Sealedkey: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
No edit summary
 
(10 intermediate revisions by 3 users not shown)
Line 1: Line 1:
=== File Structure ===
The Sealed Key is a an encrypted key used on PS Vita, PS4 and PS5 to prevent files modifications. It can be found on different places in the filesystem and is used for Save Data and Trophy Data decryption and encryption.
 
The main application of a sealed key is to store a randomly generated <code>secret</code> which serves the same purpose as the klicensee in PFS encryption. It is used as a per-savedata/per-trophy key in PFS encryption/decryption whilst game data/additional content uses the klicensee.
 
See also [https://www.psdevwiki.com/ps4/Sealedkey_/_pfsSKKey PS4 Sealedkey].
 
= PS Vita =
 
== Location ==
 
The sealedkey file is located in the sce_sys folder of every savedata/trophies. It is not PFS encrypted.
 
== Structure ==


{| class="wikitable"
{| class="wikitable"
|-
|-
! Offset !! Size !! Description
! Offset !! Size !! Description !! Notes
|-
| 0x0 || 0x8 || magic "pfsSKKey"
|-
|-
| 0x8 || 0x1 || major version (always 2)
| 0x0 || 0x8 || Magic || "pfsSKKey"
|-
|-
| 0x9 || 0x1 || minor version (always 0)
| 0x8 || 0x1 || Major version || always 2
|-
|-
| 0xA || 0x6 || 00 Filler
| 0x9 || 0x1 || Minor version || always 0
|-
|-
| 0x10 || 0x10 || IV for encrypted key
| 0xA || 0x6 || Padding || always zeroed
|-
|-
| 0x20 || 0x10 || Encrypted key
| 0x10 || 0x10 || IV || AES-128-?ECB? IV for use with the pfsSKKey__EncKey Key
|-
|-
| 0x30 || 0x20 || HMAC Value
| 0x20 || 0x10 || Encrypted Sealed Key ||
|-
|-
| 0x30 || 0x20 || Digest || HMAC-?SHA1? digest for use with the pfsSKKey__Secret Key
|}
|}


The first step is to check the HMAC of the file. The process is to use the HMAC key from the [[Keys#PFS_Secret_Keys]] page to check the HMAC at position 0x30 in the file. If it is correct, it proceeds to use the pfsSKKey_EncKey to decrypt the value at +0x20 using the value at +0x10 as the IV.
== Usage ==
 
=== Generation ===
 
A sealed key of 16 bytes is generated randomly.
 
The sealed key is encrypted (using [[SceSblPostSsMgr#sceSblPostSsMgrEncryptSealedkeyForDriver|sceSblPostSsMgrEncryptSealedkeyForDriver]]) and written to the pfsSKKey file. The <code>pfsSKKey__EncKey</code> key (see [https://www.psdevwiki.com/vita/Keys#PFS_Keys]) is used as a AES128 key to encrypt the <code>Sealed Key</code> along with a randomly generated <code>IV</code> written at offset 0x10.
 
A <code>Digest</code> is computed from offset 0 to 0x30 using the <code>pfsSKKey__Secret</code> HMAC key (see [https://www.psdevwiki.com/vita/Keys#PFS_Keys]), and written to offset 0x30.
 
The save data files are PFS encrypted with this key.
 
=== Decryption ===
 
The first step is to check the digest of the pfsSKKey file by using the HMAC key <code>pfsSKKey__Secret</code> (see [https://www.psdevwiki.com/vita/Keys#PFS_Keys]) to check the <code>Digest</code> at position 0x30 in the file.
 
If it is correct, the sealed key is read at offset 0x20 and decrypted (using [[SceSblPostSsMgr#sceSblPostSsMgrDecryptSealedkeyForDriver|sceSblPostSsMgrDecryptSealedkeyForDriver]]). The <code>pfsSKKey__EncKey</code> AES-128 key (see [https://www.psdevwiki.com/vita/Keys#PFS_Keys]) is used to decrypt the <code>Encrypted Sealed Key</code> at offset 0x20 along with the <code>IV</code> stored at offset 0x10.
 
The save data files are PFS decrypted with this key.
 
[[Category:Formats]]

Latest revision as of 23:54, 31 December 2024

The Sealed Key is a an encrypted key used on PS Vita, PS4 and PS5 to prevent files modifications. It can be found on different places in the filesystem and is used for Save Data and Trophy Data decryption and encryption.

The main application of a sealed key is to store a randomly generated secret which serves the same purpose as the klicensee in PFS encryption. It is used as a per-savedata/per-trophy key in PFS encryption/decryption whilst game data/additional content uses the klicensee.

See also PS4 Sealedkey.

PS Vita

Location

The sealedkey file is located in the sce_sys folder of every savedata/trophies. It is not PFS encrypted.

Structure

Offset Size Description Notes
0x0 0x8 Magic "pfsSKKey"
0x8 0x1 Major version always 2
0x9 0x1 Minor version always 0
0xA 0x6 Padding always zeroed
0x10 0x10 IV AES-128-?ECB? IV for use with the pfsSKKey__EncKey Key
0x20 0x10 Encrypted Sealed Key
0x30 0x20 Digest HMAC-?SHA1? digest for use with the pfsSKKey__Secret Key

Usage

Generation

A sealed key of 16 bytes is generated randomly.

The sealed key is encrypted (using sceSblPostSsMgrEncryptSealedkeyForDriver) and written to the pfsSKKey file. The pfsSKKey__EncKey key (see [1]) is used as a AES128 key to encrypt the Sealed Key along with a randomly generated IV written at offset 0x10.

A Digest is computed from offset 0 to 0x30 using the pfsSKKey__Secret HMAC key (see [2]), and written to offset 0x30.

The save data files are PFS encrypted with this key.

Decryption

The first step is to check the digest of the pfsSKKey file by using the HMAC key pfsSKKey__Secret (see [3]) to check the Digest at position 0x30 in the file.

If it is correct, the sealed key is read at offset 0x20 and decrypted (using sceSblPostSsMgrDecryptSealedkeyForDriver). The pfsSKKey__EncKey AES-128 key (see [4]) is used to decrypt the Encrypted Sealed Key at offset 0x20 along with the IV stored at offset 0x10.

The save data files are PFS decrypted with this key.