Private-key blobs (type PRIVATEKEYBLOB) are used to store public/private key pairs. They have the following format:
BLOBHEADER blobheader;
RSAPUBKEY rsapubkey;
BYTE modulus[rsapubkey.bitlen/8];
BYTE prime1[rsapubkey.bitlen/16];
BYTE prime2[rsapubkey.bitlen/16];
BYTE exponent1[rsapubkey.bitlen/16];
BYTE exponent2[rsapubkey.bitlen/16];
BYTE coefficient[rsapubkey.bitlen/16];
BYTE privateExponent[rsapubkey.bitlen/8];
If the key blob is encrypted, then everything but the BLOBHEADER portion of the blob is encrypted. Note that the encryption algorithm and encryption key parameters are not stored along with the private key blob. It is the responsibility of the application to manage this information.
The following table describes each private-key blob components. Note that these fields largely correspond to the ones described in section 7.2 of Public-Key Cryptography Standards (PKCS) #1.
| Field | Description |
|---|---|
| blobheader | A BLOBHEADER structure. The bType member must have a value of PRIVATEKEYBLOB. |
| rsapubkey | A RSAPUBKEY structure. The magic field must always have a value of 0x32415352 ("RSA2"). Notice that the hex value is just an ASCII encoding of "RSA2." |
| Modulus | The modulus. This has a value of "prime1 * prime2" and is often known as "n". |
| prime1 | Prime number 1, often known as "p". |
| prime2 | Prime number 2, often known as "q". |
| exponent1 | Exponent 1. This has a numeric value of "d mod (p - 1)". |
| exponent2 | Exponent 2. This has a numeric value of "d mod (q - 1)". |
| coefficient | Coefficient. This has a numeric value of "(inverse of q) mod p". |
| privateExponent | Private exponent, often known as "d". |
Notice that private-key blobs are not encrypted, but contain private keys in plaintext form.
When calling CryptExportKey the developer can choose whether or not to encrypt the key. The PRIVATEKEYBLOB is encrypted if the hExpKey parameter contains a valid handle to a session key. Everything but the BLOBHEADER portion of the blob is encrypted. Note that the encryption algorithm and encryption key parameters are not stored along with the private-key blob. The application must manage and store this information. If zero is passed for hExpKey, the private key is exported without encryption.
Warning It is very dangerous to export private keys without encryption, since they are then vulnerable to interception and use by unauthorized entities.