Table 1 shows the format for a DES external key token.
Bytes | Description |
---|---|
0 | X'02' (flag indicating an external key token) |
1 | Reserved (X'00') |
2–3 | Implementation-dependent bytes (X'0000' for ICSF) |
4 | Key token version number (X'00' or X'01') |
5 | Reserved (X'00') |
6 | Flag byte
Other bits are reserved and are binary zeros. |
7 |
|
8–15 | Reserved (X'0000000000000000') |
16–23 | Single-length key or left half of a double-length key, or Part A of a triple-length key. The value is encrypted under a transport key-encrypting key when flag bit 0 is on, otherwise it is in the clear. |
24–31 | X'0000000000000000' if a single-length key or right half of a double-length key, or Part B of a triple-length key. The right half of a double-length key or Part B of a triple-length key is encrypted under a transport key-encrypting key when flag bit 0 is on, otherwise it is in the clear. |
32–39 | Control vector (CV) for single-length key or left half of CV for double-length key |
40–47 | X'0000000000000000' if single-length key or right half of CV for double-length key |
48–55 | X'0000000000000000' if a single-length key, double-length key, or Part C of a triple-length key. This key part is encrypted under a transport key-encrypting key when flag bit 0 is on, otherwise it is in the clear. |
56–58 | Reserved (X'000000') |
59 bits 0 and 1 | B'00' |
59 bits 2 and 3 |
|
59 bits 4–7 | B'0000' |
60-63 | Token validation value (see Token validation value for a description). |