2.2.2.9.2 BCRYPT RSA Private Key BLOB

The following is the diagram of elements in the RSA private key BLOB that MUST be passed to the CA.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Magic

BitLength

PubExpLength

ModulusLength

PLength

QLength

PubExp (variable)

...

Modulus (variable)

...

P (variable)

...

Q (variable)

...

Magic (4 bytes): Length MUST be 4 bytes.

This field MUST be present as an unsigned long in big-endian format.

The value of this field MUST be 0x32415352 (RSA2).

BitLength (4 bytes): Length MUST be 4 bytes.

This field MUST be present as an unsigned long in big-endian format.

The value of this field is the size, in bits, of the RSA key.

PubExpLength (4 bytes): Length MUST be 4 bytes.

This field MUST be present as an unsigned long in big-endian format.

The value of this field is the size, in bytes, of the RSA key exponent.

ModulusLength (4 bytes): Length MUST be 4 bytes.

The field MUST be present as an unsigned long in big-endian format.

The value of this field is the size, in bytes, of the modulus of the key.

PLength (4 bytes): Length MUST be 4 bytes.

This field MUST be present as an unsigned long in big-endian format.

The value of this field is the size, in bytes, of the first prime number of the private key.

QLength (4 bytes): Length MUST be 4 bytes.

This field MUST be present as an unsigned long in big-endian format.

The value of this field is the size, in bytes, of the second prime number of the private key.

PubExp (variable): The exponent of the key with a length defined by PubExpLength.

This field MUST be present as a byte string in big-endian format.

Modulus (variable): The modulus of the key with a length defined by ModulusLength.

This field MUST be present as a byte string in big-endian format.

P (variable): The first prime number of the private key with a length defined by PLength.

This field MUST be present as a byte string in big-endian format.

Q (variable): The second prime number of the private key with a length defined by QLength.

This field MUST be present as a byte string in big-endian format.