AES PINPROT, PINCALC, and PINPRW variable-length symmetric key token
View a table showing the format of the PINPROT, PINCALC, and PINPRW variable-length symmetric key-tokens.
| Offset (bytes) | Length (bytes) | Description | ||
|---|---|---|---|---|
|
Header |
||||
| 000 | 01 |
Token identifier:
All unused values are reserved and undefined. |
||
| 001 | 01 |
Reserved, binary zero. |
||
| 002 | 02 |
Length in bytes of the overall token structure: 46 + (2 * kuf) + (2 * kmf) + kl + iead + uad + ((pl + 7) / 8)
*This assumes a PKOAEP2 key-wrapping method using a 8192-bit RSA transport key. |
||
| 004 | 01 |
Token version number (identifies the format of this key token):
|
||
| 005 | 03 |
Reserved, binary zero. |
||
|
End of header |
||||
|
Wrapping information section (all data related to wrapping the key) |
||||
| 008 | 01 |
Key material state:
All unused values are reserved and undefined. |
||
| 009 | 01 |
Key verification pattern (KVP) type:
All unused values are reserved and undefined. |
||
| 010 | 16 |
KVP (value depends on value of key material state, that is, the value at offset 8):
|
||
| 026 | 01 |
Encrypted section key-wrapping method (how data in the encrypted section is protected):
All unused values are reserved and undefined. |
||
| 027 | 01 |
Hash algorithm used for wrapping key or encoding message. Meaning depends on whether the encrypted section key-wrapping method (value at offset 26) is no key-wrapping method, AESKW, or PKOAEP2: No key-wrapping method (value at offset 26 is X'00') Hash algorithm used for wrapping key when encrypted section key-wrapping method is no key-wrapping method:
All unused values are reserved and undefined. The key token is external or internal. AESKW key-wrapping method (value at offset 26 is X'02') Hash algorithm used for wrapping key when encrypted section key-wrapping method is AESKW. The value indicates the algorithm used to calculate the message digest of the associated data. The message digest is included in the wrapped payload and is calculated starting at offset 30 for the length in bytes of all the associated data for the key token (length value at offset 32).
All unused values are reserved and undefined. The key token is external or internal. PKOAEP2 key-wrapping method (value at offset 26 is X'03') Hash algorithm used for encoding message when encrypted section key-wrapping method is PKOAEP2. The value indicates the given hash algorithm used for encoding message M using the RSAES-OAEP scheme of the RSA PKCS #1 v2.1 standard.
All unused values are reserved and undefined. The key token is external. |
||
| 028 | 01 |
Payload format version (identifies format of the payload):
All unused values are reserved and undefined. |
||
| 029 | 01 |
Reserved, binary zero. |
||
|
End of wrapping information section |
||||
|
AESKW or PKOAEP2 components: (1) associated data section and (2) optional wrapped AESKW formatted payload or wrapped PKOAEP2 encoded payload (no payload if no key present) |
||||
|
Associated data section |
||||
| 030 | 01 |
Associated data section version:
|
||
| 031 | 01 |
Reserved, binary zero. |
||
| 032 | 02 |
Length in bytes of all the associated data for the key token: 16 - 347. |
||
| 034 | 01 |
Length in bytes of the optional key label (kl): 0 or 64. |
||
| 035 | 01 |
Length in bytes of the optional IBM extended associated data (iead): 0. |
||
| 036 | 01 |
Length in bytes of the optional user-definable associated data (uad): 0 - 255. |
||
| 037 | 01 |
Reserved, binary zero. |
||
| 038 | 02 |
Length in bits of the wrapped payload (pl): 0, 512 - 4096.
