Sealedkey: Difference between revisions
CelesteBlue (talk | contribs) No edit summary |
CelesteBlue (talk | contribs) No edit summary |
||
| Line 25: | Line 25: | ||
| 0x10 || 0x10 || IV || | | 0x10 || 0x10 || IV || | ||
|- | |- | ||
| 0x20 || 0x10 || Encrypted Sealed Key || | | 0x20 || 0x10 || Encrypted Sealed Key || AES-128-?ECB? encrypted | ||
|- | |- | ||
| 0x30 || 0x20 || Digest || | | 0x30 || 0x20 || Digest || HMAC-?SHA1? | ||
|} | |} | ||
| Line 46: | Line 46: | ||
The first step is to check the digest of the pfsSKKey file by using the HMAC key <code>pfsSKKey__Secret</code> (see [https://www.psdevwiki.com/vita/Keys#PFS_Keys]) to check the <code>Digest</code> at position 0x30 in the file. | The first step is to check the digest of the pfsSKKey file by using the HMAC key <code>pfsSKKey__Secret</code> (see [https://www.psdevwiki.com/vita/Keys#PFS_Keys]) to check the <code>Digest</code> at position 0x30 in the file. | ||
If it is correct, the sealed key is read at offset 0x20 and decrypted (using [[SceSblPostSsMgr#sceSblPostSsMgrDecryptSealedkeyForDriver|sceSblPostSsMgrDecryptSealedkeyForDriver]]). The <code>pfsSKKey__EncKey</code> | If it is correct, the sealed key is read at offset 0x20 and decrypted (using [[SceSblPostSsMgr#sceSblPostSsMgrDecryptSealedkeyForDriver|sceSblPostSsMgrDecryptSealedkeyForDriver]]). The <code>pfsSKKey__EncKey</code> AES-128 key (see [https://www.psdevwiki.com/vita/Keys#PFS_Keys]) is used to decrypt the <code>Encrypted Sealed Key</code> at offset 0x20 along with the <code>IV</code> stored at offset 0x10. | ||
The save data files are PFS decrypted with this key. | The save data files are PFS decrypted with this key. | ||
[[Category:Formats]] | [[Category:Formats]] | ||
Revision as of 01:36, 14 December 2024
The Sealed Key is a an encrypted key used on PS Vita, PS4 and PS5 to prevent files modifications. It can be found on different places in the filesystem and is used for Save Data and Trophy Data decryption and encryption.
The main application of a sealed key is to store a randomly generated secret which serves the same purpose as the klicensee in PFS encryption. It is used as a per-savedata/per-trophy key in PFS encryption/decryption whilst game data/additional content uses the klicensee.
PS Vita
Location
The sealedkey file is located in the sce_sys folder of every savedata/trophies. It is not PFS encrypted.
Structure
| Offset | Size | Description | Value |
|---|---|---|---|
| 0x0 | 0x8 | Magic | "pfsSKKey") |
| 0x8 | 0x1 | Major version | always 2 |
| 0x9 | 0x1 | Minor version | always 0 |
| 0xA | 0x6 | Padding | always zeroed |
| 0x10 | 0x10 | IV | |
| 0x20 | 0x10 | Encrypted Sealed Key | AES-128-?ECB? encrypted |
| 0x30 | 0x20 | Digest | HMAC-?SHA1? |
Usage
Generation
A sealed key of 16 bytes is generated randomly.
The sealed key is encrypted (using sceSblPostSsMgrEncryptSealedkeyForDriver) and written to the pfsSKKey file. The pfsSKKey__EncKey key (see [1]) is used as a AES128 key to encrypt the Sealed Key along with a randomly generated IV written at offset 0x10.
A Digest is computed from offset 0 to 0x30 using the pfsSKKey__Secret HMAC key (see [2]), and written to offset 0x30.
The save data files are PFS encrypted with this key.
Decryption
The first step is to check the digest of the pfsSKKey file by using the HMAC key pfsSKKey__Secret (see [3]) to check the Digest at position 0x30 in the file.
If it is correct, the sealed key is read at offset 0x20 and decrypted (using sceSblPostSsMgrDecryptSealedkeyForDriver). The pfsSKKey__EncKey AES-128 key (see [4]) is used to decrypt the Encrypted Sealed Key at offset 0x20 along with the IV stored at offset 0x10.
The save data files are PFS decrypted with this key.