[cifs-protocol] [REG: 110080418357322] [MS-BKRP] 1.3.1 -- in a given domain there is only "active" rsa key

[Edgar Olougouna]

Hi Matthieu,

I am researching this issue and will update you as soon I complete my research.

Best regards,
Edgar

Issue verbatim
------------------

Second in paragraph 1.3.1 Call Flows, it is stated
"For the ClientWrap subprotocol, the Microsoft implementation of the BackupKey Remote Protocol server stores the following LSA global secret objects (note that the LSA global secret names are Unicode strings):
1. G$BCKUPKEY_PREFERRED: This contains the 16-byte GUID ([MS-DTYP] section 2.3.2.2) of the RSA key pair currently used for client-side secret wrapping.
2. G$BCKUPKEY_guid: Here, guid is the string GUID that identifies the wrapping key, formatted as a GUIDString ([MS-DTYP] section 2.3.2.3). The value of the secret object is the server's ClientWrap key pair, formatted as specified in section 2.2.5"

Should I conclude that in a given domain there is only "active" rsa key on all the server or said in another way no matter which server is asked at a given moment we will always receive the same GUID for the key ?

Also just to be sure this will be stored in the currentValue attribute but it will be only accessible through a lsaQuerySecret call right ?


-----Original Message-----
From: Bryan Burgin
Sent: Wednesday, August 04, 2010 10:12 PM
To: 'mat at samba.org' 
Cc: pfif at tridgell.net; cifs-protocol at samba.org; MSSolve Case Email
Subject: RE: [REG:110071868986368] unused bytes after while decoding bkrp requests 

Matthieu, 

For your new issues, I created three new cases and dispatched them across the team 

110080417580961
[MS-BKRP] 3.1.4.1 "misc" 0x00020000 value 

110080418016869
[MS-BKRP]  3.1.4.1.3 -- version field and a GUID field no documented 

110080418357322
[MS-BKRP] 1.3.1 --  in a given domain there is only "active" rsa key