Key Value Structure (Optimized RSA, Chinese Remainder
Theorem form, RSA-CRT) |
000 | 002 | Modulus length in bits (512 to 4096).
This is required. |
002 | 002 | Modulus field length in bytes, "nnn." This
value can be zero if the key token is used as a skeleton_key_token in
the PKA key generate callable service. This value must not exceed
512. |
004 | 002 | Public exponent field length in bytes, "eee." This
value can be zero if the key token is used as a skeleton_key_token in
the PKA key generate callable service. |
006 | 002 | Reserved, binary zero. |
008 | 002 | Length of the prime number, p, in
bytes, "ppp." This value can be zero if the key token is used
as a skeleton_key_token in the PKA key generate callable
service. Maximum size of p + q is 512 bytes. |
010 | 002 | Length of the prime number, q, in
bytes, "qqq." This value can be zero if the key token is used
as a skeleton_key_token in the PKA key generate callable
service. Maximum size of p + q is 512 bytes. |
012 | 002 | Length of dp,
in bytes, "rrr." This value can be zero if the key token is used
as a skeleton_key_token in the PKA key generate callable
service. Maximum size of dp + dq is 512 bytes. |
014 | 002 | Length of dq,
in bytes, "sss." This value can be zero if the key token is used
as a skeleton_key_token in the PKA key generate callable
service. Maximum size of dp + dq is 512 bytes. |
016 | 002 | Length of U, in bytes, "uuu." This
value can be zero if the key token is used as a skeleton_key_token in
the PKA key generate callable service. Maximum size of U is 512 bytes. |
018 | nnn | Modulus, n. |
018 + nnn | eee | Public exponent, e. This is an integer
such that 1<e<n. e must be odd. When you are building a skeleton_key_token to
control the generation of an RSA key pair, the public key exponent
can be one of these values: 3, 65537 (216 +
1), or 0 to indicate that a full random exponent should be generated.
The exponent field can be a null-length field if the exponent value
is 0. |
018 + nnn + eee | ppp | Prime number, p. |
018 + nnn + eee + ppp | qqq | Prime number, q. |
018 + nnn + eee + ppp + qqq | rrr | dp = d
mod(p-1). |
018 + nnn + eee + ppp + qqq + rrr | sss | dq = d
mod(q-1). |
018 + nnn + eee + ppp + qqq + rrr
+ sss | uuu | U = q–1mod(p). |
Key Value Structure (RSA Private, RSA Private
variable or RSA Public) |
000 | 002 | Modulus length in bits. This is required.
When building a skeleton token, the modulus length in bits must be
greater than or equal to 512 bits. |
002 | 002 | Modulus field length in bytes, "XXX".
This value can be zero if you are using the key token as a skeleton
in the PKA key generate verb. This value must not exceed 512 when either
the RSA-PUBL or RSAMEVAR keyword is used, and must not exceed
128 when the RSA-PRIV keyword is used.
This service can build a
key token for a public RSA key with a 4096-bit modulus length, or
it can build a key token for a 1024-bit modulus length private key. |
004 | 002 | Public exponent field length in bytes, "YYY".
This value must not exceed 512 when either the RSA-PUBL or RSAMEVAR
keyword is used, and must not exceed 128 when the RSA-PRIV keyword
is used. This value can be zero if you are using the key token as
a skeleton token in the PKA key generate verb. In this case, a random
exponent is generated. To obtain a fixed, predetermined public key
exponent, you can supply this field and the public exponent as input
to the PKA key generate verb. |
006 | 002 | Private exponent field length in
bytes, "ZZZ". This field can be zero, indicating that private
key information is not provided. This value must not exceed 128 bytes.
This value can be zero if you are using the key token as a skeleton
token in the PKA key generate verb. |
008 | XXX | Modulus, n. This is an integer such
that 1 < n <2**2048.The
n is the product of p and q for primes p and q. |
008 + XXX | YYY | RSA public exponent, e. This is an
integer such that 1<e<n. e must be odd. When you are building
a skeleton_key_token to control the generation of an
RSA key pair, the public key exponent can be one of these values:
3, 65537 (216 + 1), or 0 to indicate
that a full random exponent should be generated. The exponent field
can be a null-length field if the exponent value is 0. |
008 + XXX + YYY | ZZZ | RSA secret exponent d. This is an
integer such that 1<d<n. The value of d is |
Key Value Structure (DSS Private or DSS Public) |
000 | 002 | Modulus length in bits. This is required. |
002 | 002 | Prime modulus field length in bytes, "XXX".
