PKA public-key certificate section

Edit online
A PKA public-key certificate section can be optionally included in a PKA key token. The section is composed of a series of subsections and optional tag-length-value (TLV) objects to form a self-defining data structure. One or more TLV objects can be included in the variable portion of a higher-level TLV object. The section and subsections must occur in the following order:
  • A required PKA public-key certificate (section identifier X'40')
  • A required public-key subsection:
    • For an ECC key, an ECC public-key subsection (subsection identifier X'22')
    • For an RSA key, an RSA public-key subsection (subsection identifier X'41')
  • An optional PKA certificate information subsection (subsection identifier X'42') which includes one, two, or three TLV objects:
    1. PKA user-data TLV object (tag identifier X'50')
    2. PKA private key ID object (tag identifier X'51')
    3. PKA serial number TLV object (tag identifier X'52')
  • A required PKA signature subsection (subsection identifier X'45'), followed by any number of optional PKA signature subsections

The PKA public-key certification section is described followed by descriptions of the related subsections and TLV objects that can be concatenated to the section.

Table 1. PKA public-key certificate section (X'40')

Table with three columns describing the PKA public-key certificate section (X'40')
Offset (bytes) Length (bytes) Description
000 001 Section identifier:
X'40'
PKA public-key certificate
001 001 Section version number (X'00').
002 002 Section length in bytes. Includes:
  • Section header
  • Public key subsection
  • Information subsection (optional)
  • Signature subsections
Table 2. ECC public-key subsection (X'22') of PKA public-key certificate section (X'40')
Offset (bytes) Length (bytes) Description
000 001 Subsection identifier:
X'22'
ECC public-key
001 001 Subsection version number (X'00')
002 002 Subsection length in bytes (14 + xxx)
004 004 Reserved, binary zero.
008 001 Curve type:
Value
Meaning
X'00'
Prime
X'01'
Brainpool
009 001 Reserved, binary zero.
010 002
Length of prime p in bits. Refer to Table 1, and Table 2.
Value
Length (bits)
X'00A0'
160 (Brainpool)
X'00C0'
192 (Brainpool, Prime)
X'00E0'
224 (Brainpool, Prime)
X'0100'
256 (Brainpool, Prime)
X'0140'
320 (Brainpool)
X'0180'
384 (Brainpool, Prime)
X'0200'
512 (Brainpool)
X'0209'
521 (Prime)
012 002 Length of public key q in bytes. Value includes length key material plus one (to include a one-byte flag that indicates if the key material is compressed).
014 xxx Public key q.
Table 3. RSA public-key subsection (X'41') of PKA public-key certificate section (X'40')
Offset (bytes) Length (bytes) Description
000 001 Subsection identifier:
X'41'
RSA public-key
001 001 Subsection version number (X'00').
002 002 Subsection length in bytes (12 + xxx + yyy). 


Key size in bits      Section Length in bytes (no modulus) 
     4096                 12 + 512 = 524 (0x020C) 
     6144                 12 + 512 = 524 (0x020C) 
     8192                 12 + 512 = 524 (0x020C) 


Key size in bits      Section Length in bytes (with modulus)
     4096                 12 + 512 + 512  = 1036 (0x040C)   
     6144                 12 + 512 + 768  = 1292 (0x050C)   
     8192                 12 + 512 + 1024 = 1548 (0x060C)
004 002 Reserved, binary zero.
006 002 RSA public-key exponent field length in bytes, xxx. Maximum length is 512 bytes. 


Key size in bits       Length in bytes
     4096                512 (0x0200)
     6144                512 (0x0200)
     8192                512 (0x0200)
008 002 Public-key modulus length in bits. 


Key size in bits       modulus length in bits
     4096                 4096 (0x1000)  
     6144                 6144 (0x1800)
     8192                 8192 (0x2000)
010 002 RSA public-key modulus field length in bytes, yyy.
Note: If the token contains an RSA private key section, this field length, yyy, should be zero. The RSA private key section contains the modulus. 


Key size in bits       modulus length in bytes
     4096                      512 (0x0200)               
     6144                      768 (0x0300)            
     8192                      1024 (0x0400)
012 xxx Public-key exponent. Must be odd, and 1 ≤ e < n. Must not exceed 512 bytes.
012+xxx yyy Modulus, n. n = pq, where p and q are prime and 2512n < 24096. This field is absent when the modulus is contained in the private-key section. If present, the field length is 64 - 512 bytes.
Table 4. PKA certificate-information subsection (X'42') of PKA public-key certificate section (X'40')
Offset (bytes) Length (bytes) Description
000 001 Subsection identifier:
X'42'
PKA certificate information
001 001 Subsection version number (X'00').
002 002 Subsection length in bytes (4+iii), where iii is:

length of TLV object X'50' +
length of TLV object X'51' +
length of TLV object X'52'.
004 iii The information field that contains any of the optional TLV objects:
Tag
Description
X'50'
User data
X'51'
Private key EID
X'52'
Serial number
Table 5. PKA user-data TLV object (X'50') of PKA certificate-information subsection (X'42')
Offset (bytes) Length (bytes) Description
000 001 Tag identifier:
X'50'
PKA user-data TLV object
001 001 TLV object version number (X'00').
002 002 TLV object length in bytes (4+uuu; 0≤uuu≤64).
004 uuu User-provided data.
Table 6. PKA private-key EID TLV object (X'51') of PKA certificate-information subsection (X'42')
Offset (bytes) Length (bytes) Description
000 001 Tag identifier:
X'51'
PKA private-key EID TLV object
001 001 TLV object version number (X'00').
002 002 TLV object length in bytes (X'0014').
004 016 EID string of the CCA node that generated the public and private key. This TLV must be provided in a skeleton key-token with usage of the PKA Key Generate verb. The verb fills in the EID string prior to certifying the public key. The EID value is encoded using the ASCII character set.
Table 7. PKA serial number TLV object (X'52') of PKA certificate-information subsection (X'42')
Offset (bytes) Length (bytes) Description
000 001 Tag identifier:
X'52'
PKA serial number TLV object
001 001 TLV object version number (X'00').
002 002 TLV object length in bytes (X'000C').
004 008 Serial number of the coprocessor that generated the public and private key. This TLV must be provided in a skeleton key-token with usage of the PKA Key Generate verb. The verb fills in the serial number prior to certifying the public key.
Table 8. PKA signature subsection (X'45') of the PKA public-key certificate section (X'40')

Table with three columns describing the PKA signature subsection (X'45') of the PKA public-key certificate section (X'40')
Offset (bytes) Length (bytes) Description
000 001 Subsection identifier:
X'45'
PKA signature
001 001 Subsection version number (X'00').
002 002 Subsection length in bytes (70+sss).
004 001 Hash algorithm identifier:

For RSA public-key (X'04') with PKA public-key certificate (X'40'):

Value
Meaning
X'01'
SHA-1

For ECC public-key (X'21') with PKA public-key certificate (X'40'):

X'03'
SHA-256
X'04'
SHA-512
005 001 Signature formatting identifier:

For RSA public-key (X'04') with PKA public-key certificate (X'40'):

Value
Meaning
X'01'
ISO/IEC 9796-1 process

For ECC public-key (X'21') with PKA public-key certificate (X'40'):

Value
Meaning
X'05'
ANS X9.62 ECDSA
006 064 Signature-key identifier; the key label of the key used to generate the signature.
070 sss The signature field:

The signature is calculated on data that begins with the signature section identifier (X'40') through the byte immediately preceding this signature field.
Note: More than one signature subsection can be included in a signature section. This accommodates the possibility of a self-signature as well as a device-key signature.