This 4-byte flag field occurs in the object header section of each token object record.
Offset (decimal) | Field name | Description |
---|---|---|
Flag byte 1 | ||
Bit 0 | OBJ_IS_TOKOBJ | When on, the object is a token object. When off, the object is a session object. |
Bit 1 | OBJ_IS_PRVOBJ | When on, the object is a private object. When off, the object is a public object. |
Bit 2 | OBJ_IS_MODOBJ | When on, the object is modifiable. |
Bit 3 | KEY_DERIVE | When on, the key supports key derivation. |
Bit 4 | KEY_LOCAL | When on, the key was generated locally. |
Bit 5 | KEY_ENCRYPT | When on, the key supports encryption. |
Bit 6 | KEY_DECRYPT | When on, the key supports decryption. |
Bit 7 | KEY_VERIFYA | When on, the key supports verification where the signature is an appendix to the data. |
Flag byte 2 | ||
Bit 0 | KEY_VERIFYR | When on, the key supports verification where the data is recovered from the signature |
Bit 1 | KEY_SIGA | When on, the key supports signatures where the signature is an appendix to the data. |
Bit 2 | KEY_SIGR | When on, the key supports signatures where the data is recovered from the signature. |
Bit 3 | KEY_WRAP | When on, the key supports wrapping. |
Bit 4 | KEY_UNWRAP | When on, the key supports unwrapping. |
Bit 5 | KEY_EXTRACT | When on, the key is extractable. |
Bit 6 | KEY_IS_SENSITIVE | When on, the key is sensitive. |
Bit 7 | KEY_IS_ALWAYS_SENSITIVE | When on, the SENSITIVE attribute (KEY_IS_SENSITIVE) is always true. |
Flag byte 3 | ||
Bit 0 | KEY_NEVER_EXTRACT | When on, the EXTRACTABLE attribute (KEY_EXTRACT) is never true. When off, the EXTRACTABLE attribute (KEY_EXTRACT) can be true. |
Bit 1 | OBJ_IS_TRUSTED | When on, the certificate can be trusted for the application for which it was created. |
Bit 2 | CERT_IS_DEFAULT | When on, this is the default certificate. |
Bit 3 | FIPS140 | When on, key is only to be used in a FIPS-compliant manner. |
Bit 4 | KEY_IS_SECURE | When on, key is a secure PKCS #11 key. |
Bit 5 | KEY_ATTRBOUND | When on, key is attribute bound. |
Bit 6 | WRAP_WITH_TRUSTED | When on, key may only be wrapped with another key marked OBJ_IS_TRUSTED |
Bit 7 | KEY_IS_ALWAYS_SECURE | When on, KEY_IS_SECURE is always true. |
Flag byte 4 | ||
Bits 0-7 | Reserved for IBM's use |
Offset (decimal) |
Length of field (bytes) | Description |
---|---|---|
Object header | ||
0 | 4 | Eye catcher for certificate object: "CERT" |
4 | 2 | Version: EBCDIC '00' |
6 | 2 | Length of the object (in bytes) |
8 | 4 | Flags (see Table 1) |
Object type-specific section | ||
12 | 4 | TYPE attribute: |
16 | 4 | Certificate category
|
20 | 8 | Reserved for IBM's use |
28 | 32 | Reserved for IBM's use |
60 | 2 | Length of SUBJECT attribute in bytes (aa) |
62 | 2 | Length of ID attribute in bytes (bb) |
64 | 2 | Length of ISSUER attribute in bytes (cc) |
66 | 2 | Length of SERIAL_NUMBER attribute in bytes (dd) |
68 | 2 | Length of VALUE attribute in bytes (ee) |
70 | 2 | Length of LABEL attribute in bytes (ff) |
72 | 2 | Length of APPLICATION attribute in bytes (gg) |
74 | 22 | Reserved for IBM's use |
96 | 4 | Offset of SUBJECT attribute in bytes |
