Join Log in
Score:0
Victor avatar Crypto

Decrypt encryptedKey session key using - AES-128 - PKCS-1#rsaes-kem-kdf2-kw-aes128

cn flag
Victor

I have basic knowledge about how encryption algorithms work such as RSA, AES and so on. I have an XML response encrypted with both AES and RSA. I tried using OpenSSL to decrypt with several steps but am pretty sure am missing out or not getting the terminology right.

I did follow this step carefully https://security.stackexchange.com/questions/34589/how-to-you-manually-decrypt-a-soap-message-using-openssl

    <roap:protectedRO xmlns:roap="urn:oma:bac:dldrm:roap-1.0">
        <roap:ro id="a7b226f223a7b22757365724964223a2232313532333738222c226d65726368616e74223a2269726f6b6f222c2273657373696f6e4964223a2265794a68624763694f694a49557a49314e694973496e523563434936496b705856434a392e65794a6b5a585a7059325666615751694f694a6b51584d3163544a355a46647964794973496d5634634349364d5459794e7a55334d4467794d53776961574630496a6f784e6a49794d7a67324f4449784c434a7063334d694f694a70636d3972623352324c6d4e7662534973496d703061534936496c526a5556525163315661516c5a4d656d52546231465a51334661646a5979526a5a32656e6c77643235364969776963324e76634755694f694a7462324a70624755694c434a7a645749694f6a49784e54497a4e7a68392e426637695649416d69796d694f676e70774467336b3548356372624878615f476d586b53732d3537496845227d2c226964223a7b2274223a2261222c22614964223a2269726f6b6f74763a636f6e74656e743a39393439227d7d" stateful="true" version="1.1">
            <riID>
                <keyIdentifier xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xsi:type="roap:X509SPKIHash">
                    <hash>od6D5p9bah7N0kyo9JrscpOdK2I=</hash>
                </keyIdentifier>
            </riID>
            <rights xmlns:o-ex="http://odrl.net/1.1/ODRL-EX" o-ex:id="REL0">
                <o-ex:context>
                    <o-dd:version xmlns:o-dd="http://odrl.net/1.1/ODRL-DD">2.1</o-dd:version>
                    <o-dd:uid xmlns:o-dd="http://odrl.net/1.1/ODRL-DD">a7b226f223a7b22757365724964223a2232313532333738222c226d65726368616e74223a2269726f6b6f222c2273657373696f6e4964223a2265794a68624763694f694a49557a49314e694973496e523563434936496b705856434a392e65794a6b5a585a7059325666615751694f694a6b51584d3163544a355a46647964794973496d5634634349364d5459794e7a55334d4467794d53776961574630496a6f784e6a49794d7a67324f4449784c434a7063334d694f694a70636d3972623352324c6d4e7662534973496d703061534936496c526a5556525163315661516c5a4d656d52546231465a51334661646a5979526a5a32656e6c77643235364969776963324e76634755694f694a7462324a70624755694c434a7a645749694f6a49784e54497a4e7a68392e426637695649416d69796d694f676e70774467336b3548356372624878615f476d586b53732d3537496845227d2c226964223a7b2274223a2261222c22614964223a2269726f6b6f74763a636f6e74656e743a39393439227d7d</o-dd:uid>
                </o-ex:context>
                <o-ex:agreement>
                    <o-ex:asset o-ex:id="Audio-Video Key 44fdf37e4b4a4f0380ff5fd7eef1931e">
                        <o-ex:context>
                            <o-dd:uid xmlns:o-dd="http://odrl.net/1.1/ODRL-DD">irtv:content:9949</o-dd:uid>
                        </o-ex:context>
                        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                            <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"></xenc:EncryptionMethod>
                                <ds:KeyInfo>
                                    <ds:RetrievalMethod URI="#K_MAC_and_K_REK0"></ds:RetrievalMethod>
                                </ds:KeyInfo>
                                <xenc:CipherData>
                                    <xenc:CipherValue>JBg2eP8QUAVX8ZFPfwEccOlMRw7A9yPZ</xenc:CipherValue>
                                </xenc:CipherData>
                            </xenc:EncryptedKey>
                        </ds:KeyInfo>
                    </o-ex:asset>
                    <o-ex:permission>
                        <o-dd:play xmlns:o-dd="http://odrl.net/1.1/ODRL-DD">
                            <o-ex:constraint>
                                <o-dd:datetime>
                                    <o-dd:end>2021-07-03T17:01:54Z</o-dd:end>
                                </o-dd:datetime>
                                <o-dd:interval>P30D</o-dd:interval>
                                <oma-dd:system xmlns:oma-dd="http://www.openmobilealliance.com/oma-dd">
                                    <o-ex:context>
                                        <o-dd:uid>urn:oma:drms:org-cmla:std-def-analog-outputs</o-dd:uid>
                                    </o-ex:context>
                                    <o-ex:context>
                                        <o-dd:uid>urn:oma:drms:org-cmla:dtcp-ip</o-dd:uid>
                                    </o-ex:context>
                                    <o-ex:context>
                                        <o-dd:uid>urn:oma:drms:org-cmla:hdcp</o-dd:uid>
                                    </o-ex:context>
                                </oma-dd:system>
                            </o-ex:constraint>
                        </o-dd:play>
                    </o-ex:permission>
                </o-ex:agreement>
            </rights>
            <timeStamp>2021-06-03T17:01:53Z</timeStamp>
            <encKey Id="K_MAC_and_K_REK0">
                <xenc:EncryptionMethod xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Algorithm="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-1#rsaes-kem-kdf2-kw-aes128"></xenc:EncryptionMethod>
                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                    <roap:X509SPKIHash algorithm="http://www.w3.org/2000/09/xmldsig#sha1">
                        <hash>DEywldzT1VizGN50Qr0aY0bIq2I=</hash>
                    </roap:X509SPKIHash>
                </ds:KeyInfo>
                <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:CipherValue>qA0lFn4+c8a8s7gzcscwJSafHOsn3DdSTc+lCCCFI0PiuYmTrjyughZgpnbpT1c4aySC0tggm3doklx6pYZrJQCO5uiFiDHs6ILNAIYyrAnD02hWqq6MENMRRSX937p6XQMznUiOiKocRouGPZYrTVOEt1db3Jyo2L89/hAcJGDUxmAo1H0OThgJx+IKi8uS6BOHCB6ODrlW41XGr2mtxz1wbJovCskk6fe4OooHzp8TgVjJpp+6dsoae2pjSnIcBZTYAFiGyWKEtfMC2FgUzAb+eyqBniG95i8S2OQfruL3ZmNMb0GTVCWsUAXk41P3t0OfvPXRwRcCl3b1kCbpLuT0fikOg9zkF3Y4hlDL0OfHVJhkeNsdGZAKxFQ3EbOd8cQe/K2QqrY=</xenc:CipherValue>
                </xenc:CipherData>
            </encKey>
        </roap:ro>
        <mac>
            <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"></ds:SignatureMethod>
                <ds:Reference URI="#a7b226f223a7b22757365724964223a2232313532333738222c226d65726368616e74223a2269726f6b6f222c2273657373696f6e4964223a2265794a68624763694f694a49557a49314e694973496e523563434936496b705856434a392e65794a6b5a585a7059325666615751694f694a6b51584d3163544a355a46647964794973496d5634634349364d5459794e7a55334d4467794d53776961574630496a6f784e6a49794d7a67324f4449784c434a7063334d694f694a70636d3972623352324c6d4e7662534973496d703061534936496c526a5556525163315661516c5a4d656d52546231465a51334661646a5979526a5a32656e6c77643235364969776963324e76634755694f694a7462324a70624755694c434a7a645749694f6a49784e54497a4e7a68392e426637695649416d69796d694f676e70774467336b3548356372624878615f476d586b53732d3537496845227d2c226964223a7b2274223a2261222c22614964223a2269726f6b6f74763a636f6e74656e743a39393439227d7d">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
                    <ds:DigestValue>s3CI9fuxdHH5+SgrMVwz8308a6c=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">W05fEpR97uV4HPCh7J8FgArnL6g=</ds:SignatureValue>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:RetrievalMethod URI="#K_MAC_and_K_REK0"></ds:RetrievalMethod>
            </ds:KeyInfo>
        </mac>
    </roap:protectedRO>

