3.1.4.1.1 BACKUPKEY_BACKUP_GUID

  • Article

msdn link

The server MUST proceed as follows:

  1. Retrieve the current ServerWrap key identifier, which is a 16-byte GUID stored as the value of the LSA (Domain Policy) Remote Protocol secret object named G$BCKUPKEY_P, using the method specified in [MS-LSAD] section 3.1.4.6.6. Let keyGuid denote this identifier. Let keyGuidString denote the GUIDString ([MS-DTYP] section 2.3.4.3) representation of keyGuid. Retrieve the value of the LSA (Domain Policy) Remote Protocol secret object named G$BCKUPKEY_keyGuidString, using the method specified in [MS-LSAD] section 3.1.4.6.6. This value is the current ServerWrap key, formatted as specified in section 2.2.7. If this process succeeds, go to step 3. If no current ServerWrap key identifier exists, or the corresponding ServerWrap key cannot be located, or the ServerWrap key is not in the correct format, then create a new ServerWrap key as specified in step 2.

  2. Create a new ServerWrap key as follows:

    1. Generate 256 random bytes using a cryptographically strong random number generator, and format the result as a ServerWrap key object, specified in section 2.2.7.

    2. Using a cryptographically strong random number generator, generate a 16-byte GUID value. Let this value be denoted newGuid, and let its GUIDString representation ([MS-DTYP] section 2.3.4.3) be denoted newGuidString.

    3. Create a new LSA (Domain Policy) Remote Protocol secret object named G$BCKUPKEY_newGuidString, and set its value to the result of the first procedure in step 2, as specified in [MS-LSAD] section 3.1.4.6.5. This secret object will be stored in the domain's Active Directory database by the LSA (Domain Policy) protocol server as specified in the first table of [MS-LSAD] section 3.1.1.4. As a consequence, this secret object will be replicated to all other DCs in the domain by Active Directory server-to-server replication mechanisms.

    4. Create a new LSA (Domain Policy) Remote Protocol secret object named G$BCKUPKEY_P, and set its value to the 16-byte binary representation of newGuid, as specified in [MS-LSAD] section 3.1.4.6.5. If an LSA (Domain Policy) Remote Protocol secret object named G$BCKUPKEY_P already exists, replace its value with newGuid. This secret object will be stored in the domain's Active Directory database by the LSA (Domain Policy) protocol server as specified in the first table of [MS-LSAD] section 3.1.1.4. As a consequence, this secret object will be replicated to all other DCs in the domain by Active Directory server-to-server replication mechanisms.

  3. At this stage, we have the value of the current ServerWrap key. Let SrvKey denote the full length of the key, which is 256 bytes.

  4. Retrieve the SID of the calling user.

  5. Using a cryptographically strong random number generator, generate 68 bytes of random data. We will refer to this value as R2.

  6. Using a cryptographically strong random number generator, generate 32 bytes of random data. We will refer to this value as R3.

  7. Compute the SHA-1 HMAC [RFC2104] of R2 using SrvKey (from step 3) as the HMAC key. We will refer to the resulting 20-byte value as SymKey.

  8. Compute the SHA-1 HMAC [RFC2104] of R3 using SrvKey (from step 3) as the HMAC key. We will refer to the resulting 20-byte value as MacKey.

  9. Create an Rc4EncryptedPayload structure as specified in section 2.2.4.1. Place the result of step 6 in the R3 field, the result of step 4 in the SID field, and the secret to be wrapped (supplied in the pDataIn parameter) in the Secret field. Compute the SHA-1 HMAC [RFC2104] of the SID and Secret fields using MacKey (computed in step 8) as the HMAC key, and place the result in the MAC field.

  10. Encrypt the result of step 9 using the RC4 encryption algorithm ([SCHNEIER] section 17.1) with SymKey (computed in step 7) as the key.

  11. Create a wrapped secret structure as specified in section 2.2.4. Set the first 4 bytes of this structure to fixed values as specified in section 2.2.4; set the Payload_Length field to the length of the secret, in bytes (supplied in the cbDataIn parameter); set the GUID_of_Wrapping_key field to the current ServerWrap key identifier; and set R2 to the result of step 5. Place the result of step 10 in the Rc4EncryptedPayload field and its length, in bytes, in the Ciphertext_Length field.

  12. Return success (that is, zero) to the client, with the result of step 11 in the ppDataOut parameter and its length, in bytes, in the pcbDataOut parameter.