ECC key token format

The following table presents the format of the ECC Key Token.

Table 1. ECC Key Token Format
Offset (Dec)	Number of Bytes	Description
*Token Header*
000	001	Token identifier. X'00' Null token X'1E' External token X'1F' Internal token; the private key is protected by the master key
001	001	Version, X'00'.
002	002	Length of the key token structure excluding the internal information section.
004	004	Ignored; should be zero.

*ECC Token Private section*
000	001	X'20', section identifier, ECC private key
001	001	X'00', version.
002	002	Section length.
004	001	Wrapping Method: This value indicates the wrapping method used to protect the data in the encrypted section. It is not the method used to protect the Object Protection Key (OPK). X'00' Clear – section is unencrypted. X'01' AESKW X'02' CBC Wrap - Other
005	001	Hash used for Wrapping X'01' SHA224 X'02' SHA256 X'04' Reserved. X'08 ' Reserved
006	002	Reserved Binary Zero
008	001	Key Usage: X'C0' Key Agreement X'80' Both signature generation and key agreement X'00' Signature generation only X'02' Translate allowed The two high-order bits indicate permitted key usage in the decryption of symmetric keys and in the generation of digital signatures. The bit in the second nibble indicates if the key is translatable. A key is translatable if it can be re-encrypted from one key encrypting key to another.
009	001	Curve type: X'00' Prime curve X'01' Brainpool curve
010	001	Key Format and Security Flag. External Token: X'40' Unencrypted ECC private key identifier X'42' Encrypted ECC private key identifier Internal Token: X'08' Encrypted ECC private key identifier
011	001	Reserved Binary Zero
012	002	Length of p in bits X'00C0' Prime P-192 X'00E0' Prime P-224 X'0100' Prime P-256 X'0180' Prime P-384 X'0209' Prime P-521 X'00A0' Brainpool p-160 X'00C0' Brainpool P-192 X'00E0' Brainpool P-224 X'0100' Brainpool P-256 X'0140' Brainpool P-320 X'0180' Brainpool P-384 X'0200' Brainpool P-512)
014	002	IBM Associated Data length. The length of this field must be greater than or equal to 16
016	008	External Token: Unencrypted – Reserved Binary 0x’00’ Encrypted – KVP of the AESKEK Internal Token: MKVP of the ECC-MK
024	048	External Token: reserved binary zeros. Internal Token: Object Protection Key (OPK), ICV (Integrity Check value), 8 byte confounder and a 256-bit AES key used with the AESKW algorithm to encrypt the ECC private key. The OPK is encrypted by the AES master key using AESKW as well. Example format for OPK data passed to AESKW: 8 bytes = A6A6A6A6A6A60000 40 bytes = Confounder(8)/Key(32)
072	002	Associated data length, aa
074	002	Length of formatted section in bytes, bb
076	aa	Associated data See Associated data format for ECC token.
076 + aa	Start of formatted section	If this section is in the clear it contains private key d. If it is encrypted it contains the AESKW wrapped payload.
76 + aa	bb	Formatted section which includes Private key d See AESKW wrapped payload format for ECC private key token.
76 + aa + bb	End of formatted section
*ECC Token Public Section*
000	001	X'21', section identifier
001	001	X'00', version.
002	002	Section length
004	004	Reserved field, binary zero
008	001	Curve type X'00' Prime curve X'01' Brainpool curve
009	001	Reserved field, binary zero
010	002	Length of p in bits: X'00C0' Prime P-192 X'00E0' Prime P-224 X'0100' Prime P-256 X'0180' Prime P-384 X'0209' Prime P-521 X'00A0' Brainpool P-160 X'00C0' Brainpool P-192 X'00E0' Brainpool P-224 X'0100' Brainpool P-256 X'0140' Brainpool P-320 X'0180' Brainpool P-384 X'0200' Brainpool P-512
012	002	This field is the length of the public key q value in bytes, the maximum value could be up to 133 bytes, cc. The value includes the key material length and one byte to indicate if the key material is compressed or uncompressed.
014	cc	Public Key , q field