to one without a passphrase, and then you don't have to worry about the terminal problems. Yeah, that's one reason also we don't have to create any additional file for storing the passphrase as well as it will be decrypted so there's only the key, and there's no need to use the passphrase. Okay, yeah makes sense to go and I think, I think that's what I mean. I'm a little bit astonished actually that there isn't a trivial way to convert an open SSH private key in Java but I gather that you've searched and haven't found any way to do that. Oh, well I. Is that question for me. No no it was for it was for harsh. Yeah, Mark, I, I looked in, I mean I looked for in bouncy castle java docs and j CA java docs but I couldn't find much information on that because the format they support. I mean, the functionality they provide is basically around the algorithms. The first we need to know the algorithm encryption algorithm we have generated the key in. If we have not been able to figure that out I mean we won't be able to perform other operations. Okay yeah I just, and I see what looks like a commercial implementation called Maverick. Yeah, I don't see any open source implementation. So yeah, I just, that's that's really quite impressive, but I think you've you've hit it that's. I just wanted to share a small thing. I have one strike. Sorry. So I have one strike converting RSA encrypted private key into a PK CS eight format private key programmatically. So I, I, I checked that code once I was looking at what her ship was saying that we need the algorithm as well and I, he's correct. Yes, I, that's, but I'm not sure if it requires two things, the only thing I remember to convert it. And I'm seeing my code here is that I need the algorithm with by which the private key the input private key is encrypted and after that. Yeah, that was what I used to. So, and you say work with RSA did it also work with. Does it also work with. ED 25. 25519 EC DSA and possibly DSA. It's, I'm quite interested. This is a new format you are new only a four or five year old format used by open BSD so the open SSH people. And this is a predecessor I think to it. And this one is an old and I believe almost deprecated. So, so I am using the Java security package. And this is key factory, which I have used to do this but I have to look into it to be able to answer that question. Okay. Because if I remember correctly. Oh, go ahead. Yeah, sorry. Okay, so the key factory I had, I have worked on that as well. I mean, there is a Java doc which tells which type of algorithms could be used in different types of classes. So there I mean to three to four algorithms are there in key factory, then there is a key generator as well. And they have five to six algorithms for that. Yeah, yeah, so the way it is working is that we have to provide the algorithm. Yeah, yeah, and the key spec and that key spec would be the type of format we want to convert our input key into that is what I can see. Yeah, if I if I share three lines of phone is essentially captured and share the chat. Yeah, I mean key spec is not a problem because it's an interface and there is no method implement method implementation or to override. So I have done that I have implemented a class I have created a class which implement the key spec and and created method specific for our purpose but the main problem for me is to is the algorithm and the format. Okay. How should I think that there are two, so I can see two implementation of those specs one is for pkcs8 and one is for x509. So yes, maybe it's not for. Maybe x509 encoded key space must be for the pen format. Okay, that is not always necessary. Well, but, but harsh it didn't you said that the challenge was identifying the encryption but isn't, isn't the encryption. Isn't the algorithm encoded. In the heading of the private key file. No, no. No, if you see the dsa one way says though, RSA definitely does it says begin RSA private key. I just looked at one of my RSA private keys. If you if you create an ED 25519, maybe even a CDSA. I think it'll include a header that looks like this. Yeah. Also, but I think the old ones just show what you're kind of showing there. So these that I'm showing are not passphrase protected. That's correct. So these, these are not passphrase protected but yeah you're right if I grab the one that is passphrase protected. Oh, and it says begin RS. Yeah, mine says begin RSA private key. And then it continues with this. Actually stole that that line from Stack Overflow instead of using my own private key. So you choose the specific format algorithm. So I think by default it does not encrypted with RSA. So I, I chose to pick an ED 25519. In fact, GitHub is actually changing their direction to their instructions to use those as well. Yay. That's the key ever good choice. Whew. BSD people are really serious open BSD