public void PasswordEncryptionKey_DataStorePEK_W2019_Encrypt() { // Win 2019 RTM (Format is the same as WS 2016) byte[] encryptedPEK = "030000000100000065DB55C82F7AB29C7FF2CC3518C0DC00433C80629D23D64420D9264BB2FE54288C3121B396CD4DC9BF094EDCBF559DAD3545C52399B883BD0F374EEAF3FA35C71C75DD1447FD0A59C81C60F6703F9B7000000000000000000000000000000000".HexToBinary(); byte[] bootKey = "f51aa1df3bb0175efbd6842bffba81c9".HexToBinary(); byte[] bootKey2 = "c965a6c04ac771ae10932f25efd8d85c".HexToBinary(); // Decrypt var pek = new DataStoreSecretDecryptor(encryptedPEK, bootKey); // Re-encrypt with a different boot key byte[] encryptedPEK2 = pek.ToByteArray(bootKey2); // Decrypt again with the new boot key var pek2 = new DataStoreSecretDecryptor(encryptedPEK2, bootKey2); // And re-encrypt with the original BootKey byte[] encryptedPEK3 = pek2.ToByteArray(bootKey); // Check if the newly encrypted PEK has the same length as the original one Assert.AreEqual(encryptedPEK.Length, encryptedPEK3.Length); }
public void PasswordEncryptionKey_DataStoreEncryptPEK_W2016() { // Win 2016 TP4+ byte[] encryptedPEK = "03000000010000008ACED06423573C329BECD77936128FD61FD3892FAC724D4D24B2F4A5DA48A72B5472BDCB7FB6EEFA4884CDC9B2D2A835931A3E67B434DC766051A28B73DE385285B19961E0DC0CF661BA0AC3B3DD185D00000000000000000000000000000000".HexToBinary(); byte[] bootKey = "c0f2efe014aeda56da739a22ae9e9893".HexToBinary(); byte[] bootKey2 = "abcdef0123456789abcdef0123456780".HexToBinary(); // Decrypt var pek = new DataStoreSecretDecryptor(encryptedPEK, bootKey); // Re-encrypt with a different boot key byte[] encryptedPEK2 = pek.ToByteArray(bootKey2); // And decrypt again with the new boot key var pek2 = new DataStoreSecretDecryptor(encryptedPEK2, bootKey2); // Check if the new PEK looks like the original one Assert.AreEqual(pek.Version, pek2.Version); Assert.AreEqual(pek.LastGenerated, pek2.LastGenerated); Assert.AreEqual(pek.EncryptionType, pek2.EncryptionType); Assert.AreEqual(pek.CurrentKeyIndex, pek2.CurrentKeyIndex); Assert.AreEqual(pek.CurrentKey.ToHex(), pek2.CurrentKey.ToHex()); }
public void PasswordEncryptionKey_DataStoreEncryptPEK_W2k() { // Win 2000 - Win 2012 R2 byte[] encryptedPEK = "020000000100000042b1f49dbb723edff3b865a4d28e3afbf215961695225991e991d429a02ad382bd89214319f61e7eb4620e89b42ddba3d0de84c0603d6e34ae2fccf79eb9374a9a08d3b1".HexToBinary(); byte[] bootKey = "41e34661faa0d182182f6ddf0f0ca0d1".HexToBinary(); byte[] bootKey2 = "abcdef0123456789abcdef0123456780".HexToBinary(); // Decrypt var pek = new DataStoreSecretDecryptor(encryptedPEK, bootKey); // Re-encrypt with a different boot key byte[] encryptedPEK2 = pek.ToByteArray(bootKey2); // And decrypt again with the new boot key var pek2 = new DataStoreSecretDecryptor(encryptedPEK2, bootKey2); // Check if the new PEK looks like the original one Assert.AreEqual(pek.Version, pek2.Version); Assert.AreEqual(pek.LastGenerated, pek2.LastGenerated); Assert.AreEqual(pek.EncryptionType, pek2.EncryptionType); Assert.AreEqual(pek.CurrentKeyIndex, pek2.CurrentKeyIndex); Assert.AreEqual(pek.CurrentKey.ToHex(), pek2.CurrentKey.ToHex()); }