You can supply this as a network quantity to the ICSF PKA key generate
callable service, which uses the quantity to generate DSS keys. The
maximum allowed value is 128. |
004 | 002 | Prime divisor field length in bytes, "YYY".
You can supply this as a network quantity to the ICSF PKA key generate
callable service, which uses the quantity to generate DSS keys. The
allowed values are 0 or 20 bytes. |
006 | 002 | Public generator field length in
bytes, "ZZZ". You can supply this in a skeleton token as a network
quantity to the ICSF PKA key generate callable service, which uses
the quantity to generate DSS keys. The maximum allowed value is 128
bytes and is exactly the same length as the prime modulus. |
008 | 002 | Public key field length in bytes, "AAA".
This field can be zero, indicating that the ICSF PKA key generate
callable service generates a value at random from supplied or generated
network quantities. The maximum allowed value is 128 bytes and is
exactly the same length as the prime modulus. |
010 | 002 | Secret key field length in bytes, "BBB".
This field can be zero, indicating that the ICSF PKA key generate
callable service generates a value at random from supplied or generated
network quantities. The allowed values are 0 or 20 bytes. |
012 | XXX | DSS prime modulus p. This is an integer
such that L-1<p<2L. The
p must be prime. You can supply this value in a skeleton token as
a network quantity; it is used in the algorithm that generates DSS
keys. |
012 + XXX | YYY | DSS prime divisor q. This is an integer
that is a prime divisor of p-1 and 159<q<2160. You can supply
this value in a skeleton token as a network quantity; it is used in
the algorithm that generates DSS keys. |
012 + XXX+ YYY | ZZZ | DSS public generator g. This is an
integer such that 1<g<p. You can supply this value in a skeleton
token as a network quantity; it is used in the algorithm that generates
DSS keys. |
012 + XXX+ YYY+ ZZZ | AAA | DSS public key y. This is an integer
such that |
012 + XXX+ YYY+ ZZZ+ AAA | BBB | DSS secret private key x. This is
an integer such that 0<x<q. The x is random. You need not supply
this value if you specify DSS-PUBL in the rule array. |
Key Value
Structure (ECC_PAIR) |
000 | 001 | Curve type
- x'00'
- Prime Curve
- x'01'
- Brainpool Curve
|
001 | 001 | Reserved x'00' |
002 | 002 | Length of p in bits
- 0x'00C0'
- Prime P-192
- 0x'00E0'
- Prime P-224
- 0x'0100'
- Prime P-256
- 0x'0180'
- Prime P-384
- 0x'0209'
- Prime P-521
- 0x'00A0'
- Brain Pool P-160
- 0x'00C0'
- Brain Pool P-192
- 0x'00E0'
- Brain Pool P-224
- 0x'0100'
- Brain Pool P-256
- 0x'0140'
- Brain Pool P-320
- 0x'0180'
- Brain Pool P-384
- 0x'0200'
- Brain Pool P512.
|
004 | 002 | ddd, This field is the length of the private
key d value in bytes, This value can be zero if the key token is used
as a skeleton key token in the PKA Key Generate callable service.
The maximum value could be up to 66 bytes. |
006 | 002 | xxx, This field is the length of the public
key Q value in bytes. This value can be zero if the key token is used
as a skeleton key token in the PKA Key Generate callable service.
The maximum value could be up to 133 bytes which includes one byte
to indicate if the value is compressed. |
008 | ddd | Private key d |
008 + ddd | xxx | Public Key value Q |
Key value
Structure (ECC_PUBL) |
000 | 001 | Curve type:
- 0x'00'
- Prime Curve
- 0x'01'
- Brain Pool Curve
|
000 | 001 | Reserved x'00' |
002 | 002 | Length of p in bits
- 0x'00C0'
- Prime P-192
- 0x'00E0'
- Prime P-224
- 0x'0100'
- Prime P-256
- 0x'0180'
- Prime P-384
- 0x'0209'
- Prime P-521
- 0x'00A0'
- Brain Pool P-160
- 0x'00C0'
- Brain Pool P-192
- 0x'00E0'
- Brain Pool P-224
- 0x'0100'
- Brain Pool P-256
- 0x'0140'
- Brain Pool P-320
- 0x'0180'
- Brain Pool P-384
- 0x'0200'
- Brain Pool P512.
|
004 | 002 | xxx, This field is the length of the public
key Q value in bytes. This value can be zero if the key token is used
as a skeleton key token in the PKA Key Generate callable service.
The maximum value could be up to 133 bytes which includes a one byte
value indicating compressed or uncompressed key value. |
006 | xxx | Public key value Q |