Key-token verification patterns

Edit online

These verification pattern techniques are used in the several types of CCA key tokens.

The techniques are:
  • AES and ECC key tokens: leftmost 8 bytes of SHA-256 hash of the string formed by pre-pending X'01' to the cleartext key value.
  • DES key tokens:
    • Triple-length master key, key token version X'00': leftmost 8 bytes of SHA-1 hash
    • Triple-length master key, key token version X'03': leftmost 2 bytes of SHA-1 hash
    • Double-length master key, key token version X'00': leftmost 8 bytes of z/OS® hash
    • Double-length master key, key token version X'03': leftmost 2 bytes of SHA-1 hash
  • RSA key tokens:
    • Private-key section types X'06' and X'08': 16-byte MDC-4 value
    • Private-key section types X'02' and X'05': leftmost 2 bytes of SHA-1 hash
  • Trusted blocks: 16-byte MDC-4 value