apollo13 Posted September 19, 2018 Report Posted September 19, 2018 (edited) Hi, I am currently testing enpass 6 and parts of my tests included reading the actual encrypted SQLite database. I wasn't able to decrypt the files using the sqlcipher program: sqlcipher vault.enpassdb SQLCipher version 3.15.2 2016-11-28 19:13:37 Enter ".help" for instructions Enter SQL statements terminated with a ";" sqlite> PRAGMA key='test123456'; sqlite> PRAGMA kdf_iter=100000; sqlite> SELECT count(*) FROM sqlite_master; Error: file is encrypted or is not a database I have taken kdf_iter from the vault.json file next to the actual vault file. What am I missing? Are you no longer using SQLCipher? Thanks, Florian Edited September 19, 2018 by apollo13
Anshu kumar Posted September 20, 2018 Report Posted September 20, 2018 Hi @apollo13, Thanks for writing in. Enpass 6 derives a key from the master password with PBKDF2-HMAC-SHA512 100K iterations (outside of SQLCipher) and uses it as the raw key for SQLCipher. Salt is first 16 byte of Sqlcipher database file. You need to follow the same procedure. Thanks!
apollo13 Posted September 20, 2018 Author Report Posted September 20, 2018 (edited) Hi @Anshu kumar, I've tried generating the key in python: In [9]: hashlib.pbkdf2_hmac('sha256', b'test123456', b'', 100000).hex() Out[9]: '88a4dbc9afab5c7fc7875a84b1a137478d9f7a74b4b0881d40bfaa5ecfb81c93' and then in sqlcipher: sqlite> PRAGMA key="x'88a4dbc9afab5c7fc7875a84b1a137478d9f7a74b4b0881d40bfaa5ecfb81c93'"; sqlite> SELECT count(*) FROM sqlite_master; Error: file is encrypted or is not a database what are you using as salt? Edited September 20, 2018 by apollo13
Anshu kumar Posted September 20, 2018 Report Posted September 20, 2018 Hi @apollo13, Sorry, my miscommunication with dev team. Just updated the answer. Thanks!
apollo13 Posted September 20, 2018 Author Report Posted September 20, 2018 Hi @Anshu kumar, I've used hashlib.pbkdf2_hmac('sha256', b'test123456', open('vault.enpassdb', 'rb').read(16), 100000).hex() now to generate the new key; I still get Error: file is encrypted or is not a database How is the password set? UTF-8 encoded bytes of the actual master password?
Vinod Kumar Posted September 20, 2018 Report Posted September 20, 2018 Hi @apollo13, You didn't noticed the change in sha algorithm in @Anshu kumar 's reply. It is sha512 not sha256. Yes, master password is UTF-8 encoded. Cheers,
apollo13 Posted September 20, 2018 Author Report Posted September 20, 2018 (edited) Hi @Vinod Kumar, good catch, that was my mistake. The final command: hashlib.pbkdf2_hmac('sha512', b'test123456', open('vault.enpassdb', 'rb').read(16), 100000).hex()[:64] So basically what Enpass uses as key: pbkdf2_hmac_sha512 with (currently) 100k iterations (see vault.json for the current count) the first 16 byte of the encrypted file as sault the result of the keyderivation is hex encoded and limited to 64 hex digits Thanks, Florian Edited September 21, 2018 by apollo13
Hitman Posted September 20, 2018 Report Posted September 20, 2018 Wow, thanks for being so forthcoming with these information. That really shows that you take security seriously (because obscurity won't work). Enpass rocks!
totkeks Posted September 21, 2018 Report Posted September 21, 2018 18 hours ago, apollo13 said: Hi @Vinod Kumar, good catch, that was my mistake. The final command: hashlib.pbkdf2_hmac('sha256', b'test123456', open('vault.enpassdb', 'rb').read(16), 100000).hex()[:64] So basically what Enpass uses as key: pbkdf2_hmac_sha512 with (currently) 100k iterations (see vault.json for the current count) the first 16 byte of the encrypted file as sault the result of the keyderivation is hex encoded and limited to 64 bytes Thanks, Florian In your call you still select sha256 instead of sha512 as hashing algorithm. Secondly, when converting to hex you get 64 digits (not bytes!) for SHA256 and 128 for SHA512. 256 bits = 64 hex digits = 32 bytes. 512 bits = 128 hex digits = 64 bytes. I would assume that there is an error in the algorithm. Because using SHA512 and then limiting the result to 64 hex digits seems counter productive. You basically throw away half of your hash for no reason and reduce the encryption key size by half. Not sure if that is intended. Even though a 32 byte symmetric encryption key is already hard to crack, except for the fact that the entropy is limited due to the available alphabet being 0-9 and a-f. So if I remember my lectures correctly that would make 1632 (=24^32=24*32=2128) different combinations instead of 2256.
