Upravit

Sdílet prostřednictvím


Diffie-Hellman Version 3 Public Key BLOBs

Diffie-Hellman version 3 Public Key BLOBs (type PUBLICKEYBLOB) are used to export and import information about a DH public key. They have the following format:

BLOBHEADER blobheader; 
                 // As explained under "Data Structures"
DHPUBKEY_VER3 dhpubkeyver3;
BYTE p[dhpubkeyver3.bitlenP/8]; 
                 // Where P is the prime modulus
BYTE q[dhpubkeyver3.bitlenQ/8]; 
                 // Where Q is a large factor of P-1
BYTE g[dhpubkeyver3.bitlenP/8]; 
                 // Where G is the generator parameter
BYTE j[dhpubkeyver3.bitlenJ/8]; 
                 // Where J is (P-1)/Q
BYTE y[dhpubkeyver3.bitlenP/8]; 
                 // Where Y is (G^X) mod P

This BLOB format is exported when the CRYPT_BLOB_VER3 flag is used with CryptExportKey. Because the version is in the BLOB, there is no need to specify a flag when using this BLOB with CryptImportKey.

In addition, this BLOB format is used with the CryptSetKeyParam function when the dwParam value KP_PUB_PARAMS is used to set key parameters on a DH key. This is done when the CRYPT_PREGEN flag has been used to generate the key. When used in this situation, the y value is ignored and therefore should not be included in the BLOB.

The following table describes each component of the key BLOB.

Field Description
blobheader A BLOBHEADER structure. The bType member must have a value of PUBLICKEYBLOB.
dhpubkeyver3 A DHPUBKEY_VER3 structure. The magic member should be set to 0x33484400 for public keys. Notice that the hexadecimal value is just an ASCII encoding of "DH3".
P The P value is located directly after the DHPUBKEY_VER3 structure and should always be the length, in bytes, of the DHPUBKEY_VER3 bitlenP field (bit length of P) divided by eight (little-endian format).
Q The Q value is located directly after the P value and should always be the length in bytes of the DHPUBKEY_VER3 bitlenQ field divided by eight (little-endian format). If the bitlenQ value is 0, then the value is absent from the BLOB.
G The G value is located directly after the Q value and should always be the length, in bytes, of the DHPUBKEY_VER3 bitlenP field (bit length of P) divided by eight. If the length of the data is one or more bytes shorter than P divided by 8, the data must be padded with the necessary bytes (of zero value) to make the data the desired length (little-endian format).
J The J value is located directly after the G value and should always be the length in bytes of the DHPUBKEY_VER3 bitlenJ field divided by eight (little-endian format). If the bitlenQ value is 0, then the value is absent from the BLOB.
Y The Y value, (G^X) mod P, is located directly after the J value and should always be the length in bytes of the DHPUBKEY_VER3 bitlenP field (bit length of P) divided by eight. If the length of the data that results from the calculation of (G^X) mod P is one or more bytes shorter than P divided by 8, the data must be padded with the necessary bytes (of zero value) to make the data the desired length (little-endian format). When this structure is used with CryptSetKeyParam with the dwParam value KP_PUB_PARAMS, this value is not included in the BLOB.

 

Note

Public key BLOBs are not encrypted, but contain public keys in plaintext form.