IBM 2 Computer Hardware User Manual


  Open as PDF
of 508
 
CCA Release 2.54
RSA Public-Key Certificate Section: An optional public key certificate(s) section
can be included in an RSA key-token. The section consists of:
The section header (identifier X'40')
A public key subsection (identifier X'41')
An optional certificate information subsection (identifier X'42') with any or all of
these elements:
User data (identifier X'50')
EID (identifier X'51')
Serial number (identifier X'52')
A signature subsection (identifier X'45').
The section (as with the rest of the key token) is composed of a series of
“tag-length-variable” (TLV) items to form a self-defining data structure. One or
more TLV items can be included in the variable portion of a higher level TLV item.
The section header is described followed by descriptions of the TLV items that can
be included in the section.
Figure B-15. RSA Public-Key Certificate(s) Section Header
Offset
(Bytes)
Length
(Bytes)
Description
000 001 X'40', Section identifier, certificate
001 001 The version number (X'00')
002 002 Section length; includes:
Section header
Public key subsection
Information subsection (optional)
Signature subsection(s).
Note: See “Number Representation in PKA Key-Tokens” on page B-8.
Figure B-16. RSA Public-Key Certificate(s) Public Key Subsection
Offset
(Bytes)
Length
(Bytes)
Description
000 001 X'41', Public Key Subsection identifier
001 001 The version number (X'00')
002 002 Subsection length, 12+xxx+yyy
004 002 Reserved, binary zero
006 002 RSA public-key exponent field length in bytes, “xxx”
008 002 Public-key modulus length in bits
010 002 RSA public-key modulus field length in bytes, “yyy”
012 xxx Public-key exponent, e (this field length will generally be 1, 3, or 64 to 256
bytes). e must be odd and 1<e<n.
012
+xxx
yyy Modulus, n. n=pq, where p and q are prime and 2
512
<n<2
2048
. This field
will be absent when the modulus is contained in the private-key section. If
present, the field length will be 64 to 256 bytes, inclusive.
Note: See “Number Representation in PKA Key-Tokens” on page B-8.
Appendix B. Data Structures B-17
 previous next