added LATEST.md including tests

2025-03-20 21:42:04 +01:00 · 2025-03-20 21:42:04 +01:00 · d3b049907b
commit d3b049907b
parent 27cd0597be
4 changed files with 159 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -1,5 +1,7 @@
 # NLS - NVIDIA License System

+> Current status / questions / is in [doc/LATEST.md](doc/LATEST.md)
+
 [TOC]

 # About this project
--- a/doc/LATEST.md
+++ b/doc/LATEST.md
@ -0,0 +1,32 @@
+# Latest
+
+> For information how to get at a point to reproduce this, please read
+> - [README](README.md) or
+> - [Installation / Docker Setup](DockerSetup.md)
+
+# `master_pwd.bin` and `master_pwd_v100.bin`
+
+There are two files in `/var/lib/docker/overlay2/<nls-container-id>/merged/etc/dls/config`.
+Both files are *base64* decoded, maybe this could be essential for AES-Encryption/Decryption.
+When *base64-decoded* both files have a length of **256 bytes**.
+
+If these files are renamed (adding `.bak`) NLS stack will not come up.
+
+- `master_pwd.bin`
+  ```
+  RdX1Fng5fYUEq+hSvQcDPdZmKkLfEfVd9k6OU6BG0UpFz1s9fbT5H2fqPBcxFogg
+  yFNvJnLizyGi0nSLEQQL/+wmYcTnFj0TI5svrKMXLLM2gED8ZozvTyKQNpVZssad
+  QkLz7Y3qaSFG90OEXD0MU48SgUkfUF4jnyU2jxph72AuI5djjWV+fjfNM60q/nOb
+  RUrn5hWm4qczga8N6eK6J8hOXNRm+9k2tT4PG+MuqhwdHxfdY9eCnNWVZWfqg3e9
+  OnRDt/ZZvBg8po4aP21Nobqr0UDkIrwbBa+b/gC6BTF/1/MwoLPmFFNlnnB8yJXs
+  Gn0aj+WXNuH+Syt+BiNUcQ==
+  ```
+- `master_pwd_v100.bin`
+  ```
+  mht1iKDDsWrp/AVs2h5wpO14FKbIwAQW4yVKEYaDaPIgWQmapRqsm2gqIYgZ8nqb
+  emRg51JtCdPRzKXFFKswae2wzLj1ldc4ksrVGRFyyh6Kn4bmtZs30tgwIRnuh2PT
+  XbhVZTQVD2SbiWTBl7SjgVpuUnUdhJWVGnF/0ksMaB3GVlgnVULJnomaUlvgdeL0
+  NE4PacjTQsfXoRdbjAeE390PcK+Ax8OQATXA9AezXV3EnjRAapOBCRqCb3S+lOVJ
+  oL0050bYWC85Ijb+SDR3fl1UxQf2XgaKKx2E0/gUy0EtCLtpwT4L0iS2hzKENxgd
+  B0kFriXRTxdejBmBPl36jQ==
+  ```
--- a/doc/README.md
+++ b/doc/README.md
@ -1,5 +1,7 @@
 # Doc

+> Current status / questions / is in [doc/LATEST.md](LATEST.md)
+
 - [Installation / Docker Setup](DockerSetup.md)
 - [Reverse Engineering Notes](ReverseEngineeringNotes.md)
