I have not been able to find published test vectors for PBKDF2-HMAC-SHA-512. I've built a function that (finally!) reproduces the 7 HMAC-SHA-512 test vectors in RFC 4231, and the 32-byte test vectors for PBKDF2-HMAC-SHA-256 found in this thread.
Here is what it generates for PBKDF2-HMAC-SHA-512. Can anyone help me verify this output?
Thanks,
Fred
Input:
P = "password"
S = "salt"
c = 1
dkLen = 64
Output:
DK = 86 7f 70 cf 1a de 02 cf
f3 75 25 99 a3 a5 3d c4
af 34 c7 a6 69 81 5a e5
d5 13 55 4e 1c 8c f2 52
c0 2d 47 0a 28 5a 05 01
ba d9 99 bf e9 43 c0 8f
05 02 35 d7 d6 8b 1d a5
5e 63 f7 3b 60 a5 7f ce
Input:
P = "password"
S = "salt"
c = 2
dkLen = 64
Output:
DK = e1 d9 c1 6a a6 81 70 8a
45 f5 c7 c4 e2 15 ce b6
6e 01 1a 2e 9f 00 40 71
3f 18 ae fd b8 66 d5 3c
f7 6c ab 28 68 a3 9b 9f
78 40 ed ce 4f ef 5a 82
be 67 33 5c 77 a6 06 8e
04 11 27 54 f2 7c cf 4e
Input:
P = "password"
S = "salt"
c = 4096
dkLen = 64
Output:
DK = d1 97 b1 b3 3d b0 14 3e
01 8b 12 f3 d1 d1 47 9e
6c de bd cc 97 c5 c0 f8
7f 69 02 e0 72 f4 57 b5
14 3f 30 60 26 41 b3 d5
5c d3 35 98 8c b3 6b 84
37 60 60 ec d5 32 e0 39
b7 42 a2 39 43 4a f2 d5
Input:
P = "passwordPASSWORDpassword"
S = "saltSALTsaltSALTsaltSALTsaltSALTsalt"
c = 4096
dkLen = 64
Output:
DK = 8c 05 11 f4 c6 e5 97 c6
ac 63 15 d8 f0 36 2e 22
5f 3c 50 14 95 ba 23 b8
68 c0 05 17 4d c4 ee 71
11 5b 59 f9 e6 0c d9 53
2f a3 3e 0f 75 ae fe 30
22 5c 58 3a 18 6c d8 2b
d4 da ea 97 24 a3 d3 b8
I can also confirm the 4 test cases in the question generate valid results on implementations in my T-SQL, Python, with OpenSSL and PolarSSL libraries, and in a .NET library by #JimmiTh.
I'd like to add another set of PBKDF2-HMAC-SHA-512 test vectors for others to try on their own implementations - these are specifically designed to test various digest size and block size boundary conditions.
Character encoding is ASCII/UTF-8.
Tested against OpenSSL 1.0.1e on 64-bit Debian and 1.0.1f on 64-bit Windows with a 32-bit OpenSSL library called from C, Mitsuhiko's Python PBKDF2 implementation with warner's patch, my own SQL Server 2012 implementation, PolarSSL 1.2.9 and 1.3.4, #JimmiTh's .NET, and #TonPlomp's LabView implementation.
Note that previous differences between Python and T-SQL vs. OpenSSL were apparently due to a platform/version issue between Windows, MinGW, and OpenSSL. There is no difference between the implementations using MinGW 4.8.1 and OpenSSL 1.0.1f.
I recommend copy/pasting these into LibreOffice Calc or Excel and using =CONCATENATE to create a test script for yourself, or get the full original LibreOffice at Github.
The actual test vectors, minus Ext 10b and Trunc 10a and the last two 16M iteration vectors due to SO's 30,000 character limit:
'Password', 'Salt', Iterations, Outputbytes, ResultInHex, 'Notes'
'passDATAb00AB7YxDTT', 'saltKEYbcTcXHCBxtjD' 1 64 0xCBE6088AD4359AF42E603C2A33760EF9D4017A7B2AAD10AF46F992C660A0B461ECB0DC2A79C2570941BEA6A08D15D6887E79F32B132E1C134E9525EEDDD744FA 'AW 1a 1iter 64outBytes 19pw 19sa'
'passDATAb00AB7YxDTT', 'saltKEYbcTcXHCBxtjD' 100000 64 0xACCDCD8798AE5CD85804739015EF2A11E32591B7B7D16F76819B30B0D49D80E1ABEA6C9822B80A1FDFE421E26F5603ECA8A47A64C9A004FB5AF8229F762FF41F 'AW 1b 100000iter 64outBytes 19pw 19sa'
'passDATAb00AB7YxDTTl', 'saltKEYbcTcXHCBxtjD2' 1 64 0x8E5074A9513C1F1512C9B1DF1D8BFFA9D8B4EF9105DFC16681222839560FB63264BED6AABF761F180E912A66E0B53D65EC88F6A1519E14804EBA6DC9DF137007 'AW 2a 1iter 64outBytes 20pw 20sa'
'passDATAb00AB7YxDTTl', 'saltKEYbcTcXHCBxtjD2' 100000 64 0x594256B0BD4D6C9F21A87F7BA5772A791A10E6110694F44365CD94670E57F1AECD797EF1D1001938719044C7F018026697845EB9AD97D97DE36AB8786AAB5096 'AW 2b 100000iter 64outBytes 20pw 20sa'
'passDATAb00AB7YxDTTlR', 'saltKEYbcTcXHCBxtjD2P' 1 64 0xA6AC8C048A7DFD7B838DA88F22C3FAB5BFF15D7CB8D83A62C6721A8FAF6903EAB6152CB7421026E36F2FFEF661EB4384DC276495C71B5CAB72E1C1A38712E56B 'AW 3a 1iter 64outBytes 21pw 21sa'
'passDATAb00AB7YxDTTlR', 'saltKEYbcTcXHCBxtjD2P' 100000 64 0x94FFC2B1A390B7B8A9E6A44922C330DB2B193ADCF082EECD06057197F35931A9D0EC0EE5C660744B50B61F23119B847E658D179A914807F4B8AB8EB9505AF065 'AW 3b 100000iter 64outBytes 21pw 21sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE5', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJe' 1 64 0xE2CCC7827F1DD7C33041A98906A8FD7BAE1920A55FCB8F831683F14F1C3979351CB868717E5AB342D9A11ACF0B12D3283931D609B06602DA33F8377D1F1F9902 'AW 4a 1iter 64outBytes 63pw 63sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE5', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJe' 100000 64 0x07447401C85766E4AED583DE2E6BF5A675EABE4F3618281C95616F4FC1FDFE6ECBC1C3982789D4FD941D6584EF534A78BD37AE02555D9455E8F089FDB4DFB6BB 'AW 4b 100000iter 64outBytes 63pw 63sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJem' 1 64 0xB029A551117FF36977F283F579DC7065B352266EA243BDD3F920F24D4D141ED8B6E02D96E2D3BDFB76F8D77BA8F4BB548996AD85BB6F11D01A015CE518F9A717 'AW 5a 1iter 64outBytes 64pw 64sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJem' 100000 64 0x31F5CC83ED0E948C05A15735D818703AAA7BFF3F09F5169CAF5DBA6602A05A4D5CFF5553D42E82E40516D6DC157B8DAEAE61D3FEA456D964CB2F7F9A63BBBDB5 'AW 5b 100000iter 64outBytes 64pw 64sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57U', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemk' 1 64 0x28B8A9F644D6800612197BB74DF460272E2276DE8CC07AC4897AC24DBC6EB77499FCAF97415244D9A29DA83FC347D09A5DBCFD6BD63FF6E410803DCA8A900AB6 'AW 6a 1iter 64outBytes 65pw 65sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57U', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemk' 100000 64 0x056BC9072A356B7D4DA60DD66F5968C2CAA375C0220EDA6B47EF8E8D105ED68B44185FE9003FBBA49E2C84240C9E8FD3F5B2F4F6512FD936450253DB37D10028 'AW 6b 100000iter 64outBytes 65pw 65sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi0', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy' 1 64 0x16226C85E4F8D604573008BFE61C10B6947B53990450612DD4A3077F7DEE2116229E68EFD1DF6D73BD3C6D07567790EEA1E8B2AE9A1B046BE593847D9441A1B7 'AW 7a 1iter 64outBytes 127pw 127sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi0', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy' 100000 64 0x70CF39F14C4CAF3C81FA288FB46C1DB52D19F72722F7BC84F040676D3371C89C11C50F69BCFBC3ACB0AB9E92E4EF622727A916219554B2FA121BEDDA97FF3332 'AW 7b 100000iter 64outBytes 127pw 127sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi04', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy6' 1 64 0x880C58C316D3A5B9F05977AB9C60C10ABEEBFAD5CE89CAE62905C1C4F80A0A098D82F95321A6220F8AECCFB45CE6107140899E8D655306AE6396553E2851376C 'AW 8a 1iter 64outBytes 128pw 128sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi04', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy6' 100000 64 0x2668B71B3CA56136B5E87F30E098F6B4371CB5ED95537C7A073DAC30A2D5BE52756ADF5BB2F4320CB11C4E16B24965A9C790DEF0CBC62906920B4F2EB84D1D4A 'AW 8b 100000iter 64outBytes 128pw 128sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi04U', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy6P' 