Filter
Top Products
CCA Release 2.54
Appendix B. Data Structures
This appendix describes the following data structures:
Key tokens
Chaining vector records
Key-storage records
Key record list data set
Access-control data structures
Master key shares
Distributed function control vector.
Key Tokens
This section describes the DES and RSA key-tokens used with the product. A “key
token” is a data structure that contains information about a key and usually contains
a key or keys.
In general, a key that is available to an application program or held in key storage
is multiply-enciphered by some other key. When a key is enciphered by the
CCA-node's master key, the key is designated an “internal” key and is held in an
internal key-token structure. Therefore, an internal key-token is used to hold a key
and its related information for use at a specific CCA node.
An external key-token is used to communicate a key between nodes, or to hold a
key in a form not enciphered by a CCA master key. DES keys and RSA
private-keys in an external key-token are multiply-enciphered by a transport key. In
a CCA-node, a transport key is a double-length DES key-encrypting-key.
The remainder of this section describes the structures used with the IBM 4758
product family:
Master key verification pattern
Token-validation value and record-validation value
Null key-token
DES key-tokens
– Internal DES key-token
– External DES key-token
– DES key-token flag bytes
RSA key-tokens
Chaining-vector records
Key-storage records
Key-record-list data set.
Master Key Verification Pattern
A Master Key Verification Pattern (MKVP) exists within an internal key token. An
MKVP permits the cryptographic engine to detect if the key within the token is
enciphered by an available master key. Different internal key-verification-pattern
approaches are employed depending on the version of the key token and, for DES
key tokens, the value of the symmetric master key. See “Master Key Verification
Algorithms” on page D-1.
Copyright IBM Corp. 1997, 2005 B-1