 - [Licensing Flow / Process](LicensingFlow.md)
--- a/src/test/test_decrypt.py
+++ b/src/test/test_decrypt.py
@ -0,0 +1,123 @@
+import base64
+from cryptography import x509
+from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+from cryptography.hazmat.primitives.serialization import load_pem_private_key, load_pem_public_key, Encoding
+
+
+### DEFAULTS
+
+# SELECT xid FROM request_routing.service_instance
+NV_SI_SITE_ID = '4e53a171-103b-4946-9ed8-5f4c0ee750d9'
+# SELECT value FROM si_<xid>.service_instance_artifact WHERE namespace = 'service_instance.client.all' and name = 'private_key'
+NV_SI_KEY_RSA = """-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyIz6i48cFn4XOK0S2GTYpLMU85xzJ1fmQmA2nC6Zod2V4BxN
+Xqk+9y8nvdzZVELxmC+N47ZQGV/J5cquIadx0V42F3JTryJFDuZ+7fQsNlXUX3og
+UQhhgvHuluhDJQSvdZAzpguS7N+gJGCGbGk1pZBYL2JtTDTWSIcWsQtD/w9DAPEk
+K5cHGoZkovngH1LOTkVAcyEqKxLblerMnLu3rOaDVkEcf+1l2BwvHUWTU4LI6uud
+CWP2em69T2EXp1qczi5IKJzc53puNfp5nXlHayrneYAdIbEAQSQg+Z40npUwNKW7
+1Ue2NsG3SoGWuj3lTyEVXlLsAw0bsCDVLipMWwIDAQABAoIBAA24FyuU221ueSHK
+m49ro3Mg2dep/10ICYH6f8HcLjmBPwKlucucwehTtK3esPJ8SEQ9r8DA2zN6w56R
+aHgRsrRWQL0Gq4YMTuascRWce0NirueyvKM02SoFnGl8wGfrE7wNfhSalhWkkDMg
+DaujRtg2MTiMmY15z9U5gh16XjYEZipOmfmNWHLCMRnEsXV/ToZ+g7ekruKPweGD
+A52tG0pN/KYVaQFX+sZ7eXpd1jEl4gCSHup1SopAM3+is0DzeHiLSg9ZUN9dd8af
+L+SYAOCjRHXkUKcQN8a3FffoPInjy4D57dndkqRusiCtRJV3TEjO4Ld9cj/fqQZ2
+kDMT0YECgYEA0iPJu73Kz3wruxGfzq2zTE8RMM/EF8OAXi/qzKer40w7KLZ4aY0c
+5FUJwehipYM390/OUf0x3jiwMVk3wR6M9/L9h70zN1OCIKnCbLc+e0sgK9nYY98y
+XxXIu/HfRi42usAg6IQsr41z+Y7qY/zlyIDdoGJPTgra2aFUbYG/pD8CgYEA9FF2
+GfBlC5NUxwjjwEeNXvKU3wvzoZ0wS3EMrj0ylXY/4Q+thlfOWiGBKUOik8mSohgL
+9qP756185Map/szCUzjlr13hgLg+nECJuP6hLWP2V4O+vS2dNg+lxWJ7EZVxhRR1
+ueJE4xkOU2v00b0H+nJyDnoEhdHlvFFVnh+roOUCgYEAnyxwoH8Q4r1hup+M91bn
+m4PAt8KI/J8f2zhcmIzhTJjvrtUYvIshOWuYqoLGRizw9apD1CL/5R33iEnWS7hC
+e4ZZuLn904iz5t3v4b2j3Gx5f/3RRUVJuHCdzo9V2qki1660vqtv1cJF+ODidr6X
+p5rFRblx7OGYCIWFmDVR3q0CgYBZZ03eZBe1yq4lP12ISSa0bfSIQmle5JR9ptrL
+D93oz6LEiuYm2Q7L8KLBJNzjU8nywvXtxUgzGUswtHoUoX0i0xlJuQMCBWnz57H+
