Vista: Multiple Startup Keys on one USB flash drive

G

Guest

If I have several startup keys (.FVE files) for different Vista machines on
one USB flash drive, how does each machine know which one is correct? Is the
filename recorded somewhere in the unencypted portion of the drive? Or does
it simple try all the possible .FVE files until it finds the lucky winner?

Thanks,
 
J

Jamie Hunter [MS]

Good question :)

There are a number of layers to the answer.
(1) The filename uses a GUID. Each key protector (refer to WMI interface) is
referenced by a GUID, these are the same GUID.
(2) The structure of the binary file contains both the GUID of the encrypted
volume and the GUID of the key protector.
(3) When decrypting the VMK, AES/CCM is used with 256-bit AES key. This is
an industry standard algorithm, that contains a nonce and a MAC (message
authentication check). If the startup key was wrong, then the MAC part of
the AES/CCM algorithm detects this and causes a failure.
(4) Should 1-3 fail, then the data would be decrypted incorrectly into
gibberish :) Thankfully 1-3 prevents (4).
-
Jamie Hunter [MS]
 
G

Guest

Thanks again, Jamie.

I must give credit to my very inquisitive and bright colleagues for these
questions.
;-)

Jamie Hunter said:
Good question :)

There are a number of layers to the answer.
(1) The filename uses a GUID. Each key protector (refer to WMI interface) is
referenced by a GUID, these are the same GUID.
(2) The structure of the binary file contains both the GUID of the encrypted
volume and the GUID of the key protector.
(3) When decrypting the VMK, AES/CCM is used with 256-bit AES key. This is
an industry standard algorithm, that contains a nonce and a MAC (message
authentication check). If the startup key was wrong, then the MAC part of
the AES/CCM algorithm detects this and causes a failure.
(4) Should 1-3 fail, then the data would be decrypted incorrectly into
gibberish :) Thankfully 1-3 prevents (4).
-
Jamie Hunter [MS]

tavis said:
If I have several startup keys (.FVE files) for different Vista machines
on
one USB flash drive, how does each machine know which one is correct? Is
the
filename recorded somewhere in the unencypted portion of the drive? Or
does
it simple try all the possible .FVE files until it finds the lucky winner?

Thanks,
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Questions about writing to flash drives 10
Booting from USB flash drive with Gigabyte GA-G33-DS3R motherboard 0
USB flash drive in Vista 1
USB Flash drives 4
Can't Copy a Video File from USB Flash Drive to Hard Drive 6
Bitlocker on Flash Drive? 3
USB Flash Drive Installation Kits 1
USB Flash drive problems 15

Top