Usage notes
The usage notes for CSNBT31P.
The part of the header that is optional, called optional blocks, is not disassembled. To obtain the contents of optional blocks, use the TR31 Optional Data Read verb. Neither verb performs any cryptographic services, and both disassemble a key block in application storage. The validity of the key block is verified as much as can be done without performing any cryptographic services.
The TR-31 header fields that are disassembled into separate pieces of information include a key block version ID, key block length, key usage, algorithm, mode of use, key version number, exportability, and number of optional blocks. Except for the two length values, which are returned as integers, the verb returns the field values as ASCII strings. This format is used in the TR-31 key block itself. For more information, see X9 TR-31 2010: Interoperable Secure Key Exchange Block Specification for Symmetric Algorithms.
| TR-31 field name | Verb parameter | Field or buffer string length in bytes | Description of TR-31 field |
|---|---|---|---|
| Key block version ID | key_block_version | 1 | Identifies the method by which the key block is cryptographically protected and the content layout of the block. |
| Key block length | key_block_length | 4 (integer) | Entire key block length after encoding (header, encrypted confidential data, and MAC). |
| Key usage | key_usage | 2 | Provides information about the intended function of the protected key/sensitive data, such as data encryption, PIN encryption, or key wrapping. Numeric values are reserved for proprietary use (that is, not defined by TR-31). |
| Algorithm | algorithm | 1 | The approved symmetric algorithm for which the protected key may be used. Numeric values are reserved for proprietary use. |
| Mode of use | mode | 1 | Defines the operation for which the protected key can perform. Numeric values are reserved for proprietary use. |
| Key version number | key_version_number | 2 | Version number to optionally indicate that the contents of the key block is a component (key part), or to prevent re-injection of an old key. This field is a tool for enforcement of local key change rules. |
| Exportability | exportability | 1 | Defines whether the protected key may be exported. |
| Number of optional blocks | num_opt_blocks | 4 (integer) | Defines the number of optional blocks included in the key block. If this value is greater than zero, use the TR31 Optional Data Read verb to obtain the contents of the optional blocks. |
This verb does not perform cryptographic services on any key value. You cannot use this verb to change a key or to change the control vector related to a key.