Usage notes
The usage notes for CSNBT31O.
The newly constructed optional block can optionally be appended to an existing structure of optional blocks, or it can be returned as a new optional blocks structure. After the last optional block has been constructed, the completed structure containing the optional blocks can be included in a TR-31 key block during an export operation by the TR31 Translate verb by using its opt_blocks parameter. For information about TR-31, including the format of a TR-31 optional block, see X9 TR-31 2010: Interoperable Secure Key Exchange Block Specification for Symmetric Algorithms.
The TR-31 key block has an unencrypted header that can contain optional blocks. The header is securely bound to the key block using the integrated MAC. An optional block has a 2-byte ASCII block ID value that determines the use of the block. The ID of each block in an optional blocks structure must be unique.
The verb builds a structure of optional blocks by adding one optional block with each call. This process is repeated until the entire set of optional blocks has been added. For each call, provide the components for a single optional block. This includes the optional block ID, the optional block length in bytes, and the optional block data. In addition, provide an optional blocks buffer large enough to add the optional block being built.
- The optional blocks buffer is empty. In this case, the newly constructed optional block is copied into the buffer.
- The optional blocks buffer contains one or more existing optional blocks. In this case, the newly constructed optional block is appended to the existing optional blocks. No duplicate IDs are allowed.
Upon successful completion, the opt_blocks_length variable is updated to the length of the returned optional blocks structure.
This verb does not perform cryptographic services on any key value. You cannot use this verb to change a key or to change the control vector related to a key.