people are really serious about their crypto. I mean really serious. Yeah, so you pass dash T. So, here's the new. Here's the GitHub that guidance, and you basically pass dash T and you specify ED 25519. I could have put that in the doc, sorry. If you're in the dark ages, you have to use this other thing. That's the dark ages you guess you guess for darkness lies very good. Okay so so but but back to the question I thought that this heading was was a known quantity to determine the type of the algorithm used to encrypt what you're saying it's in general not. Whoops, why did you just change my or ED 25 because it's supposed to be like this. Oh, so picky. Okay, God, sorry. Very good. Okay, so it actually does have RSA doesn't say open SSH. That's why I changed it. Well okay so then you're using an RSA key not a not a an ED 2559. I'm fairly certain that this is ED 25519. Okay what version of open SSH you're in. Let me check. Mine's 8.4. And it just calls itself begin open SSH private key. And the next one is so I guess harsher what we're what we're illustrating is that there are many, many ways to do this. The second one your second and third line look like mine. I think that's the critical bit. Second and third line this one. No, I don't have those lines. Nope, my, my, but let me generate a new one just to be sure. Okay, sure. Yeah, I can do the same. I just generated one. And yeah I just generated this one. ED 255 and I solemnly promised never to use it so I'm going to paste pretty much the whole thing. Okay, so here it is this is the. Whoops. ED 25519 public key looks like this. All one line. Okay, we're going to do micro font. Whereas public private key. Oops, has a heading that looks like this. And this is a past race protected key. So I'm not sure what to say about. Now, that's an ED 255, 25519 protected past race protected private key. Let me try the same thing with RSA. Can we say that all 25519 protected private keys are always going to be like this. I was also under the assumption that the header would include the information about the algorithm. Yeah, I think. Because if we can consolidate that fact then yeah. I mean I can I can certainly do checks we've got I've got access to lots of systems where I can do the checks to to see what format they take. So so that's that's a survey that well and actually harsh it you've got access to Centos you said right so you could you could certainly check the boundaries you've gotten. You've got a new boom to system or a Debian that would be relatively modern and then Centos if you've got Centos seven. It's about as old as we're going to get. Please feel free to laugh at me. You're correct. Mark. I was on the wrong machine. Oh good. I like that. Okay, that's a relief actually. Yes, I was like what because I saw what you said and I was like, yeah, he's right here. What's going on. Machine. So let me check for just okay so you did 25519. Okay, and then now even. Okay, so I don't see the property type for online but it may be because of my version number my even for RSA. This one, I think is a pass phrase. And I don't remember which cypher used. I may have used. Yeah, I think I just used a strong. Okay. Yeah, you just use 1096 bits probably. Okay. Yeah, and so harsh it I'm not sure we're helping much in terms of you've got, we've we've got a challenge here the challenge is still how do we deal with passphrase protected private keys. I think you've is your sense that you've found a solution through the convert to PEM and then use bouncy castle or I assume that'll require that you call SSH key gen from the command line. Yeah, I was previously doing this only, but I mean this is not this is a tentative solution and the user might not have the SSH key gen utility or the open SSH key gen utility. They might have you just got the private key and just pasted it in the Jenkins credentials. So, I mean this is just a tentative solution SSH key gen. Yeah, and I'm, I'm, I'm open to that tentative solution even now because it's perfectly okay for us to say you must have I think it's okay anyway for us to say you need to have SSH installed on your image so that we can use it. So I mean, actually, I guess I should say it differently. They already have to have SSH installed at least enough of SSH that that get can use SSH for transport. So I think this is actually pretty safe if even if you had to do it long term. It's not not especially pretty forking a separate process to do conversion but we could conceive the limit the number of times we do it. So, is that key that ID, IDS RSA key on the convert to PEM format is that like, so I did notice that if you use the ED 2550 25519, it wants to store your key in ID. Sorry. You can underscore ED 25519 as a default rather than ID RSA. Right. And that's type of it. Well, for ED 25519, you just changed the file name. Yeah. Yeah, this