PVK
PVK is a proprietary Microsoft format that stores a cryptographic private key. PVK files are often password-protected.
A PVK file may have an associated .spc (PKCS7) certificate file.
Contents |
Specifications
PVK File Format
PVK is a Microsoft proprietary format for storing a single RSA Private Key. The file consists of a number of Windows cryptographic structures serialised into the file with a header. Because the format uses generic Windows structures but can only store an RSA private key, several of the fields only have one possible value. The format supports password protection using RC4 encryption. The format is little-endian.
Header
The file header is as follows:
| Magic | int32 | File identification value. Always 0xb0b5f11e. |
| Reserved | int32 | Unknown. Always observed as zero. |
| Keytype | int32 | |
| Encrypted | int32 | 1 if the file is password protected (encrypted), 0 otherwise. |
| SaltLength | int32 | The length of the salt data, in bytes. Non-zero (typically 16) if the file is password protected, 0 otherwise. |
| KeyLength | int32 | The length of the key data, in bytes. |
| Salt | byte[$SaltLength] | The salt data, if the file is encrypted. |
This is followed by three Windows' cryptography structures, PRIVATEKEYBLOB, PUBLICKEYSTRUC (also known as BLOBHEADER), and RSAPUBKEY. (Technically there is only a PRIVATEKEYBLOB structure, but it incorporates the other two.)
PRIVATEKEYBLOB
- PRIVATEKEYBLOB structure
- PUBLICKEYSTRUC structure
- bType byte
- bVersion byte
- reserved int16
- aiKeyAlg int32
- rsapubkey RSAPUBKEY structure
- magic int32
- bitlen int32
- pubexp int32
- modulus byte[$rsapubkey.$bitlen / 8]
- prime1 byte[$rsapubkey.$bitlen / 16]
- prime2 byte[$rsapubkey.$bitlen / 16]
- exponent1 byte[$rsapubkey.$bitlen / 16]
- exponent2 byte[$rsapubkey.$bitlen / 16]
- coefficient byte[$rsapubkey.$bitlen / 16]
- privateExponent byte[$rsapubkey.$bitlen / 8]
- PUBLICKEYSTRUC structure
Password Protection
If the file has been password protected with RC4 encryption, then Encrypted will be 1 (or possibly another non-zero value), and SaltLength will be non-zero. The PRIVATEKEYBLOB field data starting with the RSAPUBKEY field will have been RC4 encrypted.
There are two possible ways that the password is used to make the RC4 key. They both concatenate the salt bytes with the ASCII encoded password and calculate the SHA1 hash. The first method uses the SHA1 hash as the RC4 key, the second method uses only the first 5 bytes of the SHA1 hash followed by 11 zero bytes. This second method (using only 40 bits of the SHA1 hash) is an historic limitation to comply with the US export restrictions on strong encryption in the 1990s.
