2.2.5 ClientWrap RSA Key Pair
The following structure MUST be used to represent a 2,048bit ClientWrap RSA key pair [RFC8017] that is stored and replicated between servers using the LSA (Domain Policy) Remote Protocol as specified in sections 3.1.4.1.1 and 3.1.4.1.3.










1 









2 









3 


0x02 
0x00 
0x00 
0x00 

0x94 
0x04 
0x00 
0x00 

Certificate_Length 

0x07 
0x02 
0x00 
0x00 

0x00 
0xA4 
0x00 
0x00 

0x52 
0x53 
0x41 
0x32 

0x00 
0x08 
0x00 
0x00 

Public_Exponent 

Modulus (256 bytes) 

... 

... 

Prime1 (128 bytes) 

... 

... 

Prime2 (128 bytes) 

... 

... 

Exponent1 (128 bytes) 

... 

... 

Exponent2 (128 bytes) 

... 

... 

Coefficient (128 bytes) 

... 

... 

Private_Exponent (256 bytes) 

... 

... 

Certificate (variable) 

... 
Certificate_Length (4 bytes): This MUST be a 32bit unsigned number in littleendian format, equal to the length of the Certificate field, in bytes.
Public_Exponent (4 bytes): This MUST be a 32bit unsigned number in littleendian format. It MUST be the public exponent of the key pair, referred to as e in [RFC8017].
Modulus (256 bytes): This MUST be the RSA modulus, referred to as n in [RFC8017]. It MUST be equal to Prime1 * Prime2. It MUST be encoded in littleendian format.
Prime1 (128 bytes): This MUST be the first prime factor of the RSA modulus, referred to as p in [RFC8017]. It MUST be encoded in littleendian format.
Prime2 (128 bytes): This MUST be the second prime factor of the RSA modulus, referred to as q in [RFC8017]. It MUST be encoded in littleendian format.
Exponent1 (128 bytes): This MUST be the Chinese Remainder Theorem exponent of Prime1, referred to as dP in [RFC8017]. It MUST be encoded in littleendian format.
Exponent2 (128 bytes): This MUST be the Chinese Remainder Theorem exponent of Prime2, referred to as dQ in [RFC8017]. It MUST be encoded in littleendian format.
Coefficient (128 bytes): This MUST be the Chinese Remainder Coefficient of Prime1 and Prime2, referred to as qInv in [RFC8017]. It MUST be encoded in littleendian format.
Private_Exponent (256 bytes): This MUST be the RSA private exponent, referred to as d in [RFC8017]. It MUST be encoded in littleendian format.
Certificate (variable): This field MUST contain the certificate for the key pair's public key, formatted as specified in section 2.2.1.