apollo13 Posted September 21, 2018 Author Report Posted September 21, 2018 (edited) Hi @totkeks, yes, that was a copy & paste error in the forum. I've fixed my command in the previous post. I am not sure what to tell you but SQLCipher docs say: Quote Alternatively, it is possible to specify an exact byte sequence using a blob literal. With this method, it is the calling application's responsibility to ensure that the data provided is a 64 character hex string, which will be converted directly to 32 bytes (256 bits) of key data. Given that the sha512 hash is longer I just truncated -- I just tried to open the file; not exactly sure what enpass actually wants to do EDIT:// I've verified that the full 64 bytes / 128 hex digits from my hashing do not open the sql database; you need to pass the truncated value. Also I am not sure that: 1 hour ago, totkeks said: Even though a 32 byte symmetric encryption key is already hard to crack, except for the fact that the entropy is limited due to the available alphabet being 0-9 and a-f. holds, the SQLCipher docs say that they are converting the hex string back to bytes and using that as key instead of the hex string as bytes directly. Edited September 21, 2018 by apollo13
totkeks Posted September 21, 2018 Report Posted September 21, 2018 6 hours ago, apollo13 said: Given that the sha512 hash is longer I just truncated -- I just tried to open the file; not exactly sure what enpass actually wants to do Ah okay, then they just use SHA512 for harder to break hashes or something. 6 hours ago, apollo13 said: the SQLCipher docs say that they are converting the hex string back to bytes and using that as key instead of the hex string as bytes directly. Thanks for the hint, then my doubts were for no reason. I guess we should sticky the algorithm description and the python example somewhere.
apollo13 Posted September 21, 2018 Author Report Posted September 21, 2018 12 minutes ago, totkeks said: I guess we should sticky the algorithm description and the python example somewhere. Yeah, some FAQ or https://www.enpass.io/security would probably be a good place. Didn't get a time to look into the data inside the database, but I think the individual values might also be encrypted. That information should then get added too.
ataraxia Posted January 24, 2019 Report Posted January 24, 2019 Dear Enpass Team, Could you please share some more detailed info on how to decrypt the AES keys inside the DB? The notes in the security whitepaper are rather brief and a bit too concise. There seem to be multiple tables (Identity, vault_info, etc) that contain binary data and it's unclear how to extract the AES key and initialization vector. Thanks.
juja Posted April 3, 2019 Report Posted April 3, 2019 (edited) @Anshu kumar I would like to support the request for more information. While we know how to read the encrypted database at all, there is no proper information how the passwords are encrypted in the database (how to decrypt the "key" field in items, how to access additional vaults, etc.). The security whitepaper does not explain this. Without this information it is impossible to properly check the security of Enpass and come to a judgement. You were above lauded for not trying "security by obscurity" but one might differ considering this. So please give us more information. This would really be appreciated. Thank you! Edited April 3, 2019 by juja 1
Akasurde Posted October 18, 2019 Report Posted October 18, 2019 @Anshu kumarCould you please provide more details about decrypting the individual rows in `item` table ? Seems like there is no information available.
Akasurde Posted October 18, 2019 Report Posted October 18, 2019 @apollo13 Can you please share your code so that community can take advantage of your findings ? I am stuck here - https://github.com/HazCod/enpass-cli/issues/16#issuecomment-530369397
apollo13 Posted November 7, 2019 Author Report Posted November 7, 2019 @Akasurde I only have what I shared. @Anshu kumar could you please provide some details on how the individual entries are encrypted?
Akasurde Posted January 9, 2020 Report Posted January 9, 2020 @Anshu kumar Any updates ? We are still researching how to decrypt individual entries.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now