Looking at the code, it seems to me that impsenc.db used a aw key whole
media.db uses a passphrase. In particular, media/db uses passphrase with
key derivation (The key itself can be a passphrase, which is converted
to a key using PBKDF2 key derivation. The result is used as the
encryption key for the database.) while impsend.db uses raw key data
without key derivation.
My understanding is that both keys used for impsenc.db and media.db come
from the master password but they used different way to exploit it.
M
On 08/07/16 13:51, Hans-Christoph Steiner wrote:
Cacheword is designed to feed the key bytes right into APIs that expect
those bytes. So things like SQLCipher. The password that the user
types is used to decrypt the key that is stored in the cacheword file in
SharedPreferences. So the raw key bytes you get from CacheWord are not
derived from the password.
.hc
Massimo Canonico:
Hi all,
I'm trying to use the cacheword library in order to printout the hex of
the encrypted passphrase.
I'm sure that I'm make some mistake since for some input I get the hex
and for other input (with the same code), I get an exception:
javax.crypto.BadPaddingException: mac check in GCM failed.
After my signature I pasted the method used in my code. I really
appreciate if you can take a look and see what I'm doing wrong.
Besides the code, I have a question about chatsecure and cacheword. The
impsenc.db and media.db files are encrypted with same algorithm
(hopefully analogous to the code that I pasted) and same parameters?
Thanks,
Massimo
public void letsgo(){
String encodedSecret = <the encrypted_secrets from
info.guardianproject.cacheword.prefs.xml file>
String passphrase =<the password chosed as master password>;
char[] x_passphrase = passphrase.toCharArray();
byte[] preparedSecret =
android.util.Base64.decode(y_encodedSecret,Base64.DEFAULT);
SerializedSecretsV1 ss = new
SerializedSecretsLoader().loadSecrets(preparedSecret);
byte[] x_rawSecretKey = null;
try {
PassphraseSecretsImpl crypto = new PassphraseSecretsImpl();
x_rawSecretKey = crypto.decryptWithPassphrase(x_passphrase,ss);
StringBuilder sb = new StringBuilder();
for (byte b : x_rawSecretKey) {
sb.append(String.format("%02X ", b));
}
System.out.println(" HEX: "+ sb.toString());
if (x_rawSecretKey == null)
throw new GeneralSecurityException("PPP");
}catch (Throwable t)
{
System.out.println("Inside catch: " + t);
}
_______________________________________________
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email: [email protected]
_______________________________________________
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email: [email protected]
