Skip to main content

How are key BLOBs formatted?

TrustCore SDK components use callback functions during authentication to verify public keys, which are managed as byte string representations of TrustCore SDK formatted for version 1 or version 2 key BLOBs.

Version 1 key BLOBs

Key BLOBs for version 1 are formatted as follows:

  • Key BLOBs begin with a 12-byte header, with all bytes set to zero except the following:

    • header[7] contains the TrustCore SDK key BLOB version (1)

    • header[11] contains the key type (akt_* enumerated values defined in ca_mgmt.h)

  • For DSA keys, the data following the header is:

    • 4 bytes length of p string

    • n bytes length of p byte string

    • 4 bytes length of q string

    • n bytes length of q byte string

    • 4 bytes length of g string

    • n bytes length of g byte string

    • 4 bytes length of y string

    • n bytes length of y byte string

    • 4 bytes length of x string

    • n bytes length of x byte string

  • For RSA keys, the data following the header is:

    • 4 bytes length of e string

    • n bytes length of e byte string

    • 4 bytes length of n string

    • n bytes length of n byte string

    • 4 bytes length of p string

    • n bytes length of p byte string

    • 4 bytes length of q string

    • n bytes length of q byte string

    • 4 bytes length of private string #1

    • n bytes length of private byte string #1

    • 4 bytes length of private string #2

    • n bytes length of private byte string #2

    • 4 bytes length of private string #3

    • n bytes length of private byte string #3

    • 4 bytes length of private string #4

    • n bytes length of private byte string #4

    • 4 bytes length of private string #5

    • n bytes length of private byte string #5

  • For ECC keys, the data following the header is:

    • 1 byte OID suffix identifying the curve

    • 4 bytes length of Point string

    • n bytes length of Point byte string (uncompressed X9-62 format)

    • 4 bytes length of Scalar string

    • n bytes length of Scalar byte string

Version 2 key BLOBs

Key BLOBs for version 2 are formatted as follows:

  • 4 bytes: all zeros

  • 4 bytes: version number which must be 0x00000002

  • 4 bytes: key type which must be one of the KEYBLOB_TYPE enums

  • 4 bytes: OID type which must be one of the MAlgoOid enums

  • N bytes: ASN.1 encoded algorithm identifier

  • 4 bytes: reserved

  • N bytes: reserved

  • 4 bytes: key data length (keyblen)

  • Keylen bytes: key data (key data formats are mentioned above)

In this section: