Re: [cifs-protocol] FW: [REG:111061756137964] Encryption of the key for "netsh branchcache importkey and exportkey.

Wed, 06 Jul 2011 13:29:22 -0700 

One more note.

The extracted Server Secret is 32 bytes in length and is a binary string
(clearly neither Unicode nor OEM Charset).

My guess, at this point, is that the extracted value (which validates
correctly) is the Server Secret itself, and *not* the "arbitrary length
binary string stored on the server" that is used to generate the Server Secret.

In other words, the extracted value is yet another SHA256 hash.

I have not yet tested this theory, and the documentation I have found so far
is not clear on the subject.  Working on it...


>From [MS-PCCRC, 1.1]:

  server secret: A SHA-256 hash of an arbitrary length binary string stored
                 on the server.


>From the BranchCache help:

  Usage: exportkey [outputfile=]<File Path> [passphrase]=<Pass Phrase>

  Parameters:

      Tag          Value
      outputfile   - The directory path and name of the file to which the
                     key should be exported
      passphrase   - A passphrase required in order to import the key

  Remarks: This command will export the key which the BranchCache service
           uses to protect content information. The key can then be
           imported on another machine by using the importkey command.


Chris -)-----

Edgar Olougouna wrote:
> Chris,
> Thanks for sharing the good news! The fact that you got the decryption 
> working with two different AES implementations (e.g. Mcrypt and OpenSSL) 
> shows that we nailed down most important details required for successful 
> non-Windows implementation. Hopefully, this has value for testing 
> inter-operability of your BranchCache implementation.
> I will pass your notes to the product team so it can considered when 
> documenting the algorithm details.
> As always, feel free to contact us, should you need further assistance on the 
> open specifications.
> 
> Regards,
> Edgar
> 

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   [email protected]
OnLineBook -- http://ubiqx.org/cifs/    -)-----   [email protected]
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol

Reply via email to