Simple key blobs (type SIMPLEBLOB) are used to store and transport session keys. These are always encrypted with a key exchange public key. They have the following format:
BLOBHEADER blobheader;
ALG_ID algid;
BYTE encryptedkey[rsapubkey.bitlen/8];
The algorithm identifier that immediately follows the BLOBHEADER structure specifies the encryption algorithm that was used to encrypt the session key data. This typically has a value of CALG_RSA_KEYX, indicating that the session key data was encrypted with a key exchange public key, using the RSA Public-Key algorithm.
The encrypted session key data is in the form of a PKCS #1, type 2 encryption block. For details on this data format, see the Public-Key Cryptography Standards (PKCS), published by RSA Data Security, Inc.
This data is always the same size as the public key's modulus. For example, public keys generated by the Microsoft RSA Base Provider can be 512 bits (64 bytes) in length, so, in that case, the encrypted session key data is also 512 bits (64 bytes).
For more detailed information on the Base Provider's key blobs, see Interoperability with RSA CSPs.