2.2.9.1.13.1 KeyHeader

The KeyHeader for the session key describes the key type, size, and block size for the algorithm as detailed in the following table.

0	1	2	3	4	5	6	7	8	9	1 0	1	2	3	4	5	6	7	8	9	2 0	1	2	3	4	5	6	7	8	9	3 0	1
BlobSize																Reserved
keySizeInBytes																blockSizeInBytes
Flags

BlobSize (2 bytes): A 16-bit unsigned, little-endian short integer value. The BlobSize field MUST be the size, in bytes, of the complete KeyHeader plus Key structure.

Reserved (2 bytes): The reserved bytes SHOULD be set to one of the following values based on the cipher mode<5>.

Cipher Mode	Value
ECB	0xFFFF
CBC4K No Padding	0xFFFE
CBC4K With Padding	0xFFFD
CBC512 No Padding	0xFFFC

keySizeInBytes (2 bytes): A 16-bit unsigned, little-endian short integer value. The keySizeInBytes field MUST be the symmetric key size in bits. For DES, this MUST be 56. For AES (Rijndael) size MUST be either 128 (the default), 192, or 256 bits.

blockSizeInBytes (2 bytes): A 16-bit unsigned, little-endian short integer value. The blockSizeInBytes field is the key block size, which varies depending on the cryptographic provider.

Flags (4 bytes): The Flags field is a bit field with the following structure.

0	1	2	3	4	5	6	7	8	9	1 0	1	2	3	4	5	6	7	8	9	2 0	1	2	3	4	5	6	7	8	9	3 0	1
0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	C	E	0	0	0	0	0	0	0	0	0	0	0	A

Where the bits are defined as:

Value	Description
E Electronic Code Book	This bit MUST be set to 1 to indicate the Electronic Codebook (ECB) cipher mode. This bit MUST be set to 0 if Cipher Block Chaining (CBC) cipher mode is used.
C Cipher Block Chaining	When set to 1, this bit indicates the Cipher Block Chaining (CBC) cipher mode. This bit MUST be set to 0 when the KeyHeader describes a session key.
A Algorithm	The Algorithm bit MUST be set to 0 if the key is a DES key. The Algorithm bit MUST be set to 1 if the key is an AES key.