[cifs-protocol] [REG:110092263101306] RE: backup protocol
Hongwei Sun
hongweis at microsoft.com
Wed Sep 22 17:27:52 MDT 2010
Matthieu,
After checking the logic in the code, I found that Windows clients will reverse the EncryptedSecret part in the Client-Side-Wrapped_Secret structure (2.2.2 MS-BKRP). This matches what you have found. I will file a request to have it confirmed and updated into the document.
As of the GUID field in Client-Side-Wrapped_Secret structure, it is not in reverse byte order. As documented in item 10 of client-side wrapping logic in 3.2.4.1 MS-BKRP:
10. Copy the GUID of the server public key to guidKey. This value MUST be retrieved from the SubjectUniqueID field of the server's ClientWrap public key certificate, as specified in [X509] section 2.2.1
It is clear that the GUID is copied from SubjectUniqueID in a certificate , not SerialNumber in a certificate. This is also confirmed by code review. Please verify this against the public key certificate you are using.
Please let me know if you have any further questions.
Thanks!
Hongwei
-----Original Message-----
From: Matthieu Patou [mailto:mat at samba.org]
Sent: Wednesday, September 22, 2010 1:26 PM
To: Sebastian Canevari
Cc: cifs-protocol at samba.org; Interoperability Documentation Help; Darryl Welch; Hongwei Sun
Subject: Re: backup protocol
Hi Sebastian,
I made more investigation this night and after realizing that the guid of the certificate was stored in reverse order in different fields like serialNumber field in the certificate I tried to give a try and reverse the bytes of the blob before trying to decrypt it.
And it turns out that I managed to uncrypt the blob when doing so (please see the file secret.cr.decrypted that really looks like an encrypted_secret version 2 struct).
I also attached the permuted version of the blob.
Can you check and told me if the documentation should state that the encrypted_struct should be reverted.
I also think that the documentation should in the behavior notes states that the serialNumber contains the guid of the certificate but in reverse byte order.
Regards.
Matthieu.
On 22/09/2010 20:34, Sebastian Canevari wrote:
> Thanks Matthieu!
>
> Someone from my team will get in touch with you shortly.
>
> Thanks and regards,
>
> Sebastian
>
>
> Sebastian Canevari
> Escalation Engineer, US-CSS DSC PROTOCOL TEAM 7100 N Hwy 161, Irving,
> TX - 75039 "Las Colinas - LC2"
> Tel: +1 469 775 7849
> e-mail: sebastc at microsoft.com
>
> -----Original Message-----
> From: Matthieu Patou [mailto:mat at samba.org]
> Sent: Tuesday, September 21, 2010 8:56 PM
> To: cifs-protocol at samba.org; Interoperability Documentation Help
> Cc: Darryl Welch
> Subject: backup protocol
>
> Hello dochelp,
>
>
> I would like to have some confirmation on backup protocol, here is the dump as the samba server will receive it from a windows client to unwrap a secret.
>
>
> ./bin/ndrdump backupkey bkrp_BackupKey_debug in
> ~/workspace/samba/tcpdump/bkrp/bkrp_in
> pull returned NT_STATUS_OK
> WARNING! 52 unread bytes
> [0000] 8A E3 13 71 02 F4 36 71 02 40 28 00 30 7C DE 3D ...q..6q .@(.0|.=
> [0010] 5D 16 D1 11 AB 8F 00 80 5F 14 DB 40 01 00 00 00 ]....... _.. at ....
> [0020] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`
> [0030] 02 00 00 00 ....
