[cifs-protocol] [REG: 110080418357322] [MS-BKRP] 1.3.1 -- in a given domain there is only "active" rsa key

Edgar Olougouna edgaro at microsoft.com
Thu Aug 5 15:34:41 MDT 2010

Hi Matthieu,

I am researching this issue and will update you as soon I complete my research.

Best regards,

Issue verbatim

Second in paragraph 1.3.1 Call Flows, it is stated
"For the ClientWrap subprotocol, the Microsoft implementation of the BackupKey Remote Protocol server stores the following LSA global secret objects (note that the LSA global secret names are Unicode strings):
1. G$BCKUPKEY_PREFERRED: This contains the 16-byte GUID ([MS-DTYP] section of the RSA key pair currently used for client-side secret wrapping.
2. G$BCKUPKEY_guid: Here, guid is the string GUID that identifies the wrapping key, formatted as a GUIDString ([MS-DTYP] section The value of the secret object is the server's ClientWrap key pair, formatted as specified in section 2.2.5"

Should I conclude that in a given domain there is only "active" rsa key on all the server or said in another way no matter which server is asked at a given moment we will always receive the same GUID for the key ?

Also just to be sure this will be stored in the currentValue attribute but it will be only accessible through a lsaQuerySecret call right ?

-----Original Message-----
From: Bryan Burgin
Sent: Wednesday, August 04, 2010 10:12 PM
To: 'mat at samba.org' 
Cc: pfif at tridgell.net; cifs-protocol at samba.org; MSSolve Case Email
Subject: RE: [REG:110071868986368] unused bytes after while decoding bkrp requests 


For your new issues, I created three new cases and dispatched them across the team 

[MS-BKRP] "misc" 0x00020000 value 

[MS-BKRP] -- version field and a GUID field no documented 

[MS-BKRP] 1.3.1 --  in a given domain there is only "active" rsa key 

More information about the cifs-protocol mailing list