Share via

[MS-GKDI]: Group Key Distribution Protocol

  • Article

This topic lists Errata found in [MS-GKDI] since it was last published. Since this topic is updated frequently, we recommend that you subscribe to this RSS feed to receive update notifications.

Errata are subject to the same terms as the Open Specifications documentation referenced.

RSS

Errata below are for Protocol Document Version V8.0 - 2021/06/25.

Errata Published*

Description

2023/08/16

Section 2.2.4 Group Key Envelope

Description: In the Group Key Envelope structure, updated the 'IsPublicKey' field by renaming it to 'dwFlags' and specifying bit settings that enable this structure to transport a public key or to be used for encrypting new data.

Changed from:

Version

0x4B

0x44

0x53

0x4B

IsPublicKey

Changed to:

Version

0x53

dwFlags

Changed from:

"IsPublicKey (4 bytes): A 32-bit unsigned integer. This field MUST be set to 1 when this structure is being used to transport a public key, and otherwise set to 0. This field is encoded using little-endian format."

Changed to:

"dwFlags (4 bytes): A 32-bit unsigned integer. Bit 31 (LSB) MUST be set to 1 when this structure is being used to transport a public key, and otherwise set to 0. Bit 30, when set to 1, indicates that this key can be used for encrypting new data. This field is encoded using little-endian format."

2023/08/16

Section 2.2.4 Group Key Envelope: Changed isPublicKey to dwFlags and updated requirements for usage of bit 31 to indicate public key transportation and bit 30 to indicate the use of encryption.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Version

0x4B

0x44

0x53

0x4B

isPublicKey

... etc...

. . .

isPublicKey (4 bytes): A 32-bit unsigned integer. This field MUST be set to 1 when this structure is being used to transport a public key, and otherwise set to 0. This field is encoded using little-endian format.

. . .

cbL1Key (4 bytes): A 32-bit unsigned integer. This field MUST be the length, in bytes, of the L1 key field. This field is encoded using little-endian format. This field MUST be set to zero if the isPublicKey field is set to 1, or if the L1 index field is set to zero and the value in the L2 index field is not equal to 31.

. . .

L2 key (variable, optional): The L2 seed key ADM element or the group public key ADM element with group key identifier (L0 index, L1 index, L2 index) in binary form. If the value in the cbL2Key field is zero, this field is absent. If this field is present and the isPublicKey field is set to 1, then the length, in bytes, of this field MUST be equal to the value of the Public Key Length field. If this field is present and the isPublicKey field is set to 0, the length of this field MUST be equal to 64 bytes.

Changed to:


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Version

0x4B

0x44

0x53

0x4B

dwFlags

... etc...

. . .

dwFlags (4 bytes): A 32-bit unsigned integer. Bit 31 (LSB) MUST be set to 1 when this structure is being used to transport a public key, otherwise set to 0. Bit 30 MUST be set to 1 when the key being transported by this structure might be used for encryption and decryption, otherwise it should only be used for decryption. This field is encoded using little-endian format.

. . .

cbL1Key (4 bytes): A 32-bit unsigned integer. This field MUST be the length, in bytes, of the L1 key field. This field is encoded using little-endian format. This field MUST be set to zero if bit 31 of the dwFlags field is set to 1, or if the L1 index field is set to zero and the value in the L2 index field is not equal to 31.

. . .

L2 key (variable, optional): The L2 seed key ADM element or the group public key ADM element with group key identifier (L0 index, L1 index, L2 index) in binary form. If the value in the cbL2Key field is zero, this field is absent. If this field is present and bit 31 of the dwFlags field is set to 1, then the length, in bytes, of this field MUST be equal to the value of the Public Key Length field. If this field is present and bit 31 of the dwFlags field is set to 0, the length of this field MUST be equal to 64 bytes.

Section 3.2.4.1 Client Side Processing: Changed isPublicKey to bit 31 of the dwFlags field.

Changed from:

If the client successfully retrieves a key from the server, it will have received a group key in the format specified in section 2.2.4. The client MUST parse this format as follows:

1. If the isPublicKey field of the returned Group Key Envelope is set to 1, the value in the L2 key field is a public key with group key identifier (L0 field, L1 field, L2 field).

2. If the isPublicKey field of the returned Group Key Envelope is set to 0 and the L2 Key field is present, the value in the L2 key field is an L2 seed key with group key identifier (L0 field, L1 field, L2 field).

3. If the isPublicKey field of the returned Group Key Envelope is set to 0 and the L1 Key field is present, then:

Changed to:

If the client successfully retrieves a key from the server, it will have received a group key in the format specified in section 2.2.4. The client MUST parse this format as follows:

1. If bit 31 of the dwFlags field of the returned Group Key Envelope is set to 1, the value in the L2 key field is a public key with group key identifier (L0 field, L1 field, L2 field).

2. If bit 31 of the dwFlags field of the returned Group Key Envelope is set to 0 and the L2 Key field is present, the value in the L2 key field is an L2 seed key with group key identifier (L0 field, L1 field, L2 field).

3. If bit 31 of the dwFlags field of the returned Group Key Envelope is set to 0 and the L1 Key field is present, then:

*Date format: YYYY/MM/DD