[cifs-protocol] FW: [REG:111061756137964] Encryption of the key for "netsh branchcache importkey and exportkey.

Christopher R. Hertel crh at samba.org
Wed Jul 6 14:29:03 MDT 2011

One more note.

The extracted Server Secret is 32 bytes in length and is a binary string
(clearly neither Unicode nor OEM Charset).

My guess, at this point, is that the extracted value (which validates
correctly) is the Server Secret itself, and *not* the "arbitrary length
binary string stored on the server" that is used to generate the Server Secret.

In other words, the extracted value is yet another SHA256 hash.

I have not yet tested this theory, and the documentation I have found so far
is not clear on the subject.  Working on it...

>From [MS-PCCRC, 1.1]:

  server secret: A SHA-256 hash of an arbitrary length binary string stored
                 on the server.

>From the BranchCache help:

  Usage: exportkey [outputfile=]<File Path> [passphrase]=<Pass Phrase>


      Tag          Value
      outputfile   - The directory path and name of the file to which the
                     key should be exported
      passphrase   - A passphrase required in order to import the key

  Remarks: This command will export the key which the BranchCache service
           uses to protect content information. The key can then be
           imported on another machine by using the importkey command.

Chris -)-----

Edgar Olougouna wrote:
> Chris,
> Thanks for sharing the good news! The fact that you got the decryption working with two different AES implementations (e.g. Mcrypt and OpenSSL) shows that we nailed down most important details required for successful non-Windows implementation. Hopefully, this has value for testing inter-operability of your BranchCache implementation.
> I will pass your notes to the product team so it can considered when documenting the algorithm details.
> As always, feel free to contact us, should you need further assistance on the open specifications.
> Regards,
> Edgar

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the cifs-protocol mailing list