Two data items are required before a SIMPLEBLOB data structure can be built: the session key that is to be transported and the public key to be used to encrypt it. This example uses a 40-bit RC4 session key and the public key from the previous section. The actual value of the session key material is:
0x00000000 74 4f 06 35 3f tO.5?
The first step is building the PKCS #1, type 2 encryption block. This is always the same size as the public key's modulus (64 bytes) and contains the following fields:
Bytes | Description |
---|---|
5 | Session key material. The size of this field will vary, depending on the size of the session key. As you can see from comparing the hex dump of the session key earlier in this chapter and the hex dump of the encryption block later in this section, the bytes in the session key data are reversed before they are placed in the encryption block. This is because Windows NT formats data in little endian format, and the encryption block must be built in big endian format. |
1 | Zero value. |
56 | Random padding data. The size of this field is adjusted as necessary so that the encryption block's overall length is correct. None of these bytes are allowed to be zero. |
1 | The PKCS block type (0x02). |
1 | Zero value. |
You may notice that the order of this table is reversed from the diagram found in the PKCS documentation. This is because we are building the encryption block in big endian on a little endian computer.
After the encryption block has been built, it looks something like this:
0x00000000 3f 35 06 4f 74 00 c9 db ?5.Ot...
0x00000008 b1 74 b0 de 8e d4 aa c5 .t......
0x00000010 99 8a 4d 19 4f 0f ed 24 ..M.O..$
0x00000018 b0 2e 93 fe e9 f4 d4 93 ........
0x00000020 dc ac 9e 9f 3a 62 be f1 ....:b..
0x00000028 e4 1d 44 5c 33 e5 2f 4f ..D\3./O
0x00000030 58 01 95 16 36 f7 86 65 X...6..e
0x00000038 68 6c 2a 28 79 55 02 00 hl*(yU..
The next step is to encrypt the block with the appropriate public key. After this is done, the encryption block looks like gibberish:
0x00000000 e3 c1 78 62 c4 1f 51 4f ..xb..QO
0x00000008 e9 50 89 fd 0d 58 bd 9d .P...X..
0x00000010 74 c7 54 19 bd 97 3b a0 t.T...;.
0x00000018 f0 6c ee 86 05 74 16 62 .l...t.b
0x00000020 27 a5 99 63 c4 6f 95 ed '..c.o..
0x00000028 3e 93 ba 9a ea 36 cc 96 >....6..
0x00000030 92 e8 aa 15 2c 50 a1 3c ....,P.<
0x00000038 d3 1f 08 e2 82 cd 90 2b .......+
Finally, the BLOBHEADER structure and the algorithm identifier are tacked onto the front of the encryption block, resulting in a complete SIMPLEBLOB data structure:
0x00000000 01 02 00 00 01 68 00 00 .....h..
0x00000008 00 a4 00 00 e3 c1 78 62 ......xb
0x00000010 c4 1f 51 4f e9 50 89 fd ..QO.P..
0x00000018 0d 58 bd 9d 74 c7 54 19 .X..t.T.
0x00000020 bd 97 3b a0 f0 6c ee 86 ..;..l..
0x00000028 05 74 16 62 27 a5 99 63 .t.b'..c
0x00000030 c4 6f 95 ed 3e 93 ba 9a .o..>...
0x00000038 ea 36 cc 96 92 e8 aa 15 .6......
0x00000040 2c 50 a1 3c d3 1f 08 e2 ,P.<....
0x00000048 82 cd 90 2b ...+
Notice that the BLOBHEADER structure and the algorithm identifier have been assigned the following values:
blobheader.bType = SIMPLEBLOB; // 0x01
blobheader.bVersion = CUR_BLOB_VERSION; // 0x02
blobheader.Reserved = 0; // 0x0000
blobheader.aiKeyAlg = CALG_RC4; // 0x00006801
algid = CALG_RSA_KEYX; // 0x0000a400
When filling in the BLOBHEADER structure, your code should place zero in the Reserved field.