From Just Solve the File Format Problem
Jump to: navigation, search
File Format
Name PVK
Extension(s) .pvk

PVK is a proprietary Microsoft format that stores a cryptographic private key. PVK files are often password-protected.

A PVK file may have an associated .spc (PKCS7) certificate file.



PVK File Format

PVK is a Microsoft proprietary format for storing a single RSA Private Key. The file consists of a number of Windows cryptographic structures serialised into the file with a header. Because the format uses generic Windows structures but can only store an RSA private key, several of the fields only have one possible value. The format supports password protection using RC4 encryption. The format is little-endian.


The file header is as follows:

Magic int32 File identification value. Always 0xb0b5f11e.
Reserved int32 Unknown. Always observed as zero.
Keytype int32
Encrypted int32 1 if the file is password protected (encrypted), 0 otherwise.
SaltLength int32 The length of the salt data, in bytes. Non-zero (typically 16) if the file is password protected, 0 otherwise.
KeyLength int32 The length of the key data, in bytes.
Salt byte[$SaltLength] The salt data, if the file is encrypted.

This is followed by three Windows' cryptography structures, PRIVATEKEYBLOB, PUBLICKEYSTRUC (also known as BLOBHEADER), and RSAPUBKEY. (Technically there is only a PRIVATEKEYBLOB structure, but it incorporates the other two.)


  • PRIVATEKEYBLOB structure
    • PUBLICKEYSTRUC structure
      • bType byte
      • bVersion byte
      • reserved int16
      • aiKeyAlg int32
    • rsapubkey RSAPUBKEY structure
      • magic int32
      • bitlen int32
      • pubexp int32
    • modulus byte[$rsapubkey.$bitlen / 8]
    • prime1 byte[$rsapubkey.$bitlen / 16]
    • prime2 byte[$rsapubkey.$bitlen / 16]
    • exponent1 byte[$rsapubkey.$bitlen / 16]
    • exponent2 byte[$rsapubkey.$bitlen / 16]
    • coefficient byte[$rsapubkey.$bitlen / 16]
    • privateExponent byte[$rsapubkey.$bitlen / 8]

Password Protection

If the file has been password protected with RC4 encryption, then Encrypted will be 1 (or possibly another non-zero value), and SaltLength will be non-zero. The PRIVATEKEYBLOB field data starting with the RSAPUBKEY field will have been RC4 encrypted.

There are two possible ways that the password is used to make the RC4 key. They both concatenate the salt bytes with the ASCII encoded password and calculate the SHA1 hash. The first method uses the SHA1 hash as the RC4 key, the second method uses only the first 5 bytes of the SHA1 hash followed by 11 zero bytes. This second method (using only 40 bits of the SHA1 hash) is an historic limitation to comply with the US export restrictions on strong encryption in the 1990s.


Personal tools