On 23/09/2010 22:41, Hongwei Sun wrote:
Matthieu,
What I meant is that the guidGUID field in client-side-wrapped-secret structure is
only dependent on the SubjectUniqueID field in the public key certificate received
from server. Actually the document states that all other fields (and extensions, if
any) of the certificate are populated in implementation-specific ways and SHOULD be
ignored by the client, but MS-BKRP still shows how these other fields are populated
by the server in the Windows behavior note<5>.
I also took a look at the certificate you attached with your e-mail, I got
the following output using certutil:
X509 Certificate:
Version: 3
Serial Number: bd76df42470a008d473e743fa1dc8bbd
Subject Unique Id:
0000 bd 8b dc a1 3f 74 3e 47 8d 00 0a 47 42 df 76 bd
....?t>G...GB.v.
We can see that SerialNumber and SubjectUniqueID are in reversed order.
Does this mean that the SubjectUniqueID is in the same order as the GUID of
certificate in AD as you refer to ?
Yeah ! It's in the correct order (the same that you'll find on the wire
for the protocol)
By the way, What is the GUID of certificate in AD ? As I know, there is no
GUID field in a X.509 certificate. The RSA key pairs are saved in a LSA global
secret named G$BCKUPKEY_guid on DC. Is this the guid you are referring to ?
Yeah I made a shortcut speaking about the guid part of the G$BCKUPKEY
(or the related entry in system subkey in the AD).
If the certificate you attached is received from a Windows server, we may need to
update the Windows Behavior note<5> to state that SerialNumber and
subjectUnique Id is in reversed order, instead of identical. Please confirm so I
can follow up with a document update request. Hopefully this should not affect
interoperability.
The cert comes from a w2k8r2 server, sure it's not too important, and
that's the things that gives me the clue that maybe you were reversing
more than 1 field in the whole protocol !
Btw you might be please (at least I am) to know that I have a working
implementation of a torture test for the backup key remote protocol.
I'm eager to clean this test and to start the code of the server part.
While finishing the test I forgot to revert the bytes of the encrypted
secret, and I still received an answer from the server saying that's ok.
I didn't recheck the specification right now but this didn't look like
the correct behavior.
I'll keep you informed.
Matthieu
Thanks!
Hongwei
-----Original Message-----
From: Matthieu Patou [mailto:m...@samba.org]
Sent: Wednesday, September 22, 2010 9:46 PM
To: Hongwei Sun
Cc: Sebastian Canevari; cifs-proto...@samba.org; Darryl Welch; MSSolve Case
Email
Subject: Re: [REG:110092263101306] RE: backup protocol
On 23/09/2010 03:27, Hongwei Sun wrote:
Matthieu,
After checking the logic in the code, I found that Windows clients will
reverse the EncryptedSecret part in the Client-Side-Wrapped_Secret structure
(2.2.2 MS-BKRP). This matches what you have found. I will file a request to
have it confirmed and updated into the document.
Thanks.
As of the GUID field in Client-Side-Wrapped_Secret structure, it is not in
reverse byte order. As documented in item 10 of client-side wrapping logic
in 3.2.4.1 MS-BKRP:
10. Copy the GUID of the server public key to guidKey. This value MUST
be retrieved from the SubjectUniqueID field of the server's ClientWrap public
key certificate, as specified in [X509] section 2.2.1
It is clear that the GUID is copied from SubjectUniqueID in a certificate ,
not SerialNumber in a certificate. This is also confirmed by code review.
Please verify this against the public key certificate you are using.
In section Product behavior we have this note:
<5> Section 2.2.1:
...
The serialNumber field is identical to the subjectUniqueID field.
...
Furthermore if you have a look at the certificate in DER format that I
attached to my first email you'll find that the serialNumber is
popultated with a 16 bytes array that once reverted is the GUID of the
certificate in the AD.
Matthieu.
Please let me know if you have any further questions.
Thanks!
