DES internal key token

Edit online

The format for a DES internal key token. DES key tokens are almost always in a fixed-length token, except for a DESUSECV key type in a variable-length symmetric key token.

Fixed-length DES key tokens are 64 bytes and consist of a DES-enciphered key, a control vector, various flag bits, a token identifier and version number, reserved fields, and a token-validation value. An internal key-token also includes a master-key verification pattern or master-key version number, depending on the key-token version number.

If an internal fixed-length DES key-token has a key present, it contains a key multiply-enciphered by a DES master key. If an external fixed-length DES key-token has a key present, it contains a key multiply enciphered by a key-encrypting key.

Version X'00' tokens are single-length, double-length, and triple-length keys for all key types. DATA key tokens with zero control vectors are version X'00' for single-length keys and version X'01' for double-length and triple-length keys.

Table 1 shows the format for a DES internal key token.

Table 1. DES internal key token format
DES internal key token format
Bytes	Description
0	X'01' (flag indicating this is an internal key token)
1 - 3	Implementation-dependent bytes (X'000000' for ICSF)
4	Key token version number (X'00' or X'01')
5	Reserved (X'00')
6	Flag byte 1 Bit Meaning When Set On 0 Encrypted key and master key verification pattern (MKVP) are present. 1 Control vector (CV) value in this token has been applied to the key. 2 Key is used for no control vector (NOCV) processing. Valid for transport keys only. 3 Key is an ANSI key-encrypting key (AKEK). 4 AKEK is a double-length key (16 bytes). Note: When bit 3 is on and bit 4 is off, AKEK is a single-length key (eight bytes). 5 AKEK is partially notarized. 6 Key is an ANSI partial key. 7 Export prohibited.
7	Flag byte 2 Bit Meaning When Set On 0-2 B'000' The encrypted key, if present, is wrapped using the legacy (WRAP-ECB) method. B'001' The encrypted key is wrapped using the enhanced WRAP-ENH) method. B'010' The encrypted key is wrapped using the enhanced method and SHA-256 (WRAPENH2). Requires CV bit ENH-ONLY to be enabled. Only valid with version X’00’ tokens. B'011' The encrypted key is wrapped using the enhanced method 3 and SHA-256 (WRAPENH3). Requires CV bit ENH-ONLY to be enabled. Only valid with version X’00’ tokens. All other bit combinations are reserved and undefined and must be zero.
8 - 15	When the compliant-tag bit is off (bit 58 in the CV): Master Key Verification Pattern (MKVP). When the compliant-tag bit is on (bit 58 in the CV): Offset \| Length Description 0 \| 5 Truncated MKVP. 5 \| 2 Reserved. 7 \| 1 Key Derivation Function (KDF). When KDF is X'01', the token is not considered compliant-tagged. Throughout the publications, they are referred to as DES KDF 01 tokens. Only key tokens with a KDF higher than X'01' are referred to as compliant-tagged.
16 - 23	A single-length key, the left half of a double-length key, or Part A of a triple-length key. The value is encrypted under the master key.
24 - 31	X'0000000000000000' if a single-length key, the right half of a double-length operational key, or Part B of a triple-length operational key. The right half of the double-length key or Part B of the triple-length key is encrypted under the master key when flag bit 0 is on. Otherwise, it is in the clear. For WRAPENH3, this field always holds ciphertext in order to obfuscate the length of a single or double-length key. The CCA coprocessor uses the effective length (determined by the number of repeated 56-bit sections, if any) of the key to determine key strength for wrapping of other keys or other key strength comparisons.
32 - 39	The control vector (CV) for a single-length key or the left half of the control vector for a double-length key. For WRAPENH3, this field has an update to the key form bits (bits 41-42). These bits always have the value '11', which indicates a triple-length key. The guaranteed unique halves bit can be set.
40 - 47	X'0000000000000000' if a single-length key or the right half of the control vector for a double-length operational key. For WRAPENH3, this field holds an 8 byte TDES-CMAC over the entire key block, with this field set to 0x00 bytes before calculation of the TDES-CMAC.
48 - 55	X'0000000000000000' if a single-length key or double-length key, or Part C of a triple-length operational key. Part C of a triple-length key is encrypted under the master key when flag bit 0 is on. Otherwise, it is in the clear. For WRAPENH3, this field always holds ciphertext in order to obfuscate the length of a single or double-length key.
56 - 58	Reserved (X'000000')
59	Key length for zero CV DATA keys: Value Description B'00000000' Single-length key (version 0 only). B'00010000' Double-length key (version 1 only). B'00100000' Triple-length key (version 1 only). All other values are reserved and undefined.
60 - 63	Token validation value (TVV).

Note: AKEKs are not supported by this version of CCA. Key tokens from other CCA systems, however, could have the AKEK flag bits set in a key token.