one, this one is the example here I took as how to do it with an RSA key, you'd use the same thing but change it to do it with with ID, ED 25519. Oh, interesting. Okay, do convert to PEM can't convert on my system anyway, can't convert an open BSD format and ED 25519. But it can convert an RSA. That looks an awful lot like an RSA key. Okay, so how should you're you're exploring the right place. This looks complicated. So any other questions on crypto and crypto algorithms. I was thinking if we cannot figure this out, we can fall back to the previous method where that we are using in the client client plugin right now. Yeah, and that was the answer the terminal prompt with a separate file. That's what your meaning I think isn't harsh it. Yeah, like there will be no how many like three separate files for passes protected, protected keys, if using it SSH. Yeah, I think I think that's reasonable we've got a you've got a plan as to how to handle it. We would prefer the simpler we would prefer the more elegant way. If the elegant way doesn't work, then we can fall back to the the old way. Okay. Any other topics on go ahead. So I mean like we are are we asking the user to convert the key for us. Or do we have to use the like there's a launch command option is well in the client plan. I have not tested it but using that we have to use the perform the SSH operation to convert the key into pamphlet. And the problem that the plug in would do the conversion. Because the user already has private keys stored in their system. Yes, so the conversion will be using SSH. region. Yes. And the problem is SSH key gen. So certain key types fails for fails with for ED 25519. So it can't do a convert to PEM. And I assume that maybe because there isn't a PEM format to support the open BSD format. Okay, so next steps then for you harsh it what's what's your plan next. I was holding this back and I was working on the I mean the user password credential binding for windows. Oh, okay. So that's a good one to report on. Should we go there and hear how that's how that's doing so username password binding on windows. Share with us how it's going. I'm like, I have just read the I'm not started that much like I have just read the implementation of windows in windows credentials and I'm like, figuring it out right now. Okay. Great. All right. I mean like I spent two days working on that only. So, and on the Yeah, the SSH binding. Well, and that's there. It's obviously a complicated area. So yes, absolutely. Okay, any, any other questions or topics we need to discuss today. We did have this topic that we need to before end of community bonding period I think we want you to get an updated description of the project onto Jenkins.io. See if I can find the pages where those go. I mean I will. We will update the dog only after when I figured out that the bouncy castle API is working fine. Okay, I just my thought was, it's probably good for you to to post something there sooner. Well, I would think before we conclude community bonding on the seventh. That'd be good just to show hey here's the progress we've made so far. Here's what we've got, but that's still six days away so you're five days away so you've still got time. What changes do I have to make in that. Well, I think I think the goal would be share either your design document or your ideas of the results of your exploring, you know, basically it's a post to describe here let me look and see just, I've got to see what others are doing just a minute. GitHub Jenkins.io. I think we just had a poll. Where is it. No, that's not it. Okay, so maybe I'm mistaken. Let's see so what have we got here. Yes, so Oleg had PR, I think a version of the new sites. Oh yes here it was update the GSock 2021 remote monitoring project page so here's the example. Right, and this one is the projects page showing. Okay, that's a fairly simple update so this is not a large scale update. And this one. Also pretty simple. Okay, good. Alright so none of these are huge are should all that these two updates did was correct minor errors in the original pages. So let me paste a link to those as examples. And then kind of for the rest of the project, you'll kind of keep that up to date with timelines and that's where we'll post like your blog post updates and stuff like that. Right. Likewise probably on a plan for a demo after first demonstration after first release, or after, you know, at at some progress point. I have typically been in Jenkins online meetups if I remember right, and usually as a group, multiple, multiple projects presented a single meetup 10 to 15 minutes each. What's that for the phase one evaluations, or is it before that is this I think I think this is probably at the end of phase one is where I'm guessing for sure it will be at the end of phase two. Absolutely this is later so maybe what we should