Export (0) Print
Expand All
Expand Minimize

Diffie-Hellman Version 3 Public Key BLOBs

Diffie-Hellman version 3 Public Key BLOBs (type PUBLICKEYBLOB) are used to export and import information about a DH public key. They have the following format:


BLOBHEADER blobheader; 
                 // As explained under "Data Structures"
DHPUBKEY_VER3 dhpubkeyver3;
BYTE p[dhpubkeyver3.bitlenP/8]; 
                 // Where P is the prime modulus
BYTE q[dhpubkeyver3.bitlenQ/8]; 
                 // Where Q is a large factor of P-1
BYTE g[dhpubkeyver3.bitlenP/8]; 
                 // Where G is the generator parameter
BYTE j[dhpubkeyver3.bitlenJ/8]; 
                 // Where J is (P-1)/Q
BYTE y[dhpubkeyver3.bitlenP/8]; 
                 // Where Y is (G^X) mod P

This BLOB format is exported when the CRYPT_BLOB_VER3 flag is used with CryptExportKey. Because the version is in the BLOB, there is no need to specify a flag when using this BLOB with CryptImportKey.

In addition, this BLOB format is used with the CryptSetKeyParam function when the dwParam value KP_PUB_PARAMS is used to set key parameters on a DH key. This is done when the CRYPT_PREGEN flag has been used to generate the key. When used in this situation, the y value is ignored and therefore should not be included in the BLOB.

The following table describes each component of the key BLOB.

FieldDescription
blobheaderA BLOBHEADER structure. The bType member must have a value of PUBLICKEYBLOB.
dhpubkeyver3A DHPUBKEY_VER3 structure. The magic member should be set to 0x33484400 for public keys. Notice that the hexadecimal value is just an ASCII encoding of "DH3".
PThe P value is located directly after the DHPUBKEY_VER3 structure and should always be the length, in bytes, of the DHPUBKEY_VER3 bitlenP field (bit length of P) divided by eight (little-endian format).
QThe Q value is located directly after the P value and should always be the length in bytes of the DHPUBKEY_VER3 bitlenQ field divided by eight (little-endian format). If the bitlenQ value is 0, then the value is absent from the BLOB.
GThe G value is located directly after the Q value and should always be the length, in bytes, of the DHPUBKEY_VER3 bitlenP field (bit length of P) divided by eight. If the length of the data is one or more bytes shorter than P divided by 8, the data must be padded with the necessary bytes (of zero value) to make the data the desired length (little-endian format).
JThe J value is located directly after the G value and should always be the length in bytes of the DHPUBKEY_VER3 bitlenJ field divided by eight (little-endian format). If the bitlenQ value is 0, then the value is absent from the BLOB.
YThe Y value, (G^X) mod P, is located directly after the J value and should always be the length in bytes of the DHPUBKEY_VER3 bitlenP field (bit length of P) divided by eight. If the length of the data that results from the calculation of (G^X) mod P is one or more bytes shorter than P divided by 8, the data must be padded with the necessary bytes (of zero value) to make the data the desired length (little-endian format). When this structure is used with CryptSetKeyParam with the dwParam value KP_PUB_PARAMS, this value is not included in the BLOB.

 

Note  Public key BLOBs are not encrypted, but contain public keys in plaintext form.

 

 

Community Additions

ADD
Show:
© 2014 Microsoft