Re: HCRYPTKEY from actual key bytes

From: lelteto (lelteto_at_discussions.microsoft.com)
Date: 06/21/05 

Date: Tue, 21 Jun 2005 08:23:01 -0700

I can't answer for the EFS part (too internal to the NTFS system - maybe MS
can help you).

On the last block issue what I usually do is send an EXTRA block (w/o the
FINAL flag) then just abandon the decryption. With that you get your last
block you are interested in and you just ignore the extra operation.

Laszlo Elteto
SafeNet, Inc.

"Levy" wrote:

> I also found out that the data parts that are not getting decrypted right (2
> x 16 bytes: at the beginning and at the middle of each 4KB cluster) are not
> something that EFS added extra, but those bytes are actually missing from
> the original file. So, those should also decrypt in order to get my original
> file back.
>
> Maybe I need to use an IV for the symmetric algorithm (if algorithm used in
> one of the feedback modes) and then reset it at each 2KB? If yes, from where
> to get the bytes of the IV? And from where to get the size of the treshold
> where to reset the IV? (I think I read somewhere that at least DES in CFB
> mode is autorepairing after I do not know how many iterations - could this
> be the case with this EFS stuff? Meaning my first 16 bytes are not
> decrypting correctly because the IV is bad, but after that it gets repaired
> and then works... for 2KB at least...)
>
> Finally, my last block of the file is also not decrypting correctly. I get
> and error "bad data" (or NTE_BAD_DATA), even if I am passing TRUE as the
> parameter to CryptDecrypt. The data attribute of the EFS-encrypted file is
> NOT a multiple of the data block size of the symmetric algorithm. My
> understanding is that padding happens automatically (on encrypt, but
> shouldn't the result of encryption be saved in order to decrypt the last
> block correctly?!?!?)....
>
> Any bright ideas?
>
> And thanks a lot for everyone who reads this and tries to give me some
> help/pointer(s) with this stubborn issue.
>
> Regards,
> Levente
>
> "lelteto" <lelteto@discussions.microsoft.com> wrote in message
> news:7D2FA6F6-AE6A-4085-AB42-2D2F6CABA116@microsoft.com...
> > For symmetric keys (DES, AES ect) the byte order should be fine, ie. just
> > "as
> > a succession of bytes". The byte order (LSB for CAPI, MSB for everybody
> > else
> > and in certs) is important for public / private keys.
> >
> > Laszlo Elteto
> > SafeNet, Inc.
> >
> > "Levy" wrote:
> >
> >> Thanks a lot, I will try and will post here whether I succeeded or not.
> >> An
> >> issue that I am still not sure of: the key material comes as a succession
> >> of
> >> bytes, I do not know if this is in the right byte order. I guess the only
> >> way to find out is to use it to build a key and try to decrypt the file's
> >> content.
> >>
> >>
> >> "lelteto" <lelteto@discussions.microsoft.com> wrote in message
> >> news:890ABEA2-6AE9-4057-B86A-6A6AD59C6501@microsoft.com...
> >> > Two options:
> >> > 1. use PLAINTEXTKEYBLOB (supported on XP, Win2003)
> >> > 2. see KB article
> >> > http://support.microsoft.com/default.aspx?scid=kb;en-us;228786
> >> > In both cases you would still need to create the proper key BLOB
> >> > struct.
> >> >
> >> > Laszlo Elteto
> >> > SafeNet, Inc.
> >> >
> >> > "Levy" wrote:
> >> >
> >> >> Hello,
> >> >>
> >> >> I have a simple problem. I need to decrypt something (AES 256 bits)
> >> >> and I
> >> >> have the 32 bytes that is the actual key. How can I turn this into a
> >> >> HCRYPTKEY so that I can call CryptDecrypt?
> >> >>
> >> >> Thanks a lot,
> >> >> Levente
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>

Relevant Pages

  • RE: Laptop Security - Microsoft EFS
    ... With EFS the keyare unique to the drive. ... EFS to encrypt system files. ... cleartext during a mount attack, but the easiest way for an attacker to gain ... who can also decrypt the respective persons info. ...
    (Security-Basics)
  • Re: Info regd Hard Disk Encryption required.
    ... Another similar solution is to run a virtual machine and encrypt its entire ... EFS can handle that. ... > An alternative to EFS is the older PGP Disc. ... >> decrypt it while the system is booting. ...
    (microsoft.public.win2000.security)
  • Re: EFS and Biometrics? Other options?
    ... There is no password involved in EFS. ... specified recovery agent and available keys. ... To decrypt the file, the machine must be able to access either the user's ... the private key that corresponds to the public key that was used to encrypt ...
    (Focus-Microsoft)
  • Re: efs and "encryption" overall... help?
    ... To be absolutely sure that an attacker can not access EFS encrypted files ... stronger encryption to encrypt EFS files, not that it would be easy to crack ... Pro that more then one user may be able to decrypt the file if the original ... > first encryption a certificate is created that is used to decrypt those ...
    (microsoft.public.windows.server.networking)
  • Re: HCRYPTKEY from actual key bytes
    ... those should also decrypt in order to get my original ... NOT a multiple of the data block size of the symmetric algorithm. ... understanding is that padding happens automatically (on encrypt, ... > and in certs) is important for public / private keys. ...
    (microsoft.public.platformsdk.security)