> bkrp_BackupKey_debug: struct bkrp_BackupKey
> in: struct bkrp_BackupKey
> guidActionAgent : *
> guidActionAgent :
> 47270c64-2fc7-499b-ac5b-0e37cdce899a
> data_in : *
> data_in: struct bkrp_client_side_wrapped
> version : 0x00000002 (2)
> encrypted_secret_len : 0x00000100 (256)
> access_check_len : 0x00000058 (88)
> guid :
> a1dc8bbd-743f-473e-8d00-0a4742df76bd
> encrypted_secret: ARRAY(256)
> [0] : 0x30 (48)
> [1] : 0xe5 (229)
> [2] : 0x9a (154)
> [3] : 0x15 (21)
> [4] : 0x1b (27)
> [5] : 0x59 (89)
> [6] : 0xb8 (184)
> [7] : 0x1e (30)
> [8] : 0xb6 (182)
> [9] : 0xb8 (184)
> [10] : 0x2a (42)
> [11] : 0xd0 (208)
> [12] : 0x9f (159)
> [13] : 0x30 (48)
> [14] : 0xaa (170)
> [15] : 0xb3 (179)
> [16] : 0x12 (18)
> [17] : 0x9a (154)
> [18] : 0x98 (152)
> [19] : 0x55 (85)
> [20] : 0x63 (99)
> [21] : 0xd2 (210)
> [22] : 0x11 (17)
> [23] : 0xe4 (228)
> [24] : 0x41 (65)
> [25] : 0x00 (0)
> [26] : 0xdb (219)
> [27] : 0x37 (55)
> [28] : 0x9c (156)
> [29] : 0xd9 (217)
> [30] : 0x86 (134)
> [31] : 0x63 (99)
> [32] : 0xa1 (161)
> [33] : 0x30 (48)
> [34] : 0x1d (29)
> [35] : 0x8c (140)
> [36] : 0xf4 (244)
> [37] : 0x25 (37)
> [38] : 0x00 (0)
> [39] : 0x16 (22)
> [40] : 0xe2 (226)
> [41] : 0xc1 (193)
> [42] : 0xb0 (176)
> [43] : 0x36 (54)
> [44] : 0x89 (137)
> [45] : 0x10 (16)
> [46] : 0x83 (131)
> [47] : 0x56 (86)
> [48] : 0xad (173)
> [49] : 0x8f (143)
> [50] : 0x0b (11)
> [51] : 0x11 (17)
> [52] : 0x60 (96)
> [53] : 0x20 (32)
> [54] : 0xc4 (196)
> [55] : 0x07 (7)
> [56] : 0x81 (129)
> [57] : 0x77 (119)
> [58] : 0xc1 (193)
> [59] : 0xd4 (212)
> [60] : 0x95 (149)
> [61] : 0x7d (125)
> [62] : 0x81 (129)
> [63] : 0xe8 (232)
> [64] : 0xcc (204)
> [65] : 0xa6 (166)
> [66] : 0xbf (191)
> [67] : 0xc5 (197)
> [68] : 0xf5 (245)
> [69] : 0x23 (35)
> [70] : 0x8d (141)
> [71] : 0x29 (41)
> [72] : 0x2e (46)
> [73] : 0x9c (156)
> [74] : 0x8d (141)
> [75] : 0x21 (33)
> [76] : 0xff (255)
> [77] : 0xc3 (195)
> [78] : 0xb7 (183)
> [79] : 0xc3 (195)
> [80] : 0xba (186)
> [81] : 0x14 (20)
> [82] : 0x35 (53)
> [83] : 0xec (236)
> [84] : 0x6f (111)
> [85] : 0x50 (80)
> [86] : 0x24 (36)
> [87] : 0x14 (20)
> [88] : 0x17 (23)
> [89] : 0x83 (131)
> [90] : 0x5f (95)
> [91] : 0xdc (220)
> [92] : 0xbc (188)
> [93] : 0x2a (42)
> [94] : 0xd9 (217)
> [95] : 0xf6 (246)
> [96] : 0xee (238)
> [97] : 0xf9 (249)
> [98] : 0x4f (79)
> [99] : 0x63 (99)
> [100] : 0x16 (22)
