2.2.2.9.1 RSA Private Key BLOB
The following is the diagram of elements in the RSA private key BLOB that MUST be passed to the CA.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Type |
Version |
Reserved |
|||||||||||||||||||||||||||||
Key Alg |
|||||||||||||||||||||||||||||||
Magic |
|||||||||||||||||||||||||||||||
Bitlen |
|||||||||||||||||||||||||||||||
PubExp |
|||||||||||||||||||||||||||||||
Modulus (variable) |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
P (variable) |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
Q (variable) |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
Dp (variable) |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
Dq (variable) |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
Iq (variable) |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
D (variable) |
|||||||||||||||||||||||||||||||
... |
Type (1 byte): Length MUST be 1 byte.
-
This field MUST be set to 0x07.
Version (1 byte): Length MUST be 1 byte.
-
This field MUST be set to 0x02.
Reserved (2 bytes): Length MUST be 2 bytes.
-
This field MUST be set to 0 and ignored upon receipt.
Key Alg (4 bytes): Length MUST be 4 bytes.
-
This field MUST be present as an unsigned integer in little-endian format.
-
Value MUST be 0x0000A400 (RSA_KEYX).
Magic (4 bytes): Length MUST be 4 bytes.
-
This field MUST be present as an unsigned integer in little-endian format.
-
Value MUST be 0x32415352 (RSA2).
Bitlen (4 bytes): Length MUST be 4 bytes.
-
This field MUST be present as an unsigned integer in little-endian format.
-
The value of this field MUST indicate the number of bits in the Rivest-Shamir-Adleman (RSA) modules. (This is the RSA key size.)
PubExp (4 bytes): Length MUST be 4 bytes.
-
This field MUST be present as an unsigned integer in little-endian format.
-
The value of this field MUST be the RSA public key exponent for this key. The client SHOULD set this value to 65,537.
Modulus (variable): This field MUST be of length ceil(bl/8), where bl is the value of the Bitlen field defined in the preceding diagram.
-
This field MUST be present as a byte string in little-endian format.
-
The value MUST be the RSA key modulus. The modulus is defined as p*q.
P (variable): This field MUST be of length ceil(bl/16), where bl is the value of the Bitlen field defined in the preceding diagram.
-
This field MUST be present as a byte string in little-endian format.
-
The value contained in this field MUST be one of the prime number factors of the modulus (given in the previous field).
Q (variable): This field MUST be of length ceil(bl/16), where bl is the value of the Bitlen field defined in the preceding diagram.
-
This field MUST be present as a byte string in little-endian format.
-
The value MUST be the other prime number factor of the RSA modulus.
Dp (variable): This field MUST be of length ceil(bl/16), where bl is the value of the Bitlen field defined in the preceding diagram.
-
This field MUST be present as a byte string in little-endian format.
-
The value of this field MUST be d mod (p-1), where d is the private exponent of this RSA private key.
Dq (variable): This field MUST be of length ceil(bl/16), where bl is the value of the Bitlen field defined in the preceding diagram.
-
This field MUST be present as a byte string in little-endian format.
-
The value of this field MUST be d mod (q-1), where d is the private exponent of this RSA private key.
Iq (variable): This field MUST be of length ceil(bl/16), where bl is the value of the Bitlen field defined in the preceding diagram.
-
This field MUST be present as a byte string in little-endian format.
-
This field MUST contain the inverse of q modulus p.
D (variable): This field MUST be of length ceil(bl/8), where bl is the value of the Bitlen field defined in the preceding diagram.
-
This field MUST be present as a byte string in little-endian format.
-
The value in this field is the RSA private exponent.
Note Ceil(x) is the value of x rounded up to the closest integer. For example, ceil(1.2) = 2 and ceil(3) = 3.