100 | 4 | Offset of ID attribute in bytes |
104 | 4 | Offset of ISSUER attribute in bytes |
108 | 4 | Offset of SERIAL_NUMBER attribute in bytes |
112 | 4 | Offset of VALUE attribute in bytes |
116 | 4 | Offset of LABEL attribute in bytes |
120 | 4 | Offset of APPLICATION attribute in bytes |
124 | 44 | Reserved for IBM's use |
168 | aa + bb + cc + dd + ee + ff + gg | Certificate attributes (variable length) |
168 + aa + bb |
End of certificate object |
Offset (decimal) |
Length of field (bytes) | Description |
---|---|---|
Object header | ||
0 | 4 | Eye catcher for public key object: "PUBK" |
4 | 2 | Version: EBCDIC '00' |
6 | 2 | Length of the object (in bytes) |
8 | 4 | Flags (see Table 1) |
Object type-specific section | ||
12 | 4 | TYPE attribute: |
16 | 8 | Start date for the key, in the format yyyymmdd |
24 | 8 | End date for the key, in the format yyyymmdd |
32 | 4 | Key generate mechanism: |
36 | 36 | Reserved |
72 | 4 | Length in bits of modulus n |
76 | 256 | Modulus n |
332 | 256 | Reserved |
588 | 256 | Public exponent e |
844 | 256 | Reserved |
1100 | 2 | Length of SUBJECT attribute in bytes (aa) |
1102 | 2 | Length of ID attribute in bytes (bb) |
1104 | 2 | Length of LABEL attribute in bytes (cc) |
1106 | 2 | Length of APPLICATION attribute in bytes (dd) |
1108 | 20 | Reserved |
1128 | 4 | Offset of SUBJECT attribute in bytes |
1132 | 4 | Offset of ID attribute in bytes |
1136 | 4 | Offset of LABEL attribute in bytes |
1140 | 4 | Offset of APPLICATION attribute in bytes |
1144 | 40 | Reserved |
1184 | aa+bb+cc+dd | Public key attributes (variable length) |
1184 |
End of public key object |
Offset (decimal) |
Length of field (bytes) | Description |
---|---|---|
Object header | ||
0 | 4 | Eye catcher for public key object: "PUBK" |
4 | 2 | Version: EBCDIC '01' |
6 | 2 | Length of the object (in bytes) |
8 | 4 | Flags (see Table 1) |
Object type-specific section | ||
12 | 4 | TYPE attribute: |
16 | 8 | Start date for the key, in the format yyyymmdd |
24 | 8 | End date for the key, in the format yyyymmdd |
32 | 4 | Key generate mechanism: |
36 | 36 | Reserved |
Algorithm-specific section (RSA) | ||
72 | 4 | Length in bits of modulus n |
76 | 512 | Modulus n |
588 | 512 | Public exponent e |
Algorithm-specific section (DSA) | ||
72 | 4 | Length in bits of prime p |
76 | 128 | Reserved |
204 | 128 | Prime p |
332 | 128 | Reserved |
460 | 128 | Base g |
588 | 128 | Reserved |
716 | 128 | Value y |
844 | 20 | Reserved |
864 | 20 | Subprime q |
884 | 216 | Reserved |
Algorithm-specific section (DH) | ||
72 | 4 | Length in bits of prime p |
76 | 256 | Prime p |
332 | 256 | Base g |
588 | 256 | Value y |
844 | 256 | Reserved |
Algorithm-specific section (EC) | ||
72 | 4 | EC params curve constant – x'00000001' secp192r1 |
76 | 128 | Reserved |
204 | 136 | EC point Q (DER encoded) |
340 | 760 | Reserved |
Variable length attribute section | ||
1100 | 2 | Length of SUBJECT attribute in bytes (aa) |
1102 | 2 | Length of ID attribute in bytes (bb) |
1104 | 2 | Length of LABEL attribute in bytes (cc) |
1106 | 2 | Length of APPLICATION attribute in bytes (dd) |
