Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54

DES Key-Tokens

DES key-token data structures are 64 bytes in length, contain an enciphered key, a

control vector, various flag bits, version number, and token validation value.

An internal key-token contains a key multiply-enciphered by a master key while an

external key-token contains a key multiply-enciphered by some key-encrypting key.

Internal DES Key-Token

Starting with the IBM 4758 Version 2 CCA Support Program (IBM 4758 Models 002

and 023), the support software accepts and outputs a version X'00' internal DES

key-token. This support also accepts the version X'03' internal DES key-token.

The IBM 4758 Version 1 CCA implementation (IBM 4758 Models 001 and 013)

only supports a version X'03' internal DES key-token.

Figure B-2. Internal DES Key-Token, Version 0 Format (Version 2 Software)

Offset Length Meaning

00 1 X'01' (a flag that indicates an internal key-token)

01 3 Reserved, binary zero

04 1 The version number (X'00')

05 1 Reserved, binary zero

06 1 Flag byte 1; for more information, see Figure B-6 on page B-6

07 1 Reserved, binary zero

08-15 8 Master key verification pattern

16-23 8 The single-length operational (master-key encrypted) key or the left half of a

double-length operational key

24-31 8 Null, or the right half of a double-length operational key

32-39 8 The control-vector base

40-47 8 Null, or the control vector base for the right half of a double-length key

48-59 12 Reserved, binary zero

60-63 4 The token-validation value

Figure B-3 (Page 1 of 2). Internal DES Key-Token, Version 3 Format

Offset Length Meaning

Note: Created and processed by version 1 Software. Version 2 software only accepts as input.

00 1 X'01' (a flag that indicates an internal key-token)

01 1 Reserved, binary zero

02 2 Master key verification pattern

04 1 The version number (X'03')

05 1 Reserved, binary zero

06 1 Flag byte 1; for more information, see Figure B-6 on page B-6

07 1 Reserved, binary zero

08-15 8 Reserved, binary zero

16-23 8 The single-length operational (master-key encrypted) key or the left half of a

double-length operational key

24-31 8 Null, or the right half of a double-length operational key

32-39 8 The control-vector base

40-47 8 Null, or the control vector base for the right half of a double-length key

Appendix B. Data Structures B-3

previous next