1 64 0x93B9BA8283CC17D50EF3B44820828A258A996DE258225D24FB59990A6D0DE82DFB3FE2AC201952100E4CC8F06D883A9131419C0F6F5A6ECB8EC821545F14ADF1 'AW 9a 1iter 64outBytes 129pw 129sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi04U', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy6P' 100000 64 0x2575B485AFDF37C260B8F3386D33A60ED929993C9D48AC516EC66B87E06BE54ADE7E7C8CB3417C81603B080A8EEFC56072811129737CED96236B9364E22CE3A5 'AW 9b 100000iter 64outBytes 129pw 129sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi04Uz3ebEAhzZ4ve1A2wg5CnLXdZC5Y7gwfVgbEgZSTmoYQSzC5OW4dfrjqiwApTACO6xoOL1AjWj6X6f6qFfF8TVmOzU9RhOd1N4QtzWI4fP6FYttNz5FuLdtYVXWVXH2Tf7I9fieMeWCHTMkM4VcmQyQHpbcP8MEb5f1g6Ckg5xk3HQr3wMBvQcOHpCPy1K8HCM7a5wkPDhgVA0BVmwNpsRIbDQZRtHK6dT6bGyalp6gbFZBuBHwD86gTzkrFY7HkOVrgc0gJcGJZe65Ce8v4Jn5OzkuVsiU8efm2Pw2RnbpWSAr7SkVdCwXK2XSJDQ5fZ4HBEz9VTFYrG23ELuLjvx5njOLNgDAJuf5JB2tn4nMjjcnl1e8qcYVwZqFzEv2zhLyDWMkV4tzl4asLnvyAxTBkxPRZj2pRABWwb3kEofpsHYxMTAn38YSpZreoXipZWBnu6HDURaruXaIPYFPYHl9Ls9wsuD7rzaGfbOyfVgLIGK5rODphwRA7lm88bGKY8b7tWOtepyEvaLxMI7GZF5ScwpZTYeEDNUKPzvM2Im9zehIaznpguNdNXNMLWnwPu4H6zEvajkw3G3ucSiXKmh6XNe3hkdSANm3vnxzRXm4fcuzAx68IElXE2bkGFElluDLo6EsUDWZ4JIWBVaDwYdJx8uCXbQdoifzCs5kuuClaDaDqIhb5hJ2WR8mxiueFsS0aDGdIYmye5svmNmzQxFmdOkHoF7CfwuU1yy4uEEt9vPSP2wFp1dyaMvJW68vtB4kddLmI6gIgVVcT6ZX1Qm6WsusPrdisPLB2ScodXojCbL3DLj6PKG8QDVMWTrL1TpafT2wslRledWIhsTlv2mI3C066WMcTSwKLXdEDhVvFJ6ShiLKSN7gnRrlE0BnAw', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy6PlBdILBOkKUB6TGTPJXh1tpdOHTG6KuIvcbQp9qWjaf1uxAKgiTtYRIHhxjJI2viVa6fDZ67QOouOaf2RXQhpsWaTtAVnff6PIFcvJhdPDFGV5nvmZWoCZQodj6yXRDHPw9PyF0iLYm9uFtEunlAAxGB5qqea4X5tZvB1OfLVwymY3a3JPjdxTdvHxCHbqqE0zip61JNqdmeWxGtlRBC6CGoCiHO4XxHCntQBRJDcG0zW7joTdgtTBarsQQhlLXBGMNBSNmmTbDf3hFtawUBCJH18IAiRMwyeQJbJ2bERsY3MVRPuYCf4Au7gN72iGh1lRktSQtEFye7pO46kMXRrEjHQWXInMzzy7X2StXUzHVTFF2VdOoKn0WUqFNvB6PF7qIsOlYKj57bi1Psa34s85WxMSbTkhrd7VHdHZkTVaWdraohXYOePdeEvIwObCGEXkETUzqM5P2yzoBOJSdjpIYaa8zzdLD3yrb1TwCZuJVxsrq0XXY6vErU4QntsW0972XmGNyumFNJiPm4ONKh1RLvS1kddY3nm8276S4TUuZfrRQO8QxZRNuSaZI8JRZp5VojB5DktuMxAQkqoPjQ5Vtb6oXeOyY591CB1MEW1fLTCs0NrL321SaNRMqza1ETogAxpEiYwZ6pIgnMmSqNMRdZnCqA4gMWw1lIVATWK83OCeicNRUNOdfzS7A8vbLcmvKPtpOFvhNzwrrUdkvuKvaYJviQgeR7snGetO9JLCwIlHIj52gMCNU18d32SJl7Xomtl3wIe02SMvq1i1BcaX7lXioqWGmgVqBWU3fsUuGwHi6RUKCCQdEOBfNo2WdpFaCflcgnn0O6jVHCqkv8cQk81AqS00rAmHGCNTwyA6Tq5TXoLlDnC8gAQjDUsZp0z' 1 64 0x384BCD6914407E40C295D1037CF4F990E8F0E720AF43CB706683177016D36D1A14B3A7CF22B5DF8D5D7D44D69610B64251ADE2E7AB54A3813A89935592E391BF 'AW 10a 1iter 64outBytes 1025pw 1025sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi04Uz3ebEAhzZ4ve1A2wg5CnLXdZC5Y7gwfVgbEgZSTmoYQSzC5OW4dfrjqiwApTACO6xoOL1AjWj6X6f6qFfF8TVmOzU9RhOd1N4QtzWI4fP6FYttNz5FuLdtYVXWVXH2Tf7I9fieMeWCHTMkM4VcmQyQHpbcP8MEb5f1g6Ckg5xk3HQr3wMBvQcOHpCPy1K8HCM7a5wkPDhgVA0BVmwNpsRIbDQZRtHK6dT6bGyalp6gbFZBuBHwD86gTzkrFY7HkOVrgc0gJcGJZe65Ce8v4Jn5OzkuVsiU8efm2Pw2RnbpWSAr7SkVdCwXK2XSJDQ5fZ4HBEz9VTFYrG23ELuLjvx5njOLNgDAJuf5JB2tn4nMjjcnl1e8qcYVwZqFzEv2zhLyDWMkV4tzl4asLnvyAxTBkxPRZj2pRABWwb3kEofpsHYxMTAn38YSpZreoXipZWBnu6HDURaruXaIPYFPYHl9Ls9wsuD7rzaGfbOyfVgLIGK5rODphwRA7lm88bGKY8b7tWOtepyEvaLxMI7GZF5ScwpZTYeEDNUKPzvM2Im9zehIaznpguNdNXNMLWnwPu4H6zEvajkw3G3ucSiXKmh6XNe3hkdSANm3vnxzRXm4fcuzAx68IElXE2bkGFElluDLo6EsUDWZ4JIWBVaDwYdJx8uCXbQdoifzCs5kuuClaDaDqIhb5hJ2WR8mxiueFsS0aDGdIYmye5svmNmzQxFmdOkHoF7CfwuU1yy4uEEt9vPSP2wFp1dyaMvJW68vtB4kddLmI6gIgVVcT6ZX1Qm6WsusPrdisPLB2ScodXojCbL3DLj6PKG8QDVMWTrL1TpafT2wslRledWIhsTlv2mI3C066WMcTSwKLXdEDhVvFJ6ShiLKSN7gnRrlE0BnAw', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy6PlBdILBOkKUB6TGTPJXh1tpdOHTG6KuIvcbQp9qWjaf1uxAKgiTtYRIHhxjJI2viVa6fDZ67QOouOaf2RXQhpsWaTtAVnff6PIFcvJhdPDFGV5nvmZWoCZQodj6yXRDHPw9PyF0iLYm9uFtEunlAAxGB5qqea4X5tZvB1OfLVwymY3a3JPjdxTdvHxCHbqqE0zip61JNqdmeWxGtlRBC6CGoCiHO4XxHCntQBRJDcG0zW7joTdgtTBarsQQhlLXBGMNBSNmmTbDf3hFtawUBCJH18IAiRMwyeQJbJ2bERsY3MVRPuYCf4Au7gN72iGh1lRktSQtEFye7pO46kMXRrEjHQWXInMzzy7X2StXUzHVTFF2VdOoKn0WUqFNvB6PF7qIsOlYKj57bi1Psa34s85WxMSbTkhrd7VHdHZkTVaWdraohXYOePdeEvIwObCGEXkETUzqM5P2yzoBOJSdjpIYaa8zzdLD3yrb1TwCZuJVxsrq0XXY6vErU4QntsW0972XmGNyumFNJiPm4ONKh1RLvS1kddY3nm8276S4TUuZfrRQO8QxZRNuSaZI8JRZp5VojB5DktuMxAQkqoPjQ5Vtb6oXeOyY591CB1MEW1fLTCs0NrL321SaNRMqza1ETogAxpEiYwZ6pIgnMmSqNMRdZnCqA4gMWw1lIVATWK83OCeicNRUNOdfzS7A8vbLcmvKPtpOFvhNzwrrUdkvuKvaYJviQgeR7snGetO9JLCwIlHIj52gMCNU18d32SJl7Xomtl3wIe02SMvq1i1BcaX7lXioqWGmgVqBWU3fsUuGwHi6RUKCCQdEOBfNo2WdpFaCflcgnn0O6jVHCqkv8cQk81AqS00rAmHGCNTwyA6Tq5TXoLlDnC8gAQjDUsZp0z' 100000 64 0xB8674F6C0CC9F8CF1F1874534FD5AF01FC1504D76C2BC2AA0A75FE4DD5DFD1DAF60EA7C85F122BCEEB8772659D601231607726998EAC3F6AAB72EFF7BA349F7F 'AW 10b 100000iter 64outBytes 1025pw 1025sa'
'passDATAb00AB7YxDTT', 'saltKEYbcTcXHCBxtjD' 1 63 0xCBE6088AD4359AF42E603C2A33760EF9D4017A7B2AAD10AF46F992C660A0B461ECB0DC2A79C2570941BEA6A08D15D6887E79F32B132E1C134E9525EEDDD744 'AW Trunc 1a 1iter 63outBytes 19pw 19sa'
'passDATAb00AB7YxDTT', 'saltKEYbcTcXHCBxtjD' 100000 63 0xACCDCD8798AE5CD85804739015EF2A11E32591B7B7D16F76819B30B0D49D80E1ABEA6C9822B80A1FDFE421E26F5603ECA8A47A64C9A004FB5AF8229F762FF4 'AW Trunc 1b 100000iter 63outBytes 19pw 19sa'
'passDATAb00AB7YxDTTl', 'saltKEYbcTcXHCBxtjD2' 1 63 0x8E5074A9513C1F1512C9B1DF1D8BFFA9D8B4EF9105DFC16681222839560FB63264BED6AABF761F180E912A66E0B53D65EC88F6A1519E14804EBA6DC9DF1370 'AW Trunc 2a 1iter 63outBytes 20pw 20sa'
'passDATAb00AB7YxDTTl', 'saltKEYbcTcXHCBxtjD2' 100000 63 0x594256B0BD4D6C9F21A87F7BA5772A791A10E6110694F44365CD94670E57F1AECD797EF1D1001938719044C7F018026697845EB9AD97D97DE36AB8786AAB50 'AW Trunc 2b 100000iter 63outBytes 20pw 20sa'
'passDATAb00AB7YxDTTlR', 'saltKEYbcTcXHCBxtjD2P' 1 63 0xA6AC8C048A7DFD7B838DA88F22C3FAB5BFF15D7CB8D83A62C6721A8FAF6903EAB6152CB7421026E36F2FFEF661EB4384DC276495C71B5CAB72E1C1A38712E5 'AW Trunc 3a 1iter 63outBytes 21pw 21sa'
'passDATAb00AB7YxDTTlR', 'saltKEYbcTcXHCBxtjD2P' 100000 63 0x94FFC2B1A390B7B8A9E6A44922C330DB2B193ADCF082EECD06057197F35931A9D0EC0EE5C660744B50B61F23119B847E658D179A914807F4B8AB8EB9505AF0 'AW Trunc 3b 100000iter 63outBytes 21pw 21sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE5', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJe' 1 63 0xE2CCC7827F1DD7C33041A98906A8FD7BAE1920A55FCB8F831683F14F1C3979351CB868717E5AB342D9A11ACF0B12D3283931D609B06602DA33F8377D1F1F99 'AW Trunc 4a 1iter 63outBytes 63pw 63sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE5', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJe' 100000 63 0x07447401C85766E4AED583DE2E6BF5A675EABE4F3618281C95616F4FC1FDFE6ECBC1C3982789D4FD941D6584EF534A78BD37AE02555D9455E8F089FDB4DFB6 'AW Trunc 4b 100000iter 63outBytes 63pw 63sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJem' 1 63 0xB029A551117FF36977F283F579DC7065B352266EA243BDD3F920F24D4D141ED8B6E02D96E2D3BDFB76F8D77BA8F4BB548996AD85BB6F11D01A015CE518F9A7 'AW Trunc 5a 1iter 63outBytes 64pw 64sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJem' 100000 63 0x31F5CC83ED0E948C05A15735D818703AAA7BFF3F09F5169CAF5DBA6602A05A4D5CFF5553D42E82E40516D6DC157B8DAEAE61D3FEA456D964CB2F7F9A63BBBD 