3.8 \EncryptionInfo Stream
This section provides an example of an \EncryptionInfo stream (1) containing detailed information used to initialize the cryptography that is used to encrypt the \EncryptedPackage stream (1).
-
-
00001800: 03 00 02 00 24 00 00 00 A4 00 00 00 24 00 00 00 00001810: 00 00 00 00 0E 66 00 00 04 80 00 00 80 00 00 00 00001820: 18 00 00 00 E0 BC 3B 07 00 00 00 00 4D 00 69 00 00001830: 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 00001840: 45 00 6E 00 68 00 61 00 6E 00 63 00 65 00 64 00 00001850: 20 00 52 00 53 00 41 00 20 00 61 00 6E 00 64 00 00001860: 20 00 41 00 45 00 53 00 20 00 43 00 72 00 79 00 00001870: 70 00 74 00 6F 00 67 00 72 00 61 00 70 00 68 00 00001880: 69 00 63 00 20 00 50 00 72 00 6F 00 76 00 69 00 00001890: 64 00 65 00 72 00 20 00 28 00 50 00 72 00 6F 00 000018A0: 74 00 6F 00 74 00 79 00 70 00 65 00 29 00 00 00 000018B0: 10 00 00 00 92 25 50 F6 B6 4F FE 5B D3 96 DF 5E 000018C0: E9 17 DA 3A BF 86 E1 8F 64 9D 17 D0 A5 41 D9 45 000018D0: CE FD 96 0C 14 00 00 00 12 FF DC 88 A1 BD 26 23 000018E0: 59 32 27 1F 73 0B 8F 79 4E 45 DA B3 AB 08 04 F4 000018F0: 0B B9 50 46 D3 91 41 84
-
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
EncryptionVersionInfo.vMajor |
EncryptionVersionInfo.vMinor |
||||||||||||||||||||||||||||||
|
EncryptionHeader.Flags |
|||||||||||||||||||||||||||||||
|
EncryptionHeaderSize |
|||||||||||||||||||||||||||||||
|
EncryptionHeader |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
EncryptionVerifier |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
EncryptionVersionInfo.vMajor (2 bytes): 0x0003 specifies the major version.
EncryptionVersionInfo.vMinor (2 bytes): 0x0002 specifies the minor version.
EncryptionHeader.Flags (4 bytes): 0x00000024 specifies that the CryptoAPI implementation (0x0000004) of the ECMA-376 AES (0x00000020) algorithm [ECMA-376] was used to encrypt the file.
EncryptionHeaderSize (4 bytes): 0x000000A4 specifies the number of bytes used by the EncryptionHeader structure (section 2.3.2).
EncryptionHeader (variable): This field consists of the following:
Flags: 0x00000024 is a bit flag that specifies that the CryptoAPI implementation (0x0000004) of the ECMA-376 AES (0x00000020) algorithm [ECMA-376] was used to encrypt the file.
SizeExtra: 0x00000000 is unused.
AlgID: 0x0000660E specifies that the file is encrypted using the AES-128 encryption algorithm.
AlgIDHash: 0x00008004 specifies that the hashing algorithm used is SHA-1.
KeySize: 0x00000080 specifies that the key size is 128 bits.
ProviderType: 0x00000018 specifies that AES is the provider type.
Reserved1: 0x073BBCE0 is a reserved value.
Reserved2: 0x00000000 is a reserved value.
CSPName: "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" specifies the name of the cryptographic provider.
Example
-
24 00 00 00 00 00 00 00 0E 66 00 00 04 80 00 00 80 00 00 00 18 00 00 00 E0 BC 3B 07 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 45 00 6E 00 68 00 61 00 6E 00 63 00 65 00 64 00 20 00 52 00 53 00 41 00 20 00 61 00 6E 00 64 00 20 00 41 00 45 00 53 00 20 00 43 00 72 00 79 00 70 00 74 00 6F 00 67 00 72 00 61 00 70 00 68 00 69 00 63 00 20 00 50 00 72 00 6F 00 76 00 69 00 64 00 65 00 72 00 20 00 28 00 50 00 72 00 6F 00 74 00 6F 00 74 00 79 00 70 00 65 00 29 00 00 00
EncryptionVerifier (variable): This field consists of the following:
SaltSize: 0x00000010 specifies the number of bytes that make up the Salt field.
Salt: "92 25 50 F6 B6 4F FE 5B D3 96 DF 5E E9 17 DA 3A" specifies a randomly generated value used when generating the encryption key.
EncryptedVerifier: "BF 86 E1 8F 64 9D 17 D0 A5 41 D9 45 CE FD 96 0C" specifies the encrypted form of the verifier.
VerifierHashSize: 0x00000014 specifies the number of bytes needed to contain the hash of the verifier used to generate the EncryptedVerifier field.
EncryptedVerifierHash: "12 FF DC 88 A1 BD 26 23 59 32 27 1F 73 0B 8F 79 4E 45 DA B3 AB 08 04 F4 0B B9 50 46 D3 91 41 84" specifies the encrypted hash of the verifier used to generate the EncryptedVerifier field.
Example
-
92 25 50 F6 B6 4F FE 5B D3 96 DF 5E E9 17 DA 3A BF 86 E1 8F 64 9D 17 D0 A5 41 D9 45 CE FD 96 0C 14 00 00 00 12 FF DC 88 A1 BD 26 23 59 32 27 1F 73 0B 8F 79 4E 45 DA B3 AB 08 04 F4 0B B9 50 46 D3 91 41 84