ECC key token format

The following table presents the format of the ECC Key Token.
Table 1. ECC Key Token Format
Offset (Dec) Number of Bytes Description
Token Header
000 001 Token identifier.
X'00'
Null token
X'1E'
External token
X'1F'
Internal token; the private key is protected by the master key
001 001 Version, X'00'.
002 002 Length of the key token structure excluding the internal information section.
004 004 Ignored; should be zero.
     
ECC Token Private section
000 001 X'20', section identifier, ECC private key
001 001 X'00', version.
002 002 Section length.
004 001 Wrapping Method: This value indicates the wrapping method used to protect the data in the encrypted section. It is not the method used to protect the Object Protection Key (OPK).
X'00'
Clear – section is unencrypted.
X'01'
AESKW
X'02'
CBC Wrap - Other
005 001 Hash used for Wrapping
X'01'
SHA224
X'02'
SHA256
X'04'
Reserved.
X'08 '
Reserved
006 002 Reserved Binary Zero
008 001 Key Usage:
X'C0'
Key Agreement
X'80'
Both signature generation and key agreement
X'00'
Signature generation only
X'02'
Translate allowed
The two high-order bits indicate permitted key usage in the decryption of symmetric keys and in the generation of digital signatures. The bit in the second nibble indicates if the key is translatable. A key is translatable if it can be re-encrypted from one key encrypting key to another.
009 001 Curve type:
X'00'
Prime curve
X'01'
Brainpool curve
010 001 Key Format and Security Flag.
External Token:
X'40'
Unencrypted ECC private key identifier
X'42'
Encrypted ECC private key identifier
Internal Token:
X'08'
Encrypted ECC private key identifier
011 001 Reserved Binary Zero
012 002 Length of p in bits
X'00C0'
Prime P-192
X'00E0'
Prime P-224
X'0100'
Prime P-256
X'0180'
Prime P-384
X'0209'
Prime P-521
X'00A0'
Brainpool p-160
X'00C0'
Brainpool P-192
X'00E0'
Brainpool P-224
X'0100'
Brainpool P-256
X'0140'
Brainpool P-320
X'0180'
Brainpool P-384
X'0200'
Brainpool P-512)
014 002 IBM Associated Data length. The length of this field must be greater than or equal to 16
016 008 External Token:
  • Unencrypted – Reserved Binary 0x’00’
  • Encrypted – KVP of the AESKEK

Internal Token: MKVP of the ECC-MK

024 048 External Token: reserved binary zeros.

Internal Token: Object Protection Key (OPK), ICV (Integrity Check value), 8 byte confounder and a 256-bit AES key used with the AESKW algorithm to encrypt the ECC private key.

The OPK is encrypted by the AES master key using AESKW as well. Example format for OPK data passed to AESKW:
  • 8 bytes = A6A6A6A6A6A60000
  • 40 bytes = Confounder(8)/Key(32)
072 002 Associated data length, aa
074 002 Length of formatted section in bytes, bb
076 aa Associated data

See Associated data format for ECC token.

076 + aa Start of formatted section If this section is in the clear it contains private key d.

If it is encrypted it contains the AESKW wrapped payload.

76 + aa bb Formatted section which includes Private key d

See AESKW wrapped payload format for ECC private key token.

76 + aa + bb End of formatted section  
ECC Token Public Section
000 001 X'21', section identifier
001 001 X'00', version.
002 002 Section length
004 004 Reserved field, binary zero
008 001 Curve type
X'00'
Prime curve
X'01'
Brainpool curve
009 001 Reserved field, binary zero
010 002 Length of p in bits:
X'00C0'
Prime P-192
X'00E0'
Prime P-224
X'0100'
Prime P-256
X'0180'
Prime P-384
X'0209'
Prime P-521
X'00A0'
Brainpool P-160
X'00C0'
Brainpool P-192
X'00E0'
Brainpool P-224
X'0100'
Brainpool P-256
X'0140'
Brainpool P-320
X'0180'
Brainpool P-384
X'0200'
Brainpool P-512
012 002 This field is the length of the public key q value in bytes, the maximum value could be up to 133 bytes, cc. The value includes the key material length and one byte to indicate if the key material is compressed or uncompressed.
014 cc Public Key , q field