RSA private key, 2048-bit Chinese Remainder Theorem

View the RSA private key token, 2048-bit Chinese Remainder Theorem (X'05'). This is an asymmetric key token.

Table 1. RSA private key, 2048-bit Chinese Remainder Theorem format section (X'05')
Offset (decimal)	Number of bytes	Description
000	001	X'05', section identifier, RSA private key, 2048-bit maximum CRT (replaced by RSA-CRT) format This section type is no longer created by CCA.
001	001	Section version number (X'00').
002	002	Section length in bytes (76 + ppp + qqq + rrr + sss + ttt + uuu + xxx + nnn).
004	020	SHA-1 hash value of the private-key subsection cleartext, offset 28 to the end of the modulus.
024	002	Length in bytes of the optionally encrypted secure subsection, or X'0000' if the subsection is not encrypted.
026	002	Master-key verification pattern in an internal key-token, else X'0000'.
028	001	Key format and security flag byte. External key-token: X'40' Unencrypted RSA private-key subsection identifier, Chinese-Remainder Theorem format Internal key-token: X'42' Encrypted RSA private-key subsection identifier, Chinese-Remainder Theorem format All other values are reserved and undefined.
029	001	Reserved, binary zero.
030	020	SHA-1 hash of the optional key-name section; if there is no name section, then 20 bytes of X'00'.
050	001	Key-usage flag byte. Key usage: B'11xx xxxx' Only key unwrapping (KM-ONLY) B'10xx xxxx' Both signature generation and key unwrapping (KEY-MGMT) B'01xx xxxx' Undefined B'00xx xxxx' Undefined All other bits are reserved and must be zero.
051	001	Reserved, binary zero.
052		Start of the optionally encrypted subsection. Private key encryption: External token: EDE2 process using the double-length transport key Internal token: EDE3 process using the asymmetric master key. See Triple-DES ciphering algorithms.
052	008	Random number, confounder.
060	002	Length of prime number, `p`, in bytes: `ppp`.
062	002	Length of prime number, `q`, in bytes: `qqq`.
064	002	Length of d_p, in bytes: `rrr`.
066	002	Length of d_q, in bytes: `sss`.
068	002	Length of A_p, in bytes: `ttt`.
070	002	Length of A_q, in bytes: `uuu`.
072	002	Length of modulus, `n`, in bytes: `nnn`.
074	002	Length of padding field, in bytes: `xxx`.
076	ppp	Prime number, `p`.
076+ppp	qqq	Prime number, `q.`
076+ppp+qqq	rrr	d_p = d mod(p - 1).
076+ppp+qqq+rrr	sss	d_q = d mod(q - 1).
076+ppp+qqq +rrr+sss	ttt	A_p = q^p-1 mod(n).
076+ppp+qqq+rrr +sss+ttt	uuu	A_q (n + 1 - A_p).
076+ppp+qqq+rrr +sss+ttt+uuu	xxx	X'00' padding of length xxx bytes such that the length from the start of the random number above to the end of the padding field is a multiple of 8 bytes.
End of the optionally encrypted subsection; all of the fields starting with the confounder field and ending with the variable-length pad field are enciphered for key confidentiality when the key-format-and-security flag byte (offset 28) indicates that the private key is enciphered.
076+ppp+qqq +rrr+sss+ttt +uuu+xxx	nnn	Modulus, n. n = pq, where p and q are prime and 2⁵¹² ≤ n < 2²⁰⁴⁸.