See more on Chunks in general.
Subtypes less than 128 specify different kinds of keys. Whatever the type, the record somehow provides a definition of a sequence of bytes that will be used as key material.
Subtypes ≥128 are never found in archive files. They are used in other files that use the same low-level Chunk structure, in particular for keyring files.
ref to keyring files
| Subtype | description |
|---|---|
| 64 | Passphrase prompt |
| 65 | Literal key material |
| 66 | External key material reference |
| 67 | Generational Key |
| 68 | Derived key (also iterates and combines) |
| 69 | Special Hardware / implementation specific |
| 70 | ECC Public Key reference |
| 71 | |
| Records not found in archive files | |
| 128 | External key material definition |
| 129 | Proxy |
| — ?? | other records present in keyring files for defining ECC public and private keys |
The Instance Number is matched against references from CRYP and KHSH and any place else that a key definition is referenced from another chunk.
When another chunk reference a key by specifying its Instance Number, it does not specify the kind of key to expect. Rather, whatever subtype of key is found with that Instance is the key used. So, instance numbers must be unique among subtypes less than 128. That is, you may not have a KEYD-b(64)#2 and a KEYD-b(65)#2 in the same archive, even though the Chunk IDs are different.
Instance numbers from hex 40 through hex FFF (64 through 4095) are reserved. An archive shall not contain instances in this range.
| Instance | Meaning |
|---|---|
| 64 | Generic passphrase prompt |
Pre-defined instance numbers for the generic prompt, a few generational keys and derived keys(?), and note that KEYD#1 is refered to implicitly by some pre-defined CRYPs.
Page content copyright 2003 by John M. Dlugosz. Home:http://www.dlugosz.com, email:mailto:john@dlugosz.com