say here is phase phase one and or possible or phase two and and possibly earlier, we'll need a blog post and demonstration and because did Rishabh didn't last year we have you do two different demonstrations there were two points where we had to do join a meeting and show. Actually, we have three evaluations last time phase one phase one then the final one. Right and certainly phase evaluations I wasn't sure did we do a demonstration at each of the phases. Okay, so then you should plan the same that phase one and demonstration and 10 to 15 minute with a demo in a 10 to 15 minute talk and same for it phase two and and harsh it you're okay with that. Yeah. Great. Any other topics we should be sure we discussed today. If there's none I won't come back to the pen fighting version from the factory thing. Okay. So my if so my my question is that, or what I'm seeing is that the pen format is essentially a base 64 translation of X 509 keys. If if I'm not wrong about that then I can see that so what how she was talking about the key spec and the algorithm required for us to convert it into them. So let's say we know the algorithm. I can see that there are two default implementations for the key spec one is for the PCC is a format the other one is for the X 509 format key spec. If we're able to do that and then we encoded with the base 64 will be reached with the pen format. Private key is something I want to explore or am I saying something wrong. Okay, so I guess I just want to ask is that is there a conceptual mistake I'm making when I'm saying all of this. I, I didn't hear any conceptual mistake but I'm not a not a crypto expert say it again. So what I mean is that this the code I shared here is is is a way where where I converted a RSA encoded private key into a PCC is encoded key, which is then I use that to store into a keystone that is how I used it. Now what I'm saying is that it requires two things for the conversion. The first is the algorithm, which I haven't shared but it was essentially RSA in my case I knew that it was always going to be the same case. Let's say we know the algorithm. We were sure that we can understand which algorithm is used to encrypt the input key will have the second thing is about the key spec and both of those things I used to generate a private key. Using the key factory. So I can see two default implementations in the Java security package for the key spec. The first is for the PCC is a format and the second one is the X 509 format. So, from what I know about PEM format, it is a base 64 translation of the X 509 key. If that is not wrong then essentially what we have to do is to convert this using the key spec of X 509 and then base 64 encoded. If we do that then do we arrive. I'm not sure that is the correct hypothesis but that's what I'm thinking that do we arrive at a PEM format. Yeah, maybe I should try it first. So you will. Okay, you were saying, if, if since PEM is at base 64 encoded, your question was, if you convert pk csa to base 64 encoded format, do you get PEM. Pk csa format but X 509. Oh, sorry, X 509. So if you convert X 509 to basic and that I do not know. Yeah, that's way beyond my depth. I think it's a simple experiment considering that we already have SSH key gen of a way to convert it, I can just use this and then compare both of them. If I get the same conclusion then I Yeah, could be a way to programmatically convert the keys into PEM format. I think I should. I could share a few links like that will be helpful for everyone on the same page. Can I. Okay. In the chat. In the chat would be greater you can paste them in the document either would be fine if you paste them in the chat I promise to copy them into the document. Okay. Okay, so, so if we do not find a way to programmatically do this, I mean, using a driver library then we're defaulting to using SSH key gen bank. That's, that's my understanding. And if we can't do with SSH key gen, we have to fall back to do the, the, the terminal dance that is done by the get client plugin today. So we do have Yeah, so now how should you did you have other links because there's this link from stack exchange that talks about a Java implementation of ED 25519. However, I have no idea how good or bad that Java implementation is or it's oh it's released to the public domain so at least it is available. I have no idea how strong or weak it is. See here is a. Okay, now, now wait a sec. Okay so here's another one for as a question. How should you might want to look at this one which talks about generating ED 25519 private key parameters. I'm not sure what version of bouncy castle that requires says 1.63. Okay, where do I find the bouncy castle. Okay, so apparently it's not in here ED 25519. Oh no, there it is. Okay, so there is, at least bouncy castle has the concept of it. Interesting. Okay, so, so, so this. Now if