2.2.4 Group Key Envelope
The following specifies the format and field descriptions for the Group Key Envelope structure.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
0x4B |
0x44 |
0x53 |
0x4B |
||||||||||||||||||||||||||||
|
dwFlags |
|||||||||||||||||||||||||||||||
|
L0 index |
|||||||||||||||||||||||||||||||
|
L1 index |
|||||||||||||||||||||||||||||||
|
L2 index |
|||||||||||||||||||||||||||||||
|
Root key identifier (16 bytes) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
cbKDFAlgorithm |
|||||||||||||||||||||||||||||||
|
cbKDFParameters |
|||||||||||||||||||||||||||||||
|
cbSecretAgreementAlgorithm |
|||||||||||||||||||||||||||||||
|
cbSecretAgreementParameters |
|||||||||||||||||||||||||||||||
|
Private Key Length |
|||||||||||||||||||||||||||||||
|
Public Key Length |
|||||||||||||||||||||||||||||||
|
cbL1Key |
|||||||||||||||||||||||||||||||
|
cbL2Key |
|||||||||||||||||||||||||||||||
|
cbDomainName |
|||||||||||||||||||||||||||||||
|
cbForestName |
|||||||||||||||||||||||||||||||
|
KDF Algorithm (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
KDF Parameters (variable, optional) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
Secret Agreement Algorithm (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
Secret Agreement Parameters (variable, optional) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
Domain Name (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
Forest Name (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
L1 Key (64 bytes, optional) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
L2 Key (variable, optional) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
Version (4 bytes): A 32-bit unsigned integer. This field MUST be set to the version of the root key ADM element. This field is encoded using little-endian format.
dwFlags (4 bytes): A 32-bit unsigned integer. Bit 31 (LSB) MUST be set to 1 when this structure is being used to transport a public key, otherwise set to 0. Bit 30 MUST be set to 1 when the key being transported by this structure might be used for encryption and decryption, otherwise it should only be used for decryption. This field is encoded using little-endian format.
L0 index (4 bytes): A 32-bit unsigned integer. This field MUST be the L0 index of the key being enveloped. This field is encoded using little-endian format.
L1 index (4 bytes): A 32-bit unsigned integer. This field MUST be the L1 index of the key being enveloped, and therefore MUST be a number between 0 and 31, inclusive. This field is encoded using little-endian format.
L2 index (4 bytes): A 32-bit unsigned integer. This field MUST be the L2 index of the key being enveloped, and therefore MUST be a number between 0 and 31, inclusive. This field is encoded using little-endian format.
Root key identifier (16 bytes): A GUID containing the root key identifier of the key being enveloped.
cbKDFAlgorithm (4 bytes): A 32-bit unsigned integer. This field MUST be the length, in bytes, of the KDF Algorithm field. This field is encoded using little-endian format.
cbKDFParameters (4 bytes): A 32-bit unsigned integer. This field MUST be the length, in bytes, of the KDF Parameters field. This field is encoded using little-endian format.
cbSecretAgreementAlgorithm (4 bytes): A 32-bit unsigned integer. This field MUST be the length, in bytes, of the Secret Agreement Algorithm field. This field is encoded using little-endian format.
cbSecretAgreementParameters (4 bytes): A 32-bit unsigned integer. This field MUST be the length, in bytes, of the Secret Agreement Parameters field. This field is encoded using little-endian format.
Private key length (4 bytes): A 32-bit unsigned integer. This field MUST be the private key length associated with the root key, whose identifier is in the Root key identifier field. This field is encoded using little-endian format.
Public key length (4 bytes): A 32-bit unsigned integer. This field MUST be the public key length associated with the root key, whose identifier is in the Root key identifier field. This field is encoded using little-endian format.
cbL2Key (4 bytes): A 32-bit unsigned integer. This field MUST be the length, in bytes, of the L2 key field. This field is encoded using little-endian format. This field MUST be zero if the value in the L2 index field is equal to 31.
cbDomainName (4 bytes): A 32-bit unsigned integer. This field MUST be the length, in bytes, of the Domain name field. This field is encoded using little-endian format.
cbForestName (4 bytes): A 32-bit unsigned integer. This field MUST be the length, in bytes, of the Forest name field. This field is encoded using little-endian format.
KDF Algorithm (variable): A null-terminated Unicode string. This field MUST be the ADM element KDF algorithm name associated with the ADM element root key, whose identifier is in the Root key identifier field.
KDF Parameters (variable, optional): This field MUST contain the KDF parameters associated with the ADM element root key, whose identifier is in the Root key identifier field, in the format specified in section 2.2.1. If the cbKDFParameters field is set to zero, this field is absent.
Secret Agreement Algorithm (variable): A null-terminated Unicode string. This field MUST be the ADM element Secret agreement algorithm name associated with the ADM element root key, whose identifier is in the Root key identifier field.
Secret Agreement Parameters (variable, optional): This field MUST contain the ADM element Secret agreement algorithm associated with the ADM element root key, whose identifier is in the Root key identifier field, in the format specified in section 2.2.2. If the cbSecretAgreementParameters field is set to zero, this field is absent.
Domain Name (variable): A null-terminated Unicode string. This field MUST be the domain name of the server in Domain Name System (DNS) format.
Forest Name (variable): A null-terminated Unicode string. This field MUST be the forest name of the server in Domain Name System (DNS) format.
L1 key (64 bytes, optional): An L1 seed key ADM element in binary form. If the value in the cbL1Key field is zero, this field is absent. Otherwise, if the value in the L2 index field is equal to 31, this contains the L1 key with group key identifier (L0 index, L1 index, -1). In all other cases, this field contains the L1 key with group key identifier (L0 index, L1 index - 1, -1). If this field is present, its length MUST be equal to 64 bytes.