'AW Trunc 5b 100000iter 63outBytes 64pw 64sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57U', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemk' 1 63 0x28B8A9F644D6800612197BB74DF460272E2276DE8CC07AC4897AC24DBC6EB77499FCAF97415244D9A29DA83FC347D09A5DBCFD6BD63FF6E410803DCA8A900A 'AW Trunc 6a 1iter 63outBytes 65pw 65sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57U', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemk' 100000 63 0x056BC9072A356B7D4DA60DD66F5968C2CAA375C0220EDA6B47EF8E8D105ED68B44185FE9003FBBA49E2C84240C9E8FD3F5B2F4F6512FD936450253DB37D100 'AW Trunc 6b 100000iter 63outBytes 65pw 65sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi0', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy' 1 63 0x16226C85E4F8D604573008BFE61C10B6947B53990450612DD4A3077F7DEE2116229E68EFD1DF6D73BD3C6D07567790EEA1E8B2AE9A1B046BE593847D9441A1 'AW Trunc 7a 1iter 63outBytes 127pw 127sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi0', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy' 100000 63 0x70CF39F14C4CAF3C81FA288FB46C1DB52D19F72722F7BC84F040676D3371C89C11C50F69BCFBC3ACB0AB9E92E4EF622727A916219554B2FA121BEDDA97FF33 'AW Trunc 7b 100000iter 63outBytes 127pw 127sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi04', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy6' 1 63 0x880C58C316D3A5B9F05977AB9C60C10ABEEBFAD5CE89CAE62905C1C4F80A0A098D82F95321A6220F8AECCFB45CE6107140899E8D655306AE6396553E285137 'AW Trunc 7a 1iter 63outBytes 128pw 128sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi04', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy6' 100000 63 0x2668B71B3CA56136B5E87F30E098F6B4371CB5ED95537C7A073DAC30A2D5BE52756ADF5BB2F4320CB11C4E16B24965A9C790DEF0CBC62906920B4F2EB84D1D 'AW Trunc 8b 100000iter 63outBytes 128pw 128sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi04U', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy6P' 1 63 0x93B9BA8283CC17D50EF3B44820828A258A996DE258225D24FB59990A6D0DE82DFB3FE2AC201952100E4CC8F06D883A9131419C0F6F5A6ECB8EC821545F14AD 'AW Trunc 9a 1iter 63outBytes 129pw 129sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi04U', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy6P' 100000 63 0x2575B485AFDF37C260B8F3386D33A60ED929993C9D48AC516EC66B87E06BE54ADE7E7C8CB3417C81603B080A8EEFC56072811129737CED96236B9364E22CE3 'AW Trunc 9b 100000iter 63outBytes 129pw 129sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi04Uz3ebEAhzZ4ve1A2wg5CnLXdZC5Y7gwfVgbEgZSTmoYQSzC5OW4dfrjqiwApTACO6xoOL1AjWj6X6f6qFfF8TVmOzU9RhOd1N4QtzWI4fP6FYttNz5FuLdtYVXWVXH2Tf7I9fieMeWCHTMkM4VcmQyQHpbcP8MEb5f1g6Ckg5xk3HQr3wMBvQcOHpCPy1K8HCM7a5wkPDhgVA0BVmwNpsRIbDQZRtHK6dT6bGyalp6gbFZBuBHwD86gTzkrFY7HkOVrgc0gJcGJZe65Ce8v4Jn5OzkuVsiU8efm2Pw2RnbpWSAr7SkVdCwXK2XSJDQ5fZ4HBEz9VTFYrG23ELuLjvx5njOLNgDAJuf5JB2tn4nMjjcnl1e8qcYVwZqFzEv2zhLyDWMkV4tzl4asLnvyAxTBkxPRZj2pRABWwb3kEofpsHYxMTAn38YSpZreoXipZWBnu6HDURaruXaIPYFPYHl9Ls9wsuD7rzaGfbOyfVgLIGK5rODphwRA7lm88bGKY8b7tWOtepyEvaLxMI7GZF5ScwpZTYeEDNUKPzvM2Im9zehIaznpguNdNXNMLWnwPu4H6zEvajkw3G3ucSiXKmh6XNe3hkdSANm3vnxzRXm4fcuzAx68IElXE2bkGFElluDLo6EsUDWZ4JIWBVaDwYdJx8uCXbQdoifzCs5kuuClaDaDqIhb5hJ2WR8mxiueFsS0aDGdIYmye5svmNmzQxFmdOkHoF7CfwuU1yy4uEEt9vPSP2wFp1dyaMvJW68vtB4kddLmI6gIgVVcT6ZX1Qm6WsusPrdisPLB2ScodXojCbL3DLj6PKG8QDVMWTrL1TpafT2wslRledWIhsTlv2mI3C066WMcTSwKLXdEDhVvFJ6ShiLKSN7gnRrlE0BnAw', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy6PlBdILBOkKUB6TGTPJXh1tpdOHTG6KuIvcbQp9qWjaf1uxAKgiTtYRIHhxjJI2viVa6fDZ67QOouOaf2RXQhpsWaTtAVnff6PIFcvJhdPDFGV5nvmZWoCZQodj6yXRDHPw9PyF0iLYm9uFtEunlAAxGB5qqea4X5tZvB1OfLVwymY3a3JPjdxTdvHxCHbqqE0zip61JNqdmeWxGtlRBC6CGoCiHO4XxHCntQBRJDcG0zW7joTdgtTBarsQQhlLXBGMNBSNmmTbDf3hFtawUBCJH18IAiRMwyeQJbJ2bERsY3MVRPuYCf4Au7gN72iGh1lRktSQtEFye7pO46kMXRrEjHQWXInMzzy7X2StXUzHVTFF2VdOoKn0WUqFNvB6PF7qIsOlYKj57bi1Psa34s85WxMSbTkhrd7VHdHZkTVaWdraohXYOePdeEvIwObCGEXkETUzqM5P2yzoBOJSdjpIYaa8zzdLD3yrb1TwCZuJVxsrq0XXY6vErU4QntsW0972XmGNyumFNJiPm4ONKh1RLvS1kddY3nm8276S4TUuZfrRQO8QxZRNuSaZI8JRZp5VojB5DktuMxAQkqoPjQ5Vtb6oXeOyY591CB1MEW1fLTCs0NrL321SaNRMqza1ETogAxpEiYwZ6pIgnMmSqNMRdZnCqA4gMWw1lIVATWK83OCeicNRUNOdfzS7A8vbLcmvKPtpOFvhNzwrrUdkvuKvaYJviQgeR7snGetO9JLCwIlHIj52gMCNU18d32SJl7Xomtl3wIe02SMvq1i1BcaX7lXioqWGmgVqBWU3fsUuGwHi6RUKCCQdEOBfNo2WdpFaCflcgnn0O6jVHCqkv8cQk81AqS00rAmHGCNTwyA6Tq5TXoLlDnC8gAQjDUsZp0z' 100000 63 0xB8674F6C0CC9F8CF1F1874534FD5AF01FC1504D76C2BC2AA0A75FE4DD5DFD1DAF60EA7C85F122BCEEB8772659D601231607726998EAC3F6AAB72EFF7BA349F 'AW Trunc 10b 100000iter 63outBytes 1025pw 1025sa'
'passDATAb00AB7YxDTT', 'saltKEYbcTcXHCBxtjD' 1 65 0xCBE6088AD4359AF42E603C2A33760EF9D4017A7B2AAD10AF46F992C660A0B461ECB0DC2A79C2570941BEA6A08D15D6887E79F32B132E1C134E9525EEDDD744FA88 'AW Ext 1a 1iter 65outBytes 19pw 19sa'
'passDATAb00AB7YxDTT', 'saltKEYbcTcXHCBxtjD' 100000 65 0xACCDCD8798AE5CD85804739015EF2A11E32591B7B7D16F76819B30B0D49D80E1ABEA6C9822B80A1FDFE421E26F5603ECA8A47A64C9A004FB5AF8229F762FF41F7C 'AW Ext 1b 100000iter 65outBytes 19pw 19sa'
'passDATAb00AB7YxDTTl', 'saltKEYbcTcXHCBxtjD2' 1 65 0x8E5074A9513C1F1512C9B1DF1D8BFFA9D8B4EF9105DFC16681222839560FB63264BED6AABF761F180E912A66E0B53D65EC88F6A1519E14804EBA6DC9DF1370070B 'AW Ext 2a 1iter 65outBytes 20pw 20sa'
'passDATAb00AB7YxDTTl', 'saltKEYbcTcXHCBxtjD2' 100000 65 0x594256B0BD4D6C9F21A87F7BA5772A791A10E6110694F44365CD94670E57F1AECD797EF1D1001938719044C7F018026697845EB9AD97D97DE36AB8786AAB5096E7 'AW Ext 2b 100000iter 65outBytes 20pw 20sa'
'passDATAb00AB7YxDTTlR', 'saltKEYbcTcXHCBxtjD2P' 1 65 0xA6AC8C048A7DFD7B838DA88F22C3FAB5BFF15D7CB8D83A62C6721A8FAF6903EAB6152CB7421026E36F2FFEF661EB4384DC276495C71B5CAB72E1C1A38712E56B93 'AW Ext 3a 1iter 65outBytes 21pw 21sa'
'passDATAb00AB7YxDTTlR', 'saltKEYbcTcXHCBxtjD2P' 100000 65 0x94FFC2B1A390B7B8A9E6A44922C330DB2B193ADCF082EECD06057197F35931A9D0EC0EE5C660744B50B61F23119B847E658D179A914807F4B8AB8EB9505AF06526 'AW Ext 3b 100000iter 65outBytes 21pw 21sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE5', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJe' 1 65 0xE2CCC7827F1DD7C33041A98906A8FD7BAE1920A55FCB8F831683F14F1C3979351CB868717E5AB342D9A11ACF0B12D3283931D609B06602DA33F8377D1F1F9902DA 'AW Ext 4a 1iter 65outBytes 63pw 63sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE5', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJe' 100000 65 0x07447401C85766E4AED583DE2E6BF5A675EABE4F3618281C95616F4FC1FDFE6ECBC1C3982789D4FD941D6584EF534A78BD37AE02555D9455E8F089FDB4DFB6BB30 'AW Ext 4b 100000iter 65outBytes 63pw 63sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJem' 1 65 0xB029A551117FF36977F283F579DC7065B352266EA243BDD3F920F24D4D141ED8B6E02D96E2D3BDFB76F8D77BA8F4BB548996AD85BB6F11D01A015CE518F9A71780 'AW Ext 5a 1iter 65outBytes 64pw 64sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJem' 100000 65 0x31F5CC83ED0E948C05A15735D818703AAA7BFF3F09F5169CAF5DBA6602A05A4D5CFF5553D42E82E40516D6DC157B8DAEAE61D3FEA456D964CB2F7F9A63BBBDB59F 'AW Ext 5b 100000iter 65outBytes 64pw 64sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57U', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemk' 1 65 0x28B8A9F644D6800612197BB74DF460272E2276DE8CC07AC4897AC24DBC6EB77499FCAF97415244D9A29DA83FC347D09A5DBCFD6BD63FF6E410803DCA8A900AB671 'AW Ext 6a 1iter 65outBytes 65pw 65sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57U', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemk' 100000 65 0x056BC9072A356B7D4DA60DD66F5968C2CAA375C0220EDA6B47EF8E8D105ED68B44185FE9003FBBA49E2C84240C9E8FD3F5B2F4F6512FD936450253DB37D1002889 'AW Ext 6b 100000iter 65outBytes 65pw 65sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi0', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy' 1 65 0x16226C85E4F8D604573008BFE61C10B6947B53990450612DD4A3077F7DEE2116229E68EFD1DF6D73BD3C6D07567790EEA1E8B2AE9A1B046BE593847D9441A1B766 'AW Ext 7a 1iter 65outBytes 127pw 127sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi0', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy' 100000 65 0x70CF39F14C4CAF3C81FA288FB46C1DB52D19F72722F7BC84F040676D3371C89C11C50F69BCFBC3ACB0AB9E92E4EF622727A916219554B2FA121BEDDA97FF3332EC 'AW Ext 7b 100000iter 65outBytes 127pw 127sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi04', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy6' 1 65 0x880C58C316D3A5B9F05977AB9C60C10ABEEBFAD5CE89CAE62905C1C4F80A0A098D82F95321A6220F8AECCFB45CE6107140899E8D655306AE6396553E2851376C57 'AW Ext 8a 1iter 65outBytes 128pw 128sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi04', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy6' 100000 65 0x2668B71B3CA56136B5E87F30E098F6B4371CB5ED95537C7A073DAC30A2D5BE52756ADF5BB2F4320CB11C4E16B24965A9C790DEF0CBC62906920B4F2EB84D1D4A30 'AW Ext 8b 100000iter 65outBytes 128pw 128sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi04U', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy6P' 1 65 0x93B9BA8283CC17D50EF3B44820828A258A996DE258225D24FB59990A6D0DE82DFB3FE2AC201952100E4CC8F06D883A9131419C0F6F5A6ECB8EC821545F14ADF199 'AW Ext 9a 1iter 65outBytes 129pw 129sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi04U', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy6P' 100000 65 0x2575B485AFDF37C260B8F3386D33A60ED929993C9D48AC516EC66B87E06BE54ADE7E7C8CB3417C81603B080A8EEFC56072811129737CED96236B9364E22CE3A542 'AW Ext 9b 100000iter 65outBytes 129pw 129sa'
'passDATAb00AB7YxDTTlRH2dqxDx19GDxDV1zFMz7E6QVqKIzwOtMnlxQLttpE57Un4u12D2YD7oOPpiEvCDYvntXEe4NNPLCnGGeJArbYDEu6xDoCfWH6kbuV6awi04Uz3ebEAhzZ4ve1A2wg5CnLXdZC5Y7gwfVgbEgZSTmoYQSzC5OW4dfrjqiwApTACO6xoOL1AjWj6X6f6qFfF8TVmOzU9RhOd1N4QtzWI4fP6FYttNz5FuLdtYVXWVXH2Tf7I9fieMeWCHTMkM4VcmQyQHpbcP8MEb5f1g6Ckg5xk3HQr3wMBvQcOHpCPy1K8HCM7a5wkPDhgVA0BVmwNpsRIbDQZRtHK6dT6bGyalp6gbFZBuBHwD86gTzkrFY7HkOVrgc0gJcGJZe65Ce8v4Jn5OzkuVsiU8efm2Pw2RnbpWSAr7SkVdCwXK2XSJDQ5fZ4HBEz9VTFYrG23ELuLjvx5njOLNgDAJuf5JB2tn4nMjjcnl1e8qcYVwZqFzEv2zhLyDWMkV4tzl4asLnvyAxTBkxPRZj2pRABWwb3kEofpsHYxMTAn38YSpZreoXipZWBnu6HDURaruXaIPYFPYHl9Ls9wsuD7rzaGfbOyfVgLIGK5rODphwRA7lm88bGKY8b7tWOtepyEvaLxMI7GZF5ScwpZTYeEDNUKPzvM2Im9zehIaznpguNdNXNMLWnwPu4H6zEvajkw3G3ucSiXKmh6XNe3hkdSANm3vnxzRXm4fcuzAx68IElXE2bkGFElluDLo6EsUDWZ4JIWBVaDwYdJx8uCXbQdoifzCs5kuuClaDaDqIhb5hJ2WR8mxiueFsS0aDGdIYmye5svmNmzQxFmdOkHoF7CfwuU1yy4uEEt9vPSP2wFp1dyaMvJW68vtB4kddLmI6gIgVVcT6ZX1Qm6WsusPrdisPLB2ScodXojCbL3DLj6PKG8QDVMWTrL1TpafT2wslRledWIhsTlv2mI3C066WMcTSwKLXdEDhVvFJ6ShiLKSN7gnRrlE0BnAw', 'saltKEYbcTcXHCBxtjD2PnBh44AIQ6XUOCESOhXpEp3HrcGMwbjzQKMSaf63IJemkURWoqHusIeVB8Il91NjiCGQacPUu9qTFaShLbKG0Yj4RCMV56WPj7E14EMpbxy6PlBdILBOkKUB6TGTPJXh1tpdOHTG6KuIvcbQp9qWjaf1uxAKgiTtYRIHhxjJI2viVa6fDZ67QOouOaf2RXQhpsWaTtAVnff6PIFcvJhdPDFGV5nvmZWoCZQodj6yXRDHPw9PyF0iLYm9uFtEunlAAxGB5qqea4X5tZvB1OfLVwymY3a3JPjdxTdvHxCHbqqE0zip61JNqdmeWxGtlRBC6CGoCiHO4XxHCntQBRJDcG0zW7joTdgtTBarsQQhlLXBGMNBSNmmTbDf3hFtawUBCJH18IAiRMwyeQJbJ2bERsY3MVRPuYCf4Au7gN72iGh1lRktSQtEFye7pO46kMXRrEjHQWXInMzzy7X2StXUzHVTFF2VdOoKn0WUqFNvB6PF7qIsOlYKj57bi1Psa34s85WxMSbTkhrd7VHdHZkTVaWdraohXYOePdeEvIwObCGEXkETUzqM5P2yzoBOJSdjpIYaa8zzdLD3yrb1TwCZuJVxsrq0XXY6vErU4QntsW0972XmGNyumFNJiPm4ONKh1RLvS1kddY3nm8276S4TUuZfrRQO8QxZRNuSaZI8JRZp5VojB5DktuMxAQkqoPjQ5Vtb6oXeOyY591CB1MEW1fLTCs0NrL321SaNRMqza1ETogAxpEiYwZ6pIgnMmSqNMRdZnCqA4gMWw1lIVATWK83OCeicNRUNOdfzS7A8vbLcmvKPtpOFvhNzwrrUdkvuKvaYJviQgeR7snGetO9JLCwIlHIj52gMCNU18d32SJl7Xomtl3wIe02SMvq1i1BcaX7lXioqWGmgVqBWU3fsUuGwHi6RUKCCQdEOBfNo2WdpFaCflcgnn0O6jVHCqkv8cQk81AqS00rAmHGCNTwyA6Tq5TXoLlDnC8gAQjDUsZp0z' 1 65 0x384BCD6914407E40C295D1037CF4F990E8F0E720AF43CB706683177016D36D1A14B3A7CF22B5DF8D5D7D44D69610B64251ADE2E7AB54A3813A89935592E391BF91 'AW Ext 10a 1iter 65outBytes 1025pw 1025sa'
'passDATA', 'saltKEYbc' 16777216 7 0xAB96C76400D08B 'AW Spl 1 16777216iter 7outBytes 8pw 9sa'
'passDATAb00AB', 'saltKEYbcTcX' 2097152 481 0xC8CB4B4B498B32CDE191159866A8E86B4C9D84EF1D0A37CF7B9BDC7872EDD5F02242AA7D83172C778EF64C788D622ACBCD4317C4B63A2EDE184CB2A5F6B94815C395CC822D68C637ADB0E928C9692D32D6B66B3825CDB6AC9B57D9D15BCA72CC32773CA45350BB460F83172B75EDD418E2C39DF437FFFDDEF6FF5E83AFC2974E5B391303C80B73DA815E979118FB41ACC3E2019DB30C14650DC7E75D67A048541563A3ECA996CF15F9B3DD7C768B45613078CF772292F092CCFEC10F027669D60EDF56A383894F0EFD7DDC3551E1C6AA366F7EFB39981BF0BDF7894A83D051E900AF2FB81CA990F52EE613A5C2D28D28683E331F50BD10B6F8AF12705E505BCA3BB0D3869246863387DD385748718B3AAA51BA12BB067F1ABD6B8F2E0DECDA0A6693D1331349470E78212B2B4700709BC22C86AE7ADAB9C74635BC0E40A18BE604B8BE7ED1E0419258BB0C38D27264783FE2A915CD63C7CBB6C2D937803D86FFE9DC58132F2AF7642C782AF6A0D50AB47622A73EF16618E15B5CE8EEE9F5A1A477A02ADB5E95638792811013A9A8ACC9F618C4726DC26E67C1DDCE6E1E90594C94D4DE8FD8D89400AB3E8138089B4CD5893BD66691708D1C27FF7E69F12D1A15983352933DE1583A2127DC8B62E345C0B1CD14F9F7BC85FFBCEB40E80E84E8E8C0 'AW Spl 2 2097152iter 481outBytes 13pw 12sa'
I was able to verify all results against one I created
With another run to verify my own results, I verified P = "password" S = "salt" c = 4096 dkLen = 64 with a BouncyCastle implementation that was copy/pasted from SO
Thank you so much for posting test vectors. I hope more people will verify
You're all mad!
The supplied test data doesn't specify the PRF! If you look at the RFC2898 specification here: http://www.ietf.org/rfc/rfc2898.txt you will notice that it shows you how to implement PBKDF2 using a Pseudo Random Function (PRF) but it doesn't tell you what to use as your PRF!
Now to simply say I will use HMACSHA512 as my PRF and therefore my output will be the same as everyone else who uses HMACSHA512 is wrong! If you look at how HMACSHA works, you will note it takes a key. Now the PBKDF2 spec DOES NOT tell you how you should use HMACSHA512. So, for example, I use the password as the key for the HMACSHA512 hashing object I create, and then I do all my hashing using that created object. However someone else might come along and do something different (yet completely legitimate) and say ok, well I will change the HMACSHA key after every hash pass, such that the HMACSHA key is now the value of the last hash.
