AES internal fixed-length key token

Edit online

The format for an AES internal fixed-length key token.

Table 1 shows the format for an AES internal fixed-length key token.

CCA AES fixed-length key-token data structures are 64 bytes in length, and are made up of an internal key-token identifier and a token version number, reserved fields, a flag byte containing various flag bits, and a token-validation value.

Depending on the flag byte, the key token either contains an encrypted key, a clear key, or the key is absent. An encrypted key is encrypted under an AES master key identified by a master-key verification pattern (MKVP) in the key token. The key token contains a two-byte integer that specifies the length of the clear-key value in bits, valued to 0, 128, 192, or 256, and a two-byte integer that specifies the length of the encrypted-key value in bytes, valued to 0 or 32. An LRC checksum byte of the clear-key value is also in the key token.

All AES keys contained in fixed-length key tokens are DATA keys. If the flag byte indicates a control vector (CV) is present, it must be all binary zeros. An all-zero CV represents the CV value of an AES DATA key. If a key is present without a control vector in a key token, that is accepted and the key is interpreted as an AES DATA key. The AES internal fixed-length key-token, version X'04', is the structure used to hold AES keys that are either encrypted with the AES master-key, or in cleartext format.

For an AES symmetric variable-length key token, see AES CIPHER variable-length symmetric key token.

Table 1. AES Internal fixed-length key token format, version X'04'

AES Internal fixed-length key token format
Bytes Description
0 X'01' (flag indicating this is an internal key token)
1 - 3 Implementation-dependent bytes, must be X'000000'.
4 Key token version number, X'04'
5 Reserved (X'00')
6 Flag byte. See AES internal fixed-length key-token flag byte.
7 Longitudinal redundancy check (LRC) checksum of clear-key value (LRC is the XOR of each byte in the clear-key value).
8 - 15 Master key verification pattern (MKVP)

Contains the master-key verification pattern of the AES master-key used to encrypt the key contained in the token, or binary zeros if the token does not contain a key or the key is in the clear. The MKVP is calculated as the leftmost eight bytes of the SHA-256 hash of the string formed by pre-pending the byte X'01' to the cleartext master-key value.
16 - 47 Key value, if present. Contains either:
  • A 256-bit encrypted-key value. The clear key value is padded on the right with binary zeros, and the entire 256-bit value is encrypted under the AES master-key using AES CBC mode with an initialization vector of binary zeros.
  • A 128-bit, 192-bit, or 256-bit clear-key value left-aligned and padded on the right with binary zeros for the entire 256-bit field.
48 - 55 Control Vector (CV)

This value must be binary zeros for all AES key tokens that have a control vector present.
56 - 57 Clear-key bit length

An integer specifying the length in bits of the clear-key value. If no key is present in a completed token, this length is zero. In a skeleton token, this is the length of the key to be created in the token when used as input to the Key Generate verb.
58 - 59 Encrypted-key byte length

An integer specifying the length in bytes of the encrypted-key value. This value is zero if the token does not contain a key or the key is in the clear.
60 - 63 Token validation value (TVV).