2.2.2.2.3 Blob Datum
The Blob Datum encapsulates an opaque binary object. It MUST be formatted as below.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
EFSX_Datum |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
BlobType |
BlobFlags |
||||||||||||||||||||||||||||||
|
Blob_Data (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
EFSX_Datum (8 bytes): MUST be formatted as specified in section 2.2.2.2.2. The datum Type MUST be EFSX_TYPE_BLOB (0x0001). The datum Flags MUST NOT include 0x0002.
BlobType (2 bytes): The type of the blob, which provides a hint to the format of the Blob Data. It MUST be a 16-bit unsigned integer in little-endian format.
-
Value
Meaning
0x0000
The blob has no special formatting.
0x0001
The blob contains a public key formatted as a BCRYPT_PUBLIC_KEY_BLOB.
0x0002
The blob contains a SHA-1 hash of a DER-encoded form of a certificate.
0x0003
The blob contains the encrypted form of an Encrypted FEK structure, as defined in section 2.2.2.1.5. The contents of the key can be either the FEK or the FMK (see section 2.2.2.2.5).
0x0004
The blob contains key material wrapped with an AES-256 key wrapping key, as defined by [RFC3394].
0x0005
The blob contains key material encrypted by a DPAPI-NG provider on the endpoint. This BlobType MUST only be used when EFS_VERSION is 5.<17>
BlobFlags (2 bytes): Reserved, MUST be 0x0000.
Blob_Data (variable): Contains opaque, variable-length data. The Blob Data MUST be entirely contained within the Blob Datum.