[cifs-protocol] [REG: 110080418357322] [MS-BKRP] 1.3.1 -- in a given domain there is only "active" rsa key
edgaro at microsoft.com
Thu Aug 5 15:34:41 MDT 2010
I am researching this issue and will update you as soon I complete my research.
Second in paragraph 1.3.1 Call Flows, it is stated
"For the ClientWrap subprotocol, the Microsoft implementation of the BackupKey Remote Protocol server stores the following LSA global secret objects (note that the LSA global secret names are Unicode strings):
1. G$BCKUPKEY_PREFERRED: This contains the 16-byte GUID ([MS-DTYP] section 126.96.36.199) of the RSA key pair currently used for client-side secret wrapping.
2. G$BCKUPKEY_guid: Here, guid is the string GUID that identifies the wrapping key, formatted as a GUIDString ([MS-DTYP] section 188.8.131.52). The value of the secret object is the server's ClientWrap key pair, formatted as specified in section 2.2.5"
Should I conclude that in a given domain there is only "active" rsa key on all the server or said in another way no matter which server is asked at a given moment we will always receive the same GUID for the key ?
Also just to be sure this will be stored in the currentValue attribute but it will be only accessible through a lsaQuerySecret call right ?
From: Bryan Burgin
Sent: Wednesday, August 04, 2010 10:12 PM
To: 'mat at samba.org'
Cc: pfif at tridgell.net; cifs-protocol at samba.org; MSSolve Case Email
Subject: RE: [REG:110071868986368] unused bytes after while decoding bkrp requests
For your new issues, I created three new cases and dispatched them across the team
[MS-BKRP] 184.108.40.206 "misc" 0x00020000 value
[MS-BKRP] 220.127.116.11.3 -- version field and a GUID field no documented
[MS-BKRP] 1.3.1 -- in a given domain there is only "active" rsa key
More information about the cifs-protocol