PKA92 key format and encryption process
The Symmetric Key Generate and the Symmetric Key Import verbs optionally support a PKA92 method of encrypting a DES key with an RSA public key.
This format is adapted from the IBM® Transaction Security System (TSS) 4753 and 4755 product's implementation of PKA92. The verbs do not create or accept the complete PKA92 AS key token as defined for the TSS products. Rather, the verbs support only the actual RSA-encrypted portion of a TSS PKA92 key token, the AS External Key Block.
| Offset (bytes) | Length (bytes) | Description |
|---|---|---|
| Zero-bit padding to form a structure as long as the length of the public key modulus. The implementation constrains the public key modulus to a multiple of 64 bits in the range of 512 - 1024 bits. Note that government export or import regulations can impose limits on the modulus length. The maximum length is validated by a check against a value in the Function Control Vector. | ||
| 000 | 005 | Header and flags: X'01 0000 0000.' |
| 005 | 016 | Environment Identifier (EID), encoded in ASCII. |
| 021 | 008 | Control vector base for the DES key. |
| 029 | 008 | Repeat of the CV data at offset 021. |
| 037 | 008 | The single-length DES key or the left half of a double-length DES key. |
| 045 | 008 | The right half of a double-length DES key or a random number. This value is locally designated "K." |
| 053 | 008 | Random number, "IV." |
| 061 | 001 | Ending byte, X'00.' |
Masking Sub-process - Create a mask by CBC encrypting a multiple of eight bytes of binary zeros using K as the key and IV as the initialization vector as defined in the key record at offsets 45 and 53. XOR the mask with the key record and call the result PKR.
Overwriting Sub-process - Set the high-order bits of PKR to B'01' and set the low-order bits to B'0110'.
XOR K and IV and write the result at offset 45 in PKR.
Write IV at offset 53 in PKR. This causes the masked and overwritten PKR to have IV at its original position.
Encrypting Sub-process - RSA encrypt the overwritten PKR masked key record using the public key of the receiving node.
Recovering a key from an external key block - Recover the encrypted DES key from an AS External Key Block by performing decrypting, validating, unmasking, and extraction sub-processes.
Decrypting Sub-process - RSA decrypt the AS External Key Block using an RSA private key and call the result of the decryption PKR. The private key must be usable for key management purposes.
Validating Sub-process - Verify the high-order two bits of the PKR record are valued to B'01' and the low-order four bits of the PKR record are valued to B'0110'.
Set K to the XOR of IV and the value of the eight bytes at offset 45 of the PKR record.
Create a mask equal in length to the PKR record by CBC encrypting a multiple of eight bytes of binary zeros using K as the key and IV as the initialization vector. XOR the mask with PKR and call the result the key record.
Copy K to offset 45 in the PKR record.
- The four bytes at offset 1 in the key record are valued to X'0000 0000' .
- The two control vector fields at offsets 21 and 29 are identical.
- If the control vector is an IMPORTER or EXPORTER key class, the Environment Identifier (EID) in the key record is not the same as the EID stored in the cryptographic engine.
The control vector base of the recovered key is the value at offset 21. If the control vector base bits 40 - 42 are valued to B'010' or B'110', the key is double length. Set the right half of the received key's control vector equal to the left half and reverse bits 41 and 42 in the right half.
The recovered key is at offset 37 and is either 8 or 16 bytes long based on the control vector base bits 40 - 42. If these bits are valued to B'000', the key is single length. If these bits are valued to B'010' or B'110', the key is double length.