Filter
Top Products
CCA Release 2.54
Decrypting Sub-process: RSA decrypt the AS External Key Block using an RSA
private key and call the result of the decryption PKR. The private key must be
usable for key management purposes.
Validating Sub-process: Verify that the high-order two bits of the PKR record are
valued to B'01'. and that the low-order four bits of the PKR record are valued to
B'0110'.
Unmasking Sub-process: Set IV to the value of the 8 bytes at offset 53 of the PKR
record. Note that there is a variable quantity of padding prior to offset 0. See
Figure C-5 on page C-14.
Set K to the exclusive-OR of IV and the value of the 8 bytes at offset 45 of the
PKR record.
Create a mask that is equal in length to the PKR record by CBC encrypting a
multiple of 8 bytes of binary zeros using K as the key and IV as the initialization
vector. Exclusive-OR the mask with PKR and call the result the key record.
Copy K to offset 45 in the PKR record.
Extraction Sub-process: Confirm that:
The four bytes at offset 1 in the key record are valued to X'0000 0000'
The two control vector fields at offsets 21 and 29 are identical
If the control vector is an IMPORTER or EXPORTER key class, that the EID in
the key record is not the same as the EID stored in the cryptographic engine.
The control vector base of the recovered key is the value at offset 21. If the control
vector base bits 40 to 42 are valued to B'010' or B'110', the key is double length.
Set the right half of the received key's control vector equal to the left half and
reverse bits 41 and 42 in the right half.
The recovered key is at offset 37 and is either 8 or 16 bytes long based on the
control vector base bits 40 to 42. If these bits are valued to B'000', the key is
single length. If these bits are valued to B'010' or B'110', the key is double
length.
Appendix C. CCA Control-Vector Definitions and Key Encryption C-15