+Hj+AyqmkkLNFquFynPs+ZbE/V/54gmoqIWCv8cVKRaEK9y9qOGMAZSouhgaZiPHZ
+sSEu+QKBgQDRpPzQrn0xD0QPvQMi/gl8TJHjEfjQkGkxREa1XAKj4XcHXKwzSfdf
+LdUhyKEt/if0EJd09UbH6+T7aqkuw4HthF8ab2FSlLcyQ6t0UYUlTwCLTHsquqeu
+5+Le7DO89hskB8DKr4Oobmr12eulCf81UDYWSKhDYeqrBJyf3PopLg==
+-----END RSA PRIVATE KEY-----
+"""
+# SELECT value FROM service_instance_artifact WHERE namespace = 'service_instance.client.all' and name = 'public_key'
+NV_SI_KEY_PUB = """-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIz6i48cFn4XOK0S2GTY
+pLMU85xzJ1fmQmA2nC6Zod2V4BxNXqk+9y8nvdzZVELxmC+N47ZQGV/J5cquIadx
+0V42F3JTryJFDuZ+7fQsNlXUX3ogUQhhgvHuluhDJQSvdZAzpguS7N+gJGCGbGk1
+pZBYL2JtTDTWSIcWsQtD/w9DAPEkK5cHGoZkovngH1LOTkVAcyEqKxLblerMnLu3
+rOaDVkEcf+1l2BwvHUWTU4LI6uudCWP2em69T2EXp1qczi5IKJzc53puNfp5nXlH
+ayrneYAdIbEAQSQg+Z40npUwNKW71Ue2NsG3SoGWuj3lTyEVXlLsAw0bsCDVLipM
+WwIDAQAB
+-----END PUBLIC KEY-----
+"""
+# /etc/dls/config/master_pwd.bin
+NV_MASTER_PWD_BIN = """RdX1Fng5fYUEq+hSvQcDPdZmKkLfEfVd9k6OU6BG0UpFz1s9fbT5H2fqPBcxFogg
+yFNvJnLizyGi0nSLEQQL/+wmYcTnFj0TI5svrKMXLLM2gED8ZozvTyKQNpVZssad
+QkLz7Y3qaSFG90OEXD0MU48SgUkfUF4jnyU2jxph72AuI5djjWV+fjfNM60q/nOb
+RUrn5hWm4qczga8N6eK6J8hOXNRm+9k2tT4PG+MuqhwdHxfdY9eCnNWVZWfqg3e9
+OnRDt/ZZvBg8po4aP21Nobqr0UDkIrwbBa+b/gC6BTF/1/MwoLPmFFNlnnB8yJXs
+Gn0aj+WXNuH+Syt+BiNUcQ==
+"""
+# /etc/dls/config/master_pwd_v100.bin
+NV_MASTER_PWD_V100_BIN = """mht1iKDDsWrp/AVs2h5wpO14FKbIwAQW4yVKEYaDaPIgWQmapRqsm2gqIYgZ8nqb
+emRg51JtCdPRzKXFFKswae2wzLj1ldc4ksrVGRFyyh6Kn4bmtZs30tgwIRnuh2PT
+XbhVZTQVD2SbiWTBl7SjgVpuUnUdhJWVGnF/0ksMaB3GVlgnVULJnomaUlvgdeL0
+NE4PacjTQsfXoRdbjAeE390PcK+Ax8OQATXA9AezXV3EnjRAapOBCRqCb3S+lOVJ
+oL0050bYWC85Ijb+SDR3fl1UxQf2XgaKKx2E0/gUy0EtCLtpwT4L0iS2hzKENxgd
+B0kFriXRTxdejBmBPl36jQ==
+"""
+
+
+def test_b64_decode():
+    nv_master_pwd = base64.b64decode(NV_MASTER_PWD_BIN)
+    nv_master_pwd_v100 = base64.b64decode(NV_MASTER_PWD_V100_BIN)
+
+    assert 256 == len(nv_master_pwd)
+    assert 265 == len(nv_master_pwd_v100)
+
+
+def test_aes_encrypt():
+    pass
+
+def test_aes_decrypt():
