Kryptel FIPS 140-2 Storage
The purpose of this article is to provide information on Kryptel internal data formats for public scrutiny. At least a basic understanding of programming is required.
FIPS 140-2 -compliant storage is organized similarly to the standard Kryptel 6 storage with several differences, which reflect the fact that the storage handler uses Windows CAPI.
Container Header
| Size | Description |
|---|---|
| 4 | Container tag |
| 2 | Header size including header hash |
| 2 | Version of handler that created the container |
| 2 | Version of handler required to process the container |
| 16 | Storage Handler component ID (must be CID_FIPS140_STORAGE) |
| 16 | Agent component ID |
| 16 | Key ID |
| 2 | Size of reserved area (must be 0) |
| . . . | Reserved area (not present in Kryptel 6 storage) |
| 4 | Size of agent data field (0 if no agent data) |
| 6 | Agent data address (points to directory if no agent data) |
| 6 | Size of the directory area |
| 16 | MD5 hash of the header |
Key ID is always IDENT_PASSWORD.
The cipher is always CAPI-provided AES-256 with 128 bit block size. Passwords are processed to keys with CAPI-provided SHA-256. The standard Kryptel ZIP component is used for compressing data.
This storage handler does not compute agent data and directory HMACs, fully relying on the pre-open integrity check pass based on the container trailer. Key verification block is not maintained either: if directory verification passed, but LoadDirectory encountered an error, then the pasword is assumed to be wrong.
Directory Entry
| Size | Description |
|---|---|
| 2 | Object start tag |
| 16 | Object ID |
| 6 | Size of object's data block (0 if no data) |
| 6 | Size of uncompressed data block (present if data size > 0) |
| 6 | Address of data block (present if data size > 0) |
| 16 | Initialization vector (present if data size > 0) |
| 16 | Data block MD5 hash (present if data size > 0) |
| 4 | Size of object's attribute block (0 if no attributes) |
| . . . | Attribute block |
| . . . | [Optional directory entries for child objects] |
| 2 | Object end tag |
The difference with the standard Kryptel 6 directory entry are a) the size of the initialization vector is fixed, and b) there is no recovery block size field.
Limitations
The FIPS 140-2 -compliant storage has several limitations comparing to the standard Kryptel 6 storage.
- The only key material supported is password.
- No support for key verification, so it is not possible to tell if the given password fits. As a result, it is not possible to re-use cached passwords.
- No support for data recovery, recovery blocks are not created.