dissect.hypervisor.util.envelope
#
Module Contents#
Classes#
Attributes#
- dissect.hypervisor.util.envelope.HAS_PYSTANDALONE = True#
- dissect.hypervisor.util.envelope.HAS_PYCRYPTODOME = True#
- dissect.hypervisor.util.envelope.c_def = Multiline-String#
Show Value
""" struct EnvelopeFileHeader { char magic[21]; char _pad[483]; uint32 size; uint32 version; }; struct DataTransformAeadFooter { char magic[23]; char _pad[9]; char data[4056]; uint32 size; uint32 version; }; struct DataTransformCryptoFooter { char magic[25]; char _pad[479]; uint32 padding; uint32 version; }; enum AttributeType : uint8 { Invalid = 0x0, // These are guesses based on size and used attributes UInt8 = 0x1, UInt16 = 0x2, UInt32 = 0x3, UInt64 = 0x4, Int8 = 0x5, Int16 = 0x6, Int32 = 0x7, Int64 = 0x8, Float = 0x9, Double = 0xA, // These are certain String = 0xB, Bytes = 0xC }; """
- dissect.hypervisor.util.envelope.c_envelope#
- dissect.hypervisor.util.envelope.FILE_HEADER_MAGIC = b'DataTransformEnvelope'#
- dissect.hypervisor.util.envelope.FOOTER_AEAD_MAGIC = b'DataTransformAeadFooter'#
- dissect.hypervisor.util.envelope.FOOTER_CRYPTO_MAGIC = b'DataTransformCryptoFooter'#
- dissect.hypervisor.util.envelope.PBKDF2_SALT = b'This is obfuscation, not encryption. If you want encryption, use TPM.'#
- dissect.hypervisor.util.envelope.ENVELOPE_BLOCK_SIZE = 4096#
- dissect.hypervisor.util.envelope.ENVELOPE_ATTRIBUTE_TYPE_MAP#
- dissect.hypervisor.util.envelope.DECRYPT_CHUNK_SIZE#
- dissect.hypervisor.util.envelope.EnvelopeAttribute#
- class dissect.hypervisor.util.envelope.Envelope(fh: BinaryIO)#
Implements an encryption envelope as used within ESXi.