> [101] : 0x0a (10)
> [102] : 0xfc (252)
> [103] : 0x93 (147)
> [104] : 0xb4 (180)
> [105] : 0xa2 (162)
> [106] : 0x4c (76)
> [107] : 0x10 (16)
> [108] : 0xcf (207)
> [109] : 0x28 (40)
> [110] : 0x54 (84)
> [111] : 0x55 (85)
> [112] : 0x7e (126)
> [113] : 0xa7 (167)
> [114] : 0x47 (71)
> [115] : 0xdb (219)
> [116] : 0x24 (36)
> [117] : 0x96 (150)
> [118] : 0xe4 (228)
> [119] : 0xdd (221)
> [120] : 0x5f (95)
> [121] : 0x4c (76)
> [122] : 0x0c (12)
> [123] : 0x4d (77)
> [124] : 0xc8 (200)
> [125] : 0x17 (23)
> [126] : 0xc9 (201)
> [127] : 0x53 (83)
> [128] : 0xdb (219)
> [129] : 0x58 (88)
> [130] : 0x98 (152)
> [131] : 0x03 (3)
> [132] : 0xf6 (246)
> [133] : 0xf9 (249)
> [134] : 0x19 (25)
> [135] : 0xec (236)
> [136] : 0x56 (86)
> [137] : 0xb0 (176)
> [138] : 0x8d (141)
> [139] : 0xf5 (245)
> [140] : 0x39 (57)
> [141] : 0x9d (157)
> [142] : 0xfb (251)
> [143] : 0xea (234)
> [144] : 0x59 (89)
> [145] : 0xdd (221)
> [146] : 0xeb (235)
> [147] : 0x3d (61)
> [148] : 0xa0 (160)
> [149] : 0xaf (175)
> [150] : 0x1b (27)
> [151] : 0x7c (124)
> [152] : 0xe1 (225)
> [153] : 0x85 (133)
> [154] : 0x22 (34)
> [155] : 0xd2 (210)
> [156] : 0x19 (25)
> [157] : 0x45 (69)
> [158] : 0xa8 (168)
> [159] : 0x14 (20)
> [160] : 0x2a (42)
> [161] : 0x8f (143)
> [162] : 0x26 (38)
> [163] : 0x3d (61)
> [164] : 0x3e (62)
> [165] : 0x4f (79)
> [166] : 0xc8 (200)
> [167] : 0x4d (77)
> [168] : 0xb5 (181)
> [169] : 0xb4 (180)
> [170] : 0xeb (235)
> [171] : 0x49 (73)
> [172] : 0x6b (107)
> [173] : 0x16 (22)
> [174] : 0xc2 (194)
> [175] : 0x5f (95)
> [176] : 0xa7 (167)
> [177] : 0x3b (59)
> [178] : 0x1e (30)
> [179] : 0xd3 (211)
> [180] : 0x25 (37)
> [181] : 0xe9 (233)
> [182] : 0x84 (132)
> [183] : 0xc0 (192)
> [184] : 0x30 (48)
> [185] : 0xd9 (217)
> [186] : 0x56 (86)
> [187] : 0xf7 (247)
> [188] : 0x15 (21)
> [189] : 0x89 (137)
> [190] : 0xd5 (213)
> [191] : 0xac (172)
> [192] : 0x40 (64)
> [193] : 0x96 (150)
> [194] : 0x14 (20)
> [195] : 0xed (237)
> [196] : 0x02 (2)
> [197] : 0xcf (207)
> [198] : 0x66 (102)
> [199] : 0x03 (3)
> [200] : 0xee (238)
> [201] : 0xf5 (245)
> [202] : 0x79 (121)
> [203] : 0xa3 (163)
> [204] : 0xc6 (198)
> [205] : 0x4e (78)
> [206] : 0x59 (89)
> [207] : 0xfe (254)
> [208] : 0x01 (1)
> [209] : 0x07 (7)
> [210] : 0xda (218)
> [211] : 0x5f (95)
> [212] : 0xd1 (209)
> [213] : 0xb8 (184)
> [214] : 0xd6 (214)
> [215] : 0xe3 (227)
> [216] : 0x15 (21)