1108 | 20 | Reserved |
1128 | 4 | Offset of SUBJECT attribute in bytes |
1132 | 4 | Offset of ID attribute in bytes |
1136 | 4 | Offset of LABEL attribute in bytes |
1140 | 4 | Offset of APPLICATION attribute in bytes |
1144 | 40 | Reserved |
1184 | aa+bb+cc+dd | Public key attributes (variable length) |
1184 |
End of public key object |
Offset (decimal) |
Length of field (bytes) | Description |
---|---|---|
Object header | ||
0 | 4 | Eye catcher for public key object: "PUBK" |
4 | 2 | Version: EBCDIC '02' |
6 | 2 | Length of the object (in bytes) |
8 | 4 | Flags (see Table 1) |
Object type-specific section | ||
12 | 4 | TYPE attribute: |
16 | 8 | Start date for the key, in the format yyyymmdd |
24 | 8 | End date for the key, in the format yyyymmdd |
32 | 4 | Key generate mechanism: |
36 | 36 | Reserved |
Algorithm-specific section (RSA) | ||
72 | 4 | Length in bits of modulus n |
76 | 512 | Modulus n |
588 | 512 | Public exponent e |
Algorithm-specific section (DSA) | ||
72 | 4 | Length in bits of prime p |
76 | 256 | Prime p |
332 | 256 | Base g |
588 | 256 | Value y |
844 | 8 | Reserved |
852 | 32 | Subprime q |
884 | 216 | Reserved |
Algorithm-specific section (DH) | ||
72 | 4 | Length in bits of prime p |
76 | 256 | Prime p |
332 | 256 | Base g |
588 | 256 | Value y |
844 | 256 | Reserved |
Algorithm-specific section (EC) | ||
72 | 4 | EC params curve constant – x'00000001' secp192r1 |
76 | 128 | Reserved |
204 | 136 | EC point Q (DER encoded) |
340 | 760 | Reserved |
Variable length attribute section | ||
1100 | 2 | Length of SUBJECT attribute in bytes (aa) |
1102 | 2 | Length of ID attribute in bytes (bb) |
1104 | 2 | Length of LABEL attribute in bytes (cc) |
1106 | 2 | Length of APPLICATION attribute in bytes (dd) |
1108 | 20 | Reserved |
1128 | 4 | Offset of SUBJECT attribute in bytes |
1132 | 4 | Offset of ID attribute in bytes |
1136 | 4 | Offset of LABEL attribute in bytes |
1140 | 4 | Offset of APPLICATION attribute in bytes |
1144 | 40 | Reserved |
1184 | aa+bb+cc+dd | Public key attributes (variable length) |
1184 |
End of public key object |
Offset (decimal) |
Length of field (bytes) | Description |
---|---|---|
Object header | ||
0 | 4 | Eye catcher for public key object: "PUBK" |
4 | 2 | Version: EBCDIC '03' |
6 | 2 | Length of the object (in bytes) |
8 | 4 | Flags (see Table 1) |
Object type-specific section | ||
12 | 4 | TYPE attribute: |
16 | 8 | Start date for the key, in the format yyyymmdd |
24 | 8 | End date for the key, in the format yyyymmdd |
32 | 4 | Key generate mechanism: |
36 | 2 | Reserved |
38 | 2 | Length of secure key material in bytes (ee) |
40 | 4 | Offset to secure key material in bytes |
44 | 28 | Reserved |
Algorithm-specific section (RSA) | ||
72 | 4 | Length in bits of modulus n |
76 | 512 | Modulus n |
588 | 512 | Public exponent e |
Algorithm-specific section (DSA) | ||
72 | 4 | Length in bits of prime p |
76 | 256 | Prime p |
332 | 256 | Base g |
588 | 256 | Value y |
844 | 8 | Reserved |
852 | 32 | Subprime q |
884 | 216 | Reserved |
Algorithm-specific section (DH) | ||
72 | 4 | Length in bits of prime p |
