3.2.4.2 R_KeyExchangePhase1 (Opnum 26)
The client MUST perform the following steps to process R_KeyExchangePhase1:
Generate or look up the client's key exchange key.
Generate or look up the client's signature key.
Build an IIS_CRYPTO_BLOB structure with the BlobSignature field set to PUBLIC_KEY_BLOB_SIGNATURE to store the client's key exchange public key.
Build an IIS_CRYPTO_BLOB structure with the BlobSignature field set to PUBLIC_KEY_BLOB_SIGNATURE to store the client's signature public key.
Send IIS_CRYPTO_BLOBs built in the previous two steps to the server by using the R_KeyExchangePhase1 method.
Wait for the response from the server.
Retrieve the server's key exchange public key from the IIS_CRYPTO_BLOB structure with the BlobSignature field set to PUBLIC_KEY_BLOB_SIGNATURE.
Retrieve the server's signature public key from the IIS_CRYPTO_BLOB structure with the BlobSignature field set to PUBLIC_KEY_BLOB_SIGNATURE.
Retrieve the server's session key from the IIS_CRYPTO_BLOB structure with the BlobSignature field set to SESSION_KEY_BLOB_SIGNATURE.
Decrypt the server's session key by using the client's key exchange private key.
In the case of success, the client MUST proceed with the R_KeyExchangePhase2 method.