> [217] : 0x28 (40)
> [218] : 0x78 (120)
> [219] : 0x83 (131)
> [220] : 0x4b (75)
> [221] : 0xf6 (246)
> [222] : 0x5b (91)
> [223] : 0xd6 (214)
> [224] : 0xb0 (176)
> [225] : 0x10 (16)
> [226] : 0xb7 (183)
> [227] : 0x74 (116)
> [228] : 0x5f (95)
> [229] : 0xaa (170)
> [230] : 0xaa (170)
> [231] : 0xc4 (196)
> [232] : 0x4f (79)
> [233] : 0x53 (83)
> [234] : 0xe7 (231)
> [235] : 0x1f (31)
> [236] : 0xfd (253)
> [237] : 0xe4 (228)
> [238] : 0xab (171)
> [239] : 0xa3 (163)
> [240] : 0xbb (187)
> [241] : 0xf3 (243)
> [242] : 0x98 (152)
> [243] : 0x5c (92)
> [244] : 0x47 (71)
> [245] : 0xea (234)
> [246] : 0x2b (43)
> [247] : 0xa5 (165)
> [248] : 0xbf (191)
> [249] : 0xa1 (161)
> [250] : 0xbe (190)
> [251] : 0xa2 (162)
> [252] : 0x3b (59)
> [253] : 0x3b (59)
> [254] : 0x13 (19)
> [255] : 0x6a (106)
> access_check: ARRAY(88)
> [0] : 0xaa (170)
> [1] : 0x5e (94)
> [2] : 0x85 (133)
> [3] : 0xdd (221)
> [4] : 0xfb (251)
> [5] : 0xdf (223)
> [6] : 0x5c (92)
> [7] : 0x8e (142)
> [8] : 0x0f (15)
> [9] : 0xc4 (196)
> [10] : 0x9e (158)
> [11] : 0xdf (223)
> [12] : 0x43 (67)
> [13] : 0xb7 (183)
> [14] : 0xb8 (184)
> [15] : 0xaa (170)
> [16] : 0x01 (1)
> [17] : 0x17 (23)
> [18] : 0xf6 (246)
> [19] : 0xd4 (212)
> [20] : 0x93 (147)
> [21] : 0xcb (203)
> [22] : 0x35 (53)
> [23] : 0xb9 (185)
> [24] : 0x9f (159)
> [25] : 0x57 (87)
> [26] : 0x2a (42)
> [27] : 0xed (237)
> [28] : 0x8d (141)
> [29] : 0x6f (111)
> [30] : 0xdc (220)
> [31] : 0x4d (77)
> [32] : 0x9c (156)
> [33] : 0xae (174)
> [34] : 0x9f (159)
> [35] : 0x2a (42)
> [36] : 0x45 (69)
> [37] : 0xc9 (201)
> [38] : 0xbb (187)
> [39] : 0xf5 (245)
> [40] : 0x48 (72)
> [41] : 0x8a (138)
> [42] : 0x3e (62)
> [43] : 0x98 (152)
> [44] : 0x62 (98)
> [45] : 0x93 (147)
> [46] : 0xb8 (184)
> [47] : 0x20 (32)
> [48] : 0x77 (119)
> [49] : 0x0e (14)
> [50] : 0x8f (143)
> [51] : 0x24 (36)
> [52] : 0x75 (117)
> [53] : 0x16 (22)
> [54] : 0x12 (18)
> [55] : 0x2e (46)
> [56] : 0x7b (123)
> [57] : 0xf0 (240)
> [58] : 0xb9 (185)
> [59] : 0x61 (97)
> [60] : 0x1d (29)
> [61] : 0xee (238)
> [62] : 0x8f (143)
> [63] : 0x2a (42)
> [64] : 0xed (237)
> [65] : 0xfb (251)
> [66] : 0xed (237)
> [67] : 0x39 (57)
> [68] : 0x41 (65)
> [69] : 0xba (186)
> [70] : 0x73 (115)
> [71] : 0x91 (145)
> [72] : 0x68 (104)
> [73] : 0x0c (12)
> [74] : 0x21 (33)
> [75] : 0x4b (75)
> [76] : 0x9d (157)
> [77] : 0x2e (46)
> [78] : 0x13 (19)