Hongwei
-----Original Message-----
From: Matthieu Patou [mailto:m...@samba.org]
Sent: Wednesday, September 22, 2010 1:26 PM
To: Sebastian Canevari
Cc: cifs-proto...@samba.org; Interoperability Documentation Help; Darryl Welch;
Hongwei Sun
Subject: Re: backup protocol
Hi Sebastian,
I made more investigation this night and after realizing that the guid of the
certificate was stored in reverse order in different fields like serialNumber
field in the certificate I tried to give a try and reverse the bytes of the
blob before trying to decrypt it.
And it turns out that I managed to uncrypt the blob when doing so (please see
the file secret.cr.decrypted that really looks like an encrypted_secret version
2 struct).
I also attached the permuted version of the blob.
Can you check and told me if the documentation should state that the
encrypted_struct should be reverted.
I also think that the documentation should in the behavior notes states that
the serialNumber contains the guid of the certificate but in reverse byte order.
Regards.
Matthieu.
On 22/09/2010 20:34, Sebastian Canevari wrote:
Thanks Matthieu!
Someone from my team will get in touch with you shortly.
Thanks and regards,
Sebastian
Sebastian Canevari
Escalation Engineer, US-CSS DSC PROTOCOL TEAM 7100 N Hwy 161, Irving,
TX - 75039 "Las Colinas - LC2"
Tel: +1 469 775 7849
e-mail: seba...@microsoft.com
-----Original Message-----
From: Matthieu Patou [mailto:m...@samba.org]
Sent: Tuesday, September 21, 2010 8:56 PM
To: cifs-proto...@samba.org; Interoperability Documentation Help
Cc: Darryl Welch
Subject: backup protocol
Hello dochelp,
I would like to have some confirmation on backup protocol, here is the dump as
the samba server will receive it from a windows client to unwrap a secret.
./bin/ndrdump backupkey bkrp_BackupKey_debug in
~/workspace/samba/tcpdump/bkrp/bkrp_in
pull returned NT_STATUS_OK
WARNING! 52 unread bytes
[0000] 8A E3 13 71 02 F4 36 71 02 40 28 00 30 7C DE 3D ...q..6q .@(.0|.=
[0010] 5D 16 D1 11 AB 8F 00 80 5F 14 DB 40 01 00 00 00 ]....... _...@....
[0020] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`
[0030] 02 00 00 00 ....
bkrp_BackupKey_debug: struct bkrp_BackupKey
in: struct bkrp_BackupKey
guidActionAgent : *
guidActionAgent :
47270c64-2fc7-499b-ac5b-0e37cdce899a
data_in : *
data_in: struct bkrp_client_side_wrapped
version : 0x00000002 (2)
encrypted_secret_len : 0x00000100 (256)
access_check_len : 0x00000058 (88)
guid :
a1dc8bbd-743f-473e-8d00-0a4742df76bd
encrypted_secret: ARRAY(256)
[0] : 0x30 (48)
