AES DESUSECV variable-length symmetric key token

View a table showing the format of the DESUSECV variable-length symmetric key-token.

Table 1. AES DESUSECV variable-length symmetric key-token, version X'05'
Offset (bytes)	Length (bytes)	Description
Header
000	01	Token identifier: Value Meaning X'02' External key-token (encrypted payload is wrapped with a transport key or there is no payload). A transport key can be a key-encrypting key or an RSA public-key. All unused values are reserved and undefined.
001	01	Reserved, binary zero.
002	02	Length in bytes of the overall token structure: 46 + (2 * kuf) + (2 * kmf) + kl + iead + uad + ((pl + 7) / 8) Key token Minimum and maximum token length External 46 + (2 * 1) + (2 * 1) + 0 + 11 + 0 + ((576 + 7) / 8) = 133
004	01	Token version number (identifies the format of this key token): Value Meaning X'05' Version 5 format of the key token (variable-length symmetric key-token)
005	03	Reserved, binary zero.
End of header
Wrapping information section (all data related to wrapping the key)
008	01	Key material state: Value Meaning X'02' Key is wrapped with a transport key. The transport key is an AES key-encrypting key. The key token is external. All unused values are reserved and undefined.
009	01	Key verification pattern (KVP) type: Value Meaning X'02' KEK (8 leftmost bytes of SHA-256 hash: X'01 ∥ clear KEK). The key token is external. All unused values are reserved and undefined.
010	16	KVP: The field contains the KVP of the key-encrypting key used to wrap the key. The 8-byte KEK KVP is left-aligned in the field and padded on the right low-order bytes with binary zeros. The key token is external.
026	01	Encrypted section key-wrapping method (how data in the encrypted section is protected): Value Meaning X'02' AESKW (ANS X9.102). The key token is external with a key wrapped by an AES key-encrypting key. All unused values are reserved and undefined.
027	01	Hash algorithm used for wrapping key. The value indicates the algorithm used to calculate the message digest of the associated data. The message digest is included in the wrapped payload and is calculated starting at offset 30 for the length in bytes of all the associated data for the key token (length value at offset 32). Value Meaning X'02' SHA-256 All unused values are reserved and undefined. The key token is external.
028	01	Payload format version (identifies format of the payload): Value Meaning X'01' V1 payload (V1PYLD). The payload is fixed length based on the maximum possible key size of the algorithm for the key. The key is padded with random data to the size of the largest key for that algorithm. This helps to deter attacks on keys known to be weaker. The key length cannot be inferred by the size of the payload. The key token is external or internal. All unused values are reserved and undefined.
029	01	Reserved, binary zero.
End of wrapping information section
AESKW components: (1) associated data section and (2) optional wrapped AESKW payload
Associated data section
030	01	Associated data section version: Value Meaning X'01' Version 1 format of associated data
031	01	Reserved, binary zero.
032	02	Length in bytes of all the associated data for thekey token: 31.
034	01	Length in bytes of the optional key label (kl): 0.
035	01	Length in bytes of the optional IBM extended associated data (iead): 11.
036	01	Length in bytes of the optional user-definable associated data (uad): 0.
037	01	Reserved, binary zero.
038	02	Length in bits of the wrapped payload (pl): 576. For an AESKW formatted payload, pl is based on the key size of the algorithm type and the payload format version: DES algorithm (value at offset 41 is X'01') A DES key can have a length of 8, 16, or 24 bytes (64, 128, 192 bits). A DES key in an AESKW formatted payload is always wrapped with a V1 payload and has a fixed length payload of 576 bits.
040	01	Reserved, binary zero.
041	01	Algorithm type (algorithm for which the key can be used): Value Meaning X'01' DES All unused values are reserved and undefined.
042	02	Key type (general class of the key): Value Meaning X'0008' DESUSECV All unused values are reserved and undefined.
044	01	Key usage fields count (kuf): 1. Key-usage field information defines restrictions on the use of the key. Each key-usage field is 2 bytes in length. The value in this field indicates how many 2-byte key usage fields follow.
045	01	Key-usage field 1, high-order byte (reserved). All bits are reserved and must be zero.
046	01	Key-usage field 1, low-order byte (reserved). All bits are reserved and must be zero.
047	01	Key management fields count (kmf): 1. Key-management field information describes how the data is to be managed or helps with management of the key material. Each key-management field is 2 bytes in length. The value in this field indicates how many 2-byte key management fields follow.
048	01	Key-management field 1, high-order byte (reserved). All bits are reserved and must be zero.
049	01	Key-management field 1, low-order byte (reserved). All bits are reserved and must be zero.
050	iead	IBM® extended associated data: Offset Length (bytes) (bytes) Item Contents 0 1 Structure version X'00' identifier 1 1 Flag byte 1 Copy of flag byte 1 taken from offset 6 of the internal fixed-length DES source key token exported by the CSNDSYX verb into this external enciphered key. 2 1 Flag byte 2 Copy of flag byte 2 taken from offset 7 of the internal fixed-length DES source key token exported by the CSNDSYX verb into this external enciphered key. 3 0 Masked control Copy of 8 bytes of control vector taken vector from offset 32 of the internal fixed-length DES source key token exported by the CSNDSYX verb into this external enciphered key. The key form bits (CV bits 40 - 42) are copied into the wrapped payload before being masked here to zero to conceal the length of the DES key.
End of associated data section
Optional wrapped AESKW formatted payload
061	72	Contents of payload: An encrypted payload which the Segment 2 code creates by wrapping the unencrypted AESKW formatted payload. The payload is made up of the integrity check value, pad length, length of hash options and hash, hash options, hash of the associated data, key material, and padding. The key token is internal. A DES DESUSECV payload contains key material that is formatted. The key material is formatted as follows: Offset Length bytes) (bytes) Item Contents 0 1 Key length (kl) Value Meaning X'08' Single-length key X'10' Double-length key X'18' Triple-length key (IBM Z only) 1 1 Flag byte 1 Reserved, binary zero. 2 1 Flag byte 2 Value Meaning B'xxxx xxx1' The key has guaranteed unique halves B'xxxx xxx0' The key does not have guaranteed unique halves. All unused bits are reserved and must be zero. 3 8 Left part of key Left part of single-length, double-length, or (System z only) triple-length DES key. 11 8 Middle part of Middle part of double-length or (IBM Z) key, or random triple-length DES key, otherwise random data. data 19 8 Right part of Right part of triple-length key (IBM Z only), key. otherwise random data.
End of optional wrapped AESKW formatted payload
End of AESKW components
Note: All numbers are in big endian format.