Reading the key container CryptoPro (part 2)
In the last part, I dealt with the transport key container from CryptoPro (aka PFX, PKCS12, P12). This article will talk about CryptoPro’s own key container format (the same 6 .key files)
In general, the topic of this article is not new. Back in 2016, @shukan wrote an article in which he provided a C program that pulled out the key for GOST 34.10-2001. A little later, thanks to the community, a version for GOST 34.10-2012 appeared. However, when trying to run all these utilities for the GOST 34.10-2012 512 bit container generated in CryptoPro CSP 5.0, the utilities generated an error.
How does everything work there?
File masks.key
Contains three Octet Strings, which in turn are a key mask (32 bytes for 256 bits, 64 for 512), a password derivation salt and a mask checksum, respectively.
primary.key file
Contains an encrypted private key (32 bytes for 256 bits, 64 for 512), which, after decryption, must be divided modulo by the Q field of the elliptic curve of the key.
header.key file
Contains all information about the container: Certificate, key properties, elliptic curve and hashing algorithm parameters, the first 8 bytes of the public key, as well as checksums.
We get the private key
To obtain a private key, you must complete the following steps:
Obtaining the storage key using CPKDF (CryptoPro Key Derivation Function) into which the password and salt are transferred from the masks.key file.
Decryption of the main key using GOST 28147-89 (Magma) in ECB mode with set Z parameters from TK-26
Modulo division of the decrypted key by the mask
Substituting the result into the ASN.1 private key construct
I also want to express special gratitude to @L11R for his code for GOST 34.10-2001, which formed the basis of my program.
Thank you all for your attention!
