mercredi 24 décembre 2014

decrypt a soap message using openssl



I've tried to do the same as found in How to you manually decrypt a SOAP message using openssl?


Unfortunatly without success... Here is my situation : I'm trying to do the same stuff only my data is slightly different :



 <xenc:EncryptedKey xmlns:xenc="http://ift.tt/rAMjm9" Id="EK-a976c8a8-a6b7-4225-b6fc-e42390c62e5f">    
      <xenc:EncryptionMethod Algorithm="http://ift.tt/1cXABi4"/>    
      <ds:KeyInfo xmlns:ds="http://ift.tt/uq6naF">    
        <wsse:SecurityTokenReference xmlns:wsse="http://ift.tt/LRW8Ij">    
          <wsse:KeyIdentifier EncodingType="http://ift.tt/14yUvuM" ValueType="http://ift.tt/1gVkmjo">mtqvpfcMviptZakL3P7rflMzR3g=</wsse:KeyIdentifier>    
        </wsse:SecurityTokenReference>    
      </ds:KeyInfo>    
      <xenc:CipherData>    
        <xenc:CipherValue>YUv9YKmNg[...]2kyMZei4oYw=</xenc:CipherValue>    
      </xenc:CipherData>    
    </xenc:EncryptedKey>    
    <xenc:ReferenceList xmlns:xenc="http://ift.tt/rAMjm9">    
      <xenc:DataReference URI="#ED-7d85b663-7237-47f0-9637-0a2496cd8bb6"/>    
    </xenc:ReferenceList>    
    <xenc:EncryptedData xmlns:xenc="http://ift.tt/rAMjm9" Id="ED-7d85b663-7237-47f0-9637-0a2496cd8bb6" Type="http://ift.tt/PTz0lh">    
      <xenc:EncryptionMethod Algorithm="http://ift.tt/1uKTb7t"/>    
      <ds:KeyInfo xmlns:ds="http://ift.tt/uq6naF">    
        <wsse:SecurityTokenReference xmlns:wsse="http://ift.tt/LRW8Ij" xmlns:wsse11="http://ift.tt/1eWSHNW" wsse11:TokenType="http://ift.tt/1cXABia">    
          <wsse:Reference URI="#EK-a976c8a8-a6b7-4225-b6fc-e42390c62e5f"/>    
        </wsse:SecurityTokenReference>    
      </ds:KeyInfo>    
      <xenc:CipherData>    
        <xenc:CipherValue>1LzEGX0lc[...]tDFbIa0lXQ==</xenc:CipherValue>    
      </xenc:CipherData>    
    </xenc:EncryptedData>


This is part of a soap envelope sent from a client WebService to a SecurityTokenService. I expect this to contain a UsernameToken but I'd like to be sure and check the structure of the ciphered data.


First of all I was curious to see what was the value of "mtqvpfcMviptZakL3P7rflMzR3g=" in EncryptedKey/SecurityTokenReference/KeyIdentifier So I tried to follow the same procedure than @BazzaDP (in the refered post):




  1. decoding the base64 to a file


    echo "mtqvpfcMviptZakL3P7rflMzR3g=" | base64 -d -i > subjectKeyIdentifier.decoded




  2. decrypt the data with the private key of the STS :



    openssl rsautl -decrypt -in subjectKeyIdentifier.decoded -out subjectKeyIdentifier.decrypted  -inkey ../idpsts-pK.pem
    Enter pass phrase for ../idpsts-pK.pem:
    RSA operation error
    140242236282536:error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02:rsa_pk1.c:190:
    140242236282536:error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed:rsa_eay.c:616:


  3. considering the . I tried adding the -oaep padding parameter without success



    openssl rsautl -decrypt -in subjectKeyIdentifier.decoded -out subjectKeyIdentifier.decrypted -oaep -inkey ../idpsts-pK.pem


    Enter pass phrase for ../idpsts-pK.pem:

    RSA operation error
    140724669945512:error:0407A079:rsa routines:RSA_padding_check_PKCS1_OAEP:oaep decoding error:rsa_oaep.c:181:
    140724669945512:error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed:rsa_eay.c:616:


Giving up I tried to decrypt at least the EncryptedData/CipherData/CipherValue using the same procdure than @BazzaDP but it didn't work either.


Does somebody know what I'm doing wrong ? Thanks


===========EDIT : Dave Explains upper work is useless: trying to decrypt a hash =======


I generated some new exchanges of data with some fake certificates so I can exchange all my content for debbuging purpose.


Her is what I did. Actually the same as BazzaDP in the other post. Only for decrypting the SessionKey I added the "-oaep" 'padding' to the openssl command. Nevertheless I can't get through the process...



  1. Base64 decoding of the session key :



echo "Pfk3yVFoiGnO9DEWQzuDmB32dnZ1xSyVQnl9NK6I/Vfj5zhiEjFA1uHYFKrJr8w+BjLjtUg7q7mUzctycIdXZ/RNtegLa4tyIKouoyWp5zJaZuEbfqwCbjy0QDEjYto8RJmC3rjlhHPjYt1nY6f6OBdkXoa0P1kkAKMrwp2tAHw=" | base64 -i -d > key/key.bin


  1. decrypting the sessionkey :



openssl rsautl -decrypt -in key/key.bin -out key/key.dec -aoep -inkey idpsts-pK.pem


