共用方式為

BCRYPT_MLKEM_KEY_BLOB structure

Note

某些資訊與一款尚未正式發行的產品有關,該產品在正式推出之前可能會進行大幅修改。 Microsoft 對於此處提供的資訊,不做任何明確或隱含的保證。 本主題所述的功能可在 Windows Insider Preview發行前版本取得。

The BCRYPT_MLKEM_KEY_BLOB structure is used as a header for an ML-KEM public key (byte-encoded encapsulation key) or private keyBLOB in memory.

Syntax

typedef struct _BCRYPT_MLKEM_KEY_BLOB {
  ULONG dwMagic;
  ULONG cbParameterSet;             // Byte size of parameterSet[]
  ULONG cbKey;                      // Byte size of key[]
  // WCHAR parameterSet[cbParameterSet / sizeof(WCHAR)];  // Including \0-terminated
  // BYTE key[cbKey];                                     // Key material
} BCRYPT_MLKEM_KEY_BLOB, *PBCRYPT_MLKEM_KEY_BLOB;

Fields

dwMagic

The dwMagic field is a 4-byte value that indicates the format of the key being used. 定義下列值:

Value Meaning
BCRYPT_MLKEM_PUBLIC_MAGIC0x504B4C4D 結構代表公鑰。
BCRYPT_MLKEM_PRIVATE_MAGIC0x524B4C4D 結構代表展開的私鑰。
BCRYPT_MLKEM_PRIVATE_SEED_MAGIC0x534B4C4D 結構代表私用種子。

cbParameterSet

The length, in bytes, of the buffer parameterSet directly following the struct. 這個緩衝區包含 Null 終止的 Unicode 字串,可識別索引鍵的參數集。 The following values (per FIPS 203) are currently supported:

parameterSet cbParameterSet Meaning
BCRYPT_MLKEM_PARAMETER_SET_512L"512" 8 ML-KEM-512,安全性類別 1。
BCRYPT_MLKEM_PARAMETER_SET_768L"768" 8 ML-KEM-768,安全性類別 3。
BCRYPT_MLKEM_PARAMETER_SET_1024L"1024" 10 ML-KEM-1024,安全性類別 5。

cbKey

The length, in bytes, of the buffer key directly following parameterSet. 此大小是靜態的,視使用中的金鑰格式和參數而定。

Remarks

BCRYPT_MLKEM_PRIVATE_SEED_BLOB supports import and export of ML-KEM seeds. The blob has dwMagic value BCRYPT_MLKEM_PRIVATE_SEED_MAGIC and the key field contains the KEM seed (defined as the 64-byte concatenation of d || z per FIPS 203), so cbKey is currently always 64.

BCRYPT_MLKEM_PRIVATE_BLOB (also aliased as BCRYPT_MLKEM_DECAPSULATION_BLOB) supports import and export of standard byte-encoded ML-KEM decapsulation keys per FIPS 203. The blob has dwMagic value BCRYPT_MLKEM_PRIVATE_MAGIC and the key field contains the byte-encoded key.

BCRYPT_MLKEM_PUBLIC_BLOB (also aliased as BCRYPT_MLKEM_ENCAPSULATION_BLOB) supports import and export of standard byte-encoded ML-KEM encapsulation keys per FIPS 203. The blob has dwMagic value BCRYPT_MLKEM_PUBLIC_MAGIC and the key field contains the byte-encoded key.

The byte sizes of the byte-encoded keys can be found in FIPS 203 Section 8 Table 3. Many callers can instead dynamically query the required blob sizes using BCryptExportKey with NULLpbOutput.

Requirements

Requirement Value
最低支援的用戶端 Windows 測試人員 (組建 27843): 開始支援 ML-KEM。 [僅限傳統型應用程式]
支援的最低伺服器 Windows 測試人員 (組建 27843): 開始支援 ML-KEM。 [僅限傳統型應用程式]
Header bcrypt.h

See also

BCryptGenerateKeyPair

BCryptImportKeyPair

BCryptFinalizeKeyPair

BCryptExportKey

BCryptGetProperty

BCryptSetProperty

BCryptEncapsulate

BCryptDecapsulate

  • Last updated on