DES external key token

Table 1 shows the format for a DES external key token.

Table 1. Format of External Key Tokens
Bytes	Description
0	X'02' (flag indicating an external key token)
1	Reserved (X'00')
2–3	Implementation-dependent bytes (X'0000' for ICSF)
4	Key token version number (X'00' or X'01')
5	Reserved (X'00')
6	Flag byte Bit Meaning When Set On 0 Encrypted key is present. 1 Control vector (CV) value has been applied to the key. Other bits are reserved and are binary zeros.
7	Bit Meaning When Set On 0-2 Key value encryption method. 000 - the key is encrypted using the original CCA method (ECB). 001 - the key is encrypted using the X9.24 enhanced method (CBC). These bits are ignored if the token contains no key or a clear key. 3-7 Reserved.
8–15	Reserved (X'0000000000000000')
16–23	Single-length key or left half of a double-length key, or Part A of a triple-length key. The value is encrypted under a transport key-encrypting key when flag bit 0 is on, otherwise it is in the clear.
24–31	X'0000000000000000' if a single-length key or right half of a double-length key, or Part B of a triple-length key. The right half of a double-length key or Part B of a triple-length key is encrypted under a transport key-encrypting key when flag bit 0 is on, otherwise it is in the clear.
32–39	Control vector (CV) for single-length key or left half of CV for double-length key
40–47	X'0000000000000000' if single-length key or right half of CV for double-length key
48–55	X'0000000000000000' if a single-length key, double-length key, or Part C of a triple-length key. This key part is encrypted under a transport key-encrypting key when flag bit 0 is on, otherwise it is in the clear.
56–58	Reserved (X'000000')
59 bits 0 and 1	B'00'
59 bits 2 and 3	B'00' Indicates single-length key (version 0 only). B'01' Indicates double-length key (version 1 only). B'10' Indicates triple-length key (version 1 only).
59 bits 4–7	B'0000'
60-63	Token validation value (see Token validation value for a description).