public void PasswordEncryptionKey_DataStorePEK_W2019_Encrypt()
{
// Win 2019 RTM (Format is the same as WS 2016)
byte[] encryptedPEK = "030000000100000065DB55C82F7AB29C7FF2CC3518C0DC00433C80629D23D64420D9264BB2FE54288C3121B396CD4DC9BF094EDCBF559DAD3545C52399B883BD0F374EEAF3FA35C71C75DD1447FD0A59C81C60F6703F9B7000000000000000000000000000000000".HexToBinary();
byte[] bootKey = "f51aa1df3bb0175efbd6842bffba81c9".HexToBinary();
byte[] bootKey2 = "c965a6c04ac771ae10932f25efd8d85c".HexToBinary();
// Decrypt
var pek = new DataStoreSecretDecryptor(encryptedPEK, bootKey);
// Re-encrypt with a different boot key
byte[] encryptedPEK2 = pek.ToByteArray(bootKey2);
// Decrypt again with the new boot key
var pek2 = new DataStoreSecretDecryptor(encryptedPEK2, bootKey2);
// And re-encrypt with the original BootKey
byte[] encryptedPEK3 = pek2.ToByteArray(bootKey);
// Check if the newly encrypted PEK has the same length as the original one
Assert.AreEqual(encryptedPEK.Length, encryptedPEK3.Length);
}
public void PasswordEncryptionKey_DataStoreEncryptPEK_W2016()
{
// Win 2016 TP4+
byte[] encryptedPEK = "03000000010000008ACED06423573C329BECD77936128FD61FD3892FAC724D4D24B2F4A5DA48A72B5472BDCB7FB6EEFA4884CDC9B2D2A835931A3E67B434DC766051A28B73DE385285B19961E0DC0CF661BA0AC3B3DD185D00000000000000000000000000000000".HexToBinary();
byte[] bootKey = "c0f2efe014aeda56da739a22ae9e9893".HexToBinary();
byte[] bootKey2 = "abcdef0123456789abcdef0123456780".HexToBinary();
// Decrypt
var pek = new DataStoreSecretDecryptor(encryptedPEK, bootKey);
// Re-encrypt with a different boot key
byte[] encryptedPEK2 = pek.ToByteArray(bootKey2);
// And decrypt again with the new boot key
var pek2 = new DataStoreSecretDecryptor(encryptedPEK2, bootKey2);
// Check if the new PEK looks like the original one
Assert.AreEqual(pek.Version, pek2.Version);
Assert.AreEqual(pek.LastGenerated, pek2.LastGenerated);
Assert.AreEqual(pek.EncryptionType, pek2.EncryptionType);
Assert.AreEqual(pek.CurrentKeyIndex, pek2.CurrentKeyIndex);
Assert.AreEqual(pek.CurrentKey.ToHex(), pek2.CurrentKey.ToHex());
}
public void PasswordEncryptionKey_DataStoreEncryptPEK_W2k()
{
// Win 2000 - Win 2012 R2
byte[] encryptedPEK = "020000000100000042b1f49dbb723edff3b865a4d28e3afbf215961695225991e991d429a02ad382bd89214319f61e7eb4620e89b42ddba3d0de84c0603d6e34ae2fccf79eb9374a9a08d3b1".HexToBinary();
byte[] bootKey = "41e34661faa0d182182f6ddf0f0ca0d1".HexToBinary();
byte[] bootKey2 = "abcdef0123456789abcdef0123456780".HexToBinary();
// Decrypt
var pek = new DataStoreSecretDecryptor(encryptedPEK, bootKey);
// Re-encrypt with a different boot key
byte[] encryptedPEK2 = pek.ToByteArray(bootKey2);
// And decrypt again with the new boot key
var pek2 = new DataStoreSecretDecryptor(encryptedPEK2, bootKey2);
// Check if the new PEK looks like the original one
Assert.AreEqual(pek.Version, pek2.Version);
Assert.AreEqual(pek.LastGenerated, pek2.LastGenerated);
Assert.AreEqual(pek.EncryptionType, pek2.EncryptionType);
Assert.AreEqual(pek.CurrentKeyIndex, pek2.CurrentKeyIndex);
Assert.AreEqual(pek.CurrentKey.ToHex(), pek2.CurrentKey.ToHex());
}