it's got ED 25519 I would assume it also has RSA private key RSE private key structure. Yeah, so so and harsh it you had investigated using bouncy castle but it doesn't. It's not a way to sec BC pro BC. I don't know which one I'm looking at so so my worry is this may be too new. Do you see a JDK eight I'm not seeing it 161514. FIPS. Nothing in the FIPS. There is an RSA private key. Okay, so, so I don't, I'm just, I'm not helping here at all I'm afraid I'm just doing wild guesses. Excuse my distraction. It's worth the rest of you. I'm sure I should have investigated. Awesome. But if you seen. Yeah. Yes, I should. Have you opened the Java doc of bouncy castle API. Was it of Jenkins or the bouncy castle API only. This was the bouncy castle API for for bouncy castle itself and it's, it's a version that I don't know what it's actually expressing here harsh it and I apologize that I'm not familiar with that but this looks like it's a bouncy castle API for Java doc for various versions of it. And I think I read that we're running. I guess I should be able to look it up shouldn't I someplace inside Jenkins. There will be a reference to bouncy castle. Okay it's in the bouncy castle API plug in. That appears to be one that five four. I'm going to decode that so. I'm looking at the plugin page. Yeah, there you go. Yeah, you're there. So this. That's instance identity modules I'm not sure if that's the same. Yeah, so how about if we look here. If this thing's palm I would expect it's got a reference to BC something or other. Okay, yeah, there it is so it's using BC, BCP KIX JDK 15 oh and one dot 68. So that is the current version. So, so I think it's worth exploring further to see if you can use. It's easy. Okay. No, this version of it doesn't seem to have it where did I find. It was in. Oh, it's spelled wrong. And this one is in BCP ROV dash ext whatever that means. Let's speculate that BCP ROV this one. Yeah, there it is. Okay, so there, there does seem to be a bouncy castle library that provides it. I'm just not sure if we can use it. So, how should I assume you're okay if I embed a link to this into our into our notes in hopes that it'll help you somehow. We can directly add bouncing as a dependency to get time. So we can use our own. Well, we, we can accept. I worry that that I don't know what, what this one means that particular, what does PR OV mean. In this case is that provisional is that something there's, there's some concept there that I don't think I've ever seen that reference. And so that would be something just to check to be safeguarded to see okay did it does it in fact do what we want and will it can we use it. Let's put the let's put the reference into the document. We want to take the bounce against the API plugins dependency as a reference because that we know has been tested within Jenkins environment. Right, exactly. But so the idea then the question is, but that is probably not inside the bouncy castle API plugin. And that we should be able to check right just to do a quick look. So here if we look at what's included in its palm file, it's only got that single library right now. Now that doesn't stop us from using it that doesn't prevent it. It's just it means we've got it harsh it would have to do some more research to be sure is is it okay that we include that inside Jenkins and does it solve the problem. If it doesn't meet the needs then, including in Jenkins is irrelevant but harsh it it seems worth it. If you can stand to do the exploration to do some exploration around this particular API and see if it'll help. This is for specifically this particular one. Yeah, this one is is specifically for the ED 25519 which is the open SSH format. And then there's open SSH encryption and then there is another one for RSA. Oops, not that. And if we keep looking here we should see RSA private key. So here's the one for RSA. And I bet there is also one for DSA. Yeah, here's the DSA one. And I would bet there's one for EC DSA. Yeah, here it is EC DSA public key. So so it looks like there is at least some representation in this in the law in this particular library BC Prove, EXT JDK 15 on that might be helpful. But using that won't be requiring the knowledge that we know the algorithm. Oh no I think I think it will require that we know the algorithm, but I think you can I'm I'm reasonably confident you can determine the algorithm by looking at the the header of the file. Open SSH keys, sorry, open the key gen generate keys by headers open SSH open SSH private key. So I am not sure if the headers could help us. Yeah, well and what open SSH private key means is that's the open SSH format and open SSH format uses ED 25519. And for the other format such as we would have the address. That's what Justin was initially showing you say. By default. I mean, as I'm reading the key assistant and manual, it says