Also, you can do things like concat Salt + Password instead of Password + Salt and this will also vary your output. The PBKDF2 spec DOES NOT tell you what order you should concatenate your password and salt or when/how you should set the HMACSHA key and this is up to you to implement. So I don't know what standard you are all trying to match your output too.......but essentially all you are doing is making all your frameworks susceptible to attacks by a COMMON RAINBOW TABLE as having output all the same means I can make one table that can be used on everyone achieving the same output....
This be mine https://github.com/Thashiznets/PWDTK.NET in case you wondering what my interest is in this :)
Related
I've received the following DATA frame from https://example.com (is contains the HTML file).
Stream: DATA, Stream ID: 1, Length 606
Length: 606
Type: DATA (0)
Flags: 0x01
.... ...1 = End Stream: True
.... 0... = Padded: False
0000 .00. = Unused: 0x00
0... .... .... .... .... .... .... .... = Reserved: 0x0
.000 0000 0000 0000 0000 0000 0000 0001 = Stream Identifier: 1
[Pad Length: 0]
Reassembled body in frame: 37
Data: 1f8b08003b81055200038d5441afd3300cbeef5798720169…
My understanding is that this data is gzipped. When I save the decrypted data to a file and give it a .gz extension and attempt to extract it with 7-Zip I get an error though. It can open the archive, see that there is a single file in there, but when I try to read it or extract it I just get an error.
This is a hex dump of the decrypted data.
0000 1f 8b 08 00 3b 81 05 52 00 03 8d 54 41 af d3 30
0010 0c be ef 57 98 72 01 69 5d f7 80 07 53 d7 56 20
0020 40 e2 02 1c e0 c2 31 6b dc d5 5a 93 94 24 ed 36
0030 a1 f7 df 71 db bd ae e5 ed 40 2b b5 8e 1d 7f fe
0040 6c c7 49 9e 49 93 fb 73 8d 50 7a 55 65 8b e4 f1
0050 87 42 66 0b e0 27 f1 e4 2b cc 3e 9f 84 aa 2b 84
0060 4f 46 09 d2 49 34 68 17 c3 16 85 5e 40 5e 0a eb
0070 d0 a7 41 e3 8b 70 13 40 94 4d 8c a5 f7 75 88 bf
0080 1b 6a d3 e0 a3 d1 1e b5 0f bb b0 01 e4 c3 2a 0d
0090 3c 9e 7c d4 85 df 8e 50 b7 90 b4 50 98 06 2d e1
00a0 b1 36 d6 4f fc 8f 24 7d 99 4a 6c 29 c7 b0 5f 2c
00b0 81 34 79 12 55 e8 72 51 61 7a 77 85 72 fe cc c9
00c0 74 0c 2e 81 73 e7 82 c1 b6 33 f2 0c 7f 7a b1 5f
00d0 8a fc b0 b7 a6 d1 32 cc 4d 65 6c 0c cf 8b 35 bf
00e0 af b6 e3 16 25 ec 9e 74 0c eb ab aa 16 52 92 de
00f0 cf 74 05 33 0d 0b a1 a8 3a c7 10 7c af 51 c3 0f
0100 a1 5d b0 84 e0 0b 56 2d 7a ca 05 7c c3 06 59 33
0110 2a 96 f0 c1 72 06 4b 70 bc 35 74 68 a9 b8 22 f6
0120 c2 43 ff 95 d4 4e 48 f7 e9 c7 f0 76 bd ae 4f 4f
0130 79 de a3 02 d1 78 73 83 ee fd cc e1 56 ee c5 24
0140 fe ce 58 89 36 b4 42 52 e3 62 b8 43 b5 9d 50 12
0150 71 45 fa b0 e4 7f 4b 8e 3c ca 09 c1 47 b8 d7 9b
0160 37 9b cd 04 b1 eb 45 28 31 37 56 78 32 cc 55 1b
0170 8d 53 d0 f7 0a 25 09 78 a1 c4 29 bc 64 f9 ae cb
0180 f2 e5 b4 65 f3 0e fe 4f 26 0f a3 34 2f e4 a4 98
0190 f3 8a cd fa 7e c3 f6 4f 69 d6 73 eb 58 ef b1 64
01a0 57 12 c3 37 89 fa 23 9a 75 f2 22 89 86 79 5c 24
01b0 5d 6a 3c 9e 4c f2 72 90 cb bb 27 a3 c9 aa c1 56
01c0 67 3f 4b 72 20 7b 3d b0 84 ce 8b 5d 45 ae e4 5e
01d0 78 03 3b 84 c6 b1 58 18 0b 54 55 8d f3 5d d5 5b
01e0 04 1c 10 1d cf 0f 7b e7 8d e2 01 73 2b f8 65 1a
01f0 ce f9 dc 39 81 67 e4 e1 e0 5d d0 f5 d5 eb 48 be
0200 34 8d 87 da 12 23 e7 86 4b 41 ba ef 27 f0 5a b8
0210 03 a7 de 07 ad d1 2a 72 8e 0d ab 24 aa 47 d6 09
0220 df 17 16 8b 34 e8 6e 8d 38 8a 8e c7 e3 8a 84 16
0230 2b 63 f7 d1 10 cf 45 97 68 41 f6 d5 58 e4 f0 8c
0240 a7 fa 18 ab 15 83 89 ac 07 4c a2 be 52 49 74 a9
0250 5b 34 5c 6f 7f 01 08 95 aa 8b f6 04 00 00
How do I decompress this data?
Looks right to me. I suspect this is a problem with however you have extracted the DATA Frame, or 7Zip (don't have that on my machine).
Running the following in GitBash in Windows downloads the gzipped file (which might be over HTTP/1.1 probably depending on the version of curl you have installed, but ignore that for now, because I don't think this is an HTTP/2 problem):
$ curl --raw --compress https://example.com > /tmp/index.html.gz
At this point you can look at the raw hex (using xxd /tmp/index.html.gz for example) and see it's the exact same as what you've posted:
00000000: 1f8b 0800 3b81 0552 0003 8d54 41af d330 ....;..R...TA..0
00000010: 0cbe ef57 9872 0169 5df7 8007 53d7 5620 ...W.r.i]...S.V
00000020: 40e2 021c e0c2 316b dcd5 5a93 9424 ed36 #.....1k..Z..$.6
00000030: a1f7 df71 dbbd aee5 ed40 2bb5 8e1d 7ffe ...q.....#+.....
00000040: 6cc7 499e 4993 fb73 8d50 7a55 658b e4f1 l.I.I..s.PzUe...
00000050: 8742 660b e027 f1e4 2bcc 3e9f 84aa 2b84 .Bf..'..+.>...+.
00000060: 4f46 09d2 4934 6817 c316 855e 405e 0aeb OF..I4h....^#^..
00000070: d0a7 41e3 8b70 1340 944d 8ca5 f775 88bf ..A..p.#.M...u..
00000080: 1b6a d3e0 a3d1 1eb5 0fbb b001 e4c3 2a0d .j............*.
00000090: 3c9e 7cd4 85df 8e50 b790 b450 9806 2de1 <.|....P...P..-.
000000a0: b136 d64f fc8f 247d 994a 6c29 c7b0 5f2c .6.O..$}.Jl).._,
000000b0: 8134 7912 55e8 7251 617a 7785 72fe ccc9 .4y.U.rQazw.r...
000000c0: 740c 2e81 73e7 82c1 b633 f20c 7f7a b15f t...s....3...z._
000000d0: 8afc b0b7 a6d1 32cc 4d65 6c0c cf8b 35bf ......2.Mel...5.
000000e0: afb6 e316 25ec 9e74 0ceb abaa 1652 92de ....%..t.....R..
000000f0: cf74 0533 0d0b a1a8 3ac7 107c af51 c30f .t.3....:..|.Q..
00000100: a15d b084 e00b 562d 7aca 057c c306 5933 .]....V-z..|..Y3
00000110: 2a96 f0c1 7206 4b70 bc35 7468 a9b8 22f6 *...r.Kp.5th..".
00000120: c243 ff95 d44e 48f7 e9c7 f076 bdae 4f4f .C...NH....v..OO
00000130: 79de a302 d178 7383 eefd cce1 56ee c524 y....xs.....V..$
00000140: fece 5889 36b4 4252 e362 b843 b59d 5012 ..X.6.BR.b.C..P.
00000150: 7145 fab0 e47f 4b8e 3cca 09c1 47b8 d79b qE....K.<...G...
00000160: 379b cd04 b1eb 4528 3137 5678 32cc 551b 7.....E(17Vx2.U.
00000170: 8d53 d0f7 0a25 0978 a1c4 29bc 64f9 aecb .S...%.x..).d...
00000180: f2e5 b465 f30e fe4f 260f a334 2fe4 a498 ...e...O&..4/...
00000190: f38a cdfa 7ec3 f64f 69d6 73eb 58ef b164 ....~..Oi.s.X..d
000001a0: 5712 c337 89fa 239a 75f2 2289 8679 5c24 W..7..#.u."..y\$
000001b0: 5d6a 3c9e 4cf2 7290 cbbb 27a3 c9aa c156 ]j<.L.r...'....V
000001c0: 673f 4b72 207b 3db0 84ce 8b5d 45ae e45e g?Kr {=....]E..^
000001d0: 7803 3b84 c6b1 5818 0b54 558d f35d d55b x.;...X..TU..].[
000001e0: 041c 101d cf0f 7be7 8de2 0173 2bf8 651a ......{....s+.e.
000001f0: cef9 dc39 8167 e4e1 e05d d0f5 d5eb 48be ...9.g...]....H.
00000200: 348d 87da 1223 e786 4b41 baef 27f0 5ab8 4....#..KA..'.Z.
00000210: 03a7 de07 add1 2a72 8e0d ab24 aa47 d609 ......*r...$.G..
00000220: df17 168b 34e8 6e8d 388a 8ec7 e38a 8416 ....4.n.8.......
00000230: 2b63 f7d1 10cf 4597 6841 f6d5 58e4 f08c +c....E.hA..X...
00000240: a7fa 18ab 1583 89ac 074c a2be 5249 74a9 .........L..RIt.
00000250: 5b34 5c6f 7f01 0895 aa8b f604 0000 [4\o..........
Then can use gunzip to view the file in the command line:
$ gunzip -c index.html.gz
<!doctype html>
<html>
<head>
<title>Example Domain</title>
...etc.
Or decompress it:
$ gunzip index.html.gz
$ cat index.html
<!doctype html>
<html>
<head>
<title>Example Domain</title>
...etc.
So I would guess either 7zip doesn't like reading this file (but it seems to from a quick search online) or you are corrupting the saving of the data somehow before opening it in 7zip.
We are having troubles with sending a 'large' SOAP request to one of our sources over SSL. When we send the same request, but with less data in it, it works without any problems. The small file is 10kb, the larger file is 30kb. The SOAP requests are send from OSB (11.1.1.4) in Weblogic (10.3.4).
