EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SIMPLEKEYBLOB

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#4136
Posted: 10/24/2007 08:32:23
by Tomasz Kaczanowski (Standard support level)
Joined: 04/10/2007
Posts: 16

Hi. SecureBlackBox doesn't support MS_SIMPLEKEYBLOB unfortunately, but maybe someone know, how to decode it to use with SecureBlobBox? I know, the structure is:
PUBLICKEYSTRUC publickeystruc ;
ALG_ID algid;
BYTE encryptedkey[rsapubkey.bitlen/8];

but how decrypt this key?
#4137
Posted: 10/24/2007 08:43:51
by Ken Ivanov (EldoS Corp.)

Well, you can decode it without using SecureBlackbox. All the types are public and declared in the MSDN:

typedef struct _PUBLICKEYSTRUC {
BYTE bType;
BYTE bVersion;
WORD reserved;
ALG_ID aiKeyAlg;
} BLOBHEADER, PUBLICKEYSTRUC;

typedef unsigned int ALG_ID;
#4138
Posted: 10/24/2007 08:46:41
by Ken Ivanov (EldoS Corp.)

The key is encrypted using RSA PKCS#1 encryption type:
Quote

encryptedkey

A BYTE sequence that represents the encrypted session key data in the form of a PKCS #1, type 2 encryption block. For details on this data format, see the Public Key Cryptography Standards (PKCS) #1, published by RSA Data Security, Inc.
This data is always the same size as the modulus of the public key. For example, public keys generated by the Microsoft RSA Base Provider can be 512 bits (64 bytes) in length, so the encrypted session key data is also always 512 bits (64 bytes).


So please use TElRSAPublicKeyCrypto class to decrypt the encrypted key material.
#4151
Posted: 10/25/2007 09:58:16
by Tomasz Kaczanowski (Standard support level)
Joined: 04/10/2007
Posts: 16

I've tried to use TElRSAPublicKeyCrypto, but I always get "Decription failed" exception.
Crypto := TElRSAPublicKeyCrypto.Create();
try
KeyMaterial := TElRSAKeyMaterial.Create();
try
KeyMaterial.Assign(Cert.KeyMaterial);//cert - recipient certificate
Crypto.KeyMaterial := KeyMaterial;
Sz := 0;
Crypto.InputEncoding:=pkeBinary;
Crypto.Decrypt(pEncryptedData, ulEncryptedDataLen, nil, Sz);//pEncryptedData - blob without header ulEncryptedDataLen = sizeof blob - 12
if (sz<=pulDataLen) and (pdata<>nil) then
begin
Crypto.Decrypt(pEncryptedData, ulEncryptedDataLen, pData, Sz);
end;
pulDataLen:=sz;

except
on e: exception do
begin
writedebug(e.Message);
end;
end;
FreeAndNil(KeyMaterial);
finally
FreeAndNil(Crypto);
end;
#4160
Posted: 10/26/2007 08:45:02
by Tomasz Kaczanowski (Standard support level)
Joined: 04/10/2007
Posts: 16

Hmm I'm not sure (BDS2006 when I try debug goes to strange places in files :) But it looks like it fails in SBRSA.Decrypt, when it check condition:
if (Buf[0] <> 0) or ((Buf[1] <> 2) and (Buf[1] <> 1)) then ...
#4161
Posted: 10/26/2007 08:59:02
by Ken Ivanov (EldoS Corp.)

Please try to revert the sequence of bytes of encrypted data and check if it helps. CryptoAPI stores a lot of security parameters in little-endian format, while most of the implementations (and SBB is not an exception) accept parameters in big-endian format.
#4166
Posted: 10/29/2007 08:57:49
by Tomasz Kaczanowski (Standard support level)
Joined: 04/10/2007
Posts: 16

It works, thx.
#4167
Posted: 10/29/2007 08:58:17
by Tomasz Kaczanowski (Standard support level)
Joined: 04/10/2007
Posts: 16

It works, Thx. :)
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 2292 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!