Sealedkey / pfsSKKey
sealedkey file is located in sce_sys folder of savedata/trophies. It is not PFS encrypted.
It is used as a per savedata/trophy key in PFS encryption/decryption whilst gamedata/addcont uses klicensee.
File Structure[edit | edit source]
|0x8||0x4||Type (always 2)|
|0xC||0x4||Padding / unk|
|0x10||0x10||IV for encrypted key|
Decryption[edit | edit source]
The first step is to check the HMAC of the file. The process is to use the HMAC key from the Keys#PFS_Secret_Keys page to check the HMAC at position 0x30 in the file. If it is correct, it proceeds to use the pfsSKKey_EncKey to decrypt the value at +0x20 using the value at +0x10 as the IV.