DSS Version 3 Public Key BLOBs
DSS version 3 Public Key BLOBs of type PUBLICKEYBLOB are used to export and import information about a DH public key. They have the following format:
BLOBHEADER blobheader;
// As explained under "Data Structures"
DSSPUBKEY_VER3 dsspubkeyver3;
BYTE p[dsspubkeyver3.bitlenP/8];
// Where P is the prime modulus
BYTE q[dsspubkeyver3.bitlenQ/8];
// Where Q is a large factor of P-1
BYTE g[dsspubkeyver3.bitlenP/8];
// Where G is the generator parameter
BYTE j[dsspubkeyver3.bitlenJ/8];
// Where J is (P-1)/Q
BYTE y[dsspubkeyver3.bitlenP/8];
// Where Y is (G^X) mod P
This BLOB format is exported when the CRYPT_BLOB_VER3 flag is used with CryptExportKey. Because the version is in the BLOB, there is no need to specify a flag when using this BLOB with CryptImportKey.
In addition, this BLOB format is used with the CryptSetKeyParam function when the dwParam value KP_PUB_PARAMS is used to set key parameters on a DSS key. This is done when the CRYPT_PREGEN flag has been used to generate the key. When used in this situation, the y value is ignored and therefore should not be included in the BLOB.
The following table describes each component of the key BLOB.
| Field | Description |
|---|---|
| Blobheader | A BLOBHEADER structure. The bType member must have a value of PUBLICKEYBLOB. |
| Dsspubkeyver3 | A DSSPUBKEY_VER3 structure. The magic member should be set to "DSS3" (0x33535344) for public keys. Notice that the hexadecimal value is just an ASCII encoding of "DSS3." |
| P | The P value is located directly after the DSSPUBKEY_VER3 structure, and should always be the length, in bytes, of the DSSPUBKEY_VER3 bitlenP field (bit length of P) divided by eight (little-endian format). |
| Q | The Q value is located directly after the P value and should always be the length in bytes of the DSSPUBKEY_VER3bitlenQ member divided by eight (little-endian format). |
| G | The G value is located directly after the Q value and should always be the length, in bytes, of the DSSPUBKEY_VER3bitlenP member (bit length of P) divided by eight. If the length of the data is one or more bytes shorter than P divided by 8, the data must be padded with the necessary bytes (of zero value) to make the data the desired length (little-endian format). |
| J | The J value is located directly after the G value and should always be the length in bytes of the DSSPUBKEY_VER3bitlenJ member divided by eight (little-endian format). If the bitlenQ value is 0, then the value is absent from the BLOB. |
| Y | The Y value, (G^X) mod P, is located directly after the J value, and should always be the length, in bytes, of the DSSPUBKEY_VER3bitlenP member (bit length of P) divided by eight. If the length of the data that results from the calculation of (G^X) mod P is one or more bytes shorter than P divided by 8, the data must be padded with the necessary bytes (of zero value) to make the data the desired length (little-endian format). Note: When this structure is used with CryptSetKeyParam with the dwParam value KP_PUB_PARAMS, then this value is not included in the BLOB. |
Note
Public key BLOBs are not encrypted, but contain public keys in plaintext form.