RSA private key token, 4096-bit Modulus-Exponent

Edit online

This RSA private key token is supported on a CCA Crypto Express coprocessor (external and internal X'09' token).

Table 1. RSA Private Key Token, 4096-bit Modulus-Exponent
Offset (decimal) Number of bytes Description
000 001 X'09', section identifier, RSA private key, modulus-exponent format (RSAMEVAR).

This format is used for a clear or an encrypted RSA private-key in an external key-token up to a modulus size of 4096 bits.
001 001 Section version number (X'00').
002 002 Length of the RSA private key section: 132+ddd+nnn+xxx.
004 020 SHA-1 hash value of the private key subsection cleartext, offset 28 to the section end. This hash value is checked after an enciphered private key is deciphered for use.
024 002

External fomat:

Length of the encrypted private key section 8+ddd+xxx.

Internal fomat:

Length in bytes of the optionally encrypted secure subsection, or X'0000' if the subsection is not encrypted.
026 002 Reserved; set to binary zero.
028 001 Key format and security flags:
External token:
X'00'
Unencrypted RSA private-key subsection identifier
X'82'
Encrypted RSA private-key subsection identifier

All other values are reserved and undefined.
029 001

External format:

Reserved, set to binary zero.

Internal format:

Private key source flag:

X'00'
Generation method unknown
030 020 SHA-1 hash of the optional key-name section. If there is no key-name section, then 20 bytes of X'00'.
050 001 Key-usage and translation control flag byte.

Key usage:

B'11xx xxxx'
Only key unwrapping (KM-ONLY)
B'10xx xxxx'
Both signature generation and key unwrapping (KEY-MGMT)
B'01xx xxxx'
Undefined
B'00xx xxxx'
Undefined

Translation control:

B'xxxx xx1x'
Private key translation is allowed (XLATE-OK)
B'xxxx xx0x'
Private key translation is not allowed (NO-XLATE)

All other bits are reserved and must be zero.
051 065 Reserved; set to binary zero.
116 002 Private-key exponent field length, in bytes: ddd.
118 002 Private-key modulus field length, in bytes: nnn.
120 002 Length of padding field, in bytes: xxx.

Padding of X'00' bytes for a length of xxx bytes such that the length from the start of the confounder at offset 124 to the end of the padding field is a multiple of 8 bytes.
122 002 Reserved; set to binary zero.
Start of the (optionally) encrypted subsection; all of the fields starting with the confounder field and ending with the variable-length pad field are enciphered for key confidentiality when the key format and security flags (offset 28) indicate that the private key is enciphered.
124 008 Confounder.

This is an eight-byte random number.

Data encrypted with two-part key-encrypting key.
132 ddd Private-key exponent, d: 
d = e-1 mod((p - 1)(q - 1))
where 1 < d < n, and e is the public exponent.

The transport key encrypts the private key exponent using the EDE2 algorithm.
132 + ddd xxx Pad of X'00' bytes.
End of the optionally encrypted subsection.
132 + ddd + xxx nnn Private-key modulus.