Key BLOB Formats
Key BLOBs are structures that store keys outside a cryptographic service provider (CSP) key container. Every key BLOB consists of one or more fixed-length header structures followed by the key data itself. The key data is variable in length and is often encrypted.
Key BLOBs consist of binary data. The size of a key BLOB varies depending on the BLOB type and the key size.
Unless stated otherwise, the Microsoft CryptoAPI stores all multiple-byte numbers in little-endian format; that is, the first byte of a number is the least significant and the last byte is the most significant. For example, the four-byte hexadecimal number 0x12345678 is stored as:
78 56 34 12
Other crypto API sets, such as the System.Security.Cryptography namespace, will store multiple-byte numbers in big-endian format. As long as you always use the same API set, you will not experience any problems. The only time this will cause a problem is when you try to pass numbers from an API set that uses one ordering format to another API set that uses a different ordering format. To do this, you must manually reverse the byte order of the multi-byte numbers before passing the data between the API sets.
Standard structure formats include the following.
| Structure format | Description |
|---|---|
| BLOBHEADER | Structure used at the beginning of all key BLOB structures. |
| Simple Key BLOBs | BLOB format for an encrypted session key. |
| Public Key BLOBs | BLOB format for a public key. |
| Private Key BLOBs | BLOB format for a private key in encrypted form. |
| Symmetric Wrapped Key BLOBs | BLOB format for exporting a symmetric key wrapped with another symmetric key. |
Send comments about this topic to Microsoft
Build date: 9/7/2011
