Offset (Dec) | Number of Bytes | Description |
---|---|---|
Token Header | ||
000 | 001 | Token identifier.
|
001 | 001 | Version, X'00'. |
002 | 002 | Length of the key token structure excluding the internal information section. |
004 | 004 | Ignored; should be zero. |
ECC Token Private section | ||
000 | 001 | X'20', section identifier, ECC private key |
001 | 001 | X'00', version. |
002 | 002 | Section length. |
004 | 001 | Wrapping Method: This value indicates the wrapping
method used to protect the data in the encrypted section. It is not
the method used to protect the Object Protection Key (OPK).
|
005 | 001 | Hash used for Wrapping
|
006 | 002 | Reserved Binary Zero |
008 | 001 | Key Usage:
|
009 | 001 | Curve type:
|
010 | 001 | Key Format and Security Flag. External Token:
Internal Token:
|
011 | 001 | Reserved Binary Zero |
012 | 002 | Length of p in bits
|
014 | 002 | IBM Associated Data length. The length of this field must be greater than or equal to 16 |
016 | 008 | External Token:
Internal Token: MKVP of the ECC-MK |
024 | 048 | External Token: reserved binary zeros. Internal Token: Object Protection Key (OPK), ICV (Integrity Check value), 8 byte confounder and a 256-bit AES key used with the AESKW algorithm to encrypt the ECC private key. The OPK is encrypted by the
AES master key using AESKW as well. Example format for OPK data passed
to AESKW:
|
072 | 002 | Associated data length, aa |
074 | 002 | Length of formatted section in bytes, bb |
076 | aa | Associated data |
076 + aa | Start of formatted section | If this section is in the clear it contains
private key d. If it is encrypted it contains the AESKW wrapped payload. |
76 + aa | bb | Formatted section which includes Private key d |
76 + aa + bb | End of formatted section | |
ECC Token Public Section | ||
000 | 001 | X'21', section identifier |
001 | 001 | X'00', version. |
002 | 002 | Section length |
004 | 004 | Reserved field, binary zero |
008 | 001 | Curve type
|
009 | 001 | Reserved field, binary zero |
010 | 002 | Length of p in bits:
|
012 | 002 | This field is the length of the public key q value in bytes, the maximum value could be up to 133 bytes, cc. The value includes the key material length and one byte to indicate if the key material is compressed or uncompressed. |
014 | cc | Public Key , q field |