76 | 256 | Prime p |
332 | 256 | Base g |
588 | 256 | Value y |
844 | 256 | Reserved |
Algorithm-specific section (EC) | ||
72 | 4 | EC params curve constant – x'00000001' secp192r1 |
76 | 128 | Reserved |
204 | 136 | EC point Q (DER encoded) |
340 | 760 | Reserved |
Variable length attribute section | ||
1100 | 2 | Length of SUBJECT attribute in bytes (aa) |
1102 | 2 | Length of ID attribute in bytes (bb) |
1104 | 2 | Length of LABEL attribute in bytes (cc) |
1106 | 2 | Length of APPLICATION attribute in bytes (dd) |
1108 | 20 | Reserved |
1128 | 4 | Offset of SUBJECT attribute in bytes |
1132 | 4 | Offset of ID attribute in bytes |
1136 | 4 | Offset of LABEL attribute in bytes |
1140 | 4 | Offset of APPLICATION attribute in bytes |
1144 | 40 | Reserved |
1184 | aa+bb+cc+dd+ee | Public key attributes (variable length) |
1184 |
End of public key object |
Offset (decimal) |
Length of field (bytes) | Description |
---|---|---|
Object header | ||
0 | 4 | Eye catcher for private key object: "PRIV" |
4 | 2 | Version: EBCDIC '00' |
6 | 2 | Length of object (in bytes) |
8 | 4 | Flags (see Table 1) |
Object type-specific section | ||
12 | 4 | Type attribute: CKK_RSA |
16 | 8 | Start date for the key (in the format yyyymmdd) |
24 | 8 | End date for the key (in the format yyyymmdd) |
32 | 4 | Key generate mechanism: |
36 | 36 | Reserved |
72 | 4 | Length in bits of modulus n |
76 | 256 | Modulus: modulus n |
332 | 256 | Reserved |
588 | 256 | Public exponent e |
844 | 256 | Reserved |
1100 | 32 | Reserved |
1132 | 256 | Private exponent d |
1388 | 256 | Reserved |
1644 | 136 | Prime p |
1780 | 128 | Reserved |
1908 | 128 | Prime q |
2036 | 128 | Reserved |
2172 | 136 | Private exponent d modulo p-1 |
2300 | 128 | Reserved |
2428 | 128 | Private exponent d modulo q-1 |
2556 | 128 | Reserved |
2684 | 136 | CRT coefficient q-1 mod p |
2820 | 128 | Reserved |
2948 | 2 | Length of SUBJECT attribute in bytes (xx) |
2950 | 2 | Length of ID attribute in bytes (yy) |
2952 | 2 | Length of LABEL attribute in bytes (zz) |
2954 | 2 | Length of APPLICATION attribute in bytes (ww) |
2956 | 20 | Reserved |
2976 | 4 | Offset of SUBJECT attribute in bytes |
2980 | 4 | Offset of ID attribute in bytes |
2984 | 4 | Offset of LABEL attribute in bytes |
2988 | 4 | Offset of APPLICATION attribute in bytes |
2992 | 40 | Reserved |
3032 | xx+yy+zz+ww | Private key attributes (variable length) |
3032 |
End of private key object |
Offset (decimal) |
Length of field (bytes) | Description |
---|---|---|
Object header | ||
0 | 4 | Eye catcher for private key object: "PRIV" |
4 | 2 | Version: EBCDIC '01' |
6 | 2 | Length of object (in bytes) |
8 | 4 | Flags (see Table 1) |
Object type-specific section | ||
12 | 4 | Type attribute: CKK_RSA, CKK_DSA, |
16 | 8 | Start date for the key (in the format yyyymmdd) |
24 | 8 | End date for the key (in the format yyyymmdd) |
32 | 4 | Key generate mechanism: |
36 | 36 | Reserved |
Algorithm-specific section (RSA) | ||
72 | 4 | Length in bits of modulus n |
76 | 512 | Modulus: modulus n |
588 | 512 | Public exponent e |
1100 | 32 | Reserved |
