Trusted block section X'11'

Edit online

Trusted block section X'11' contains the trusted RSA public key in addition to a key-usage flag indicating whether the public key is usable in key-management operations, digital signature operations, or both.

Section X'11' is optional. No multiple sections are allowed. It has no subsections defined.

Table 1. Trusted block trusted RSA public key section (X'11')
Offset (bytes)	Length (bytes)	Description
000	001	Section identifier: X'11' Trusted block trusted RSA public key
001	001	Section version number (X'00').
002	002	Section length (16 + xxx + yyy).
004	002	Reserved, must be binary zero.
006	002	RSA public key exponent field length in bytes, xxx.
008	002	RSA public key modulus length in bits.
010	002	RSA publickey modulus field length in bytes, yyy.
012	xxx	Public key exponent, e (this field length is typically 1, 3, or 64 - 512 bytes). e must be odd and 1 ≤ e < n. (e is frequently valued to 3 or 2¹⁶+1 (=65537), otherwise e is of the same order of magnitude as the modulus).
012 + xxx	yyy	RSA public key modulus, n. n=pq, where p and q are prime and 2⁵¹² ≤ n < 2⁴⁰⁹⁶. The field length is 64 - 512 bytes.
012 + xxx + yyy	004	Flags: Value Description X'00000000' Trusted block public key can be used in digital signature operations only X'80000000' Trusted block public key can be used in both digital signature and key management operations X'C0000000' Trusted block public key can be used in key management operations only