3

I have a file which is encrypted using AES 128 and I have a key file whose size is 48 bytes. How can I decrypt the file using the key file?

The key file has no extension, I opened it in notepad and it has bizarre text. I have IV as 0x496daa1c6914000e408c65cead91fc29.

I don't know the cipher used for encryption but my guess is 80% for CBC.

Edit: More Info-> I am trying to decrypt an HLS stream, the m3u8 file has this line #EXT-X-KEY:METHOD=AES-128,URI="k/timestamp",IV=0x496daa1c6914000e408c65cead91fc29 which indicates that the file named "timestamp" is the key file, but its size is 48 bytes.

I am using Windows 10 but can switch over to Linux.

I don't know the OS used for encryption and the thing(OpenSSL,enc) that is used for encryption.

I am completely new to encryption and decryption.

Here's a link to the file Click Me

Wilfred Almeida
  • 159
  • 1
  • 2
  • 7
  • What file size is the key file? – user Jan 27 '21 at 16:33
  • @user Size of key file is 48 bytes. – Wilfred Almeida Jan 27 '21 at 16:39
  • 1
    48 bytes is strange size for an AES key. If it's AES-128, then the key should be 16 bytes (168=128); or if it's AES-256, then it should be 32 bytes (328=256). Is it possible that the key file that you have is armoured (i.e. protected with a password)? – mti2935 Jan 27 '21 at 17:22
  • Possibly a 32 byte key + 4 byte length specifier encoded in base64, but without actually seeing it there's no way to tell. – user Jan 27 '21 at 17:55
  • 1
    The "problem" with AES, in comparison to RSA, is that any 16 or 32 bytes of data is a valid key for AES-128/256 respectively. RSA keys on the other hand have a specific format, which makes them easy to tell apart. So unless you know the exact transformations applied to the data in the keyfile, I don't see much chance –  Jan 27 '21 at 18:12
  • @MechMK1 Key rotation is used – Wilfred Almeida Feb 09 '21 at 16:54
  • @WilfredAlmeida "Key Rotation" simply means that the encryption key is changed after a while. It has nothing to do with the task at hand. –  Feb 09 '21 at 17:14
  • @MechMK1 If that's the case then why is the key file 48 bytes for AES 128 encryption. I have updated the question, please check it. – Wilfred Almeida Feb 11 '21 at 06:46
  • Found a possible duplicate here, but can't create dupes across sites. –  Feb 11 '21 at 11:22
  • @MechMK1 I have read that previously before asking here, it didn't work for me. – Wilfred Almeida Feb 12 '21 at 06:09
  • @user I have added link to the file. Please check. – Wilfred Almeida Feb 14 '21 at 12:54

1 Answers1

1

Edit: More Info-> I am trying to decrypt an HLS stream, the m3u8 file has this line

#EXT-X-KEY:METHOD=AES-128,URI="k/timestamp",IV=0x496daa1c6914000e408c65cead91fc29

which indicates that the file named "timestamp" is the key file, but its size is 48 bytes.

RFC8216 describes how a HLS segment has to be encrypted / decrypted. In your playlist the method is AES-128 :

  • according to section 4.2.3.4, the encryption algorithm should be AES with 128-bit key and Cipher Block Chaining (CBC).
  • also in section 5.1, the key file should contain 16 octets in binary format, which means the file size has to be 16 bytes, 48 bytes is definitely the wrong size. You can check the content of the key file in hex form using tools like xxd ,don't open it directly by Notepad

How can I decrypt the file using the key file?

I don't know the OS used for encryption and the thing(OpenSSL,enc) that is used for encryption.

the simplest way of verification is to decrypt the file using openSSL command. (I think it is still easier than build a http server for key file and write web/mobile front-end with software packages which support HLS..... which might take more time ....)

openssl  aes-128-cbc  -d -K <YOUR_KEY_HEX_STRING> \
   -iv <YOUR_IV_HEX_STRING>  -in  /path/to/origin_file \
   -out /path/to/processed_file

Both of the segment file and initialization section file (if fMP4 is applied) can be decrypted using the command above.

Ham
  • 121
  • 6