[1] : 0xe5 (229)
[2] : 0x9a (154)
[3] : 0x15 (21)
[4] : 0x1b (27)
[5] : 0x59 (89)
[6] : 0xb8 (184)
[7] : 0x1e (30)
[8] : 0xb6 (182)
[9] : 0xb8 (184)
[10] : 0x2a (42)
[11] : 0xd0 (208)
[12] : 0x9f (159)
[13] : 0x30 (48)
[14] : 0xaa (170)
[15] : 0xb3 (179)
[16] : 0x12 (18)
[17] : 0x9a (154)
[18] : 0x98 (152)
[19] : 0x55 (85)
[20] : 0x63 (99)
[21] : 0xd2 (210)
[22] : 0x11 (17)
[23] : 0xe4 (228)
[24] : 0x41 (65)
[25] : 0x00 (0)
[26] : 0xdb (219)
[27] : 0x37 (55)
[28] : 0x9c (156)
[29] : 0xd9 (217)
[30] : 0x86 (134)
[31] : 0x63 (99)
[32] : 0xa1 (161)
[33] : 0x30 (48)
[34] : 0x1d (29)
[35] : 0x8c (140)
[36] : 0xf4 (244)
[37] : 0x25 (37)
[38] : 0x00 (0)
[39] : 0x16 (22)
[40] : 0xe2 (226)
[41] : 0xc1 (193)
[42] : 0xb0 (176)
[43] : 0x36 (54)
[44] : 0x89 (137)
[45] : 0x10 (16)
[46] : 0x83 (131)
[47] : 0x56 (86)
[48] : 0xad (173)
[49] : 0x8f (143)
[50] : 0x0b (11)
[51] : 0x11 (17)
[52] : 0x60 (96)
[53] : 0x20 (32)
[54] : 0xc4 (196)
[55] : 0x07 (7)
[56] : 0x81 (129)
[57] : 0x77 (119)
[58] : 0xc1 (193)
[59] : 0xd4 (212)
[60] : 0x95 (149)
[61] : 0x7d (125)
[62] : 0x81 (129)
[63] : 0xe8 (232)
[64] : 0xcc (204)
[65] : 0xa6 (166)
[66] : 0xbf (191)
[67] : 0xc5 (197)
[68] : 0xf5 (245)
[69] : 0x23 (35)
[70] : 0x8d (141)
[71] : 0x29 (41)
[72] : 0x2e (46)
[73] : 0x9c (156)
[74] : 0x8d (141)
[75] : 0x21 (33)
[76] : 0xff (255)
[77] : 0xc3 (195)
[78] : 0xb7 (183)
[79] : 0xc3 (195)
[80] : 0xba (186)
[81] : 0x14 (20)
[82] : 0x35 (53)
[83] : 0xec (236)
[84] : 0x6f (111)
[85] : 0x50 (80)
[86] : 0x24 (36)
[87] : 0x14 (20)
[88] : 0x17 (23)
[89] : 0x83 (131)
[90] : 0x5f (95)
[91] : 0xdc (220)
[92] : 0xbc (188)
[93] : 0x2a (42)
[94] : 0xd9 (217)
[95] : 0xf6 (246)
[96] : 0xee (238)
[97] : 0xf9 (249)
[98] : 0x4f (79)
[99] : 0x63 (99)
[100] : 0x16 (22)
[101] : 0x0a (10)
[102] : 0xfc (252)
[103] : 0x93 (147)
[104] : 0xb4 (180)
[105] : 0xa2 (162)
[106] : 0x4c (76)
[107] : 0x10 (16)
[108] : 0xcf (207)
[109] : 0x28 (40)
[110] : 0x54 (84)
[111] : 0x55 (85)
[112] : 0x7e (126)
[113] : 0xa7 (167)
[114] : 0x47 (71)
[115] : 0xdb (219)
[116] : 0x24 (36)
[117] : 0x96 (150)
[118] : 0xe4 (228)
[119] : 0xdd (221)
[120] : 0x5f (95)
[121] : 0x4c (76)
[122] : 0x0c (12)
[123] : 0x4d (77)
[124] : 0xc8 (200)
[125] : 0x17 (23)
[126] : 0xc9 (201)
[127] : 0x53 (83)
[128] : 0xdb (219)
[129] : 0x58 (88)
[130] : 0x98 (152)
[131] : 0x03 (3)
[132] : 0xf6 (246)
[133] : 0xf9 (249)
[134] : 0x19 (25)
[135] : 0xec (236)
[136] : 0x56 (86)
[137] : 0xb0 (176)
[138] : 0x8d (141)
[139] : 0xf5 (245)
[140] : 0x39 (57)
[141] : 0x9d (157)
[142] : 0xfb (251)