|
||
| 040 | 01 |
Reserved, binary zero. |
||
| 041 | 01 |
Algorithm type (algorithm for which the key can be used):
All unused values are reserved and undefined. |
||
| 042 | 02 |
Key type (general class of the key):
All unused values are reserved and undefined. |
||
| 044 | 01 |
Key usage fields count (kuf): 3. For PINPROT: 3, if value at offset 50 = X’01’ (DK enabled), or 4, if value at offset 50 = X’00’ (no field format specification). Key-usage field information defines restrictions on the use of the key. For key type PINPROT, see AES PINPROT Key Token Build2 keywords (Figure 8). For key type PINCALC, see AES PINCALC Key Token Build2 keywords (Figure 7). For key type PINPRW, see AES PINPRW Key Token Build2 keywords (Figure 9). Each key-usage field is 2 bytes in length. The value in this field indicates how many 2-byte key usage fields follow. |
||
| 045 | 01 |
Key-usage field 1, high-order byte. The meaning is determined by the key type (value at offset 42). The key type can be PINPROT, PINCALC, or PINPRW: PINPROT (value at offset 42 is X'0005') Encryption operation:
All unused bits are reserved and must be zero. PINCALC (value at offset 42 is X'0006') MAC operation:
All unused bits are reserved and must be zero. PINPRW (value at offset 42 is X'0007') MAC operation:
All unused bits are reserved and must be zero. |
||
| 046 | 01 |
Key-usage field 1, low-order byte (user-defined extension control). |
||
| 047 | 01 |
Key-usage field 2, high-order byte. The meaning is determined by the key type (value at offset 42). The key type can be PINPROT, PINCALC, or PINPRW: PINPROT (value at offset 42 is X'0005') Encryption mode:
All unused values are reserved and undefined. PINCALC (value at offset 42 is X'0006') Encryption mode:
All unused values are reserved and undefined. PINPRW (value at offset 42 is X'0007') MAC mode:
All unused values are reserved and undefined. |
||
| 048 | 01 |
Key-usage field 2, low-order byte. The meaning is determined by the key type (value at offset 42). The key type can be PINPROT, PINCALC, or PINPRW: PINPROT (value at offset 42 is X'0005'): Inbound key (value at offset 45 is B'01xx xxxx')
All unused bits are reserved and must be zero. Outbound key (value at offset 45 is B'10xx xxxx')
All unused bits are reserved and must be zero. PINCALC (value at offset 42 is X'0006') All bits are reserved and must be zero. PINPRW (value at offset 42 is X'0007') All bits are reserved and must be zero. |
||
| 049 | 01 |
Key-usage field 3, high-order byte. The meaning is determined by the field format identifier (value at offset 50). Currently the only field format identifier is DK enabled: DK enabled (value at offset 50 is X'01') Common control by key type, based on key type PINPROT, PINCALC, or
PINPRW:
All unused values are reserved and undefined. |
||
| 050 | 01 |
Key-usage field 3, low-order byte (field format identifier). Identifies the format of key-usage field 3, high-order byte (value at offset 49):
All unused values are reserved and undefined. |
||
| 051 | 01 |
Key management fields count (kmf): 3. Key-management field information describes how the data is to be managed or helps with management of the key material. For key type PINPROT, see AES PINPROT Key Token Build2 keywords (Figure 8). For key type PINCALC, see AES PINCALC Key Token Build2 keywords (Figure 7). For key type PINPRW, see AES PINPRW Key Token Build2 keywords (Figure 9). Each key-management field is 2 bytes in length. The value in this field indicates how many 2-byte key management fields follow. |
||
| 052 | 01 |
Key-management field 1, high-order byte (symmetric-key export control). |
||
| 053 | 01 |
Key-management field 1, low-order byte (export control by algorithm). |
||
| 054 | 01 |
Key-management field 2, high-order byte (key completeness). |
||
| 055 | 01 |
Key-management field 2, low-order byte (security history). |
||
| 056 | 01 |
Key-management field 3, high-order byte (pedigree original). |
||
| 057 | 01 |
Key-management field 3, low-order byte (pedigree current). |
||
| 058 | kl |
Optional key label. |
||
| 058 + kl | iead |
Optional IBM extended associated data (unused). |
||
| 058 + kl + iead | uad |
Optional user-defined associated data. |
||
|
End of associated data section |
||||
|
Optional wrapped AESKW formatted payload or wrapped PKOAEP2 encoded payload (no payload if no key present) |
||||
|
058 + kl + iead + uad |
(pl + 7) / 8 |
Contents of payload (pl is in bits) depending on the encrypted section key-wrapping method (value at offset 26): |
||
| Value at offset 26 | Encrypted section key-wrapping method | Meaning | ||
| X'02' | AESKW | An encrypted payload which the Segment 2 code creates by wrapping the unencrypted AESKW formatted payload. The payload is made up of the integrity check value, pad length, length of hash options and hash, hash options, hash of the associated data, key material, and padding. The key token is internal. | ||
| X'03' | PKOAEP2 | An encrypted PKOAEP2 encoded payload created using the RSAES-OAEP scheme of the PKCS #1 v2.1
standard. The message M is encoded for a given hash algorithm using the Bellare and Rogaway
Optimal Asymmetric Encryption Padding (OAEP) method for encoding messages. For PKAOEP2, M is
defined as follows: M = [32 bytes: hAD] ∥ [2 bytes: bit length of the clear key] ∥ [clear key] where hAD is the message digest of the associated data, and is calculated using the SHA-256 algorithm starting at offset 30 for the length in bytes of all the associated data for the key token (length value at offset 32). The encoded message is wrapped with an RSA public-key according to the standard. The key token is external. |
||
|
End of optional wrapped AESKW formatted payload or wrapped PKAOEP2 encoded payload |
||||
|
End of AESKW or PKOAEP2 components |
||||
|
Note: All numbers are in big endian format.
|
||||