RSA private key token, 1024-bit Modulus-Exponent
This RSA private key token is supported starting with CEX3C. It is supported as the external X'02' and the internal X'06' token format.
| Offset (decimal) | Length (bytes) | Description |
|---|---|---|
| 000 | 001 |
X'02', section identifier, RSA private key, Modulus-Exponent format (RSA-PRIV) for the external format |
| 001 | 001 | X'00', version. |
| 002 | 002 |
External format: Length of the RSA private key section X'016C' (364 decimal). Internal format: Length of the RSA private key section X'0198' (408 decimal) + rrr + iii + xxx. |
| 004 | 020 |
External format: SHA-1 hash value of the private key subsection cleartext, offset 28 to the section end. This hash value is checked after an enciphered private key is deciphered for use. Internal format: SHA-1 hash value of the private key subsection cleartext, offset 28 to and including the modulus at offset 236. |
| 024 | 004 | Reserved; set to binary zero. |
| 028 | 001 | Key format and security: External format:
Internal format:
|
| 029 | 001 | External format: Reserved, binary zero. Internal format: Format of external key from which this token was derived:
|
| 030 | 020 | SHA-1 hash of the optional key-name section and any following optional sections. If there are no optional sections, this field is set to binary zeros. |
| 050 | 001 | Key use flag bits.
Translation control flag bits:
All other bits reserved, set to binary zero. |
| 051 | 009 | Reserved; set to binary zero. |
| External format: 060 - 235 | ||
| 060 | 024 | Reserved; set to binary zero. |
| 084 | Start of the optionally-encrypted secure subsection. | |
| 084 | 024 | Random number, confounder. |
| 108 | 128 | Private-key exponent, d. d = e-1 mod((p-1)(q-1)), and 1 < d < n where e is the public exponent. |
| End of the optionally-encrypted subsection; the confounder field and the private-key exponent field are enciphered for key confidentiality when the key format and security flags (offset 28) indicate the private key is enciphered. They are enciphered under a double-length transport key using the ede2 algorithm. | ||
| 236 | 128 | Modulus, n. n = pq where p and q are prime and 1 < n < 21024. |
| External format ends here. | ||
| Internal format: 060 - 235 | ||
| 060 | 048 | Object Protection Key (OPK) encrypted under the Asymmetric Keys Master Key using the ede3 algorithm. |
| 108 | 128 | Private key exponent d, encrypted under the OPK using the ede5 algorithm. d = e-1mod((p-1)(q-1)), and 1 < d < n where e is the public exponent. |
| 236 | 128 | Modulus, n. n = pq where p and q are prime and 1 < n < 21024. |
| Internal format only, until end of table | ||
| 364 | 016 | Asymmetric-Keys Master Key hash pattern. |
| 380 | 020 | SHA-1 hash value of the blinding information subsection cleartext, offset 400 to the end of the section. |
| 400 | 002 | Length of the random number r, in bytes: rrr |
| 402 | 002 | Length of the random number r–1, in bytes: iii |
| 404 | 002 | Length of the padding field, in bytes: xxx |
| 406 | 002 | Reserved; set to binary zeros. |
| 408 | Start of the encrypted blinding subsection | |
| 408 | rrr | Random number r (used in blinding). |
| 408 + rrr | iii | Random number r–1 (used in blinding). |
| 408 + rrr + iii | xxx | X'00' padding of length xxx bytes such that the length from the start of the encrypted blinding subsection to the end of the padding field is a multiple of eight bytes. |
| End of the encrypted blinding subsection; all of the fields starting with the random number r and ending with the variable length pad field are encrypted under the OPK using TDES (CBC outer chaining) algorithm. | ||