Our source has checked what happens in their proxy and they see that the proxy waits for a part of the message, but never receives it:
[14/Sep/2016:11:04:56 +0200] [someurl.something.com/sid#7fcdebef0ae8][rid#7fcdebe080a0][/cxf/someServiceService-01-01][4] Input filter: Reading request body.
[14/Sep/2016:11:04:56 +0200] [someurl.something.com/sid#7fcdebef0ae8][rid#7fcdebe080a0][/cxf/someServiceService-01-01][9] Input filter: Bucket type HEAP contains 1 bytes.
[14/Sep/2016:11:04:56 +0200] [someurl.something.com/sid#7fcdebef0ae8][rid#7fcdebe080a0][/cxf/someServiceService-01-01][9] Input filter: Bucket type HEAP contains 8000 bytes.
[14/Sep/2016:11:04:56 +0200] [someurl.something.com/sid#7fcdebef0ae8][rid#7fcdebe080a0][/cxf/someServiceService-01-01][9] Input filter: Bucket type HEAP contains 192 bytes.
[14/Sep/2016:11:04:56 +0200] [someurl.something.com/sid#7fcdebef0ae8][rid#7fcdebe080a0][/cxf/someServiceService-01-01][9] Input filter: Bucket type HEAP contains 534 bytes.
[14/Sep/2016:11:04:56 +0200] [someurl.something.com/sid#7fcdebef0ae8][rid#7fcdebe080a0][/cxf/someServiceService-01-01][9] Input filter: Bucket type HEAP contains 7376 bytes.
[14/Sep/2016:11:05:38 +0200] [someurl.something.com/sid#7fcdebef0ae8][rid#7fcdebe080a0][/cxf/someServiceService-01-01][4] Error reading request body: The timeout specified has expired
We have HTTP dump on our server and from the logging I can see that the SSL handshaking is ok, we start sending our message, but it stops before it's completly done.
Padded plaintext before ENCRYPTION: len = 328
0000: 50 4F 53 54 20 2F 63 78 00 00 00 00 00 00 00 00 POST /cxf/
0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 some
0020: 53 65 72 76 69 63 65 2D 30 31 2D 30 31 20 48 54 Service-01-01 HT
0030: 54 50 2F 31 2E 31 0D 0A 43 6F 6E 74 65 6E 74 2D TP/1.1..Content-
0040: 54 79 70 65 3A 20 74 65 78 74 2F 78 6D 6C 3B 20 Type: text/xml;
0050: 63 68 61 72 73 65 74 3D 75 74 66 2D 38 0D 0A 53 charset=utf-8..S
0060: 4F 41 50 41 63 74 69 6F 6E 3A 20 22 42 65 77 61 OAPAction: "
0070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 someAction"..
0080: 55 73 65 72 2D 41 67 65 6E 74 3A 20 4A 61 76 61 User-Agent: Java
0090: 31 2E 36 2E 30 5F 33 31 0D 0A 48 6F 73 74 3A 20 1.6.0_31..Host:
00A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 some.host
00B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00C0: 6E 65 74 2E 62 65 0D 0A 41 63 63 65 70 74 3A 20 ..Accept:
00D0: 74 65 78 74 2F 68 74 6D 6C 2C 20 69 6D 61 67 65 text/html, image
00E0: 2F 67 69 66 2C 20 69 6D 61 67 65 2F 6A 70 65 67 /gif, image/jpeg
00F0: 2C 20 2A 2F 2A 3B 20 71 3D 2E 32 0D 0A 43 6F 6E , */*; q=.2..Con
0100: 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D 41 6C nection: Keep-Al
0110: 69 76 65 0D 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E ive..Content-Len
0120: 67 74 68 3A 20 34 32 35 39 36 0D 0A 0D 0A CB F2 gth: 42596......
0130: DB 39 D1 16 D4 4C D3 05 BB 08 3C 2B A0 1E 39 BF .9...L....<+..9.
0140: A9 15 05 05 05 05 05 05 ........
Padded plaintext before ENCRYPTION: len = 16128
0000: 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 2E ?xml version="1.
0010: 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 55 54 46 0" encoding="UTF
0020: 2D 38 22 3F 3E 0A 3C 73 6F 61 70 65 6E 76 3A 45 -8"?>.<soapenv:E
0030: 6E 76 65 6C 6F 70 65 20 78 6D 6C 6E 73 3A 73 6F nvelope xmlns:so
0040: 61 70 65 6E 76 3D 22 68 74 74 70 3A 2F 2F 73 63 apenv="http://sc
... and so forth
This ends before I've seen the complete SOAP request pass through. And we receive:
Padded plaintext after DECRYPTION: len = 328
0000: 48 54 54 50 2F 31 2E 31 20 34 30 30 20 42 61 64 HTTP/1.1 400 Bad
0010: 20 52 65 71 75 65 73 74 0D 0A 44 61 74 65 3A 20 Request..Date:
0020: 4D 6F 6E 2C 20 31 30 20 4F 63 74 20 32 30 31 36 Mon, 10 Oct 2016
0030: 20 30 37 3A 35 32 3A 30 37 20 47 4D 54 0D 0A 53 07:52:07 GMT..S
0040: 65 72 76 65 72 3A 20 41 70 61 63 68 65 0D 0A 53 erver: Apache..S
0050: 74 72 69 63 74 2D 54 72 61 6E 73 70 6F 72 74 2D trict-Transport-
0060: 53 65 63 75 72 69 74 79 3A 20 6D 61 78 2D 61 67 Security: max-ag
0070: 65 3D 33 31 35 33 36 30 30 30 3B 20 69 6E 63 6C e=31536000; incl
0080: 75 64 65 53 75 62 44 6F 6D 61 69 6E 73 0D 0A 4C udeSubDomains..L
0090: 61 73 74 2D 4D 6F 64 69 66 69 65 64 3A 20 54 75 ast-Modified: Tu
00A0: 65 2C 20 30 33 20 4D 61 72 20 32 30 31 35 20 31 e, 03 Mar 2015 1
00B0: 32 3A 32 35 3A 32 31 20 47 4D 54 0D 0A 45 54 61 2:25:21 GMT..ETa
00C0: 67 3A 20 22 62 65 38 2D 35 31 30 36 31 36 64 61 g: "be8-510616da
00D0: 38 63 62 31 64 22 0D 0A 41 63 63 65 70 74 2D 52 8cb1d"..Accept-R
00E0: 61 6E 67 65 73 3A 20 62 79 74 65 73 0D 0A 43 6F anges: bytes..Co
00F0: 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 33 30 ntent-Length: 30
0100: 34 38 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 48..Connection:
0110: 63 6C 6F 73 65 0D 0A 43 6F 6E 74 65 6E 74 2D 54 close..Content-T
0120: 79 70 65 3A 20 74 65 78 74 2F 68 74 6D 6C 0D 0A ype: text/html..
0130: 0D 0A 7E 01 14 86 D8 1F DA 05 97 49 26 2B 2F 65 ...........I&+/e
0140: DB 5E ED 05 F2 AA 01 01 .^......
Our server team has already tried increasing the timeouts in weblogic under Servers - Protocols - HTTP by a factor of 10, but with no success.
Increasing any possible timeout settings in OSB didn't help.
We are pretty sure it is a Weblogic (maybe OSB) issue as sending the larger request from the same server with curl doesn't give any problems.
Our Development environment does NOT have this issue. The problem is, we currently have an upgraded Weblogic (10.3.6)/OSB (11.1.1.7) installed there for an upcoming upgrade of the software on other environments. Same configuration though.
Any insight on what could be going wrong or what we could try would be helpfull. Let me know if you need any additional information.
I am using the below code to generate public and private keys:
using (var rsaProvider = new RSACryptoServiceProvider(cspParams))
{
try
{
// Export public key
publicKey = rsaProvider.ToXmlString(false);
// Write public key to file
publicKeyFile = File.CreateText(publicKeyFileName);
publicKeyFile.Write(publicKey);
// Export private/public key pair
//privateKey = rsaProvider.ToXmlString(true);
privateKey = rsaProvider.ToXmlString(true);
// Write private/public key pair to file
privateKeyFile = File.CreateText(privateKeyFileName);
privateKeyFile.Write(privateKey);
}
catch (Exception ex)
{
}
finally
{
rsaProvider.PersistKeyInCsp = false; // dont srotre in windows key container
}
}
The public key that is generated contains a key and an expontent:
<RSAKeyValue
<Modulus>rx39KaNggx7IFO/CT2XTi/aHdgEnZq0f6E2lKFVbObZ9ws0wCsRftfomOOy2z8/jFXn7NLOuiC+MvO6AsSb8nSCO0PY08TklmFBzsFxsq7CLWubL8TDV0wq7AtVpovdJkywc+O4wnz8ZTn38nAgNnQ6Ga+hIJspFCYZS01jkx30=
</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
But when I look at the public key of a certificate from Internet Explorer it shows:
RSA (2048 Bits).
30 82 01 0a 02 82 01 01 00 bf 61 0a 29 10 1f 5e
fe 34 37 51 08 f8 1e fb 22 ed 61 be 0b 0d 70 4c
50 63 26 75 15 b9 41 88 97 b6 f0 a0 15 bb 08 60
e0 42 e8 05 29 10 87 36 8a 28 65 a8 ef 31 07 74
6d 36 97 2f 28 46 66 04 c7 2a 79 26 7a 99 d5 8e
c3 6d 4f a0 5e ad bc 3d 91 c2 59 7b 5e 36 6c c0
53 cf 00 08 32 3e 10 64 58 10 13 69 c7 0c ee 9c
42 51 00 f9 05 44 ee 24 ce 7a 1f ed 8c 11 bd 12
a8 f3 15 f4 1c 7a 31 69 01 1b a7 e6 5d c0 9a 6c
7e 09 9e e7 52 44 4a 10 3a 23 e4 9b b6 03 af a8
9c b4 5b 9f d4 4b ad 92 8c ce b5 11 2a aa 37 18
8d b4 c2 b8 d8 5c 06 8c f8 ff 23 bd 35 5e d4 7c
3e 7e 83 0e 91 96 05 98 c3 b2 1f e3 c8 65 eb a9
7b 5d a0 2c cc fc 3c d9 6d ed cc fa 4b 43 8c c9
d4 b8 a5 61 1c b2 40 b6 28 12 df b9 f8 5f fe d3
b2 c9 ef 3d b4 1e 4b 7c 1c 4c 99 36 9e 3d eb ec
a7 68 5e 1d df 67 6e 5e fb 02 03 01 00 01
Is this the same type of key containing an exponent or is it encoded, or simply a different type of encryption?
It's just a different encoding of the same information. One is XML, using base-64 encoding for the modulus and exponent numbers. The other is a hexadecimal encoding of the information using the Distinguished Encoding Rules (DER) common with PKI protocols. It's a "SEQUENCE" containing two "INTEGER" elements: the modulus and the exponent, as defined in the PKCS #1 standard.
