What is a pfxblob

Question

I asked this question the other day.

Part of the solution required a base64binary of the pfxblob to put into the Azure Template, to pass to Azure via Powershell.

I ultimately found I could get a pfxblob by running a different Azure command, the source of which contained a chunk of c# that did what I needed it to.

Namely -

Convert.ToBase64String(cert.Export(X509ContentType.Pfx, Password));) 

I'm mostly able to pick that apart and vaguely get what it is doing, at least enough to fix my immediate problem at the time. But I never did work out what a pfxblob actually is. And on the run up finding that solution, I couldn't find anything that described what it was.

So I thought one of you lot must...

Answer 1

PFX files contain encrypted private keys, certificates, and potentially other secret information.

Generally, a PFX BLOB is a binary representation of a PFX store. More precisely, a PFX BLOB is a CRYPT_DATA_BLOB structure. The CRYPT_DATA_BLOB is specified in the typedef of _CRYPTOAPI_BLOB.

The _CRYPTOAPI_BLOB contains an arbitrary array of bytes. Its struct consists of DWORD cbData, which is A DWORD variable that contains the count, in bytes, of data; and `BYTE *pbData', which contains A pointer to the data buffer.

Therefore, a PFX BLOB contains the binary content of a PFX store, plus the length of the store.

It is worth reading this page for further information: PKCS #12 File Types: Portable Protected Keys in .NET

Major APIs that use the PFX BLOB are these:

• PFXIsPFXBlob
• PFXImportCertStore