USRPKEY on Android 7x can't be decrypted

[khanhtdk]

I used your tool to decrypt keys on an Android 7 platform. It worked flawlessly with USRCERT and CACERT, however with USRPKEY it didn't.

Command and exceptions:

$ java -jar build/libs/ksdecryptor-all.jar .masterkey 10080_USRPKEY_signing_key xxxx

Read '.masterkey'
master key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Read '10080_USRPKEY_signing_key'
Exception in thread "main" java.lang.IllegalArgumentException: Invalid value for MAC size: 0
        at org.bouncycastle.crypto.modes.OCBBlockCipher.init(Unknown Source)
        at org.nick.ksdecryptor.Keymaster1Blob.createOCBCipher(Keymaster1Blob.java:124)
        at org.nick.ksdecryptor.Keymaster1Blob.parse(Keymaster1Blob.java:82)
        at org.nick.ksdecryptor.Main.showKeyMaterial(Main.java:157)
        at org.nick.ksdecryptor.Main.showBlob(Main.java:68)
        at org.nick.ksdecryptor.Main.main(Main.java:52)

Could you help to fix it? Thanks!

[nelenkov]

Pretty much all of the recent devices use some form of hardware encryption these days, so decrypting private keys won't work. There simply isn't any key material in the file. You can look at the file with a binary editor to get some details, but I am guessing it's just a pointer to the real key.

You could say this tool is more of a historical/learning significance, it's unlikely you can use it on any real device anymore.