tag:blogger.com,1999:blog-9265269.post162016657512846460..comments2023-09-19T04:42:21.193-07:00Comments on xmldap: How-To Decrypt a CardSpace backup filecmorthttp://www.blogger.com/profile/07365195237862694751noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-9265269.post-26632055154127445982007-06-12T08:22:00.000-07:002007-06-12T08:22:00.000-07:00I found my issue. The password that is passed into...I found my issue. The password that is passed into the PKCS#5 key derivation must be UTF-16LE (Unicode), mine was not Unicode. Once I made that change to my code, everything worked fine. <BR/><BR/>Your source code was a great help. Thanks very much.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9265269.post-3234324463226405752007-06-11T12:49:00.000-07:002007-06-11T12:49:00.000-07:00Here's a link to the code:http://openinfocard.goog...Here's a link to the code:<BR/><BR/>http://openinfocard.googlecode.com/svn/trunk/src/org/xmldap/infocard/roaming/EncryptedStore.java<BR/><BR/>The encrypted store this generates might not work at the moment due to the namespaces being out of date. I've fixed this locally, but waiting on some merge issues to sort out. In the meantime if you fix the namespaces to the correct values in the Main method, than the sample encrypted store should work as well.<BR/><BR/>As far as why I added the IV to the ciphertext...I can only answer that this is what happens during the encrypt phase, so that's what's required to decrypt. In terms of reasoning, you'd likely want to check with the folks in Redmond; I assume its just used as entropy to confound bulk attacks against the cipher.<BR/><BR/>Let me know if you have any questions.cmorthttps://www.blogger.com/profile/07365195237862694751noreply@blogger.comtag:blogger.com,1999:blog-9265269.post-91992619767181127222007-06-11T12:24:00.000-07:002007-06-11T12:24:00.000-07:00Hello, I’ve tried following your instructions to d...Hello, <BR/><BR/>I’ve tried following your instructions to decrypt a card backup file, and I’m not having any success. All I get is “Random” data back from the decryption, which means I have done something wrong. <BR/><BR/>Can you explain why you have added the IV to the beginning of the Cipher text in step #6? (This doesn’t make any sense to me).<BR/><BR/>Also, you’ve mentioned to be careful of encodings, is there something specific I’m missing here that might be causing my trouble? <BR/><BR/>I’m using an XML reader to get the salt and ciphervalue from the XML file and base64 decoding both values. <BR/><BR/>I create my decryption key by using PKCS#5 with the salt value and my password, then further hash the derived key with the hard coded Encryption Key Salt. <BR/><BR/>Finally, I’m decrypting the (base64) decoded ciphertext buffer, starting at offset 48 using the first 16 bytes of the buffer as the IV, using AES –CBC. <BR/><BR/>No luck so far. Any thoughts on what has gone wrong? Or any chance we could see your sample code? <BR/><BR/>Thanks.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9265269.post-35535204826018029512007-06-11T12:23:00.000-07:002007-06-11T12:23:00.000-07:00Hello, I’ve tried following your instructions to d...Hello, <BR/><BR/>I’ve tried following your instructions to decrypt a card backup file, and I’m not having any success. All I get is “Random” data back from the decryption, which means I have done something wrong. <BR/><BR/>Can you explain why you have added the IV to the beginning of the Cipher text in step #6? (This doesn’t make any sense to me).<BR/><BR/>Also, you’ve mentioned to be careful of encodings, is there something specific I’m missing here that might be causing my trouble? <BR/><BR/>I’m using an XML reader to get the salt and ciphervalue from the XML file and base64 decoding both values. <BR/><BR/>I create my decryption key by using PKCS#5 with the salt value and my password, then further hash the derived key with the hard coded Encryption Key Salt. <BR/><BR/>Finally, I’m decrypting the (base64) decoded ciphertext buffer, starting at offset 48 using the first 16 bytes of the buffer as the IV, using AES –CBC. <BR/><BR/>No luck so far. Any thoughts on what has gone wrong? Or any chance we could see your sample code? <BR/><BR/>Thanks.Anonymousnoreply@blogger.com