Kryptel Storage

Kryptel FIPS 140-2 Storage

FIPS 140-2 -compliant storage is organized similarly to the standard Kryptel 6 storage with several differences, which reflect the fact that the storage handler uses Windows CAPI.

Container Header

Size Description
4 Container tag
2 Header size including header hash
2 Version of handler that created the container
2 Version of handler required to process the container
16 Storage Handler component ID (must be CID_FIPS140_STORAGE)
16 Agent component ID
16 Key ID
2 Size of reserved area (must be 0)
. . . Reserved area (not present in Kryptel 6 storage)
4 Size of agent data field (0 if no agent data)
6 Agent data address (points to directory if no agent data)
6 Size of the directory area
16 MD5 hash of the header

Key ID is always IDENT_PASSWORD.

The cipher is always CAPI-provided AES-256 with 128 bit block size. Passwords are processed to keys with CAPI-provided SHA-256. The standard Kryptel ZIP component is used for compressing data.

This storage handler does not compute agent data and directory HMACs, fully relying on the pre-open integrity check pass based on the container trailer. Key verification block is not maintained either: if directory verification passed, but LoadDirectory encountered an error, then the pasword is assumed to be wrong.

Directory Entry

Size Description
2 Object start tag
16 Object ID
6 Size of object's data block (0 if no data)
6 Size of uncompressed data block (present if data size > 0)
6 Address of data block (present if data size > 0)
16 Initialization vector (present if data size > 0)
16 Data block MD5 hash (present if data size > 0)
4 Size of object's attribute block (0 if no attributes)
. . . Attribute block
. . . [Optional directory entries for child objects]
2 Object end tag

The difference with the standard Kryptel 6 directory entry are a) the size of the initialization vector is fixed, and b) there is no recovery block size field.


The FIPS 140-2 -compliant storage has several limitations comparing to the standard Kryptel 6 storage.

  • The only key material supported is password.
  • No support for key verification, so it is not possible to tell if the given password fits. As a result, it is not possible to re-use cached passwords.
  • No support for data recovery, recovery blocks are not created.