none
[MS-HGRP] 3.1.4.5.1 Encryption Key

    Question

  • Hi,

    [MS-HGRP] doc says,

    3.1.4.5.1 Encryption Key

    An encryption key is generated when a homegroup is created. A 256-bit AES key is formed by taking the SHA-256 hash of the PeerGroup name (GUID) and the homegroup password as the salt. AES is specified in [FIPS197] and SHA-256 is specified in [FIPS180-3] section 6.2.

    • Does GUID refer to the GUIDNAME from wsd?
    • Which format is used for the password - utf-16le,utf16-be,ascii,utf-8?
    • Which format is used for the PeerName - utf-16le,utf16-be,ascii,utf-8?
    • Does hashing include the terminating zeros?
    • Does hashing include the {} in case of the GUID?
    • Does salt refer to more than concat of both values?

    As an example

    • my group password is "pF5f6jH3XA",
    • the PeerName is "18c2b003d480ed7782a791fc0cc2be2131e71d6b.HomeGroupPeerGroupClassifier",
    • the GUID as advertised via wsd is "BCA79277-E6DC-4F07-B1CF-F00DB908632F"
    • what would be the proper key for aes-256?

    Thanks for your assistance

    Saturday, January 26, 2013 2:57 PM

Answers

  • This issue has been resolved. A future release of the document will add clarification.

    The 256-bit AES encryption key [FIPS197] is generated as follows:

    - Concatenate the homegroup GUID and the homegroup password.

    - Hash the result with the SHA-256 algorithm [FIPS180-3].

    Homegroup GUID is the salt. It the GUIDNAME in the wsd invitation.

    Homegroup GUID is encoded as a Unicode string in little-endian (UTF-16LE) and includes the null terminator character.

    Homegroup GUID is in curly-braced string representation e.g. "{F684B8A2-7F74-44AF-843A-56A8EE1BB2C2}"

    Homegroup password is encoded as UTF-16LE and includes the null terminator character.

    This is an example:

    HomeGroupGUID: "{F684B8A2-7F74-44AF-843A-56A8EE1BB2C2}"

    Password: "wq28i5hy6b"

    Encryption Key: 5d ab 8c c3  e8 3a f0 27 bb dc 3f 7e 8c ad 31 b2 cf 41 44 c8 19 61 69 f7 57 fd 88 b2 a5 df 23 7c

    Regards,

    Edgar

    Wednesday, February 06, 2013 5:00 PM
    Moderator

All replies

  • Hi msosilover, thank you for your question. A member of the protocol documentation team will respond to you soon.

    Josh Curry (jcurry) | Escalation Engineer | Open Specifications Support Team

    Saturday, January 26, 2013 7:14 PM
    Owner
  • Hi,

    I will investigate this and follow-up.

    Thanks,

    Edgar

    Monday, January 28, 2013 5:11 PM
    Moderator
  • This issue has been resolved. A future release of the document will add clarification.

    The 256-bit AES encryption key [FIPS197] is generated as follows:

    - Concatenate the homegroup GUID and the homegroup password.

    - Hash the result with the SHA-256 algorithm [FIPS180-3].

    Homegroup GUID is the salt. It the GUIDNAME in the wsd invitation.

    Homegroup GUID is encoded as a Unicode string in little-endian (UTF-16LE) and includes the null terminator character.

    Homegroup GUID is in curly-braced string representation e.g. "{F684B8A2-7F74-44AF-843A-56A8EE1BB2C2}"

    Homegroup password is encoded as UTF-16LE and includes the null terminator character.

    This is an example:

    HomeGroupGUID: "{F684B8A2-7F74-44AF-843A-56A8EE1BB2C2}"

    Password: "wq28i5hy6b"

    Encryption Key: 5d ab 8c c3  e8 3a f0 27 bb dc 3f 7e 8c ad 31 b2 cf 41 44 c8 19 61 69 f7 57 fd 88 b2 a5 df 23 7c

    Regards,

    Edgar

    Wednesday, February 06, 2013 5:00 PM
    Moderator