1132 | 512 | Private exponent d |
1644 | 264 | Prime p |
1908 | 256 | Prime q |
2164 | 264 | Private exponent d modulo p-1 |
2428 | 256 | Private exponent d modulo q-1 |
2684 | 264 | CRT coefficient q-1 mod p |
Algorithm-specific section (DSA) | ||
72 | 4 | Length in bits of prime p |
76 | 128 | Reserved |
204 | 128 | Prime p |
332 | 128 | Reserved |
460 | 128 | Base g |
588 | 236 | Reserved |
824 | 20 | Value x |
844 | 20 | Reserved |
864 | 20 | Subprime q |
884 | 2064 | Reserved |
Algorithm-specific section (DH) | ||
72 | 4 | Length in bits of prime p |
76 | 256 | Prime p |
332 | 256 | Base g |
588 | 236 | Reserved |
824 | 20 | Value x |
844 | 2104 | Reserved |
Algorithm-specific section (EC) | ||
72 | 4 | EC params curve constant – x'00000001' secp192r1 |
76 | 64 | Reserved |
140 | 66 | Value d |
206 | 2742 | Reserved |
Variable length attribute section | ||
2948 | 2 | Length of SUBJECT attribute in bytes (xx) |
2950 | 2 | Length of ID attribute in bytes (yy) |
2952 | 2 | Length of LABEL attribute in bytes (zz) |
2954 | 2 | Length of APPLICATION attribute in bytes (ww) |
2956 | 20 | Reserved |
2976 | 4 | Offset of SUBJECT attribute in bytes |
2980 | 4 | Offset of ID attribute in bytes |
2984 | 4 | Offset of LABEL attribute in bytes |
2988 | 4 | Offset of APPLICATION attribute in bytes |
2992 | 40 | Reserved |
3032 | xx+yy+zz+ww | Private key attributes (variable length) |
3032 |
End of private key object |
Offset (decimal) |
Length of field (bytes) | Description |
---|---|---|
Object header | ||
0 | 4 | Eye catcher for private key object: "PRIV" |
4 | 2 | Version: EBCDIC '02' |
6 | 2 | Length of object (in bytes) |
8 | 4 | Flags (see Table 1) |
Object type-specific section | ||
12 | 4 | Type attribute: CKK_RSA, CKK_DSA, |
16 | 8 | Start date for the key (in the format yyyymmdd) |
24 | 8 | End date for the key (in the format yyyymmdd) |
32 | 4 | Key generate mechanism: |
36 | 36 | Reserved |
Algorithm-specific section (RSA) | ||
72 | 4 | Length in bits of modulus n |
76 | 512 | Modulus: modulus n |
588 | 512 | Public exponent e |
1100 | 32 | Reserved |
1132 | 512 | Private exponent d |
1644 | 264 | Prime p |
1908 | 256 | Prime q |
2164 | 264 | Private exponent d modulo p-1 |
2428 | 256 | Private exponent d modulo q-1 |
2684 | 264 | CRT coefficient q-1 mod p |
Algorithm-specific section (DSA) | ||
72 | 4 | Length in bits of prime p |
76 | 256 | Prime p |
332 | 256 | Base g |
588 | 224 | Reserved |
812 | 32 | Value x |
844 | 8 | Reserved |
852 | 32 | Subprime q |
884 | 2064 | Reserved |
Algorithm-specific section (DH) | ||
72 | 4 | Length in bits of prime p |
76 | 256 | Prime p |
332 | 256 | Base g |
588 | 256 | Value x |
844 | 4 | Length in bits of value x |
848 | 2100 | Reserved |
Algorithm-specific section (EC) | ||
72 | 4 | EC params curve constant – x'00000001' secp192r1 |
76 | 64 | Reserved |
140 | 66 | Value d |
206 | 2742 | Reserved |
Variable length attribute section | ||
2948 | 2 | Length of SUBJECT attribute in bytes (xx) |
2950 | 2 | Length of ID attribute in bytes (yy) |
2952 | 2 | Length of LABEL attribute in bytes (zz) |
2954 | 2 | Length of APPLICATION attribute in bytes (ww) |
