Structure of Silver Key 4 Parcel
Parcel Format
The format of Silver Key 4.x parcel is as follows:
[Pre-header data] Optional arbitrary data (decryptor stub, for example) [Parcel header] Always present [File area] A set of encrypted streams containing file data (optional) [Script area] Encrypted stream containing parcel script (always present) [Parcel trailer] Always present [Post-parcel data] Optional arbitrary data
Even if the parcel is empty, it contains a header, a script containing a null command (marking the end of the script), and a trailer.
This structure radically differs from the structure of pre-4.0 parcel, which stores commands and data as a single stream. The new Kryptel-like format allows one-pass parcel creation and partial decryption (Parcel Analyzer is the end-user partial decryption tool).
Parcel Header
Parcel header contains information about the key material, the components used for encryption, and other important data.
| Size | Description |
|---|---|
| 4 | Parcel tag (0x7A95FFEB) |
| 2 | Engine version used to create the parcel |
| 2 | Extractor version required |
| 16 | Engine GUID (11056249-400A-4461-BD5E-FE06113CA001) |
| 16 | Parcel GUID |
| 4 | Parcel flags |
| 16 | Cipher component ID |
| 20 | Cipher parameter block |
| 16 | Key ID |
| 4 | Number of key verification passes |
| HashSize | Key verification block |
| BlockSize | Cipher initialization vector (encrypt it to get the actual vector) |
| STR | Cipher name string |
| STR | Cipher scheme string |
| STR | Parcel title |
| --- Description (if SK_FLAG_SHOW_DESCRIPTION) --- | |
| 4 | Uncompressed description size (number of UTF-16 chars, no terminating zero) |
| 4 | Compressed description size (bytes) |
| . . . | Compressed description (UTF-16, no terminating zero) |
| --- Uninstaller (if SK_FLAG_UNINSTALLER) --- | |
| 4 | Uncompressed uninstaller size |
| 4 | Compressed uninstaller size |
| . . . | Compressed uninstaller |
| --- Localized strings (if SK_FLAG_LOCALIZED_STRINGS) --- | |
| 2 | Uncompressed size of string set |
| 2 | Compressed size of string set |
| . . . | Compressed string set |
STR represents a UTF-16 string; first word (2 bytes) contains the string length in characters. The string does not contain trailing zero. Each UNICODE character occupies 2 bytes.
Silver Key engine uses ZIP compressor. SHA-512 is used to produce the key and the HMACs so HashSize is always 64.
The first 44 bytes of header (from parcel tag to parcel flags, inclusively) have the same meaning for all Silver Key 4.0 and later engines.
Format of string set
| Size | Description |
|---|---|
| 2 | Language code |
| 1 | String 1 identifier |
| STR | String 1 |
| 1 | String 2 identifier |
| STR | String 2 |
| . . . | |
| 1 | String N identifier |
| STR | String N |
| 1 | Zero byte (PARCEL_STRING_TERMINATOR) |
If the extractor can't recognize a string identifier, the string should be quietly ignored. The list of the identifiers can be found in SilverKey.h
Key Usage Notes
Although cipher and HMAC (HMACs are computed for data areas, and are used for key verification) use the same key, they use it differently.
Cipher uses first no more than KeySize bytes of the key (padded with zeroes if necessary).
HMAC reverts and inverts the significant bytes of the key, pads with zeroes if necessary, and uses the first bytes of the result.
For example, in the default case of 256-bit AES and SHA-512, the cipher will use the first 256 bits of the SHA-512 password hash, and HMAC will use the whole reversed and inverted password hash. In most cases this method ensures that cipher and HMAC use completely different or at least weakly related keys.
In case of user-defined binary key (also known as 'raw binary key'), HMAC assumes its size is 512 bits and prepares (reverts and inverts) that portion. It is responsibility of the user to pad the key with zeros up to BINARY_KEY_SIZE.
Key Verification Note
The engine uses the same verification procedure as Kryptel 6 storage handler with one difference: it correctly hashes in the value of m_pKeyVerificator.
Note about parcel GUID
Time has shown that adding this field was a wrong idea. Although a unique parcel ID could be useful in some scenarios, a random 128-bit value can be used to store some 'backdoor' information, for example, a part of the key. In any case, it is not possible to avoid such a suspicion.
As a solution to this problem, the engine should not generate a unique GUID. This field may contain any value, but the value must remain the same for all parcels created by the given engine version/variation. This way it still can be used for trailer verification, but it is impossible to store any backdoor information there.