+    nv_private_key = load_pem_private_key(NV_SI_KEY_RSA.encode('utf-8'), password=None)
+    assert 2048 == nv_private_key.key_size
+
+    # SELECT property_value FROM si_<xid>.configuration WHERE property_name = 'DLS_SI_CERTIFICATE'
+    nv_dls_si_certificate = {
+        "not_after": "2028-03-11T12:27:21.000Z",
+        "ca_chain": "[\"-----BEGIN CERTIFICATE-----\\r\\nMIIF3TCCA8WgAwIBAgIUCpVszfecRrnPa3EGwPKuyWESBmMwDQYJKoZIhvcNAQELBQAwcjELMAkG\\r\\nA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDzANBgNVBAoTBk52aWRpYTEnMCUGA1UECxMe\\r\\nTnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMpMRQwEgYDVQQDEwtOTFMgUm9vdCBDQTAeFw0y\\r\\nNDA5MjYwNzM4MTlaFw0zNDA5MjQwNzM4NDlaMHoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp\\r\\nZm9ybmlhMQ8wDQYDVQQKEwZOdmlkaWExJzAlBgNVBAsTHk52aWRpYSBMaWNlbnNpbmcgU2Vydmlj\\r\\nZSAoTkxTKTEcMBoGA1UEAxMTTkxTIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD\\r\\nggIPADCCAgoCggIBAOIb5ZcYWR78WkJipEW4cOB2d3WkXhjzA9Omj0SBnA6fJad+zObguInmkgyB\\r\\nUC/0xMnHeEH1WQpZ0yZE1rdH0ziwPy07hmCgjMSC8iXSfV4QXoHzsQy80HSbD3dr0A5Fk9UrWdJu\\r\\nIlLnwqTfUjxMSqiVYbGI2JLVLDIPjnrCKgZ//vVTFWiMDQaGInDz5Qo3azHIt1Sw3u47/b88TzmK\\r\\ni3TMbjtAR3djlhQfJBY6nUdP8wWy2Fntx9fO7U723sp6cnGtHnbXGpon/QqxlPjT4RXXm1QmFQ/d\\r\\nyUmvmjoiJsCQ3v2KFJNei2bkUS29ZKPr4TGokojOilESQAQTLo+5s0cN7ZtPWvwZ4uets84GCRP5\\r\\ndC+aKoNQ7cg06A1tA3SxEL9r6D2LaTiheuWKFNiIJZzfmmbTPExsKt4Nzmv72wfG2i2+sY6l4f5x\\r\\nEFiKybn2EY1Hjpt0J3vL/goOOt/ejRtS5qKco3pu6zZBBWqB1qesA813AGgqbscht4y4m414rPmQ\\r\\naHA2PTe0JRDcradK75chFUOvLeIYD1Hy0XTxNxlhRA/5mFd2GkWZmtsW3D1iAV73VHAEvWDS0hXB\\r\\ng60B0y4d3fyYxI+pOTaZzsh0PAC2jUqDOhQ7dKELeYUKWsEDDMq9mg2bxqSNoQnQbITIsbu7IELu\\r\\nvmxIWT1omRptd5LrAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G\\r\\nA1UdDgQWBBRKNST8UPeZYQgLZLEKMBGklaADHjAfBgNVHSMEGDAWgBRiEXE0RonjkPN+XBjnSQbo\\r\\nA8X3ajANBgkqhkiG9w0BAQsFAAOCAgEAEq5FaQWhTWt1hNfoz/BeDQ68O9PEGGveCPouElE8s/uG\\r\\nPHYSJpmg7dq5Qoxb5dpdq1mJX2rTgixJu/iC3uRUsirdH6wsVjjqz4YsoAz5VqjlkriFJpXlfOpp\\r\\nw18ex5C5p4x3TrlPCowMgf9h6VBR1iCq3VikVVguqSPP/