Windows Dev Center

Diffie-Hellman/Schannel Key BLOBs

BLOBs are used with the Diffie-Hellman/Schannel provider to export keys from, and import keys into, the cryptographic service provider (CSP).

Public Key BLOBs

Diffie-Hellman public key BLOBs, type PUBLICKEYBLOB, are used to exchange the (G^X) mod P value in a Diffie-Hellman key exchange. These keys are exported and imported as a sequence of bytes with the following format.

PUBLICKEYSTRUC  publickeystruc;
DHPUBKEY        dhpubkey;
BYTE            y[dhpubkey.bitlen/8]; // Where y = (G^X) mod P

The following table describes each component of the key BLOB.

FieldDescription
dhpubkeyA DHPUBKEY structure. The magic member must be set to 0x31484400. This hexadecimal value is the ASCII encoding of DH1.
publickeystrucA PUBLICKEYSTRUC structure.
yA BYTE sequence. The y value, (G^X) mod P, is located directly after the DHPUBKEY structure. The length, in bytes, of the sequence is the bitlen member of DHPUBKEY divided by eight. If the length of the data that results from the calculation of (G^X) mod P is one or more bytes shorter than P divided by eight, the data must be padded with the necessary bytes (of zero value) to make the data the desired length (little-endian format).

 

Private Key BLOBs

D-H private key BLOBs, type PRIVATEKEYBLOB, are used to export and import private information of a D-H key. These keys are exported and imported as a sequence of bytes with the following format.

PUBLICKEYSTRUC  publickeystruc;
DHPUBKEY        dhpubkey;
BYTE            prime[dhpubkey.bitlen/8];
BYTE            generator[dhpubkey.bitlen/8];
BYTE            secret[dhpubkey.bitlen/8];

The following table describes each component of the key BLOB.

FieldDescription
dhpubkeyA DHPUBKEY structure. The magic member must be set to 0x32484400. This hexadecimal value is the ASCII encoding of DH2.
generatorA BYTE sequence. The generator G.
publickeystrucA PUBLICKEYSTRUC structure.
primeA BYTE sequence. The prime modulus, P. This data must always have the most significant bit of the most significant byte set to one.
secretA BYTE sequence. The secret exponent X.

 

Note  The prime, generator, and secret values must always have the same length, in bytes. If any value is one byte or more shorter than the others, it must be padded with the necessary number of zero bytes to make them the same. The prime, generator, and secret are in little-endian format.

 

 

Community Additions

ADD
Show:
© 2015 Microsoft