dissect.apfs.objects.keybag¶
Module Contents¶
Classes¶
APFS Keybag. |
|
APFS Container Keybag. |
|
APFS Volume Keybag. |
|
APFS Media Keybag. |
|
Functions¶
AES key unwrapping algorithm (RFC3394). |
Attributes¶
- dissect.apfs.objects.keybag.HAS_PYSTANDALONE = True¶
- dissect.apfs.objects.keybag.HAS_CRYPTO = True¶
- class dissect.apfs.objects.keybag.Keybag(*args, **kwargs)¶
Bases:
dissect.apfs.objects.base.ObjectAPFS Keybag.
- __struct__¶
- object: dissect.apfs.c_apfs.c_apfs.media_keybag¶
- entries¶
- property type: dissect.apfs.c_apfs.c_apfs.OBJECT_TYPE¶
The object’s type.
- class dissect.apfs.objects.keybag.ContainerKeybag(*args, **kwargs)¶
Bases:
KeybagAPFS Container Keybag.
- __type__¶
- volume_keybag(uuid: bytes) VolumeKeybag | None¶
The volume keybag for the given volume UUID, if present.
- Parameters:
uuid – The volume UUID.
- class dissect.apfs.objects.keybag.VolumeKeybag(*args, **kwargs)¶
Bases:
KeybagAPFS Volume Keybag.
- __type__¶
- class dissect.apfs.objects.keybag.MediaKeybag(*args, **kwargs)¶
Bases:
KeybagAPFS Media Keybag.
- __type__¶
- class dissect.apfs.objects.keybag.KEKBlob¶
Bases:
asn1crypto.core.Sequence
- class dissect.apfs.objects.keybag.KEK¶
Bases:
asn1crypto.core.Sequence- __repr__() str¶
- property uuid: uuid.UUID¶
The KEK’s UUID.
- property flags: int¶
The KEK’s flags.
- verify() bool¶
Verify the KEK’s HMAC.
- class dissect.apfs.objects.keybag.VEKBlob¶
Bases:
asn1crypto.core.Sequence
- class dissect.apfs.objects.keybag.VEK¶
Bases:
asn1crypto.core.Sequence- __repr__() str¶
- property uuid: uuid.UUID¶
The VEK’s UUID.
- property flags: int¶
The VEK’s flags.
- verify() bool¶
Verify the VEK’s HMAC.
- dissect.apfs.objects.keybag.aes_unwrap(kek: bytes, wrapped: bytes, iv: int = 12008468691120727718) bytes¶
AES key unwrapping algorithm (RFC3394).
Derived from https://github.com/kurtbrose/aes_keywrap/blob/master/aes_keywrap.py