zf9G3Qhitvqs0+m7KJnbwFA/bDLMET8\\r\\nTJS/r4XKQYisXfu95XrG2TTCaOwytqx+uepqwB74tFMznfdjzKyztqGwniKLrcZ3kOuM4cyo5ZT4\\r\\nOORCV6FWmbRq2OtttI4o85zsVNkY1JF8hvyvjygRiX5dQROza5EStkXvGO6532atFU43KNJvLanZ\\r\\nZTaxIJvZGWeKvrH+HTCANp11cgq5qcRRltQHb7KWweYNM4nyCjyBQm5vTm7g1uVI7llVm2Txx5dT\\r\\n5OtenaohmJIr6POeq8Y2Z+DJ8s3UpZoZCc3Vj5PQyNZiAx2ErN6XgrsmljG3w6+k2ooLpT9Sr1Ql\\r\\nKc8okN5SJGUOLuFI+h8jX1hHqpQejjNKy3UkTzjosYNq6Kk0h2Tl1i8iO+wY4Wb3GbL6GtP1rcjI\\r\\np/d9mxPNJONlp4a0koaMEpHTODT/xyVjU7FkUyKE9Uj1O/1lBEANYsFrQGfmuHAZTGf9J+cvkrz3\\r\\n56OFWPHcA7gxkpU8wftrVMLFeDvLIGc\\u003d\\r\\n-----END CERTIFICATE-----\"]",
+        "not_before": "2025-03-12T12:26:51.000Z",
+        "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIE2zCCAsOgAwIBAgIUU1iWuS2t3ufw2dvXTEC0VmhpY4IwDQYJKoZIhvcNAQELBQAwejELMAkG\r\nA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDzANBgNVBAoTBk52aWRpYTEnMCUGA1UECxMe\r\nTnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMpMRwwGgYDVQQDExNOTFMgSW50ZXJtZWRpYXRl\r\nIENBMB4XDTI1MDMxMjEyMjY1MVoXDTI4MDMxMTEyMjcyMVowLzEtMCsGA1UEAxMkNGU1M2ExNzEt\r\nMTAzYi00OTQ2LTllZDgtNWY0YzBlZTc1MGQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\r\nAQEAsFLwIgL4xu4BAGiQSUeb66F87tZBKn057uK92QPbPMxRFCD9gN0NUxv5apEDxWLaUecugvOb\r\np3d1hCrkUkXdu7Ogb2GZMQXqCvBFvZX7S2ZFEA9XhV2hLzHYMVLz3dsVnZP/R4+rF3qPYx4rlkJq\r\n+XWr/y6kO93ocoqFkIQF0QfZ+tD6ydyfZdSAShjnOVlzds2fmaFHJJGLo/SsvjcnuVpJ+qKaoyD+\r\ndOvTVaYCrCNcI2cJ6sgSPp1xWrt9Hu21lr0tH5nou4dwWPdlciF6IfrnmHHdbwOlbCz4TS/t4hpB\r\nFD/bDNNVUobu+KRHJRGXKlrBk+Udx0dpmkUZ80WOFQIDAQABo4GjMIGgMA4GA1UdDwEB/wQEAwID\r\nqDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJ/o520oGIqKTmima73E\r\n9NgNbIk2MB8GA1UdIwQYMBaAFEo1JPxQ95lhCAtksQowEaSVoAMeMC8GA1UdEQQoMCaCJDRlNTNh\r\nMTcxLTEwM2ItNDk0Ni05ZWQ4LTVmNGMwZWU3NTBkOTANBgkqhkiG9w0BAQsFAAOCAgEAv9NcfpBU\r\nxZP9PsdJ4twWu/EQqeJRsrTV3ngg6o9JV22285p5TbhTk9aKa6HlME9KoYDlXo1yn4pwVL6TFc/W\r\nR+2UJJphrlZGEUJvTrEwDxs29QXjkWAJ+2KZoLHdKK1luV1QAV2x8/hTWUvj4pnpRUHvdXAWu3uy\r\nVUYhE2Ypj6Lq6ipzHQCh+ZM6Zyml6Em/byRrIv6dv/DH7QsQCqXmuyxajTNYmexG33HOr5R/JAX/\r\n4xC1C9KB0Ru1NcJRIKJ+OPiXEJNXugvAMx02MJw5fETEEvGY8YakjaRFn9p7cfRCBFbJWWyQ2RM8\r\n8Z9pr2JrDzDIImBZ5LY4KpvYhsWr2R2mYqtNw0P3FPfm23x0WzSx10TtRnEX1I1349CDwNIOFpQr\r\ncW3mBtX0pb/iOwazvBfxCO7Y7FrHXVxv0tPtJg6PSdCyp7Lgu2zIsWuteHOnaoo+IXocAbSuTmIN\r\n0yduLkYU0XBJOouO0fBziorL6S7ifeaVP/ppRnF0L61DLbaHy8qkqBQTe9JQRHmV+owl0lsHrYRI\r\nRKOxVxFS2UmAJZiqnJ/HI2nHRqZerH5c465u8N3xuT71HxsoFxiu4tQM0NEGGUoooefX/ramo4P+\r\neEVOavIG7uVFzYnrfadEZiCF+hLQf/DNgueHglgaibGAbSTILhVaQ+9KvlhMh5Am2tU=\r\n-----END CERTIFICATE-----",
+        "private_key": "QdJJAeacpWgp7GDazwkRCwWCCRMXWKYBh8BdWYZFO7r0CU+B1WmGc8/KP5LSeWLVbg/PN4cJ/USwlgGhOlAQqZEzUKjDzwbWEamu140gbh3xIc0W80jDRu1nAWsuXYftT3JGzg+0TDL0CObOrbhm+KoyS2PFvkcWK0ogQfwPfZl66Pu1Yfr8v7QTLZwaBL3LbR8xux7Qz5ztsYq/FmTp2QRcu597Zcx6NdNF95uEF4SmKMZfJLzjt6vN6plk/TujEitELhoyFd5MlaB6ikCTU9f7+xi6yFWVdM+gFtUhh97lzBsEDVmHBbUles0bw1swc4bKa8SX1+/X1WtfHIW0GuPmcuOxHHftxSD9ezRTie5hkMteH85J9Doyfupzb3MluHipNfdIFlBuWEDyZfDRuWND+GWvDAtwxEs56G3efaU9bs6PWZ4gbrmsqlvsJFh3PUmYZSPVzkTT8GsCkG+mXG0iuR1uCD/1eflwnyGhQB2j7tzpozIJsVbt1ioIEHiKxwlfJdj6ELCLSIf7lPbKVubFf2wz3HoKunnByFug6faBvwN1XsVN6Oi4oBnQCyRGJdGvWiH2KAmYxuHqER1vMUc9X0yyIGGphmpG9h2EkbUu8g4Js07VxP7wI7ROTCa7jhrnUBN0quTVIackZa1DE4DUIZB/4zMMT8PLAE/47Wd1+GeyiSiH2gytxJALWZvq6OEM2YGHfVjiMEgSZzVjyZJIHGc6RjTMvm7bjvDn/MGZm8TwvG8PZeVj68xA49UQZzgc2APSOhgipnSUpIE7mnrjRNNRl0ymBUrtqiZcwZDYffqtDbZYUOrVc3KMGk0PWTFr5MOPaZPgT/JuygR9H6q/KTDf1MRzPKHovvxK+e4hbWN96RPIjsb0EKBYXniff4RGLHlpOvz8yg1XITNf9dGBLPcgKHhIZi2IuaVPLYnGXvQ/tsJPd9rz5zfTCIAMXteGypSZ/+pxFYvcq5exluh73/C58wn4NsI+84vU5EqIqD7vgNbTnUyx747u4ObFmo94qKVg3EuqqKy9AXAE19smMOaqmzL7NKacHOGkd+U2TmCa+rXVBtHDmGV7B9hCElt5Al6RuqogP3agZq9zI+bVn18lnQ9OdJfUGsf6bisKJNSQjNuZVUXuIfzexa+F11g/I5iTig1B5SimaUOS47Eqd4YvqtwwzCBXVlu/ejAIq2y0yKqkIViY0MsvKAWqYXjaXblu8YzCCFTJ/v/Y3AMrBfxI/SzFTFhEU1o7qZF72RbkdPObafEcbxIg8Q5RM645G2bih2/I0V7OBIBOBSaLURp5Uj7jp2OI2fdOkn16fXsUNEzyPk+4Zetw0TnsogoI3v643zyt7wlwX4i97r0N7P8jOhvEWNW2RMjiOJ9aa3zzn4bTzzRP702Hbw9qzRIvzRkudrPsq0t3U/eRYU6SZy/MhN33nIgTQqLS1RBy9Um91Wo9yvA6v4z+zIziOfaGfMowlsZfHOR