Kryptel FIPS 140-2 Storage
FIPS 140-2 -compliant storage is organized similarly to the standard Kryptel 6 storage with several differences, which reflect the fact that the storage handler uses Windows CAPI.
|2||Header size including header hash|
|2||Version of handler that created the container|
|2||Version of handler required to process the container|
|16||Storage Handler component ID (must be CID_FIPS140_STORAGE)|
|16||Agent component ID|
|2||Size of reserved area (must be 0)|
|. . .||Reserved area (not present in Kryptel 6 storage)|
|4||Size of agent data field (0 if no agent data)|
|6||Agent data address (points to directory if no agent data)|
|6||Size of the directory area|
|16||MD5 hash of the header|
Key ID is always IDENT_PASSWORD.
The cipher is always CAPI-provided AES-256 with 128 bit block size. Passwords are processed to keys with CAPI-provided SHA-256. The standard Kryptel ZIP component is used for compressing data.
This storage handler does not compute agent data and directory HMACs, fully relying on the pre-open integrity check pass based on the container trailer. Key verification block is not maintained either: if directory verification passed, but LoadDirectory encountered an error, then the pasword is assumed to be wrong.
|2||Object start tag|
|6||Size of object's data block (0 if no data)|
|6||Size of uncompressed data block (present if data size > 0)|
|6||Address of data block (present if data size > 0)|
|16||Initialization vector (present if data size > 0)|
|16||Data block MD5 hash (present if data size > 0)|
|4||Size of object's attribute block (0 if no attributes)|
|. . .||Attribute block|
|. . .||[Optional directory entries for child objects]|
|2||Object end tag|
The difference with the standard Kryptel 6 directory entry are a) the size of the initialization vector is fixed, and b) there is no recovery block size field.
The FIPS 140-2 -compliant storage has several limitations comparing to the standard Kryptel 6 storage.
- The only key material supported is password.
- No support for key verification, so it is not possible to tell if the given password fits. As a result, it is not possible to re-use cached passwords.
- No support for data recovery, recovery blocks are not created.