The RSA/Schannel Provider Simple Key Blob

Simple key blobs (type SIMPLEBLOB) are used to store and transport session keys. These are always encrypted with a key exchange public key. They have the following format:

BLOBHEADER blobheader;
ALG_ID algid;
BYTE encryptedkey[rsapubkey.bitlen/8];
 

The following table describes each simple blob components. The encrypted session key data is in the form of a PKCS #1, type 2 encryption block. For details on this data format, see The Public-Key Cryptography Standards (PKCS), published by RSA Data Security, Inc.

Field Description
blobheader A BLOBHEADER structure. The bType member must have a value of SIMPLEBLOB.
algid The algorithm identifier. This typically has a value of CALG_RSA_KEYX, indicating that the session key data was encrypted with a key exchange public key, using the RSA Public-Key exchange algorithm.
encryptedkey The encrypted session key data is in the form of a PKCS #1, type 2 encryption block. For details on this data format, see the Public-Key Cryptography Standards (PKCS), published by RSA Data Security, Inc.

This data is always the same size as the public key's modulus. For example, public keys generated by the Microsoft Base Cryptographic Provider are always 512 bits (64 bytes) in length, so the encrypted session key data is also always 64 bytes.