  1. Base64 decoding of the data :



echo "rnUUUmey/lFhxHHRJhVeJCrS3J3UPz12fZ7+selkTdVwYSjcZK+kIUFhypuWx4W900LBGuwQPVI8g/EwsXcUzb7wfMkYjx6dcQt0wmLJGbFs+wERjCR78qgVF0RB10SKZvmKT1Q5mM+9fJZU+o9tTkwdxvDkjio9I6GnqmoqPy62fl1J7GjqGlRiqSkJx/k+ERlCrJUcMCc0KplBHJXnyhaE90hHDXr1JL4o6+o0klmStW87aurpzuewK9VB6RhWU8grKrNunUvS9H5dxWyGSfHW0/fIth4v/hRwg0vWfFNcGYXBSzYaKd+fNmWfj4/pCDuuVQpn6i9zGe8kcNtNx2AG0MUGPUarn1WabQJyRy0d6/va2aySKjo2l8keluPKf6iS1rzD1s1wVGQi2PrRuA==" | base64 -d -i > data/data.enc


  1. Obtaining the sessionkey in hexadecimal :



xxd -p key/key.dec 
a8abcd783445c8db00d1ae8332439930ff1875700bec098fa3493439edad114a


  1. Obtaining the data as hexadecimal to extract the first 16 bits as the IV :



hexdump -C data/data.enc 
00000000  ae 75 14 52 67 b2 fe 51  61 c4 71 d1 26 15 5e 24  |.u.Rg..Qa.q.&.^$|
00000010  2a d2 dc 9d d4 3f 3d 76  7d 9e fe b1 e9 64 4d d5  |*....?=v}....dM.|
00000020  70 61 28 dc 64 af a4 21  41 61 ca 9b 96 c7 85 bd  |pa(.d..!Aa......|
00000030  d3 42 c1 1a ec 10 3d 52  3c 83 f1 30 b1 77 14 cd  |.B....=R|
00000090  11 19 42 ac 95 1c 30 27  34 2a 99 41 1c 95 e7 ca  |..B...0'4*.A....|
000000a0  16 84 f7 48 47 0d 7a f5  24 be 28 eb ea 34 92 59  |...HG.z.$.(..4.Y|
000000b0  92 b5 6f 3b 6a ea e9 ce  e7 b0 2b d5 41 e9 18 56  |..o;j.....+.A..V|
000000c0  53 c8 2b 2a b3 6e 9d 4b  d2 f4 7e 5d c5 6c 86 49  |S.+*.n.K..~].l.I|
000000d0  f1 d6 d3 f7 c8 b6 1e 2f  fe 14 70 83 4b d6 7c 53  |......./..p.K.|S|
000000e0  5c 19 85 c1 4b 36 1a 29  df 9f 36 65 9f 8f 8f e9  |\...K6.)..6e....|
000000f0  08 3b ae 55 0a 67 ea 2f  73 19 ef 24 70 db 4d c7  |.;.U.g./s..$p.M.|
00000100  60 06 d0 c5 06 3d 46 ab  9f 55 9a 6d 02 72 47 2d  |`....=F..U.m.rG-|
00000110  1d eb fb da d9 ac 92 2a  3a 36 97 c9 1e 96 e3 ca  |.......*:6......|
00000120  7f a8 92 d6 bc c3 d6 cd  70 54 64 22 d8 fa d1 b8  |........pTd"....|
00000130


  1. The unsuccessful atempt to decipher the data :



openssl enc -d -aes-256-cbc -in data/data.enc -K a8abcd783445c8db00d1ae8332439930ff1875700bec098fa3493439edad114a -iv ae75145267b2fe51 -out data/data.dec
bad decrypt
140050628507304:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:546:

The private key I used with the password : "idpsts"



-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI9VWjFBW8ySICAggA
MBQGCCqGSIb3DQMHBAjSv2ZsjvQ8bASCAoBNQwCaZu5/FuwxQlbkR3QGpCuf6orV
FMW6ZIS1l2ubHuHQOiBRFj1t85uUeDPKBIuZBCPg7J0P8RpHwg55VV4lIVHdiCcq
MY0QsOVkqibcnwhRzlNgy6kw0zVrdtXaklD4chmPrTOO7ngWUm1KPqmOafZheBfW
WE9ZlxbHjxszHQZ3ZFO/nuP09MdP0nO8cdzz/NXW8bdfnrfLUCxCbVnTdzbtZoBe
3CyIGPHpp4HsXrEMZikjHRGLjxt576KXUjY6RTkqZI0rn3PQkce1gs3BVWpuUmqe
4zesDl/uYfmfGKcsp7yK93SdRVGHjVDzVi9wk56KCKnVJAl/IZmeS+pF6YQxFhRE
mjUDELxk/YVjIDP6zbp3x9p5qYsei8lhOVJaIxeq6j3tDs9J4LP7yr7zDTjy1+Sq
pFJhPtgyvkBD6wO2Lr6R9L6ts4ALw64a8BzM97l5mb/IRpuo6KM+z3uTkQNOSpgP
4WMIjibJ0amAhDjcWIOT6qBirMFiw5njeg7G0VdpzQovwJJM1MOFrFpJVmGKBnjY
F5nLnH0fLmTFyiL46yjtg7YMnTi0ZBhcxdRa8SUZlSmeTC+KDDzKc0vwK0MUlV9O
gBdUyxC1zY6k33Pqe6pFEYBf5kieZviOZvGgkYtAIBtPEZ2iSS3SSjor9+ey0lox
GS8Oo+QCWreB/D9FcdQsYYB1ZS7PRYjvpsP5kSTXpQcx0ObvijlhzekqzEQHbqDP
z1O9xoKpIxNQOXPQMA15GwsyMENfzi9CL0+jHFkng1MRcFvJvGJpQw+THE8zVg88
LI2vBD6k9BDBPLD913sbkoRWSQsvA+tf3onGC3GPSpepp+dQdD69xT7n
-----END ENCRYPTED PRIVATE KEY-----



Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)