2956 | 20 | Reserved |
2976 | 4 | Offset of SUBJECT attribute in bytes |
2980 | 4 | Offset of ID attribute in bytes |
2984 | 4 | Offset of LABEL attribute in bytes |
2988 | 4 | Offset of APPLICATION attribute in bytes |
2992 | 40 | Reserved |
3032 | xx+yy+zz+ww | Private key attributes (variable length) |
3032 |
End of private key object |
Offset (decimal) |
Length of field (bytes) | Description |
---|---|---|
Object header | ||
0 | 4 | Eye catcher for private key object: "PRIV" |
4 | 2 | Version: EBCDIC '03' |
6 | 2 | Length of object (in bytes) |
8 | 4 | Flags (see Table 1) |
Object type-specific section | ||
12 | 4 | Type attribute: CKK_RSA, CKK_DSA, |
16 | 8 | Start date for the key (in the format yyyymmdd) |
24 | 8 | End date for the key (in the format yyyymmdd) |
32 | 4 | Key generate mechanism: |
36 | 2 | Reserved |
38 | 2 | Length of secure key material (ee) |
40 | 4 | Offset to secure key material in bytes |
44 | 28 | Reserved |
Algorithm-specific section (RSA) | ||
72 | 4 | Length in bits of modulus n |
76 | 512 | Modulus: modulus n |
588 | 512 | Public exponent e |
1100 | 32 | Reserved |
1132 | 512 | Private exponent d |
1644 | 264 | Prime p |
1908 | 256 | Prime q |
2164 | 264 | Private exponent d modulo p-1 |
2428 | 256 | Private exponent d modulo q-1 |
2684 | 264 | CRT coefficient q-1 mod p |
Algorithm-specific section (DSA) | ||
72 | 4 | Length in bits of prime p |
76 | 256 | Prime p |
332 | 256 | Base g |
588 | 224 | Reserved |
812 | 32 | Value x |
844 | 8 | Reserved |
852 | 32 | Subprime q |
884 | 2064 | Reserved |
Algorithm-specific section (DH) | ||
72 | 4 | Length in bits of prime p |
76 | 256 | Prime p |
332 | 256 | Base g |
588 | 256 | Value x |
844 | 4 | Length in bits of value x |
848 | 2100 | Reserved |
Algorithm-specific section (EC) | ||
72 | 4 | EC params curve constant – x'00000001' secp192r1 |
76 | 64 | Reserved |
140 | 66 | Value d |
206 | 2742 | Reserved |
Variable length attribute section | ||
2948 | 2 | Length of SUBJECT attribute in bytes (xx) |
2950 | 2 | Length of ID attribute in bytes (yy) |
2952 | 2 | Length of LABEL attribute in bytes (zz) |
2954 | 2 | Length of APPLICATION attribute in bytes (ww) |
2956 | 20 | Reserved |
2976 | 4 | Offset of SUBJECT attribute in bytes |
2980 | 4 | Offset of ID attribute in bytes |
2984 | 4 | Offset of LABEL attribute in bytes |
2988 | 4 | Offset of APPLICATION attribute in bytes |
2992 | 40 | Reserved |
3032 | xx+yy+zz+ww+ee | Private key attributes (variable length) |
3032 |
End of private key object |
Offset (decimal) |
Length of field (bytes) | Description |
---|---|---|
Object header | ||
0 | 4 | Eye catcher for secret key object: "SECK" |
4 | 2 | Version: EBCDIC '00' |
6 | 2 | Length of the object in bytes |
8 | 4 | Flags (see Table 1) |
Object type-specific section | ||
12 | 4 | Type of key: CKK_DES, CKK_DES2, CKK_DES3, CKK_AES |
16 | 8 | Start date for the key (in the format yyyymmdd) |
24 | 8 | End date for the key (in the format yyyymmdd) |
32 | 4 | Key generate mechanism |
36 | 2 | Length of the key in bytes |
38 | 32 | Reserved |
70 | 64 | VALUE: value of the key |