30 - SEQUENCE tag
82 01 0a - length is 266 bytes
02 - INTEGER tag (modulus)
82 01 01 - length is 257 bytes
00 bf 61 0a 29 10 1f 5e
fe 34 37 51 08 f8 1e fb 22 ed 61 be 0b 0d 70 4c
50 63 26 75 15 b9 41 88 97 b6 f0 a0 15 bb 08 60
e0 42 e8 05 29 10 87 36 8a 28 65 a8 ef 31 07 74
6d 36 97 2f 28 46 66 04 c7 2a 79 26 7a 99 d5 8e
c3 6d 4f a0 5e ad bc 3d 91 c2 59 7b 5e 36 6c c0
53 cf 00 08 32 3e 10 64 58 10 13 69 c7 0c ee 9c
42 51 00 f9 05 44 ee 24 ce 7a 1f ed 8c 11 bd 12
a8 f3 15 f4 1c 7a 31 69 01 1b a7 e6 5d c0 9a 6c
7e 09 9e e7 52 44 4a 10 3a 23 e4 9b b6 03 af a8
9c b4 5b 9f d4 4b ad 92 8c ce b5 11 2a aa 37 18
8d b4 c2 b8 d8 5c 06 8c f8 ff 23 bd 35 5e d4 7c
3e 7e 83 0e 91 96 05 98 c3 b2 1f e3 c8 65 eb a9
7b 5d a0 2c cc fc 3c d9 6d ed cc fa 4b 43 8c c9
d4 b8 a5 61 1c b2 40 b6 28 12 df b9 f8 5f fe d3
b2 c9 ef 3d b4 1e 4b 7c 1c 4c 99 36 9e 3d eb ec
a7 68 5e 1d df 67 6e 5e fb
02 - INTEGER tag (public exponent)
03 - length is 3 bytes
01 00 01 (65,537 [F4])
I'm implementing RFC 5246(TLS 1.2), and I'm stuck at the certificate message.I'm debugging the server with a combination of Openssl s_client and Browsers.The server hello message is received and interpreted fine, and with -msg option in openssl I can see the message has been interpreted properly as Client_hello, without any errors.
When the certificate message is sent, the browser doesn't respond, and openssl s_client with -msg doesn't respond either. Openssl s_client with -debug reads the message but doesn't respond after the server_hello_done message. No errors are logged.
I suspect the problem is with the structure of my certificate message, because anything I send after the Record layer length gets received without any errors, even if it's just random text or binary data.
Modifying the structure of the record layer to incorrect/inappropriate values throws an error with the appropriate error message, for example setting the version to 9.3 throws the error
5256:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
as expected.
This is the structure I am currently using:
/Record layer/
One byte for the message type, two bytes for the protocol version(major and minor), and two bytes for the message length.
/Handshake message data/
Two bytes for the length, two bytes for the certificate(s) length.Finally the certificate(s).
I'm currently working with a self-signed certificate, and neither the browser nor openssl s_client include a signature_algorithms extension in the Client_hello, so I send the certificate as it is, in .PEM format, and in plain text.Below is openssl's hex dump of the handshake thus far:
CONNECTED(00000164)
write to 0x14ad698 [0x13f1ffb] (210 bytes => 210 (0xD2))
0000 - 16 03 01 00 cd 01 00 00-c9 03 01 53 5e 5c d6 a0 ...........S^\..
0010 - 34 27 ea 22 ed 01 dc 36-bb 0b 84 1e 5a 58 3e d5 4'."...6....ZX>.
0020 - 95 4d 5f 81 9f 2a f0 27-75 fb 1f 00 00 5c c0 14 .M_..*.'u....\..
0030 - c0 0a 00 39 00 38 00 88-00 87 c0 0f c0 05 00 35 ...9.8.........5
0040 - 00 84 c0 12 c0 08 00 16-00 13 c0 0d c0 03 00 0a ................
0050 - c0 13 c0 09 00 33 00 32-00 9a 00 99 00 45 00 44 .....3.2.....E.D
0060 - c0 0e c0 04 00 2f 00 96-00 41 00 07 c0 11 c0 07 ...../...A......
0070 - c0 0c c0 02 00 05 00 04-00 15 00 12 00 09 00 14 ................
0080 - 00 11 00 08 00 06 00 03-00 ff 01 00 00 44 00 0b .............D..
0090 - 00 04 03 00 01 02 00 0a-00 34 00 32 00 01 00 02 .........4.2....
00a0 - 00 03 00 04 00 05 00 06-00 07 00 08 00 09 00 0a ................
00b0 - 00 0b 00 0c 00 0d 00 0e-00 0f 00 10 00 11 00 12 ................
00c0 - 00 13 00 14 00 15 00 16-00 17 00 18 00 19 00 23 ...............#
00d2 - <SPACES/NULS>
read from 0x14ad698 [0x13edaab] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 2c ....,
read from 0x14ad698 [0x13edab0] (44 bytes => 44 (0x2C))
0000 - 02 00 00 26 03 01 53 5e-5c d6 4a 5a 5b 4d 63 38 ...&..S^\.JZ[Mc8
0010 - 57 47 53 45 4d 5b 3f 3c-5f 38 23 67 26 32 38 4c WGSEM[?<_8#g&28L
0020 - 2e 67 47 67 28 56 00 00-2f .gGg(V../
002c - <SPACES/NULS>
read from 0x14ad698 [0x13edaab] (5 bytes => 5 (0x5))
0000 - 16 03 01 02 99 .....
read from 0x14ad698 [0x13edab0] (665 bytes => 665 (0x299))
0000 - 0b 02 96 02 94 2d 2d 2d-2d 2d 42 45 47 49 4e 20 .....-----BEGIN
0010 - 43 45 52 54 49 46 49 43-41 54 45 2d 2d 2d 2d 2d CERTIFICATE-----
0020 - 0a 4d 49 49 42 75 54 43-43 41 53 49 43 43 51 43 .MIIBuTCCASICCQC
0030 - 43 65 67 31 46 6f 4f 76-43 4b 6a 41 4e 42 67 6b Ceg1FoOvCKjANBgk
0040 - 71 68 6b 69 47 39 77 30-42 41 51 55 46 41 44 41 qhkiG9w0BAQUFADA
0050 - 68 4d 51 73 77 43 51 59-44 56 51 51 47 45 77 4a hMQswCQYDVQQGEwJ
0060 - 4c 0a 52 54 45 53 4d 42-41 47 41 31 55 45 41 78 L.RTESMBAGA1UEAx
0070 - 4d 4a 62 47 39 6a 59 57-78 6f 62 33 4e 30 4d 42 MJbG9jYWxob3N0MB
0080 - 34 58 44 54 45 30 4d 44-51 79 4d 54 45 32 4e 44 4XDTE0MDQyMTE2ND
0090 - 4d 30 4e 56 6f 58 44 54-45 31 4d 44 51 79 4d 54 M0NVoXDTE1MDQyMT
00a0 - 45 32 0a 4e 44 4d 30 4e-56 6f 77 49 54 45 4c 4d E2.NDM0NVowITELM
00b0 - 41 6b 47 41 31 55 45 42-68 4d 43 53 30 55 78 45 AkGA1UEBhMCS0UxE
00c0 - 6a 41 51 42 67 4e 56 42-41 4d 54 43 57 78 76 59 jAQBgNVBAMTCWxvY
00d0 - 32 46 73 61 47 39 7a 64-44 43 42 6e 7a 41 4e 42 2FsaG9zdDCBnzANB
00e0 - 67 6b 71 0a 68 6b 69 47-39 77 30 42 41 51 45 46 gkq.hkiG9w0BAQEF
00f0 - 41 41 4f 42 6a 51 41 77-67 59 6b 43 67 59 45 41 AAOBjQAwgYkCgYEA
0100 - 72 51 71 76 50 36 4c 35-41 71 31 31 67 76 38 2b rQqvP6L5Aq11gv8+
0110 - 2f 59 55 53 62 50 46 4b-34 66 51 71 30 74 42 79 /YUSbPFK4fQq0tBy
0120 - 36 53 39 6c 0a 78 6f 45-6d 50 47 79 52 49 7a 44 6S9l.xoEmPGyRIzD
0130 - 31 46 78 78 52 65 50 79-55 6a 69 78 63 39 66 41 1FxxRePyUjixc9fA
0140 - 59 6f 74 5a 31 53 71 71-2f 2b 37 77 69 52 2b 7a YotZ1Sqq/+7wiR+z
0150 - 33 46 6f 65 51 58 73 53-64 32 78 32 44 4b 63 62 3FoeQXsSd2x2DKcb
0160 - 73 62 64 62 76 0a 2f 73-49 2b 68 63 57 39 4c 5a sbdbv./sI+hcW9LZ
0170 - 48 4d 45 75 49 6a 4d 42-73 6f 6f 4d 52 6a 76 35 HMEuIjMBsooMRjv5
0180 - 79 78 79 50 67 38 33 35-34 66 46 6d 51 50 38 4a yxyPg8354fFmQP8J
0190 - 49 73 54 54 48 31 54 56-5a 4f 47 48 79 49 62 76 IsTTH1TVZOGHyIbv
01a0 - 6e 34 7a 36 35 6b 0a 48-63 62 75 4f 52 38 43 41 n4z65k.HcbuOR8CA
01b0 - 77 45 41 41 54 41 4e 42-67 6b 71 68 6b 69 47 39 wEAATANBgkqhkiG9
01c0 - 77 30 42 41 51 55 46 41-41 4f 42 67 51 41 72 73 w0BAQUFAAOBgQArs
01d0 - 36 62 74 6f 38 6b 76 67-6b 48 70 4d 56 50 42 42 6bto8kvgkHpMVPBB
01e0 - 50 62 4e 71 6d 2f 62 0a-4a 78 4a 34 4a 78 5a 72 PbNqm/b.JxJ4JxZr
01f0 - 51 4c 6b 6a 48 7a 39 34-44 75 57 7a 64 67 41 6a QLkjHz94DuWzdgAj
0200 - 56 2b 70 39 72 7a 65 76-37 56 65 57 44 49 5a 41 V+p9rzev7VeWDIZA
0210 - 78 39 6a 43 6b 65 39 59-51 4c 68 42 67 62 2b 7a x9jCke9YQLhBgb+z
0220 - 48 73 6d 30 39 70 50 43-0a 4c 4f 50 37 4b 67 4b Hsm09pPC.LOP7KgK
0230 - 42 78 6e 68 52 49 33 4f-43 48 41 39 6f 43 78 30 BxnhRI3OCHA9oCx0
0240 - 78 46 35 46 65 34 53 38-34 65 6b 30 5a 37 65 5a xF5Fe4S84ek0Z7eZ
0250 - 4c 55 63 7a 52 41 6f 55-57 50 42 65 70 32 6e 62 LUczRAoUWPBep2nb
0260 - 44 77 39 78 6c 6e 30 57-49 0a 53 33 72 6d 2f 47 Dw9xln0WI.S3rm/G
0270 - 4d 6d 6e 4e 73 78 75 74-68 69 63 41 3d 3d 0a 2d MmnNsxuthicA==.-
0280 - 2d 2d 2d 2d 45 4e 44 20-43 45 52 54 49 46 49 43 ----END CERTIFIC
0290 - 41 54 45 2d 2d 2d 2d 2d-0a ATE-----.
read from 0x14ad698 [0x13edaab] (5 bytes => 5 (0x5))
0000 - 0e 03 01 ...