> [79] : 0x3b (59)
> [80] : 0x4a (74)
> [81] : 0x5a (90)
> [82] : 0x96 (150)
> [83] : 0x83 (131)
> [84] : 0x74 (116)
> [85] : 0x4d (77)
> [86] : 0x52 (82)
> [87] : 0x34 (52)
> data_in_len : 0x00000174 (372)
> param : 0x00000000 (0)
> dump OK
>
>
> If the dump is really correct (well it looks pretty good to my mind),
> the encrypted secret will be:
> encrypted_secret: ARRAY(256)
> [0] : 0x30 (48)
> [1] : 0xe5 (229)
> [2] : 0x9a (154)
> [3] : 0x15 (21)
> [4] : 0x1b (27)
> [5] : 0x59 (89)
> [6] : 0xb8 (184)
> [7] : 0x1e (30)
> [8] : 0xb6 (182)
> [9] : 0xb8 (184)
> [10] : 0x2a (42)
> [11] : 0xd0 (208)
> [12] : 0x9f (159)
> [13] : 0x30 (48)
> [14] : 0xaa (170)
> [15] : 0xb3 (179)
> [16] : 0x12 (18)
> [17] : 0x9a (154)
> [18] : 0x98 (152)
> [19] : 0x55 (85)
> [20] : 0x63 (99)
> [21] : 0xd2 (210)
> [22] : 0x11 (17)
> [23] : 0xe4 (228)
> [24] : 0x41 (65)
> [25] : 0x00 (0)
> [26] : 0xdb (219)
> [27] : 0x37 (55)
> [28] : 0x9c (156)
> [29] : 0xd9 (217)
> [30] : 0x86 (134)
> [31] : 0x63 (99)
> [32] : 0xa1 (161)
> [33] : 0x30 (48)
> [34] : 0x1d (29)
> [35] : 0x8c (140)
> [36] : 0xf4 (244)
> [37] : 0x25 (37)
> [38] : 0x00 (0)
> [39] : 0x16 (22)
> [40] : 0xe2 (226)
> [41] : 0xc1 (193)
> [42] : 0xb0 (176)
> [43] : 0x36 (54)
> [44] : 0x89 (137)
> [45] : 0x10 (16)
> [46] : 0x83 (131)
> [47] : 0x56 (86)
> [48] : 0xad (173)
> [49] : 0x8f (143)
> [50] : 0x0b (11)
> [51] : 0x11 (17)
> [52] : 0x60 (96)
> [53] : 0x20 (32)
> [54] : 0xc4 (196)
> [55] : 0x07 (7)
> [56] : 0x81 (129)
> [57] : 0x77 (119)
> [58] : 0xc1 (193)
> [59] : 0xd4 (212)
> [60] : 0x95 (149)
> [61] : 0x7d (125)
> [62] : 0x81 (129)
> [63] : 0xe8 (232)
> [64] : 0xcc (204)
> [65] : 0xa6 (166)
> [66] : 0xbf (191)
> [67] : 0xc5 (197)
> [68] : 0xf5 (245)
> [69] : 0x23 (35)
> [70] : 0x8d (141)
> [71] : 0x29 (41)
> [72] : 0x2e (46)
> [73] : 0x9c (156)
> [74] : 0x8d (141)
> [75] : 0x21 (33)
> [76] : 0xff (255)
> [77] : 0xc3 (195)
> [78] : 0xb7 (183)
> [79] : 0xc3 (195)
> [80] : 0xba (186)
> [81] : 0x14 (20)
> [82] : 0x35 (53)
> [83] : 0xec (236)
> [84] : 0x6f (111)
> [85] : 0x50 (80)
> [86] : 0x24 (36)
> [87] : 0x14 (20)
> [88] : 0x17 (23)
> [89] : 0x83 (131)
> [90] : 0x5f (95)
> [91] : 0xdc (220)
> [92] : 0xbc (188)
> [93] : 0x2a (42)
> [94] : 0xd9 (217)
> [95] : 0xf6 (246)
> [96] : 0xee (238)
> [97] : 0xf9 (249)
> [98] : 0x4f (79)
> [99] : 0x63 (99)
> [100] : 0x16 (22)
> [101] : 0x0a (10)
