STATKPR

This keyword returns non-secret information about a particular named operational key part loaded by the TKE to the user.

The structures for various key types are given under section STATKPR output data. An appropriate name for an existing operational key part is expected to be provided as described in section STATKPR input data. If not, the error return code of 8 and a reason code of 1026 is be returned, meaning key name not found.

STATKPR input data

A 64-byte key name must be provided in the verb_data field, while the verb_data_length must be set to a value of 64.

The operational key name must exactly match the name returned by a call to STATKPRL.

STATKPR output data

Note:
  1. The fields are returned in the order given.
  2. Output data overwrites the input data in the verb_data field, and set the verb_data_length field to the output value.
  3. The verb_data_length parameter indicates the total size, at the bottom of the table describing the verb_data.

    Notice that the output data is smaller than the input data.

  4. Multiple byte fields are stored in Big-Endian format, as is typical for CEX*C communication.
Table 1. Output data format for STATKPR operational key parts

Output data format for STATKPR operational key parts

Field name Length in bytes Description
state 1 State of the key part register:
Value
Description
X'00'
The register is empty.
X'01'
The first DES key part was entered for the named key into this register.
X'02'
An intermediate DES key part (part after first) has been entered.
X'03'
The register contains a completed DES key.
X'11'
The first AES key part was entered for the named key into this register.
X'12'
An intermediate AES key part (part after first) has been entered.
X'13'
The register contains a completed AES key.
reserved 1 Will have a value of X'00'.
key_length 1 Length of key in bytes. For DES keys, values are: 8, 16, 24. For AES keys, values are: 16, 24, 32.
cv_length 1 Length of Control Vector (CV) for key part, in bytes. The value is 8 or 16, indicating how much of the CV field to use. CV is not a variable length field.
cv 16 Control Vector for the operational key part.
reserved_2 8 Has a value of X'00' for the entire length.
key_part_hash 20 Hash over the key stored in the key part register. For DES keys, the hash algorithm is SHA-1. For AES keys, the hash algorithm is SHA-256. This is the default behavior.

If the keyword CMACZERO has been passed, then this field contains 5 bytes of a CMACZERO key check value over the key stored in the key part register. The remaining bytes are 0x00.

If the keyword ENC-ZERO has been passed but the keyword CMACZERO has not been passed, then this field contains only bytes of 0x00.

ver_pattern 4 Verification pattern over the key calculated using the default algorithm. This is the default behavior.

If the keyword ENC-ZERO has been passed and the key in the key part register is a DES key, then this field contains 3 bytes of an ENC-ZERO key check value over the key stored in the key part register. The remaining bytes are 0x00.

If the keyword CMACZERO has been passed but the keyword ENC-ZERO has not been passed, or if the key in the key part register is not a DES key, then this field contains only bytes of 0x00.

Total byte count 52