Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54

DES Key-Token Flag Byte 1:

DES Key-Token Flag Byte 2:

Figure B-6. Key-Token Flag Byte 1

Bits (MSB...LSB)

1

Meaning

1xxx xxxx The encrypted key value and the Master Key Verification Pattern are

present

0xxx xxxx An encrypted key is not present

x0xx xxxx The control-vector value is not present

x1xx xxxx The control-vector value is present

All other bit combinations are reserved; undefined bits should be zero.

Figure B-7. Key-Token Flag Byte 2

Bits (MSB...LSB) Meaning

For Key-Encrypting Keys

0000 0010 This key-encrypting key will import and export external key-tokens using

the Transaction Security System key-token format.

RSA PKA Key-Tokens

PKA key-tokens contain various items, some of which are optional, and some of

which can be present in different forms. The token is composed of concatenated

sections that must occur in the prescribed order.

As with other CCA key-tokens, both internal and external forms are defined.

 A PKA internal key-token contains a private key that is protected by encrypting

the private key information using the CCA-node asymmetric master key, or by

an object protection key (OPK) that is itself encrypted by the asymmetric

master key. The internal key-token will also contain the modulus and the

public-key exponent. A master key verification pattern is also included to

enable determination that the proper master key is available to process the

protected private key.

Note, the format and content of an internal key-token is local to a specific node and

product implementation, and does not represent an interchange format.

 An RSA external key-token contains the modulus and the public-key exponent.

Also, the external key-token optionally contains the private key. If present, the

private key may be in the clear or may be protected by encryption using a

double-length DES transport key. An external key-token is an inter-product

interchange data structure.

An RSA private key can be represented in one of several forms:

 By a modulus and the private-key exponent

 By a set of numbers used in the Chinese-remainder theorem (CRT). The

Coprocessor always generates a CRT key with p>q. If you import a CRT key

from another RSA implementation with q>p the key will be usable within the

1

MSB is the most significant bit; LSB is the least significant bit.

B-6 IBM 4758 CCA Basic Services, Release 2.54, February 2005

previous next