-
Notifications
You must be signed in to change notification settings - Fork 0
Instructions from Finanssivalvonta
John Nordberg edited this page Apr 19, 2020
·
3 revisions
Report files are encrypted with 256-bit AES algorithm.
Each file to be encrypted has its own AES encryption key generated (so called session key).
The encryption is done within CBC mode with PKCS7-padding.
Initialization Vector is generated with encryption and attached before the encrypted data.
The encryption key is encrypted with 2048-bit RSA using the public key of FIN-FSA.
FIN-FSA public key in Base64-coded format:
<RSAKeyValue><Modulus> sAXZXDDI8PNwy6ZGDkis/McSbWFdi+B+UV/lyHJRtwwnLHkKvgbms2o6OG2lDqvdU92bmOBrVPn162murwqIyZk/j8rZcOI0wgIUV431prkj39pGBWK4pA2YUDSCvfImlXJXu8tMAwoATJAA5ntJ4lQxA9ODeDhwlKI/yPxl+xUTrloLjsRn5KOrVCiweZO1eZq6ViVKmHCgH8XUSZYtbzmes9UBZgHGLj+L+pLJhF0aFzfc3+Ay1E/iEpus9y4e6rdf8C94wLxBIrE9hOSvm2V/WVZ5Ngg2OsUZO9K9aLl8lLMkVTw+QNDlru3z5xII/IWjjdoxZUEKQPMpYt41qw==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>
I.e. the encrypted document has RSA-2048-encrypted AES session key and encrypted data ”[IV][Data]”.
The encrypted session key and the encrypted data are base64-encoded in the ENCRYPTED_REPORT -xml document.
The output file looks like following:
<?xml version="1.0" encoding="utf-8"?>
<ENCRYPTED_REPORT xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<TITLE>BOFCRYPTNXT</TITLE>
<VERSION>2.0</VERSION>
<SESSION_KEY>Base64Enc(RSAEncrypt($FivaPublicKey, $SessionKey))</SESSION_KEY>
<OUT_BUFFER>Base64Enc((InitializationVector)(AESEncrypt($SessionKey, $PlainTextData)))</OUT_BUFFER>
</ENCRYPTED_REPORT>