by default it will generate keys in RSA. Algorithm. That is what's done by default until I think open SSH on on open BSD now has changed that. Let me go look just to be sure that's where they do their leading their leading edge development. Oh yes, here it is. Okay. So now it says SSH key gen will by default write keys in an open SSH specific format. It is still possible to write them in PIM. Now that doesn't tell me if they're always ED 251 25519. Oh, and they're even new formats dash SK. Okay, so I can't tell which. So by default, mine's doing an RSA key, even with the most recent open BSD. And if it is an RSA key then we would have the head and would contain that information like it would not be open SSH. Right so SS is so if we do SSH key gen minus T RSA minus F. This will generate the private key. And now we're going to look at it in a terrible mistake. That's good. Okay. Here's the begin open SSH private key. I say how can it. Okay, so that I think I see your point harsher it just generated a key that it says is open SSH private key but it's definitely not ED 25519 format. Yeah. So, so now I assume what we have to do is something like this where we say back to your it was minus E minus M Pam. And now it's generated something that explicitly declares itself to be an RSA public key. And now where did the private key go so that's. Yeah, so more to be done there. I mean if we are able to generate into Pam format then there's no need to know the algorithm like bonds because the sports format. So it's easy for us from there. Right. So the complication then continues with how do we get it into PEM format for all the things and if we can't do PEM format as ED 25519 seems like we can't then how do we handle those keys. And it may be that the initial okay good. I think I think I see where you're headed. Any other topics for discussion today. Oh, our next session, actually next session is a crucial thing. When do we want to meet next. How does your Friday look. Harsher and Richard. Yeah, I can. Yeah, fine by me. And Justin, does your Thursday night at the same time work okay. No good this Thursday night again. Okay, and we don't have Markey did Markey Jackson talk with you. With me though. No okay so Markey, Markey Jackson had expressed interest in being one of the mentors. Nice. Yeah I thought that would be great but I've invited him to this meeting and he didn't make it and he didn't make it to last Friday's either. Okay he declined today so that's fine. We really do need him. Well, it would be great to have him he certainly got experience with yet. Okay so two days from now then. Okay with everybody. Yeah, yeah, go ahead without me. I will do the same follow up. All right. Okay, and that that then I'll have one more meeting next week, and then I'm offline. I wonder if Markey had a problem with with time. He had said that it was okay with him but it could be much he may have he may have had a problem. Absolutely I mean personal schedules are what they are. So I'm going to send everybody an invitation for two days from now same time. Cool. All right, thanks everybody. Anything else before we close. I just wanted to say that so we're going to explore. Okay, so we're going to explore the validity of the possibility of converting the different algorithms by the team to come back, or abandoning the idea. I think that harsh it intends to explore converting the various algorithms to PEM so that he can use bouncy castle harsh it did I understand correctly. That's not that's not my plan B my plan a is using the SSH kitchen from the client plugin using launch command function functionality that provides. Okay, great. Because that's what you've got working now. I mean I did the research on working on converting the formats but I didn't come up to a conclusion so I think that should be for me the plan B instead of pursuing it further and maybe delaying the. It will be delaying. I mean it will be delaying progress. Okay. The SSH key gen is really the preferred path. If you've got additional data that can help. You're certainly welcome to share it. And, and I'm sure suggest alternatives. I'm going to investigate a little bit before saying more on that because I do need to look into the bouncing as an API and the possibility because harsh it has done the investigation and I'm just going to look around. Okay. I'm going to explore the concept of using PCCSA format to store private keys. I'm not sure if it's using it instead of pen is something we can do. I just want to look at that as well. Any other topics. Go ahead. No, no, I was just saying, yeah, that's that's what I'm trying to do. And I report on Friday. Anything else. All right, thanks everybody. I'll post recordings. Shortly. The recording from last session. I think I already posted but if not my apologies I'll try to get it done. Talk to you in two days. Thanks.