134 | 538 | Reserved |
672 | 4 | Usage counter field |
676 | 2 | Reserved |
678 | 2 | Length of LABEL attribute in bytes (xx) |
680 | 2 | Length of APPLICATION attribute in bytes (yy) |
682 | 2 | Length of the ID attribute in bytes (zz) |
684 | 20 | Reserved |
704 | 4 | Offset of LABEL attribute in bytes |
708 | 4 | Offset of APPLICATION attribute in bytes |
712 | 4 | Offset of the ID attribute in bytes |
716 | 40 | Reserved |
756 | xx+yy+zz | Secret key attributes (variable length) |
756 |
End of secret key object |
Offset (decimal) |
Length of field (bytes) | Description |
---|---|---|
Object header | ||
0 | 4 | Eye catcher for secret key object: "SECK" |
4 | 2 | Version: EBCDIC '01' |
6 | 2 | Length of the object in bytes |
8 | 4 | Flags (see Table 1) |
Object type-specific section | ||
12 | 4 | Type of key: CKK_DES, CKK_DES2, CKK_DES3, CKK_BLOWFISH, CKK_RC4, CKK_GENERIC_SECRET, and CKK_AES. |
16 | 8 | Start date for the key (in the format yyyymmdd) |
24 | 8 | End date for the key (in the format yyyymmdd) |
32 | 4 | Key generate mechanism |
36 | 2 | Length of the key in bytes |
38 | 32 | Reserved |
70 | 256 | VALUE: value of the key |
326 | 346 | Reserved |
672 | 4 | Usage counter field |
676 | 2 | Reserved |
678 | 2 | Length of LABEL attribute in bytes (xx) |
680 | 2 | Length of APPLICATION attribute in bytes (yy) |
682 | 2 | Length of the ID attribute in bytes (zz) |
684 | 20 | Reserved |
704 | 4 | Offset of LABEL attribute in bytes |
708 | 4 | Offset of APPLICATION attribute in bytes |
712 | 4 | Offset of the ID attribute in bytes |
716 | 40 | Reserved |
756 | xx+yy+zz | Secret key attributes (variable length) |
756 |
End of secret key object |
Offset (decimal) |
Length of field (bytes) | Description |
---|---|---|
Object header | ||
0 | 4 | Eye catcher for secret key object: "SECK" |
4 | 2 | Version: EBCDIC '03' |
6 | 2 | Length of the object in bytes |
8 | 4 | Flags (see Table 1) |
Object type-specific section | ||
12 | 4 | Type of key: CKK_DES, CKK_DES2, CKK_DES3, CKK_BLOWFISH, CKK_RC4, CKK_GENERIC_SECRET, and CKK_AES. |
16 | 8 | Start date for the key (in the format yyyymmdd) |
24 | 8 | End date for the key (in the format yyyymmdd) |
32 | 4 | Key generate mechanism |
36 | 2 | Length of the key in bytes |
38 | 2 | Length of secure key material (ee) |
40 | 4 | Offset to secure key material in bytes |
44 | 26 | Reserved |
70 | 256 | VALUE: value of the key |
326 | 346 | Reserved |
672 | 4 | Usage counter field |
676 | 2 | Reserved |
678 | 2 | Length of LABEL attribute in bytes (xx) |
680 | 2 | Length of APPLICATION attribute in bytes (yy) |
682 | 2 | Length of the ID attribute in bytes (zz) |
684 | 20 | Reserved |
704 | 4 | Offset of LABEL attribute in bytes |
708 | 4 | Offset of APPLICATION attribute in bytes |
712 | 4 | Offset of the ID attribute in bytes |
716 | 40 | Reserved |
756 | xx+yy+zz+ee | Secret key attributes (variable length) |
756 |
End of secret key object |
Offset (decimal) |
Length of field (bytes) | Description |
---|---|---|
Object header | ||
0 | 4 | Eye catcher for token domain object: "DOMP" |
4 | 2 | Version: EBCDIC '01' |
