Null key tokens
With some CCA verbs, a null key-token can be used instead of an internal or an external key-token. A verb generally accepts a null key token as a signal to use a key token with default values. A null key token always has a value of X'00' as its first byte.
Null AES key-token
A null AES key-token consists of 64 bytes of X'00'.
Null DES key-token
A null DES key-token is indicated by the value X'00' at offset zero in a key token, a key-token record in key storage, a key-token variable, or a key-identifier variable. The (DES) Key Import verb accepts input with offset zero valued to X'00'. In this special case, the verb treats information starting at offset 16 as an enciphered, single-length key. In a very limited sense, this special case can be considered a null DES key-token.
| Bytes | Description |
|---|---|
| 0 | X'00' (flag indicating this is a null key token). |
| 1 - 15 | Reserved (set to binary zeros). |
| 16 - 23 | Single-length encrypted key, left half of double-length encrypted key, or Part A of triple-length encrypted key. |
| 24 - 31 | X'0000000000000000' if a single-length encrypted key, the right half of double-length encrypted key, or Part B of triple-length encrypted key. |
| 32 - 39 | X'0000000000000000' if a single-length encrypted key or double-length encrypted key. |
| 40 - 47 | Reserved (set to binary zeros). |
| 48 - 55 | Part C of a triple-length encrypted key. |
| 56 - 63 | Reserved (set to binary zeros). |