:py:mod:`dissect.apfs.objects.keybag` ===================================== .. py:module:: dissect.apfs.objects.keybag Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: dissect.apfs.objects.keybag.Keybag dissect.apfs.objects.keybag.ContainerKeybag dissect.apfs.objects.keybag.VolumeKeybag dissect.apfs.objects.keybag.MediaKeybag dissect.apfs.objects.keybag.KEKBlob dissect.apfs.objects.keybag.KEK dissect.apfs.objects.keybag.VEKBlob dissect.apfs.objects.keybag.VEK Functions ~~~~~~~~~ .. autoapisummary:: :nosignatures: dissect.apfs.objects.keybag.aes_unwrap Attributes ~~~~~~~~~~ .. autoapisummary:: dissect.apfs.objects.keybag.HAS_PYSTANDALONE dissect.apfs.objects.keybag.HAS_CRYPTO .. py:data:: HAS_PYSTANDALONE :value: True .. py:data:: HAS_CRYPTO :value: True .. py:class:: Keybag(*args, **kwargs) Bases: :py:obj:`dissect.apfs.objects.base.Object` APFS Keybag. .. py:attribute:: __struct__ .. py:attribute:: object :type: dissect.apfs.c_apfs.c_apfs.media_keybag .. py:attribute:: entries .. py:property:: type :type: dissect.apfs.c_apfs.c_apfs.OBJECT_TYPE The object's type. .. py:class:: ContainerKeybag(*args, **kwargs) Bases: :py:obj:`Keybag` APFS Container Keybag. .. py:attribute:: __type__ .. py:method:: volume_keybag(uuid: bytes) -> VolumeKeybag | None The volume keybag for the given volume UUID, if present. :param uuid: The volume UUID. .. py:method:: vek(uuid: bytes) -> VEK | None The volume encryption key (VEK) for the given volume UUID, if present. :param uuid: The volume UUID. .. py:class:: VolumeKeybag(*args, **kwargs) Bases: :py:obj:`Keybag` APFS Volume Keybag. .. py:attribute:: __type__ .. py:method:: password_hint(uuid: bytes) -> str | None The password hint for the volume, if present. :param uuid: The volume UUID. .. py:method:: keks() -> collections.abc.Iterator[KEK] Iterator over the KEKs in the volume keybag. .. py:class:: MediaKeybag(*args, **kwargs) Bases: :py:obj:`Keybag` APFS Media Keybag. .. py:attribute:: __type__ .. py:class:: KEKBlob Bases: :py:obj:`asn1crypto.core.Sequence` .. py:class:: KEK Bases: :py:obj:`asn1crypto.core.Sequence` .. py:method:: __repr__() -> str .. py:property:: uuid :type: uuid.UUID The KEK's UUID. .. py:property:: flags :type: int The KEK's flags. .. py:method:: verify() -> bool Verify the KEK's HMAC. .. py:method:: unwrap(password: str) -> bytes Unwrap the KEK using the given password. .. py:class:: VEKBlob Bases: :py:obj:`asn1crypto.core.Sequence` .. py:class:: VEK Bases: :py:obj:`asn1crypto.core.Sequence` .. py:method:: __repr__() -> str .. py:property:: uuid :type: uuid.UUID The VEK's UUID. .. py:property:: flags :type: int The VEK's flags. .. py:method:: verify() -> bool Verify the VEK's HMAC. .. py:method:: unwrap(key: bytes) -> bytes Unwrap the KEK using the given key. .. py:function:: aes_unwrap(kek: bytes, wrapped: bytes, iv: int = 12008468691120727718) -> bytes AES key unwrapping algorithm (RFC3394). Derived from https://github.com/kurtbrose/aes_keywrap/blob/master/aes_keywrap.py