KEYD Chunk

See more on Chunks in general.


Subtypes less than 128 specify different kinds of keys. Whatever the type, the record somehow provides a definition of a sequence of bytes that will be used as key material.

Subtypes ≥128 are never found in archive files. They are used in other files that use the same low-level Chunk structure, in particular for keyring files.

ref to keyring files

64 Passphrase prompt
65 Literal key material
66 External key material reference
67 Generational Key
68 Derived key (also iterates and combines)
69 Special Hardware / implementation specific
70 ECC Public Key reference
Records not found in archive files
128 External key material definition
129 Proxy
— ?? other records present in keyring files for defining ECC public and private keys

Instance Number

The Instance Number is matched against references from CRYP and KHSH and any place else that a key definition is referenced from another chunk.

When another chunk reference a key by specifying its Instance Number, it does not specify the kind of key to expect. Rather, whatever subtype of key is found with that Instance is the key used. So, instance numbers must be unique among subtypes less than 128. That is, you may not have a KEYD-b(64)#2 and a KEYD-b(65)#2 in the same archive, even though the Chunk IDs are different.

Reserved and Predefined Instance Numbers

Instance numbers from hex 40 through hex FFF (64 through 4095) are reserved. An archive shall not contain instances in this range.

Pre-defined COMP definitions
64Generic passphrase prompt

Pre-defined instance numbers for the generic prompt, a few generational keys and derived keys(?), and note that KEYD#1 is refered to implicitly by some pre-defined CRYPs.

Valid HTML 4.01!

Page content copyright 2003 by John M. Dlugosz. Home:,