RSA public key token
The sections of an RSA public key token.
An RSA public key token contains the following sections.
- A required token header, starting with the token identifier X'1E'
- A required RSA public key section, starting with the section identifier X'04'
Table 1 presents the format of an RSA public
key token. All length fields are in binary. All binary fields (exponents,
lengths, and so on) are stored with the high-order byte first (left,
low-address, S/390® format).
| Offset (decimal) | Length (bytes) | Description |
|---|---|---|
| Token Header (Required) | ||
| 000 | 001 | Token identifier. X'1E' indicates an external token. |
| 001 | 001 | Version, X'00'. |
| 002 | 002 | Length of the key token structure. |
| 004 | 004 | Ignored. Should be 0. |
| RSA Public Key Section (Required) | ||
| 000 | 001 | X'04', section identifier, RSA public key. |
| 001 | 001 | X'00', version. |
| 002 | 002 | Section length, 12 + xxx + yyy |
| 004 | 002 | Reserved field. |
| 006 | 002 | RSA public key exponent field length
in bytes, xxx. |
| 008 | 002 | Public key modulus length in bits. |
| 010 | 002 | RSA public modulus field length in bytes, yyy. Note: If the token contains
an RSA private key section, this field length, yyy, should be 0. The RSA private
key section contains the modulus.
|
| 012 | xxx | Public exponent, e. (This field length is typically 1, 3, or 64 - 512 bytes). e must be odd and 1 ≤ e < n (e is frequently valued to 3, 5, 17, 257, or 65537. Otherwise e is of the same order of magnitude as the modulus). |
| 12 + xxx | yyy | Modulus, n. n = pq, where p and q are prime and 2512 ≤ n < 24096. This field is absent when the modulus is contained in the private-key section. If present, the field length range is 64 - 512 bytes. |