none
[MS-PPSEC] - 2.2.2.3 YourGMC

    Question

  • Hi,

    wrt. to YourGMC key generation - [MS-PPSEC] doc says:

    2.2.2.3 YourGMC

    Encrypted GMC Data (variable): The Encrypted PKCS7 ASN encoded GMC chain [RFC2315]. The GMC data MUST be encrypted with the following steps:
    1. A Hash of the Group password MUST be generated using the SHA1 algorithm specified in [RFC3174].

    3.3.5.2.5 Receive Password Message

    A YourGMC message MUST be built and sent:
    The AES-256 key used to encrypt the GMC MUST be derived from the SHA-1 hash of the Password Hash String (including NULL-terminator). The details of the key generation are specified in section 2.2.2.3.

    Besides from the contradiction - 3.3.5.2.5 refers to the Password Hash String, 2.2.2.3 to the Group Password - none of both works for me.

    pF5f6jH3XA would be my password - what would be the key, and how to get there?

    So far I tried:

    derivekey(sha1(password_hash_string(pass))) - as mentioned in 3.3.5.2.5 - results in key

           0  1  2  3  4  5  6  7   8  9  A  B  C  D  E  F    01234567 89ABCDEF
    0000:  30-31 10-94 E4-0F 5D-43  24-7C 0F-67 26-14 29-6C   01....]C $|.g&.)l
    0010:  B0-46 BA-C6 B5-23 47-24  6B-AA E4-4F 46-A3 95-14   .F...#G$ k..OF...

    derivekey(sha1(pass)) - as mentioned in 2.2.2.3 - results in key

           0  1  2  3  4  5  6  7   8  9  A  B  C  D  E  F    01234567 89ABCDEF
    0000:  82-DD 7F-C4 61-0F 54-09  98-DE C5-4F 68-40 D6-D3   ....a.T. ...Oh@..
    0010:  B7-23 C4-C9 6C-7F 0D-69  AE-9C C0-E3 3D-21 AB-31   .#..l..i ....=!.1

    derivekey(password_data) - password_data as defined in 2.2.1.2 - results in key

           0  1  2  3  4  5  6  7   8  9  A  B  C  D  E  F    01234567 89ABCDEF
    0000:  82-DD 7F-C4 61-0F 54-09  98-DE C5-4F 68-40 D6-D3   ....a.T. ...Oh@..
    0010:  B7-23 C4-C9 6C-7F 0D-69  AE-9C C0-E3 3D-21 AB-31   .#..l..i ....=!.1

    derivekey(sha1(password_data)) - password_data as defined in 2.2.1.2 - results in key

           0  1  2  3  4  5  6  7   8  9  A  B  C  D  E  F    01234567 89ABCDEF
    0000:  7D-CC 7B-39 EA-8A DA-C5  2F-AB 22-34 EB-2E 9B-BA   }.{9.... /."4....
    0010:  E2-7E 64-E5 80-C9 BD-BA  39-14 D0-35 CB-BC 95-C3   .~d..... 9..5....

    as aes 256 cbc keys with zero iv without success.

    Thanks for your assistance.

    Thursday, January 17, 2013 10:30 AM

Answers

All replies