How are key BLOBs formatted?

2 minute read

TrustCore SDK components use callback functions during authentication to verify public keys, which are managed as byte string representations of TrustCore SDK formatted for version 1 or version 2 key BLOBs.

Version 1 key BLOBs

Key BLOBs for version 1 are formatted as follows:

Key BLOBs begin with a 12-byte header, with all bytes set to zero except the following:
- header[7] contains the TrustCore SDK key BLOB version (1)
- header[11] contains the key type (akt_* enumerated values defined in ca_mgmt.h)
For DSA keys, the data following the header is:
- 4 bytes length of p string
- n bytes length of p byte string
- 4 bytes length of q string
- n bytes length of q byte string
- 4 bytes length of g string
- n bytes length of g byte string
- 4 bytes length of y string
- n bytes length of y byte string
- 4 bytes length of x string
- n bytes length of x byte string
For RSA keys, the data following the header is:
- 4 bytes length of e string
- n bytes length of e byte string
- 4 bytes length of n string
- n bytes length of n byte string
- 4 bytes length of p string
- n bytes length of p byte string
- 4 bytes length of q string
- n bytes length of q byte string
- 4 bytes length of private string #1
- n bytes length of private byte string #1
- 4 bytes length of private string #2
- n bytes length of private byte string #2
- 4 bytes length of private string #3
- n bytes length of private byte string #3
- 4 bytes length of private string #4
- n bytes length of private byte string #4
- 4 bytes length of private string #5
- n bytes length of private byte string #5
For ECC keys, the data following the header is:
- 1 byte OID suffix identifying the curve
- 4 bytes length of Point string
- n bytes length of Point byte string (uncompressed X9-62 format)
- 4 bytes length of Scalar string
- n bytes length of Scalar byte string