> [102] : 0xfc (252)
> [103] : 0x93 (147)
> [104] : 0xb4 (180)
> [105] : 0xa2 (162)
> [106] : 0x4c (76)
> [107] : 0x10 (16)
> [108] : 0xcf (207)
> [109] : 0x28 (40)
> [110] : 0x54 (84)
> [111] : 0x55 (85)
> [112] : 0x7e (126)
> [113] : 0xa7 (167)
> [114] : 0x47 (71)
> [115] : 0xdb (219)
> [116] : 0x24 (36)
> [117] : 0x96 (150)
> [118] : 0xe4 (228)
> [119] : 0xdd (221)
> [120] : 0x5f (95)
> [121] : 0x4c (76)
> [122] : 0x0c (12)
> [123] : 0x4d (77)
> [124] : 0xc8 (200)
> [125] : 0x17 (23)
> [126] : 0xc9 (201)
> [127] : 0x53 (83)
> [128] : 0xdb (219)
> [129] : 0x58 (88)
> [130] : 0x98 (152)
> [131] : 0x03 (3)
> [132] : 0xf6 (246)
> [133] : 0xf9 (249)
> [134] : 0x19 (25)
> [135] : 0xec (236)
> [136] : 0x56 (86)
> [137] : 0xb0 (176)
> [138] : 0x8d (141)
> [139] : 0xf5 (245)
> [140] : 0x39 (57)
> [141] : 0x9d (157)
> [142] : 0xfb (251)
> [143] : 0xea (234)
> [144] : 0x59 (89)
> [145] : 0xdd (221)
> [146] : 0xeb (235)
> [147] : 0x3d (61)
> [148] : 0xa0 (160)
> [149] : 0xaf (175)
> [150] : 0x1b (27)
> [151] : 0x7c (124)
> [152] : 0xe1 (225)
> [153] : 0x85 (133)
> [154] : 0x22 (34)
> [155] : 0xd2 (210)
> [156] : 0x19 (25)
> [157] : 0x45 (69)
> [158] : 0xa8 (168)
> [159] : 0x14 (20)
> [160] : 0x2a (42)
> [161] : 0x8f (143)
> [162] : 0x26 (38)
> [163] : 0x3d (61)
> [164] : 0x3e (62)
> [165] : 0x4f (79)
> [166] : 0xc8 (200)
> [167] : 0x4d (77)
> [168] : 0xb5 (181)
> [169] : 0xb4 (180)
> [170] : 0xeb (235)
> [171] : 0x49 (73)
> [172] : 0x6b (107)
> [173] : 0x16 (22)
> [174] : 0xc2 (194)
> [175] : 0x5f (95)
> [176] : 0xa7 (167)
> [177] : 0x3b (59)
> [178] : 0x1e (30)
> [179] : 0xd3 (211)
> [180] : 0x25 (37)
> [181] : 0xe9 (233)
> [182] : 0x84 (132)
> [183] : 0xc0 (192)
> [184] : 0x30 (48)
> [185] : 0xd9 (217)
> [186] : 0x56 (86)
> [187] : 0xf7 (247)
> [188] : 0x15 (21)
> [189] : 0x89 (137)
> [190] : 0xd5 (213)
> [191] : 0xac (172)
> [192] : 0x40 (64)
> [193] : 0x96 (150)
> [194] : 0x14 (20)
> [195] : 0xed (237)
> [196] : 0x02 (2)
> [197] : 0xcf (207)
> [198] : 0x66 (102)
> [199] : 0x03 (3)
> [200] : 0xee (238)
> [201] : 0xf5 (245)
> [202] : 0x79 (121)
> [203] : 0xa3 (163)
> [204] : 0xc6 (198)
> [205] : 0x4e (78)
> [206] : 0x59 (89)
> [207] : 0xfe (254)
> [208] : 0x01 (1)
> [209] : 0x07 (7)
> [210] : 0xda (218)
> [211] : 0x5f (95)
> [212] : 0xd1 (209)
> [213] : 0xb8 (184)
> [214] : 0xd6 (214)
> [215] : 0xe3 (227)
> [216] : 0x15 (21)
> [217] : 0x28 (40)
> [218] : 0x78 (120)
> [219] : 0x83 (131)
> [220] : 0x4b (75)
> [221] : 0xf6 (246)
> [222] : 0x5b (91)
> [223] : 0xd6 (214)
> [224] : 0xb0 (176)
> [225] : 0x10 (16)
> [226] : 0xb7 (183)
> [227] : 0x74 (116)
> [228] : 0x5f (95)
> [229] : 0xaa (170)
> [230] : 0xaa (170)
> [231] : 0xc4 (196)
> [232] : 0x4f (79)
> [233] : 0x53 (83)
> [234] : 0xe7 (231)
> [235] : 0x1f (31)
> [236] : 0xfd (253)
> [237] : 0xe4 (228)
> [238] : 0xab (171)
> [239] : 0xa3 (163)
> [240] : 0xbb (187)
> [241] : 0xf3 (243)
> [242] : 0x98 (152)
> [243] : 0x5c (92)
> [244] : 0x47 (71)
> [245] : 0xea (234)
> [246] : 0x2b (43)
> [247] : 0xa5 (165)
> [248] : 0xbf (191)
> [249] : 0xa1 (161)
> [250] : 0xbe (190)
> [251] : 0xa2 (162)
> [252] : 0x3b (59)
> [253] : 0x3b (59)
> [254] : 0x13 (19)
> [255] : 0x6a (106)
>
>
> And I'm having difficulties to uncrypt it although I'm pretty sure of
> my private and public key (extracted from the active directory).
> I get the public key from backupkey protocol when supplying the
> BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID and the private key by extracting
> it from a replicated s4 DC.
>
> The certificate is cert.pem and the key is privkeycert.pem.
>
> I'm able to encrypt the cert's public key and decrypt with the private key:
>
> As this: echo "super test" | openssl rsautl -encrypt -certin -inkey
> cert.pem | openssl rsautl -decrypt -inkey privkeycert.pem gives me the
> clear text.
>
> So it should means that I'm able to decrypt the encrypted_secret as it
> is stated in the documentation (ms-bkrp.pdf)
>
> "If the dwVersion field is set to 0x00000002, this field MUST contain
> the structure specified in Section 2.2.2.1, padded and encrypted with
> the server's public key according to the
> PKCS#1 v1.5 RSA encryption scheme specified in [RFC3447] section 7.2."
>
>
> Trying to decrypt the secrets with the private key (which
>
>
> openssl rsautl -decrypt -inkey privkeycert.pem -in secret.cr RSA
> operation error 12156:error:0407106B:rsa
> routines:RSA_padding_check_PKCS1_type_2:block
> type is not 02:rsa_pk1.c:190:
> 12156:error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding
> check
> failed:rsa_eay.c:592:
>
>
> Is there anything I get wrong ?
>
> Thanks for you help.
>
> Regards.
> Matthieu.
>
--
Matthieu Patou
Samba Team http://samba.org
More information about the cifs-protocol
mailing list