4c8kp4kgk3NfittkleiV6A1EXpJcBHxTQSHjHR/jkBwCTY57t91NgO9a2d6yoYk6NPyp21bKieqKcgJ4SQpHDiz1n0O/OGK3INYigqwKcHKyyfND25KqZlwXwrimJR0aW0mRv0tlBybt4oP+bT3oAiaNjm2VCnx4u6/PoWzcKuX/XJtsmroIeP5yotwBwDUz0JpcaNYKc1e/8sG0/h7m5pKgmQVuAuet6qbg3LNp69TSjqVkkkWDJPCjrEgSl/HGGYWMTmZ9b6R8qmHi1kqMAcr/TVXoaK4+yTIaeatTquwcxan4d4+SBl09a29Aqqv4X49xVYJwgGRUG0B+UqXurxp8s3XQPnsqpRlWEoNWgj77sRaK7TKmL/LqumhSqU5SRdBlrtYWzRmysXShMeiqM2iqZV2zfcEZwlCjJsHbRtjKNnsGOdovgqj78P8gLxRwPWbGCUyNi1JfVbe9qv3zqp/b8MTwcbApb923rydiBRUFRpF5Bn+qLk0dnZ7sr+jy3xPTiOxTzq8fbyGmKzd8v+F1nMldlwB0KAlcNtlwvO/8wHhA03J/IjgIpEbgzIRq4vPOuzeVG0as5ITOIzjwxSRr/0zFx9iNTogEvXigzAvJ+OZzkH6sHjngRBV42dtJPxUDn3eGqW3st0J0FjH+JcZ2avu/YKivEWbpaj8nJn3IQVn4KnPA/NexdSTMGxiJ3Xrc9y6zA7pmrVOQmA4Q9rlLNY69jdkkW9AAEcvCN2tDHhRcqu5zcFikGxZiE4ZYd23b5IWnxngwiLxCGqXSRea4o2ODoNNFNWkAnNt4+yoZkqtlhAWrdtzh5g65qSbHzB8y7MQ==",
+        "serial_number": "53:58:96:b9:2d:ad:de:e7:f0:d9:db:d7:4c:40:b4:56:68:69:63:82"
+    }
+
+    nv_certificate = x509.load_pem_x509_certificate(nv_dls_si_certificate['certificate'].encode('utf-8'))
+
+    # Mengsk @ discord:
+    # I think it's AES-GCM encrypted,
+    # from the cert I saw key length is 2048b,
+    # which should be 1732 bytes in pem format.
+    # private_key is 1744 bytes looks like pem + 12 bytes gcm
+
+    private_key = nv_dls_si_certificate['private_key']
+    assert 2328 == len(private_key)
+
+    encrypted_b64 = base64.b64decode(private_key)
+    assert 1744 == len(encrypted_b64)
+
+    nonce = encrypted_b64[:12]
+    pem = encrypted_b64[12:]
+    assert 12 == len(nonce)
+    assert 1732 == len(pem)
+
+    aes_gcm = AESGCM(key=base64.b64decode(NV_MASTER_PWD_BIN))
+    # THIS STEP FAILS
+    # >       aes_gcm = AESGCM(key=base64.b64decode(NV_MASTER_PWD_BIN))
+    # E       ValueError: AESGCM key must be 128, 192, or 256 bits.
+    # ===> 256 bytes are not 256 bits :facepalm:
+
+    try:
+        decrypted_data = aes_gcm.decrypt(nonce, pem, None)
+        print(decrypted_data)
+    except ValueError:
+        print("Decryption failed")