Key token formatsEdit online The key token formats can be useful for debugging purposes. Master key verification patternA master key verification pattern (MKVP) exists within an internal AES, HMAC, or DES key-token that has an encrypted key present. An MKVP also exists within an internal PKA key-token that has an encrypted RSA or ECC private-key present or within an active internal CCA trusted block.Token validation value and record-validation valueCCA uses the token validation value (TVV) to verify that a token is valid. Null key tokensWith some CCA verbs, a null key-token can be used instead of an internal or an external key-token. A verb generally accepts a null key token as a signal to use a key token with default values. A null key token always has a value of X'00' as its first byte.Fixed-length symmetric key tokensCCA supports fixed-length symmetric key-tokens. Variable-length symmetric key tokensCCA supports a variable-length symmetric key-token. This key token has a version number of X'05' (offset 4). Use the Key Token Build2 (CSNBKTB2) verb to build skeleton variable-length symmetric key tokens used as input by the Key Generate2 (CSNBKGN2) or Key Part Import2 (CSNBKPI2) verbs, which return these key tokens with encrypted keys in the key-token payload.PKA key tokensPKA key tokens contain RSA, ECC, or QSA private or public keys.RSA public key tokenThe sections of an RSA public key token.RSA private key tokenThe contained subtopics describe the RSA private key tokens for both the external and internal format combined into one table for each token type.ECC key tokenThe format of ECC public and private key tokens.PQC key tokenThe format of PQC public and private key tokens.HMAC key tokenThe two formats of the HMAC key token.AESKW key format for external keysView the structure used to export an ECC or PQC private key when the ECC-AES1 or QSA-AES1 keyword is used with CSNDPKT. This key token is an external-only format and cannot be imported to CCA.TR-31 key block header and optional block dataThis section describes the format of the TR-31 key block header and the header values supported by CCA. It also describes the TR-31 optional blocks that can be used by CCA.Trusted blocksA key token is a data structure that contains information about a key and usually contains a key or keys.Parent topic: Reference information