The cenc:pssh derive from the Mpd

<WRMHEADER xmlns="http://schemas.microsoft.com/DRM/2007/03/PlayReadyHeader" version="4.0.0.0">
  <DATA>
    <PROTECTINFO>
      <KEYLEN>16</KEYLEN>
      <ALGID>AESCTR</ALGID>
    </PROTECTINFO>
    <KID>.....g+nAeyaw==</KID>
    <LA_URL>https://lic.drmtoday.com/license-proxy-headerauth/drmtoday/RightsManager.asmx</LA_URL>
    <LUI_URL>http://...com</LUI_URL>
    <CHECKSUM>....QzCsg=</CHECKSUM>
  </DATA>
</WRMHEADER>

So from my understanding, the body, EncKey Ciphervalue, has been encrypted in aes-128 Symmetric and then the session key that did this encryption has been encrypted with my either public key Asymmetric or Passphrase-based encryption. better explain https://www.ibm.com/docs/en/zos/2.1.0?topic=openpgp-understanding-session-keys-data-encryption

My question is how do I decrypt this manually?

I try the following with Openssl

  1. Copy Encrypted Session Key to a file and base64 decode it at the same time
echo JBg2eP8QUAVX8ZFPfwEccOlMRw7A9yPZ | openssl base64 -d
$↑6x ►P♣W±æO⌂☺∟pΘLG♫└≈#┘

echo JBg2eP8QUAVX8ZFPfwEccOlMRw7A9yPZ | openssl base64 -d > sessionkey.enc
  1. Decrypt session key using OpenSSL and my private key in pem format
openssl rsautl -decrypt -inkey private.pem -raw -in sessionkey.dec -out top_secret.txt

OutputTxt https://drive.google.com/drive/folders/13H0T7Ov6fQYwkcn9QfV76lF_XZmppvpE?usp=sharing The session key => EncryptedKey, is either not encrypted with my public key or uses Password Base Encryption

  1. I try using Openssl to decrypt with a passphrase but got a bad magic number
openssl enc -aes-128-ctr -d -in sessionkey.enc -out file.txt

Don't know the password got a bad magic number

https://drive.google.com/drive/folders/13H0T7Ov6fQYwkcn9QfV76lF_XZmppvpE?usp=sharing

48
0 + 0
rsa
aes
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.