RSA private key token, 1024-bit Modulus-Exponent

This RSA private key token is supported starting with CEX3C. It is supported as the external X'02' and the internal X'06' token format.

Table 1 shows the external and internal format.
Table 1. RSA private key, 1024-bit Modulus-Exponent format section (X'02')

RSA private key token, 1024-bit Modulus-Exponent format

Offset (decimal) Length (bytes) Description
000 001

X'02', section identifier, RSA private key, Modulus-Exponent format (RSA-PRIV) for the external format

001 001 X'00', version.
002 002

External format: Length of the RSA private key section X'016C' (364 decimal).

Internal format: Length of the RSA private key section X'0198' (408 decimal) + rrr + iii + xxx.

004 020

External format: SHA-1 hash value of the private key subsection cleartext, offset 28 to the section end. This hash value is checked after an enciphered private key is deciphered for use.

Internal format: SHA-1 hash value of the private key subsection cleartext, offset 28 to and including the modulus at offset 236.

024 004 Reserved; set to binary zero.
028 001 Key format and security:

External format:

X'00'
Unencrypted RSA private key subsection identifier.
X'82'
Encrypted RSA private key subsection identifier.

Internal format:

X'02'
RSA private key
029 001

External format: Reserved, binary zero.

Internal format:

Format of external key from which this token was derived:
X'21'
External private key was specified in the clear.
X'22'
External private key was encrypted.
X'23'
Private key was generated using regeneration data.
X'24'
Private key was randomly generated.
030 020 SHA-1 hash of the optional key-name section and any following optional sections. If there are no optional sections, this field is set to binary zeros.
050 001 Key use flag bits.
B'11xx xxxx'
Only key unwrapping (KM-ONLY)
B'10xx xxxx'
Both signature generation and key unwrapping (KEY-MGMT)
B'01xx xxxx'
Undefined
B'00xx xxxx'
Only signature generation (SIG-ONLY)

Translation control flag bits:

B'xxxx xx1x'
Private key translation is allowed (XLATE-OK)
B'xxxx xx0x'
Private key translation is not allowed (NO-XLATE)

All other bits reserved, set to binary zero.

051 009 Reserved; set to binary zero.
External format: 060 - 235
060 024 Reserved; set to binary zero.
084 Start of the optionally-encrypted secure subsection.
084 024 Random number, confounder.
108 128 Private-key exponent, d. d = e-1 mod((p-1)(q-1)), and 1 < d < n where e is the public exponent.
End of the optionally-encrypted subsection; the confounder field and the private-key exponent field are enciphered for key confidentiality when the key format and security flags (offset 28) indicate the private key is enciphered. They are enciphered under a double-length transport key using the ede2 algorithm.
236 128 Modulus, n. n = pq where p and q are prime and 1 < n < 21024.
External format ends here.
Internal format: 060 - 235
060 048 Object Protection Key (OPK) encrypted under the Asymmetric Keys Master Key using the ede3 algorithm.
108 128 Private key exponent d, encrypted under the OPK using the ede5 algorithm. d = e-1mod((p-1)(q-1)), and 1 < d < n where e is the public exponent.
236 128 Modulus, n. n = pq where p and q are prime and 1 < n < 21024.
Internal format only, until end of table
364 016 Asymmetric-Keys Master Key hash pattern.
380 020 SHA-1 hash value of the blinding information subsection cleartext, offset 400 to the end of the section.
400 002 Length of the random number r, in bytes: rrr
402 002 Length of the random number r–1, in bytes: iii
404 002 Length of the padding field, in bytes: xxx
406 002 Reserved; set to binary zeros.
408 Start of the encrypted blinding subsection
408 rrr Random number r (used in blinding).
408 + rrr iii Random number r–1 (used in blinding).
408 + rrr + iii xxx X'00' padding of length xxx bytes such that the length from the start of the encrypted blinding subsection to the end of the padding field is a multiple of eight bytes.
End of the encrypted blinding subsection; all of the fields starting with the random number r and ending with the variable length pad field are encrypted under the OPK using TDES (CBC outer chaining) algorithm.