AnsweredAssumed Answered

Question about bkek generation in general memory (red) test blobs

Question asked by sam rusty on Jan 20, 2017
Latest reply on Jan 29, 2017 by sam rusty

I am trying to create an offline red blob and then have it decrypt appropriately on the hardware, I am using a t1040rdb for the current test and it is currently in non-secure mode.  The documentation implies that the BKEK is derived from the MASTERKEY(256 bit) appended with my Modifier(128bit) and a 2 byte pad (some docs have values and some say it is the blob type 16 bits) I have used all 65k combinations for the pad in this effort to rule out any discrepancies.  In non secure mode a test key is suppose to be used and is documented to be all zeros in place of the OTPMK for the master key.  However when I create a unsigned char array of 32 zero's along with my modifier used to create a test blob and any combination for the 2 byte pad then a sha 256 of that message, I don't get the bkek returned in the test blob.  Can someone clearify what I am missing?  Or where I can view the test key being used for the test blob?  Or if I need to set something in order to make it zeros, since that is also implied in some of the manuals.

Thanks in advance.

Outcomes