[cifs-protocol] FW: [REG:111061756137964] Encryption of the key for "netsh branchcache importkey and exportkey.
Christopher R. Hertel
crh at samba.org
Wed Jul 6 14:29:03 MDT 2011
One more note.
The extracted Server Secret is 32 bytes in length and is a binary string
(clearly neither Unicode nor OEM Charset).
My guess, at this point, is that the extracted value (which validates
correctly) is the Server Secret itself, and *not* the "arbitrary length
binary string stored on the server" that is used to generate the Server Secret.
In other words, the extracted value is yet another SHA256 hash.
I have not yet tested this theory, and the documentation I have found so far
is not clear on the subject. Working on it...
>From [MS-PCCRC, 1.1]:
server secret: A SHA-256 hash of an arbitrary length binary string stored
on the server.
>From the BranchCache help:
Usage: exportkey [outputfile=]<File Path> [passphrase]=<Pass Phrase>
Parameters:
Tag Value
outputfile - The directory path and name of the file to which the
key should be exported
passphrase - A passphrase required in order to import the key
Remarks: This command will export the key which the BranchCache service
uses to protect content information. The key can then be
imported on another machine by using the importkey command.
Chris -)-----
Edgar Olougouna wrote:
> Chris,
> Thanks for sharing the good news! The fact that you got the decryption working with two different AES implementations (e.g. Mcrypt and OpenSSL) shows that we nailed down most important details required for successful non-Windows implementation. Hopefully, this has value for testing inter-operability of your BranchCache implementation.
> I will pass your notes to the product team so it can considered when documenting the algorithm details.
> As always, feel free to contact us, should you need further assistance on the open specifications.
>
> Regards,
> Edgar
>
--
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the cifs-protocol
mailing list