What are the actual formats supported by CngKeyBlobFormat?

Question

The Microsoft pages provide "minimal" information about the formats that can be used by CngKey.Import. Which actual formats are actually represented by the following CngKeyBlobFormat properties?

• EccPrivateBlob
• EccPublicBlob
• GenericPrivateBlob
• GenericPublicBlob
• OpaqueTransportBlob
• Pkcs8PrivateBlob

Only the PKCS#8 private key format hints slightly about the format of the key, but it doesn't specify if the private key needs to be wrapped or if just the inner PKCS#8 structure is accepted.

The more information about these formats the better of course.

Answer 1

A thing to keep in mind throughout all of this is that CNG is extendable through CNG Providers, which may be the default Microsoft Software one, a Smart Card, or a 3rd party provider like an HSM. Any provider may choose to ignore or not support any of these formats. This eventually boils down to NCryptImportKey being called. There are a number of formats that are supported by CNG that are not listed here. The remarks section there has quite a bit of information about the types and links for data structures.

As you see in the NCryptImportKey documentation, the key format is a string. The CngKeyBlobFormat is just a wrapper around those strings. You can look in the reference source to see how these properties map to the Win32 strings. For example, the EccPrivateBlob property is the "ECCPRIVATEBLOB" string.

Pkcs8PrivateBlob

As you noted, this format is specified by the PKCS#8 standard.

OpaqueTransportBlob

This one Microsoft can't really document because it is an opaque blob, and is not portable between providers. Essentially, this is meant to be a representation the provider chooses.

GenericPublicBlob

This will be a binary representation of the BCRYPT_KEY_BLOB structure. The first field in the structure determines which structure it is with magic values. For example, with RSA public key, it will be a BCRYPT_RSAKEY_BLOB.

GenericPrivateBlob

This is the same as above except the private parameters are filled in.

EccPublicBlob

This will be a BCRYPT_ECCKEY_BLOB structure. It is similar as above in that a magic value will determine the actual contents of the blob.

EccPrivateBlob

This will be the same as above except the private parameters are filled in.

In the cases for BCRYPT_KEY_BLOB and BCRYPT_ECCKEY_BLOB structures, the structures act as a "header" for the key. The actual key material will be in the same blob of memory, after the struct. The "amount" of key material will be known based on the magic value, and the other values in the header.