How are key BLOBs formatted?
TrustCore SDK components use callback functions during authentication to verify public keys, which are managed as byte string representations of TrustCore SDK formatted for version 1 or version 2 key BLOBs.
Version 1 key BLOBs
Key BLOBs for version 1 are formatted as follows:
Key BLOBs begin with a 12-byte header, with all bytes set to zero except the following:
header[7]
contains the TrustCore SDK key BLOB version (1)header[11]
contains the key type (akt_*
enumerated values defined inca_mgmt.h
)
For DSA keys, the data following the header is:
4 bytes length of p string
n bytes length of p byte string
4 bytes length of q string
n bytes length of q byte string
4 bytes length of g string
n bytes length of g byte string
4 bytes length of y string
n bytes length of y byte string
4 bytes length of x string
n bytes length of x byte string
For RSA keys, the data following the header is:
4 bytes length of e string
n bytes length of e byte string
4 bytes length of n string
n bytes length of n byte string
4 bytes length of p string
n bytes length of p byte string
4 bytes length of q string
n bytes length of q byte string
4 bytes length of private string #1
n bytes length of private byte string #1
4 bytes length of private string #2
n bytes length of private byte string #2
4 bytes length of private string #3
n bytes length of private byte string #3
4 bytes length of private string #4
n bytes length of private byte string #4
4 bytes length of private string #5
n bytes length of private byte string #5
For ECC keys, the data following the header is:
1 byte OID suffix identifying the curve
4 bytes length of Point string
n bytes length of Point byte string (uncompressed X9-62 format)
4 bytes length of Scalar string
n bytes length of Scalar byte string
Version 2 key BLOBs
Key BLOBs for version 2 are formatted as follows:
4 bytes: all zeros
4 bytes: version number which must be 0x00000002
4 bytes: key type which must be one of the
KEYBLOB_TYPE
enums4 bytes: OID type which must be one of the
MAlgoOid
enumsN bytes: ASN.1 encoded algorithm identifier
4 bytes: reserved
N bytes: reserved
4 bytes: key data length (keyblen)
Keylen bytes: key data (key data formats are mentioned above)