How to extract IV from ciphertext in XML

I have received an encrypted XML document, that contains a. An encrypted session key – this was encrypted using my public key. I have succesfully decrypted this using:

const decryptedSessionKey = crypto.privateDecrypt( { key: privKey, padding: crypto.constants.RSA_PKCS1_PADDING }, encryptedString );

b. The actual Ciphertext (UTF-8 encoded, 85228 is the character length)

c. The w3 specs suggest that the Initialisation Vector is prefixed to this cipher text, so I converted the cipher text to a Buffer, and sliced the first 16 bytes to create the IV. I then used:

const xmlIV = Buffer.from(message.slice(0, 16), ‘utf-8’);

const cryptoIv = Buffer.alloc(16, xmlIV); // Initialization vector.

const decipher = crypto.createDecipheriv(cryptoAlgorithm, decryptedSessionKey, cryptoIv);

// message.slice is removing the prefixed IV.

let decrypted = decipher.update(message.slice(16), ‘binary’, ‘binary’);

try {


} catch (err) {

console.error('Authentication failed!'); 



Decrypted is a buffer of length 85200 – which is 12 characters shorter than the message. And converting it to a utf-8 encoded string returns corrupted text.

Any superheroes out there who could help troubleshoot this ? Many thanks!

“john –format=md5” caused “Unknown ciphertext format name requested” error

  • This is known md5 hash for Kioptrix: Level 1.1 (#2)

Linux unshadow file

wolf@linux:~$   cat md5hash.txt  root:$  1$  FTpMLT88$  VdzDQTTcksukSKMLRSVlc.:0:0:root:/root:/bin/bash john:$  1$  wk7kHI5I$  2kNTw6ncQQCecJ.5b8xTL1:500:500::/home/john:/bin/bash harold:$  1$  7d.sVxgm$  3MYWsHDv0F/LP.mjL9lp/1:501:501::/home/harold:/bin/bash wolf@linux:~$    

md5hash only

wolf@linux:~$   cat md5hash_only.txt  $  1$  FTpMLT88$  VdzDQTTcksukSKMLRSVlc. $  1$  wk7kHI5I$  2kNTw6ncQQCecJ.5b8xTL1 $  1$  7d.sVxgm$  3MYWsHDv0F/LP.mjL9lp/1 wolf@linux:~$    

Since I know that these are md5 format, I used --format=md5 option in john.

Unfortunately, I’m getting Unknown ciphertext format name requested error.

wolf@linux:~$   john --format=md5 md5hash.txt  Unknown ciphertext format name requested wolf@linux:~$     wolf@linux:~$   john --format=md5 md5hash_only.txt  Unknown ciphertext format name requested wolf@linux:~$    

I’ve verified that the format is similar with pentestmonkey cheat-sheet

Any idea what’s wrong here?

Does Windows CNG Keystore supports exporting a key or keypair in ciphertext?

As Windows CNG Keystorage offers API to export key(pair)s:

SECURITY_STATUS NCryptExportKey(   /* The handle of the key(pair) to export */   NCRYPT_KEY_HANDLE hKey,   /* The handle of a key to encrypt exported key(pair) */   NCRYPT_KEY_HANDLE hExportKey,   LPCWSTR           pszBlobType,   NCryptBufferDesc  *pParameterList,   PBYTE             pbOutput,   DWORD             cbOutput,   DWORD             *pcbResult,   DWORD             dwFlags ); 

It seems that the exported key blob could be encrypted with hExportKey, but I haven’t found any definition of the ciphertext format. For example, to export a DH keypair by setting parameter pszBlobType to BCRYPT_DH_PRIVATE_BLOB, the mannual just ambiguously said

Export a Diffie-Hellman public/private key pair. The pbOutput buffer receives a BCRYPT_DH_KEY_BLOB structure immediately followed by the key data.

And the BCRYPT_DH_KEY_BLOB is defined as follows:

typedef struct _BCRYPT_DH_KEY_BLOB {   ULONG dwMagic;//BCRYPT_DH_PUBLIC_MAGIC or BCRYPT_DH_PRIVATE_MAGIC   ULONG cbKey;//The length, in bytes, of the key } BCRYPT_DH_KEY_BLOB, *PBCRYPT_DH_KEY_BLOB; 

As the above structure is a header followed by the real data in contigious memory, the BCRYPT_DH_PRIVATE_BLOB (also the key data mentioned before) is composed as

BCRYPT_DH_KEY_BLOB Modulus[cbKey] // Big-endian. Generator[cbKey] // Big-endian. Public[cbKey] // Big-endian. PrivateExponent[cbKey] // Big-endian. 

Now I wonder that:

As Keystore does not support the generation and storage of symmetric keys, is the parameter hExportKey of NCryptExportKey really valid?

If yes:

  1. Where does the exportKey come from?

  2. What format would the BCRYPT_DH_PRIVATE_BLOB be encrypted to? Just a unreadable blob with about cbKey*4 bytes?