0005 - <SPACES/NULS>
read from 0x14ad698 [0x13edaab] (5 bytes => -1 (0xFFFFFFFF))
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 724 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1398693078
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
PEM is certainly not the right format to send on the wire. You should send it in binary form (use a base-64 decoded version of this PEM content).
You'll also need to wrap this in other layers, since a certificate_list in the Certificate struct is expected.
If you want to learn a bit more about all this, it's probably worth looking at existing traffic produced by working implementations using Wireshark. Its SSL wiki page even has an existing capture file that you can use.
(You're also mentioning you want to implement TLS 1.2, but you're sending 03 01, which is for TLS 1.0, although this shouldn't matter very much at this stage of your implementation.)
If I try to produce a 3TDES encrypted PKCS 8 key using the OpenSSL command line:
openssl genrsa 512 | openssl pkcs8 -topk8 -v2 des-ede3-cbc
I get:
Enter Encryption Password:
What if I wanted to encrypt it using an actual key, not a key derived from a passphrase?
The PKCS8 RFC does not say which algorithm must be used to create the keyblock. It does give PKCS5 algorithms as example. Is there a way to use OpenSSL to create a PKCS8 key encrypted by a DES key? If not, is it just unsupported by OpenSSL or is it a very nonstandard thing to do?
Here is an example created using password based encryption through the OpenSSL command line (password "test"):
0:d=0 hl=4 l= 422 cons: SEQUENCE
4:d=1 hl=2 l= 64 cons: SEQUENCE
6:d=2 hl=2 l= 9 prim: OBJECT :PBES2
17:d=2 hl=2 l= 51 cons: SEQUENCE
19:d=3 hl=2 l= 27 cons: SEQUENCE
21:d=4 hl=2 l= 9 prim: OBJECT :PBKDF2
32:d=4 hl=2 l= 14 cons: SEQUENCE
34:d=5 hl=2 l= 8 prim: OCTET STRING
0000 - 34 28 48 ce 80 65 2e 49- 4(H..e.I
44:d=5 hl=2 l= 2 prim: INTEGER :0800
48:d=3 hl=2 l= 20 cons: SEQUENCE
50:d=4 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
60:d=4 hl=2 l= 8 prim: OCTET STRING
0000 - 87 9a 4b b1 4a 9a 5d 2a- ..K.J.]*
70:d=1 hl=4 l= 352 prim: OCTET STRING
0000 - 1a 93 74 14 57 96 80 ca-68 2f 06 82 a4 3c c5 bb ..t.W...h/...<..
0010 - 2e 32 81 28 89 d9 71 8c-f3 20 4c 3d d4 7a 8c 17 .2.(..q.. L=.z..
0020 - 13 fd 8e bd 59 54 dd 17-4d 72 12 dd 24 71 af 39 ....YT..Mr..$q.9
0030 - 16 64 3f 11 63 4b 36 b4-cf 5d 42 a7 4a 7e be 26 .d?.cK6..]B.J~.&
0040 - b1 8e 60 2a 28 b8 21 f8-a6 0e 54 93 28 bb 46 e9 ..`*(.!...T.(.F.
0050 - c9 45 1f 5a 91 17 d8 a0-06 b0 c4 1b c0 2f ee e1 .E.Z........./..
0060 - fd d0 3b 44 23 2c 98 ab-ea e9 3e 2e f3 ce 14 04 ..;D#,....>.....
0070 - f7 ab 4e 1a f2 f7 70 b0-02 51 aa cd 86 ae 97 f1 ..N...p..Q......
0080 - 66 9f 75 72 06 2e a3 90-38 50 44 88 b0 8a c1 26 f.ur....8PD....&
0090 - 57 1b 21 95 7b f9 af 66-c4 ac 4e 68 c4 32 cb 16 W.!.{..f..Nh.2..
00a0 - 78 1c 55 d1 c1 b6 93 1c-15 ab 92 32 2c 6c 8d 2f x.U........2,l./
00b0 - 34 ba 09 a1 ac 4b 7a d0-86 cd 68 0d b8 67 2f 20 4....Kz...h..g/
00c0 - 91 c7 79 64 0a cd f7 68-5f c3 08 ea 1a 4f d1 b8 ..yd...h_....O..
00d0 - c6 ac ff ff a1 c0 38 e1-32 22 f4 76 60 60 6f 9d ......8.2".v``o.
00e0 - c0 07 32 ec 35 31 7a c5-d4 f3 0d cc 76 f4 f1 d2 ..2.51z.....v...
00f0 - 77 79 11 4d 60 62 9b 23-56 23 a3 7d 9d 64 96 b0 wy.M`b.#V#.}.d..
0100 - c4 c5 12 7f d4 87 07 fa-c4 8a 0a 03 9e 21 70 d8 .............!p.
0110 - eb 8a 6b 24 ee 58 bc 23-82 23 ac 90 36 9a ab a0 ..k$.X.#.#..6...
0120 - 9f c9 8d f5 07 f4 c6 53-6d 00 fd b3 9d 5b e9 cd .......Sm....[..
0130 - c4 f6 27 89 55 98 f0 bc-05 31 75 6a 2d d5 12 b1 ..'.U....1uj-...
0140 - 41 9f e5 6b 45 6c 12 7d-02 ab b6 e6 78 6c 62 f3 A..kEl.}....xlb.
0150 - d2 9d c1 29 de 98 22 ba-98 b5 47 7d 38 ff 82 50 ...).."...G}8..P
Here is a PKCS8 key I made manually, by using TDES CBC with a triple length key of all 0s (IV 5F218F117C86CEE1) to encrypt the "PrivateKeyInfo" ASN1 structure and then put that payload into an "EncryptedPrivateKeyInfo" ASN1 structure:
0:d=0 hl=4 l= 378 cons: SEQUENCE
4:d=1 hl=2 l= 20 cons: SEQUENCE
6:d=2 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
16:d=2 hl=2 l= 8 prim: OCTET STRING
0000 - 5f 21 8f 11 7c 86 ce e1- _!..|...
26:d=1 hl=4 l= 352 prim: OCTET STRING
0000 - c1 dc 29 07 0d 4b 48 73-8a 6f 98 04 12 69 e0 ca ..)..KHs.o...i..
0010 - a6 d2 f3 94 01 ba aa c8-72 da d4 cb 99 92 96 cd ........r.......
0020 - f0 7f 92 b0 c9 4b 81 02-c6 28 a9 3a 26 68 44 e3 .....K...(.:&hD.
0030 - 6a 52 4b a6 02 0d ef 72-07 d2 23 a4 0e c3 ab 2c jRK....r..#....,
0040 - 9c d7 8c 92 3c df 01 41-a5 b9 90 fc 91 f6 c3 6a ....<..A.......j
0050 - 83 02 2a e9 71 59 a4 70-36 16 45 be a6 2a c8 e7 ..*.qY.p6.E..*..
0060 - 84 cc ce a9 fa 1f a0 60-e9 26 a2 d7 41 bb 3c 1a .......`.&..A.<.
0070 - 1b a4 47 21 dc 51 4d f7-ed dd 2a 8c 5f e6 68 9e ..G!.QM...*._.h.
0080 - f2 60 c1 79 bc d4 e7 0d-4b 90 4b 80 30 5b 30 f8 .`.y....K.K.0[0.
0090 - 49 8f 7f 82 05 f7 d3 4d-51 f7 5d ff e8 7c c4 ff I......MQ.]..|..
00a0 - d9 ad a3 f9 33 08 22 29-9e da d5 ee 67 6a 68 a4 ....3.")....gjh.
00b0 - 80 29 8f 6a d9 2b ef d5-50 87 69 9a 66 da 3e 78 .).j.+..P.i.f.>x
00c0 - 0a 5d 9d 40 58 ea a3 88-92 62 d5 7c 72 05 f4 4d .].#X....b.|r..M
00d0 - 01 ca 8d fb 0b af 71 25-d8 1b a6 03 4d 74 f8 ac ......q%....Mt..
00e0 - 7d 77 44 08 e5 84 0d fb-15 c3 f7 d4 4c e7 50 b3 }wD.........L.P.
00f0 - 08 96 9a 33 3c 74 05 ec-3d 8b 19 01 ba 04 d0 ab ...3<t..=.......
0100 - 47 32 6a d8 09 9b 0e 0e-58 f5 34 5f 8f 63 18 12 G2j.....X.4_.c..
0110 - 22 a5 f7 e0 af 09 ed 16-22 2c 35 4a 8f 55 f3 22 ".......",5J.U."
0120 - aa b1 e0 f4 27 df 45 ef-3b 04 08 19 89 67 dd 17 ....'.E.;....g..
0130 - 47 13 55 3f 9d 0a a3 80-4d 6a 49 90 e9 83 90 ad G.U?....MjI.....
0140 - 1b 49 2f c1 1f c5 8b db-03 38 a4 13 03 ad fe 99 .I/......8......
0150 - 1d 75 e7 b1 2f 83 ad e4-42 74 44 06 38 cb bd c4 .u../...BtD.8...
As far as I can tell, my keyblock conforms to the RFC. However since OpenSSL doesn't have the ability to produce something like this, and I can't find any test vectors for a similar type of PKCS8 encryption, I am concerned that this format is somehow nonstandard.
Does anyone know if it is correct to build a PKCS8 key this way (using a non-passphrase based encryption scheme)?
PKCS8 RFC https://www.rfc-editor.org/rfc/rfc5208
Unencrypted PKCS8 Private Key:
PrivateKeyInfo ::= SEQUENCE {
version Version,
privateKeyAlgorithm AlgorithmIdentifier {{PrivateKeyAlgorithms}},
privateKey PrivateKey,
attributes [0] Attributes OPTIONAL }
Is enciphered and placed into encrypted PKCS8 structure:
EncryptedPrivateKeyInfo ::= SEQUENCE {
encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}},
encryptedData EncryptedData }
I'm not sure what these empty algorithm identifier definitions are for
PrivateKeyAlgorithms ALGORITHM-IDENTIFIER ::= {
... -- For local profiles
}
KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
... -- For local profiles
}
X509 RFC https://www.rfc-editor.org/rfc/rfc5280
This defines the algorithm identifier field
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
Cryptographic Message Syntax for TDES CBC AlgorithmIdentifier: http://www.ietf.org/rfc/rfc3370.txt
The AlgorithmIdentifier parameters field MUST be present, and the
parameters field must contain a CBCParameter:
CBCParameter ::= IV
IV ::= OCTET STRING -- exactly 8 octets
Here is a response to the same-ish question on the OpenSSL mailing list:
http://marc.info/?l=openssl-users&m=137106970116394&w=2
It appears to be valid to create a PKCS8 keyblock using any cipher's AlgorithmIdentifier for the encryptionAlgorithm field.
"[T]he standard does not restrict the possible values, it may very
well be possible that someone somewhere has a PKCS#8 implementation
which accepts a value which does not refer to a password based
encryption scheme."