Sealedkey: Difference between revisions
CelesteBlue (talk | contribs) No edit summary |
CelesteBlue (talk | contribs) No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 13: | Line 13: | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Offset !! Size !! Description !! | ! Offset !! Size !! Description !! Notes | ||
|- | |- | ||
| 0x0 || 0x8 || Magic || "pfsSKKey" | | 0x0 || 0x8 || Magic || "pfsSKKey" | ||
|- | |- | ||
| 0x8 || 0x1 || Major version || always 2 | | 0x8 || 0x1 || Major version || always 2 | ||
Line 23: | Line 23: | ||
| 0xA || 0x6 || Padding || always zeroed | | 0xA || 0x6 || Padding || always zeroed | ||
|- | |- | ||
| 0x10 || 0x10 || IV || | | 0x10 || 0x10 || IV || AES-128-?ECB? IV for use with the pfsSKKey__EncKey Key | ||
|- | |- | ||
| 0x20 || 0x10 || Encrypted Sealed Key || | | 0x20 || 0x10 || Encrypted Sealed Key || | ||
|- | |- | ||
| 0x30 || 0x20 || Digest || | | 0x30 || 0x20 || Digest || HMAC-?SHA1? digest for use with the pfsSKKey__Secret Key | ||
|} | |} | ||
Line 46: | Line 46: | ||
The first step is to check the digest of the pfsSKKey file by using the HMAC key <code>pfsSKKey__Secret</code> (see [https://www.psdevwiki.com/vita/Keys#PFS_Keys]) to check the <code>Digest</code> at position 0x30 in the file. | The first step is to check the digest of the pfsSKKey file by using the HMAC key <code>pfsSKKey__Secret</code> (see [https://www.psdevwiki.com/vita/Keys#PFS_Keys]) to check the <code>Digest</code> at position 0x30 in the file. | ||
If it is correct, the sealed key is read at offset 0x20 and decrypted (using [[SceSblPostSsMgr#sceSblPostSsMgrDecryptSealedkeyForDriver|sceSblPostSsMgrDecryptSealedkeyForDriver]]). The <code>pfsSKKey__EncKey</code> | If it is correct, the sealed key is read at offset 0x20 and decrypted (using [[SceSblPostSsMgr#sceSblPostSsMgrDecryptSealedkeyForDriver|sceSblPostSsMgrDecryptSealedkeyForDriver]]). The <code>pfsSKKey__EncKey</code> AES-128 key (see [https://www.psdevwiki.com/vita/Keys#PFS_Keys]) is used to decrypt the <code>Encrypted Sealed Key</code> at offset 0x20 along with the <code>IV</code> stored at offset 0x10. | ||
The save data files are PFS decrypted with this key. | The save data files are PFS decrypted with this key. | ||
[[Category:Formats]] | [[Category:Formats]] |
Latest revision as of 02:23, 14 December 2024
The Sealed Key is a an encrypted key used on PS Vita, PS4 and PS5 to prevent files modifications. It can be found on different places in the filesystem and is used for Save Data and Trophy Data decryption and encryption.
The main application of a sealed key is to store a randomly generated secret
which serves the same purpose as the klicensee in PFS encryption. It is used as a per-savedata/per-trophy key in PFS encryption/decryption whilst game data/additional content uses the klicensee.
PS Vita
Location
The sealedkey file is located in the sce_sys folder of every savedata/trophies. It is not PFS encrypted.
Structure
Offset | Size | Description | Notes |
---|---|---|---|
0x0 | 0x8 | Magic | "pfsSKKey" |
0x8 | 0x1 | Major version | always 2 |
0x9 | 0x1 | Minor version | always 0 |
0xA | 0x6 | Padding | always zeroed |
0x10 | 0x10 | IV | AES-128-?ECB? IV for use with the pfsSKKey__EncKey Key |
0x20 | 0x10 | Encrypted Sealed Key | |
0x30 | 0x20 | Digest | HMAC-?SHA1? digest for use with the pfsSKKey__Secret Key |
Usage
Generation
A sealed key of 16 bytes is generated randomly.
The sealed key is encrypted (using sceSblPostSsMgrEncryptSealedkeyForDriver) and written to the pfsSKKey file. The pfsSKKey__EncKey
key (see [1]) is used as a AES128 key to encrypt the Sealed Key
along with a randomly generated IV
written at offset 0x10.
A Digest
is computed from offset 0 to 0x30 using the pfsSKKey__Secret
HMAC key (see [2]), and written to offset 0x30.
The save data files are PFS encrypted with this key.
Decryption
The first step is to check the digest of the pfsSKKey file by using the HMAC key pfsSKKey__Secret
(see [3]) to check the Digest
at position 0x30 in the file.
If it is correct, the sealed key is read at offset 0x20 and decrypted (using sceSblPostSsMgrDecryptSealedkeyForDriver). The pfsSKKey__EncKey
AES-128 key (see [4]) is used to decrypt the Encrypted Sealed Key
at offset 0x20 along with the IV
stored at offset 0x10.
The save data files are PFS decrypted with this key.