Filter
Top Products
CCA Release 2.54
Master Key Shares Data Formats
Master key shares, and potentially other information to be “cloned” from one
Coprocessor to another Coprocessor are packed into a data structure as described
in Figure B-46.
Figure B-46. Cloning Information Token Data Structure
Offset
(Bytes)
Length
(Bytes)
Description
000 001 X'1D', token identifier
001 001 X'00', Version
002 002 Length of the cloning information token
004 004 Reserved, binary zero
008 004 Cloning-share index number, i; 1≤i≤15
012 016 Origin-node Environment Identifier, EID
028 008 Origin-Coprocessor serial number
036 xxx Cloning information TLV's:
Master key share
Signature
And one to seven bytes of padding to ensure that length 'xxx' is a multiple
of eight bytes.
Note: The information from offset 036 through 035+xxx is triple encrypted with a triple-length DES
key using the EDE3 encryption process, see “Triple-DES Ciphering Algorithms” on page D-10.
Figure B-47. Master Key Share TLV
Offset
(Bytes)
Length
(Bytes)
Description
000 001 X'01', master key share identifier
001 001 X'00', Version
002 002 X'001D', length of the TLV
004 001 Index value, i, binary
005 024 Master-key share
Figure B-48. Cloning Information Signature TLV
Offset
(Bytes)
Length
(Bytes)
Description
000 001 X'45', Signature Subsection Header
001 001 X'00', Version
002 002 Subsection length, 70+sss
004 001 Hashing algorithm identifier; X'01' signifies use of the SHA-1 hashing
algorithm.
005 001 Signature formatting identifier; X'01' signifies use of the ISO-9796 process.
006 064 Signature-key identifier; the key label of the key used to generate the
signature.
070 sss The signature field.
The signature is calculated on data that begins with the Cloning Information
Token Data Structure identifier (X'1D') through the byte immediately
preceding this signature field.
Appendix B. Data Structures B-41