[143] : 0xea (234)
[144] : 0x59 (89)
[145] : 0xdd (221)
[146] : 0xeb (235)
[147] : 0x3d (61)
[148] : 0xa0 (160)
[149] : 0xaf (175)
[150] : 0x1b (27)
[151] : 0x7c (124)
[152] : 0xe1 (225)
[153] : 0x85 (133)
[154] : 0x22 (34)
[155] : 0xd2 (210)
[156] : 0x19 (25)
[157] : 0x45 (69)
[158] : 0xa8 (168)
[159] : 0x14 (20)
[160] : 0x2a (42)
[161] : 0x8f (143)
[162] : 0x26 (38)
[163] : 0x3d (61)
[164] : 0x3e (62)
[165] : 0x4f (79)
[166] : 0xc8 (200)
[167] : 0x4d (77)
[168] : 0xb5 (181)
[169] : 0xb4 (180)
[170] : 0xeb (235)
[171] : 0x49 (73)
[172] : 0x6b (107)
[173] : 0x16 (22)
[174] : 0xc2 (194)
[175] : 0x5f (95)
[176] : 0xa7 (167)
[177] : 0x3b (59)
[178] : 0x1e (30)
[179] : 0xd3 (211)
[180] : 0x25 (37)
[181] : 0xe9 (233)
[182] : 0x84 (132)
[183] : 0xc0 (192)
[184] : 0x30 (48)
[185] : 0xd9 (217)
[186] : 0x56 (86)
[187] : 0xf7 (247)
[188] : 0x15 (21)
[189] : 0x89 (137)
[190] : 0xd5 (213)
[191] : 0xac (172)
[192] : 0x40 (64)
[193] : 0x96 (150)
[194] : 0x14 (20)
[195] : 0xed (237)
[196] : 0x02 (2)
[197] : 0xcf (207)
[198] : 0x66 (102)
[199] : 0x03 (3)
[200] : 0xee (238)
[201] : 0xf5 (245)
[202] : 0x79 (121)
[203] : 0xa3 (163)
[204] : 0xc6 (198)
[205] : 0x4e (78)
[206] : 0x59 (89)
[207] : 0xfe (254)
[208] : 0x01 (1)
[209] : 0x07 (7)
[210] : 0xda (218)
[211] : 0x5f (95)
[212] : 0xd1 (209)
[213] : 0xb8 (184)
[214] : 0xd6 (214)
[215] : 0xe3 (227)
[216] : 0x15 (21)
[217] : 0x28 (40)
[218] : 0x78 (120)
[219] : 0x83 (131)
[220] : 0x4b (75)
[221] : 0xf6 (246)
[222] : 0x5b (91)
[223] : 0xd6 (214)
[224] : 0xb0 (176)
[225] : 0x10 (16)
[226] : 0xb7 (183)
[227] : 0x74 (116)
[228] : 0x5f (95)
[229] : 0xaa (170)
[230] : 0xaa (170)
[231] : 0xc4 (196)
[232] : 0x4f (79)
[233] : 0x53 (83)
[234] : 0xe7 (231)
[235] : 0x1f (31)
[236] : 0xfd (253)
[237] : 0xe4 (228)
[238] : 0xab (171)
[239] : 0xa3 (163)
[240] : 0xbb (187)
[241] : 0xf3 (243)
[242] : 0x98 (152)
[243] : 0x5c (92)
[244] : 0x47 (71)
[245] : 0xea (234)
[246] : 0x2b (43)
[247] : 0xa5 (165)
[248] : 0xbf (191)
[249] : 0xa1 (161)
[250] : 0xbe (190)
[251] : 0xa2 (162)
[252] : 0x3b (59)
[253] : 0x3b (59)
[254] : 0x13 (19)
[255] : 0x6a (106)
access_check: ARRAY(88)
[0] : 0xaa (170)
[1] : 0x5e (94)
[2] : 0x85 (133)
[3] : 0xdd (221)
[4] : 0xfb (251)
[5] : 0xdf (223)
[6] : 0x5c (92)
[7] : 0x8e (142)
[8] : 0x0f (15)
[9] : 0xc4 (196)
[10] : 0x9e (158)
[11] : 0xdf (223)
[12] : 0x43 (67)
[13] : 0xb7 (183)
[14] : 0xb8 (184)
[15] : 0xaa (170)
[16] : 0x01 (1)
[17] : 0x17 (23)
[18] : 0xf6 (246)
[19] : 0xd4 (212)
[20] : 0x93 (147)
[21] : 0xcb (203)
