Sealedkey: Difference between revisions
No edit summary |
CelesteBlue (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
=== | The Sealed Key is a an encrypted key used on PS Vita, PS4 and PS5 to prevent files modifications. It can be found on different places in the filesystem and is used for Save Data and Trophy Data decryption and encryption. | ||
The main application of a sealed key is to store a randomly generated <code>secret</code> which serves the same purpose as the klicensee in PFS encryption. It is used as a per-savedata/per-trophy key in PFS encryption/decryption whilst game data/additional content uses the klicensee. | |||
= PS Vita = | |||
== Location == | |||
The sealedkey file is located in the sce_sys folder of every savedata/trophies. It is not PFS encrypted. | |||
== Structure == | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Offset !! Size !! Description | ! Offset !! Size !! Description !! Value | ||
|- | |- | ||
| 0x0 || 0x8 || | | 0x0 || 0x8 || Magic || "pfsSKKey") | ||
|- | |- | ||
| 0x8 || 0x1 || | | 0x8 || 0x1 || Major version || always 2 | ||
|- | |- | ||
| 0x9 || 0x1 || | | 0x9 || 0x1 || Minor version || always 0 | ||
|- | |- | ||
| 0xA || 0x6 || | | 0xA || 0x6 || Padding || always zeroed | ||
|- | |- | ||
| 0x10 || 0x10 || IV | | 0x10 || 0x10 || IV || | ||
|- | |- | ||
| 0x20 || 0x10 || Encrypted | | 0x20 || 0x10 || Encrypted Sealed Key || | ||
| | |||
| | |||
|- | |- | ||
| 0x30 || 0x20 || Digest || ?HMAC-SHA1 or HMAC-SHA256? | |||
|} | |} | ||
The | == Usage == | ||
=== Generation === | |||
A sealed key of 16 bytes is generated randomly. | |||
The sealed key is encrypted (using [[SceSblPostSsMgr#sceSblPostSsMgrEncryptSealedkeyForDriver|sceSblPostSsMgrEncryptSealedkeyForDriver]]) and written to the pfsSKKey file. The <code>pfsSKKey__EncKey</code> key (see [https://www.psdevwiki.com/vita/Keys#PFS_Keys]) is used as a AES128 key to encrypt the <code>Sealed Key</code> along with a randomly generated <code>IV</code> written at offset 0x10. | |||
A <code>Digest</code> is computed from offset 0 to 0x30 using the <code>pfsSKKey__Secret</code> HMAC key (see [https://www.psdevwiki.com/vita/Keys#PFS_Keys]), and written to offset 0x30. | |||
The save data files are PFS encrypted with this key. | |||
=== Decryption === | |||
The first step is to check the digest of the pfsSKKey file by using the HMAC key <code>pfsSKKey__Secret</code> (see [https://www.psdevwiki.com/vita/Keys#PFS_Keys]) to check the <code>Digest</code> at position 0x30 in the file. | |||
If it is correct, the sealed key is read at offset 0x20 and decrypted (using [[SceSblPostSsMgr#sceSblPostSsMgrDecryptSealedkeyForDriver|sceSblPostSsMgrDecryptSealedkeyForDriver]]). The <code>pfsSKKey__EncKey</code> AES128 key (see [https://www.psdevwiki.com/vita/Keys#PFS_Keys]) is used to decrypt the <code>Encrypted Sealed Key</code> at offset 0x20 along with the <code>IV</code> stored at offset 0x10. | |||
The save data files are PFS decrypted with this key. | |||
[[Category:Formats]] | [[Category:Formats]] | ||
Revision as of 00:53, 14 December 2024
The Sealed Key is a an encrypted key used on PS Vita, PS4 and PS5 to prevent files modifications. It can be found on different places in the filesystem and is used for Save Data and Trophy Data decryption and encryption.
The main application of a sealed key is to store a randomly generated secret which serves the same purpose as the klicensee in PFS encryption. It is used as a per-savedata/per-trophy key in PFS encryption/decryption whilst game data/additional content uses the klicensee.
PS Vita
Location
The sealedkey file is located in the sce_sys folder of every savedata/trophies. It is not PFS encrypted.
Structure
| Offset | Size | Description | Value |
|---|---|---|---|
| 0x0 | 0x8 | Magic | "pfsSKKey") |
| 0x8 | 0x1 | Major version | always 2 |
| 0x9 | 0x1 | Minor version | always 0 |
| 0xA | 0x6 | Padding | always zeroed |
| 0x10 | 0x10 | IV | |
| 0x20 | 0x10 | Encrypted Sealed Key | |
| 0x30 | 0x20 | Digest | ?HMAC-SHA1 or HMAC-SHA256? |
Usage
Generation
A sealed key of 16 bytes is generated randomly.
The sealed key is encrypted (using sceSblPostSsMgrEncryptSealedkeyForDriver) and written to the pfsSKKey file. The pfsSKKey__EncKey key (see [1]) is used as a AES128 key to encrypt the Sealed Key along with a randomly generated IV written at offset 0x10.
A Digest is computed from offset 0 to 0x30 using the pfsSKKey__Secret HMAC key (see [2]), and written to offset 0x30.
The save data files are PFS encrypted with this key.
Decryption
The first step is to check the digest of the pfsSKKey file by using the HMAC key pfsSKKey__Secret (see [3]) to check the Digest at position 0x30 in the file.
If it is correct, the sealed key is read at offset 0x20 and decrypted (using sceSblPostSsMgrDecryptSealedkeyForDriver). The pfsSKKey__EncKey AES128 key (see [4]) is used to decrypt the Encrypted Sealed Key at offset 0x20 along with the IV stored at offset 0x10.
The save data files are PFS decrypted with this key.