2.2.2.2 EncryptedSecret Structure Version 3


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

cbSecret

0x30

0x00

0x00

0x00

0x10

0x66

0x00

0x00

0x0e

0x80

0x00

0x00

Secret (variable)

...

PayloadKey (48 bytes)

...

...

cbSecret (4 bytes): A 32-bit unsigned integer. It MUST be the length of the Secret field, in bytes. This field MUST be encoded using little-endian format. Its value MUST be at least 51 bytes less than the length in bytes of the RSA modulus of the public key used for wrapping.

Secret (variable): This MUST contain the cbSecret-byte value that is being wrapped.

PayloadKey (48 bytes): This MUST contain the payload encryption key, consisting of a 256-bit Advanced Encryption Standard (AES) key and a 128-bit IV. These quantities are concatenated to form this field.