[22] : 0x35 (53)
[23] : 0xb9 (185)
[24] : 0x9f (159)
[25] : 0x57 (87)
[26] : 0x2a (42)
[27] : 0xed (237)
[28] : 0x8d (141)
[29] : 0x6f (111)
[30] : 0xdc (220)
[31] : 0x4d (77)
[32] : 0x9c (156)
[33] : 0xae (174)
[34] : 0x9f (159)
[35] : 0x2a (42)
[36] : 0x45 (69)
[37] : 0xc9 (201)
[38] : 0xbb (187)
[39] : 0xf5 (245)
[40] : 0x48 (72)
[41] : 0x8a (138)
[42] : 0x3e (62)
[43] : 0x98 (152)
[44] : 0x62 (98)
[45] : 0x93 (147)
[46] : 0xb8 (184)
[47] : 0x20 (32)
[48] : 0x77 (119)
[49] : 0x0e (14)
[50] : 0x8f (143)
[51] : 0x24 (36)
[52] : 0x75 (117)
[53] : 0x16 (22)
[54] : 0x12 (18)
[55] : 0x2e (46)
[56] : 0x7b (123)
[57] : 0xf0 (240)
[58] : 0xb9 (185)
[59] : 0x61 (97)
[60] : 0x1d (29)
[61] : 0xee (238)
[62] : 0x8f (143)
[63] : 0x2a (42)
[64] : 0xed (237)
[65] : 0xfb (251)
[66] : 0xed (237)
[67] : 0x39 (57)
[68] : 0x41 (65)
[69] : 0xba (186)
[70] : 0x73 (115)
[71] : 0x91 (145)
[72] : 0x68 (104)
[73] : 0x0c (12)
[74] : 0x21 (33)
[75] : 0x4b (75)
[76] : 0x9d (157)
[77] : 0x2e (46)
[78] : 0x13 (19)
[79] : 0x3b (59)
[80] : 0x4a (74)
[81] : 0x5a (90)
[82] : 0x96 (150)
[83] : 0x83 (131)
[84] : 0x74 (116)
[85] : 0x4d (77)
[86] : 0x52 (82)
[87] : 0x34 (52)
data_in_len : 0x00000174 (372)
param : 0x00000000 (0)
dump OK
If the dump is really correct (well it looks pretty good to my mind),
the encrypted secret will be:
encrypted_secret: ARRAY(256)
[0] : 0x30 (48)
[1] : 0xe5 (229)
[2] : 0x9a (154)
[3] : 0x15 (21)
[4] : 0x1b (27)
[5] : 0x59 (89)
[6] : 0xb8 (184)
[7] : 0x1e (30)
[8] : 0xb6 (182)
[9] : 0xb8 (184)
[10] : 0x2a (42)
[11] : 0xd0 (208)
[12] : 0x9f (159)
[13] : 0x30 (48)
[14] : 0xaa (170)
[15] : 0xb3 (179)
[16] : 0x12 (18)
[17] : 0x9a (154)
[18] : 0x98 (152)
[19] : 0x55 (85)
[20] : 0x63 (99)
[21] : 0xd2 (210)
[22] : 0x11 (17)
[23] : 0xe4 (228)
[24] : 0x41 (65)
[25] : 0x00 (0)
[26] : 0xdb (219)
[27] : 0x37 (55)
[28] : 0x9c (156)
[29] : 0xd9 (217)
[30] : 0x86 (134)
[31] : 0x63 (99)
[32] : 0xa1 (161)
[33] : 0x30 (48)
[34] : 0x1d (29)
[35] : 0x8c (140)
[36] : 0xf4 (244)
[37] : 0x25 (37)
[38] : 0x00 (0)
[39] : 0x16 (22)
[40] : 0xe2 (226)
[41] : 0xc1 (193)
[42] : 0xb0 (176)
[43] : 0x36 (54)
[44] : 0x89 (137)
[45] : 0x10 (16)
[46] : 0x83 (131)
[47] : 0x56 (86)
[48] : 0xad (173)
[49] : 0x8f (143)
[50] : 0x0b (11)
[51] : 0x11 (17)
[52] : 0x60 (96)
[53] : 0x20 (32)
[54] : 0xc4 (196)
[55] : 0x07 (7)
[56] : 0x81 (129)
[57] : 0x77 (119)
[58] : 0xc1 (193)
[59] : 0xd4 (212)
[60] : 0x95 (149)
[61] : 0x7d (125)
[62] : 0x81 (129)
[63] : 0xe8 (232)
[64] : 0xcc (204)
[65] : 0xa6 (166)
[66] : 0xbf (191)
[67] : 0xc5 (197)
