SHA-256 based master-key verification method

Edit online

A SHA-256 hash algorithm is calculated on the quantity X'01' prep-ended to the 24-byte register contents.

For AES, there will be verification patterns for both the AES master key and for AES operational keys that are used to encipher or decipher data. The verification pattern on the master key is called the MKVP. The verification pattern on operational keys is referred to as a key-verification pattern (KVP).

Both the MKVP and KVP for AES will use the same algorithm. Both will be computed with the following process.
  1. Compute the SHA-256 hash of the string formed by pre-pending the byte X'01' to the cleartext key value.
  2. Take the leftmost eight bytes of the hash as the verification pattern.

This value is truncated to eight bytes because this is the length allocated for the verification in several CCA structures and APIs. For example, the AES key token has eight bytes for the MKVP, and the Key Test and Key Test2 verbs have an eight-byte parameter for the verification pattern.