IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54

S/390 Based Master Key Verification Method

When the first and third portions of the symmetric master key have the same value,

the master key is effectively a double-length DES key. In this case, the master key

verification pattern (MKVP) is based on this algorithm:

 C = X'4545454545454545'

 IR = MK

first-part

⊕ e

(MK

first-part

)

 MKVP = MK

second-part

⊕ e

(MK

second-part

)

where:

 e

(Y) is the DES encoding of Y using x as a key

 ⊕ represents the bit-wise exclusive-OR function.

Version X'00' internal DES key tokens use this eight-byte master key verification

pattern.

Asymmetric Master Key MDC-Based Verification Method

The verification pattern for the asymmetric master keys is based on hashing the

value of the master key using the MDC-4 hashing algorithm. Note that the master

key is not parity adjusted.

The RSA private key sections X'06' and X'08' use this 16-byte master key

verification pattern.

Key Token Verification Patterns

The verification pattern techniques used in the several types of key tokens are:

 DES key tokens:

– Triple-length master key, key token version X'00': eight-byte SHA-1

– Triple-length master key, key token version X'03': two-byte SHA-1

– Double-length master key, key token version X'00': eight-byte S/390

– Double-length master key, key token version X'03': two-byte SHA-1.

 RSA key tokens:

– Private-key section types X'06' and X'08': MDC-based

– Private-key section types X'02' and X'05': two-byte SHA-1.

CCA DES-Key Verification Algorithm

The cryptographic engines provide a method for verifying the value of a DES

cryptographic key or key part without revealing information about the value of the

key or key part.

The CCA verification method first creates a random number. A one-way

cryptographic function combines the random number with the key or key part. The

verification method returns the result of this one-way cryptographic function (the

verification pattern) and the random number.

Note: A one-way cryptographic function is a function in which it is easy to

compute the output from a given input, but it is computationally infeasible to

compute the input given an output.

For information about how you can use an application program to invoke this

verification method, see page 5-58.

D-2 IBM 4758 CCA Basic Services, Release 2.54, February 2005

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

IBM 2 Computer Hardware User Manual