[68] : 0xf5 (245)
[69] : 0x23 (35)
[70] : 0x8d (141)
[71] : 0x29 (41)
[72] : 0x2e (46)
[73] : 0x9c (156)
[74] : 0x8d (141)
[75] : 0x21 (33)
[76] : 0xff (255)
[77] : 0xc3 (195)
[78] : 0xb7 (183)
[79] : 0xc3 (195)
[80] : 0xba (186)
[81] : 0x14 (20)
[82] : 0x35 (53)
[83] : 0xec (236)
[84] : 0x6f (111)
[85] : 0x50 (80)
[86] : 0x24 (36)
[87] : 0x14 (20)
[88] : 0x17 (23)
[89] : 0x83 (131)
[90] : 0x5f (95)
[91] : 0xdc (220)
[92] : 0xbc (188)
[93] : 0x2a (42)
[94] : 0xd9 (217)
[95] : 0xf6 (246)
[96] : 0xee (238)
[97] : 0xf9 (249)
[98] : 0x4f (79)
[99] : 0x63 (99)
[100] : 0x16 (22)
[101] : 0x0a (10)
[102] : 0xfc (252)
[103] : 0x93 (147)
[104] : 0xb4 (180)
[105] : 0xa2 (162)
[106] : 0x4c (76)
[107] : 0x10 (16)
[108] : 0xcf (207)
[109] : 0x28 (40)
[110] : 0x54 (84)
[111] : 0x55 (85)
[112] : 0x7e (126)
[113] : 0xa7 (167)
[114] : 0x47 (71)
[115] : 0xdb (219)
[116] : 0x24 (36)
[117] : 0x96 (150)
[118] : 0xe4 (228)
[119] : 0xdd (221)
[120] : 0x5f (95)
[121] : 0x4c (76)
[122] : 0x0c (12)
[123] : 0x4d (77)
[124] : 0xc8 (200)
[125] : 0x17 (23)
[126] : 0xc9 (201)
[127] : 0x53 (83)
[128] : 0xdb (219)
[129] : 0x58 (88)
[130] : 0x98 (152)
[131] : 0x03 (3)
[132] : 0xf6 (246)
[133] : 0xf9 (249)
[134] : 0x19 (25)
[135] : 0xec (236)
[136] : 0x56 (86)
[137] : 0xb0 (176)
[138] : 0x8d (141)
[139] : 0xf5 (245)
[140] : 0x39 (57)
[141] : 0x9d (157)
[142] : 0xfb (251)
[143] : 0xea (234)
[144] : 0x59 (89)
[145] : 0xdd (221)
[146] : 0xeb (235)
[147] : 0x3d (61)
[148] : 0xa0 (160)
[149] : 0xaf (175)
[150] : 0x1b (27)
[151] : 0x7c (124)
[152] : 0xe1 (225)
[153] : 0x85 (133)
[154] : 0x22 (34)
[155] : 0xd2 (210)
[156] : 0x19 (25)
[157] : 0x45 (69)
[158] : 0xa8 (168)
[159] : 0x14 (20)
[160] : 0x2a (42)
[161] : 0x8f (143)
[162] : 0x26 (38)
[163] : 0x3d (61)
[164] : 0x3e (62)
[165] : 0x4f (79)
[166] : 0xc8 (200)
[167] : 0x4d (77)
[168] : 0xb5 (181)
[169] : 0xb4 (180)
[170] : 0xeb (235)
[171] : 0x49 (73)
[172] : 0x6b (107)
[173] : 0x16 (22)
[174] : 0xc2 (194)
[175] : 0x5f (95)
[176] : 0xa7 (167)
[177] : 0x3b (59)
[178] : 0x1e (30)
[179] : 0xd3 (211)
[180] : 0x25 (37)
[181] : 0xe9 (233)
[182] : 0x84 (132)
[183] : 0xc0 (192)
[184] : 0x30 (48)
[185] : 0xd9 (217)
[186] : 0x56 (86)
[187] : 0xf7 (247)
[188] : 0x15 (21)
[189] : 0x89 (137)
[190] : 0xd5 (213)
[191] : 0xac (172)
[192] : 0x40 (64)
[193] : 0x96 (150)
[194] : 0x14 (20)
[195] : 0xed (237)
[196] : 0x02 (2)
[197] : 0xcf (207)
[198] : 0x66 (102)
[199] : 0x03 (3)
[200] : 0xee (238)
[201] : 0xf5 (245)
[202] : 0x79 (121)
[203] : 0xa3 (163)
[204] : 0xc6 (198)
