Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54

Figure B-12 (Page 1 of 2). RSA Private Key, Chinese-Remainder Format with OPK

Offset

(Bytes)

Length

(Bytes)

Description

000 001 X'08' Section identifier, RSA private key, CRT format (RSA-CRT). This

section type is created by the IBM 4758 Version 2 CCA Support Program.

001 001 The version number (X'00')

002 002 Length of the RSA private-key section, 132 +ppp +qqq +rrr +sss +uuu +xxx

+nnn

004 020 SHA-1 hash value of the private-key subsection cleartext, offset 28 to the

end of the modulus

024 004 Reserved, binary zero

028 001 Key format and security:

External token:

X'40' Unencrypted RSA private-key subsection identifier

X'42' Encrypted RSA private-key subsection identifier

Internal token:

X'08' Encrypted RSA private-key subsection identifier

029 001 External tokens, reserved, binary zero

Internal tokens:

X'21' Imported from cleartext

X'22' Imported from ciphertext

X'23' Generated using regeneration data

X'24' Randomly generated

030 020 SHA-1 hash of all optional sections that follow the public key section, if any;

else 20 bytes of X'00'

050 001 Key usage flag bits

The two high-order bits indicate permitted key usage in the decryption of

symmetric keys and in the generation of digital signatures. Useful

combinations:

X'00' Only signature generation (SIG-ONLY)

X'C0' Only key unwrapping (KM-ONLY)

X'80' Both signature generation and key unwrapping (KEY-MGMT).

All other bits, reserved, B'0'

051 003 Reserved, binary zero

054 002 Length of the prime number, p, in bytes: ppp

056 002 Length of the prime number, q, in bytes: qqq

058 002 Length of d

p

, in bytes: rrr

060 002 Length of d

q

, in bytes: sss

062 002 Length of the 'U' value, in bytes: uuu

064 002 Length of the modulus, n, in bytes: nnn

066 002 Reserved, binary zero

068 002 Reserved, binary zero

070 002 Length of the pad field, in bytes: xxx

072 004 Reserved, binary zero

076 016 External token, reserved, binary zero

Internal token, asymmetric master key verification pattern

092 032 External token: reserved, binary zero.

Internal token: Object Protection Key (OPK), eight-byte confounder and 3

eight-byte keys used in the triple-DES CBC process to encrypt the private

key and blinding information. These 32 bytes are triple-DES CBC encrypted

by the asymmetric master key. See T-DES at “Triple-DES Ciphering

Algorithms” on page D-10.

B-14 IBM 4758 CCA Basic Services, Release 2.54, February 2005

previous next