Platform SDK: Cryptography

Public Key BLOBs

Public key BLOBs (type PUBLICKEYBLOB) are used to store RSA public keys. They have the following format:

BLOBHEADER blobheader;
RSAPUBKEY rsapubkey;
BYTE modulus[rsapubkey.bitlen/8];

Notice that public key BLOBs are not encrypted, but contain public keys in plaintext form.

The RSAPUBKEY structure contains information specific to the particular public key contained in the key BLOB. It is defined as follows:

typedef struct _RSAPUBKEY {
    DWORD magic;
    DWORD bitlen;
    DWORD pubexp;
} RSAPUBKEY;

The following table describes each of the fields in the RSAPUBKEY structure.

Field Description
magic This is set to "RSA1" (0x31415352) for public keys and to "RSA2" (0x32415352) for private keys.
These hex values are an ASCII encoding of "RSA1" and "RSA2."
bitlen Number of bits in the modulus. In practice, this must always be a multiple of 8.
pubexp The public exponent.

The public key modulus data is located directly after the RSAPUBKEY structure. The size of this data will vary depending on the size of the public key. The number of bytes can be determined by dividing the value of the bitlen field of RSAPUBKEY by 8.

Sample Public Key BLOB

The following hex dump shows a sample public key BLOB, generated by the Microsoft Base Cryptographic Provider. This contains a key exchange public key.

0x00000000 06 02 00 00 00 a4 00 00  ........
0x00000008 52 53 41 31 00 02 00 00  RSA1....
0x00000010 01 00 01 00 e1 94 84 7a  .......z
0x00000018 27 4c 7b da db c5 99 dd  'L{.....
0x00000020 ed 20 1a b8 66 44 21 dc  . ..fD!.
0x00000028 10 e5 ee 48 62 39 ae 8f  ...Hb9..
0x00000030 cf 17 81 f0 37 8b b5 46  ....7..F
0x00000038 a9 65 b7 4e 75 83 84 4e  .e.Nu..N
0x00000040 4f ce f1 f2 ad a0 b1 22  O......"
0x00000048 09 ec c2 30 96 f8 27 2b  ...0..'+
0x00000050 33 cf a4 be              3...    

Notice that the BLOBHEADER and RSAPUBKEY structures have been assigned the following values, and the last 64 bytes of the BLOB contain the public key's modulus data.

blobheader.bType    = PUBLICKEYBLOB;      // 0x06
blobheader.bVersion = CUR_BLOB_VERSION;   // 0x02
blobheader.reserved = 0;                  // 0x0000
blobheader.aiKeyAlg = CALG_RSA_KEYX;      // 0x0000a400
rsapubkey.magic     = 0x31415352;         // "RSA1"
rsapubkey.bitlen    = 512;                // 0x00000200
rsapubkey.pubexp    = 65537;              // 0x00010001

When filling in the BLOBHEADER structure, place zero in the reserved field.