Parcel Trailer
| Size | Description |
|---|---|
| HashSize | HMAC of parcel header, starting from parcel tag |
| HashSize | HMAC of file area (computed on encrypted data) |
| HashSize | HMAC of script area (computed on encrypted data) |
| 4 | Parcel end tag (0xEBFF957A) |
| 16 | Parcel GUID |
| 8 | Offset to the file area, relative to header start |
| 8 | Offset to the script area, relative to header start |
| 8 | File position of the parcel ID tag; 0 if no stub |
| 16 | MD5 hash of the preceding area, starting from parcel ID tag |
The last 60 bytes of the trailer (starting with parcel end tag) must have the same meaning for all Silver Key 4.0 and later engines.
Note that the position of the parcel ID tag is just a hint, and may in fact point to a wrong place. This pointer is valid for newly created parcels, but after repacking it naturally gets out of sync as repacking does not modify the parcel trailer. The purpose of this field is to enable quick recognition with IsParcel function. If the parcel gets repacked, LocateParcel function is required to locate the parcel inside a file.
If the last 16 bytes of the file is not a valid MD5 signature, or if the header position offset does not point to a parcel ID tag, then the parcel may contain trailing data. In this case the decryptor should scan the file to locate 'parcel start' and 'parcel end' tags. After locating the parcel's header and trailer, the decryptor must compare the parcel GUID values to ensure that the trailer matches the header.
Script Area
Silver Key script area is a sequence of commands, encrypted to a standard compressed and encrypted stream.
The decryptor processes commands in the same order as they appear in the parcel - for example, in order to decrypt a file and create a shortcut to it, you must place first [COMMAND_FILE], and then [COMMAND_LINK].
The last command is always a null command, so the stream cannot be empty. Note that the terminating null command may be followed by a block of random obfuscation data, so the parser must stop processing and reset the cipher and the compressor as soon as it encounters the terminating null command.
Script Commands
Statistics
The primary purpose of this command is setting up a progress bar. It is highly recommended to place this command first to ensure that the decryptor's progress bar will not get out of sync.
| Size | Description |
|---|---|
| 4 | [COMMAND_PROGRESS] |
| 4 | Number of directories |
| 4 | Number of files in parcel |
| 8 | Total size of all files in the parcel (bytes) |
Comment
Shows the encrypted message stored in the file area. The stored comment does not include terminating zero.
| Size | Description |
|---|---|
| 4 | [COMMAND_COMMENT] |
| BlockSize | Cipher initialization vector |
| 8 | Comment position (offset from the header start) |
| 4 | Comment uncompressed size (number of UTF-16 chars) |
| 4 | Comment compressed size (bytes) |
Directory
Creates a directory.
| Size | Description |
|---|---|
| 4 | [COMMAND_DIRECTORY] |
| 4 | Target (value from TARGETS enumeration) |
| STR | Target-relative path |
File
Decrypts a file stored in the file area.
| Size | Description |
|---|---|
| 4 | [COMMAND_FILE] |
| BlockSize | Cipher initialization vector |
| 8 | File data position (offset from the header start) |
| 8 | File original uncompressed size |
| 8 | Size of the file's encrypted stream |
| 8 | File creation time (time_t value) |
| 4 | Target (value from TARGETS enumeration) |
| STR | Target-relative path |
Delete
Deletes a file system object (i.e. file or directory). See the Security Considerations chapter in the program's Help for a detailed discussion.
| Size | Description |
|---|---|
| 4 | [COMMAND_DELETE] |
| 4 | Target (value from TARGETS enumeration) |
| STR | Target-relative path |
Create Link
Creates a shortcut to a decrypted file system object.
| Size | Description |
|---|---|
| 4 | [COMMAND_LINK] |
| 4 | Shortcut's target (value from TARGETS enumeration) |
| 4 | File's target (value from TARGETS enumeration) |
| 4 | Icon's target (value from TARGETS enumeration) |
| STR | Shortcut target-relative path |
| STR | File target-relative path |
| STR | Icon target-relative path |
| STR | Command-line arguments |
| STR | Shortcut description string |
The shortcut path and the file path are mandatory arguments and cannot be empty. Other strings may be empty; if the icon path is empty, the icon target value is ignored.
Open
Opens a decrypted file system object in the associated application.
| Size | Description |
|---|---|
| 4 | [COMMAND_OPEN] |
| 4 | Open mode (value from SK_OPEN enumeration) |
| 4 | Target (value from TARGETS enumeration) |
| STR | Target-relative path |
Tag Values
PARCEL_TAG 0x7A95FFEB PARCEL_END_TAG 0xEBFF957A COMMAND_NULL 0x7A250000 COMMAND_PROGRESS 0x7A250001 COMMAND_COMMENT 0x7A250012 COMMAND_DIRECTORY 0x7A254FAE COMMAND_LINK 0x7A25BF00 COMMAND_FILE 0x7A25BFC0 COMMAND_DELETE 0x7A25C0BF COMMAND_OPEN 0x7A25F005