[205] : 0x4e (78)
[206] : 0x59 (89)
[207] : 0xfe (254)
[208] : 0x01 (1)
[209] : 0x07 (7)
[210] : 0xda (218)
[211] : 0x5f (95)
[212] : 0xd1 (209)
[213] : 0xb8 (184)
[214] : 0xd6 (214)
[215] : 0xe3 (227)
[216] : 0x15 (21)
[217] : 0x28 (40)
[218] : 0x78 (120)
[219] : 0x83 (131)
[220] : 0x4b (75)
[221] : 0xf6 (246)
[222] : 0x5b (91)
[223] : 0xd6 (214)
[224] : 0xb0 (176)
[225] : 0x10 (16)
[226] : 0xb7 (183)
[227] : 0x74 (116)
[228] : 0x5f (95)
[229] : 0xaa (170)
[230] : 0xaa (170)
[231] : 0xc4 (196)
[232] : 0x4f (79)
[233] : 0x53 (83)
[234] : 0xe7 (231)
[235] : 0x1f (31)
[236] : 0xfd (253)
[237] : 0xe4 (228)
[238] : 0xab (171)
[239] : 0xa3 (163)
[240] : 0xbb (187)
[241] : 0xf3 (243)
[242] : 0x98 (152)
[243] : 0x5c (92)
[244] : 0x47 (71)
[245] : 0xea (234)
[246] : 0x2b (43)
[247] : 0xa5 (165)
[248] : 0xbf (191)
[249] : 0xa1 (161)
[250] : 0xbe (190)
[251] : 0xa2 (162)
[252] : 0x3b (59)
[253] : 0x3b (59)
[254] : 0x13 (19)
[255] : 0x6a (106)
And I'm having difficulties to uncrypt it although I'm pretty sure of
my private and public key (extracted from the active directory).
I get the public key from backupkey protocol when supplying the
BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID and the private key by extracting
it from a replicated s4 DC.
The certificate is cert.pem and the key is privkeycert.pem.
I'm able to encrypt the cert's public key and decrypt with the private key:
As this: echo "super test" | openssl rsautl -encrypt -certin -inkey
cert.pem | openssl rsautl -decrypt -inkey privkeycert.pem gives me the
clear text.
So it should means that I'm able to decrypt the encrypted_secret as it
is stated in the documentation (ms-bkrp.pdf)
"If the dwVersion field is set to 0x00000002, this field MUST contain
the structure specified in Section 2.2.2.1, padded and encrypted with
the server's public key according to the
PKCS#1 v1.5 RSA encryption scheme specified in [RFC3447] section 7.2."
Trying to decrypt the secrets with the private key (which
openssl rsautl -decrypt -inkey privkeycert.pem -in secret.cr RSA
operation error 12156:error:0407106B:rsa
routines:RSA_padding_check_PKCS1_type_2:block
type is not 02:rsa_pk1.c:190:
12156:error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding
check
failed:rsa_eay.c:592:
Is there anything I get wrong ?
Thanks for you help.
Regards.
Matthieu.
--
Matthieu Patou
Samba Team http://samba.org
--
Matthieu Patou
Samba Team http://samba.org
_______________________________________________
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