6 | 2 | Length of the object (in bytes) |
8 | 4 | Flags (see Table 1) |
Object type-specific section | ||
12 | 4 | TYPE attribute: CKK_DSA or CKK_DH |
16 | 28 | Reserved |
Algorithm-specific section (DSA) | ||
44 | 4 | Length in bits of prime p |
48 | 128 | Reserved |
176 | 128 | Prime p |
304 | 128 | Reserved |
432 | 128 | Base g |
560 | 20 | Reserved |
580 | 20 | Subprime q |
600 | 636 | Reserved |
Algorithm-specific section (DH) | ||
44 | 4 | Length in bits of prime p |
48 | 4 | Reserved |
52 | 256 | Prime p |
308 | 256 | Reserved |
564 | 256 | Base g |
820 | 416 | Reserved |
Variable length attribute section | ||
1236 | 2 | Length of LABEL attribute in bytes (aa) |
1238 | 2 | Length of APPLICATION attribute in bytes (bb) |
1240 | 20 | Reserved |
1260 | 4 | Offset of LABEL attribute in bytes |
1264 | 4 | Offset of APPLICATION attribute in bytes |
1268 | 40 | Reserved |
1308 | aa+bb | Domain parameters attributes (variable length) |
1308 |
End of domain parameters object |
Offset (decimal) |
Length of field (bytes) | Description |
---|---|---|
Object header | ||
0 | 4 | Eye catcher for token domain object: "DOMP" |
4 | 2 | Version: EBCDIC '02' |
6 | 2 | Length of the object (in bytes) |
8 | 4 | Flags (see Table 1) |
Object type-specific section | ||
12 | 4 | TYPE attribute: CKK_DSA or CKK_DH |
16 | 28 | Reserved |
Algorithm-specific section (DSA) | ||
44 | 4 | Length in bits of prime p |
48 | 256 | Prime p |
304 | 256 | Base g |
560 | 8 | Reserved |
568 | 32 | Subprime q |
600 | 636 | Reserved |
Algorithm-specific section (DH) | ||
44 | 4 | Length in bits of prime p |
48 | 4 | Reserved |
52 | 256 | Prime p |
308 | 256 | Reserved |
564 | 256 | Base g |
820 | 416 | Reserved |
Variable length attribute section | ||
1236 | 2 | Length of LABEL attribute in bytes (aa) |
1238 | 2 | Length of APPLICATION attribute in bytes (bb) |
1240 | 20 | Reserved |
1260 | 4 | Offset of LABEL attribute in bytes |
1264 | 4 | Offset of APPLICATION attribute in bytes |
1268 | 40 | Reserved |
1308 | aa+bb | Domain parameters attributes (variable length) |
1308 |
End of domain parameters object |
Offset (decimal) |
Length of field (bytes) | Description |
---|---|---|
Object header | ||
0 | 4 | Eye catcher for data object: "DATA" |
4 | 2 | Version: EBCDIC '00' |
6 | 2 | Length of object, in bytes |
8 | 4 | Flags (see Table 1) |
Object type-specific section | ||
12 | 4 | Reserved for IBM's use |
16 | 28 | Reserved for IBM's use |
44 | 2 | Length of VALUE attribute in bytes (aa) |
46 | 2 | Length of OBJECT_ID attribute in bytes (bb) |
48 | 2 | Length of LABEL attribute in bytes (cc) |
50 | 2 | Length of APPLICATION attribute in bytes (dd) |
52 | 2 | Length of ID attribute in bytes (ee) |
54 | 22 | Reserved for IBM's use |
76 | 4 | Offset of VALUE attribute in bytes |
80 | 4 | Offset of OBJECT_ID attribute in bytes |
84 | 4 | Offset of LABEL attribute in bytes |
88 | 4 | Offset of APPLICATION attribute in bytes |
92 | 4 | Offset of ID attribute in bytes |
96 | 44 | Reserved for IBM's use |
140 | aa + bb + cc + dd + ee | Data attributes (variable length) |
140 + aa + bb |
End of data object |