![]() ![]() Preventing circumventing decryption with previously retrieved keys would require changes to both DE and Adobe Content Server and would take quite some time to propagate to all ACS customers. Decryption however is a property of the architecture of the system as a whole. Key retrieval depends only on the details of Digital Editions and can change seamlessly with an update to the same. In practical terms, this breaks ADEPT circumvention into two components: key retrieval and decryption. ![]() There is very little obfuscation in how Adobe Digital Editions hides and encrypts the per-user RSA key, allowing fairly simple duplication of exactly the same process Digital Editions uses to retrieve it. DRM systems ultimately depend not on the strength of their cryptography, but the complexity of their obfuscation. Unfortunately for Adobe, this isn't a crypto system, but a DRM system. It uses RSA with PKCS#1 v1.5 padding, which is perfectly adequate for this case. It uses AES in CBC mode with a random IV. The same circumvention probably also allows decryption of ADEPT-encrypted PDF files, although I haven't looked into it yet.ĪDEPT is pretty close to faultless as a crypto system - a per-user RSA key encrypts a per-book AES key which encrypts the content. ![]() ![]() By way of a concrete reverse-engineering contribution, I have successfully circumvented Adobe's ADEPT DRM scheme for EPUB files. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |