Variable length token (AESKW method)
The wrapping method for the variable-length key tokens with AESKW is defined in standard ANSI X9.102.
The wrapping of the payload of a variable length key (*K) using
an AES *MK is defined as:
e*MK(*K) = eAESKW*MK(P)
P = ICV || Pad length || Hash length || Hash options || Data hash || *K || PaddingWhere:
- ICV
- Is the 6 byte constant X'A6A6A6A6A6A6'.
- Pad length
- Is the length of the padding in bits.
- Hash length
- Is the length of the Data Hash in bytes.
- Hash options
- Is a 4-byte field.
- Data hash
- Is the hash of the associated data block.
- Padding
- Is the number of bytes of X'00' used to make the overall length of P a multiple of 8.
- eAESKW
- Means encryption using the AESKW method.