RSA private key token, 1024-bit Modulus-Exponent format with OPK section
View a table describing the RSA private key token format with section identifier X'06'. For this key token, there is only an internal format available.
| Offset (bytes) | Length (bytes) | Description |
|---|---|---|
| 000 | 001 | Section identifier:
This section type is created by the IBM® Version 2 and later CCA Support Program. This section type provides compatibility and interchangeability with the CCF hardware in z/OS® processors. |
| 001 | 001 | Section version number (X'00'). |
| 002 | 002 | Section length in bytes (X'0198'). |
| 004 | 020 | SHA-1 hash value of the private-key subsection cleartext, offset 28 up to and including the modulus that ends at offset 363. |
| 024 | 004 | Reserved, binary zero. |
| 028 | 001 | Key format and security flag byte. Internal key-token:
All other values are reserved and undefined. |
| 029 | 001 | Private key source flag byte:
|
| 030 | 020 | SHA-1 hash of all optional sections that follow the public-key section, if any, else 20 bytes of X'00'. |
| 050 | 001 | Key-usage and translation control flag byte. Key usage:
Translation control:
All other bits are reserved and must be zero. |
| 051 | 001 | Format restriction for digital-signature hash-formatting method:
All other values are reserved and undefined. |
| 052 | 002 | Reserved, binary zero. |
| 054 | 006 | Reserved, binary zero. |
| 060 | 048 | Object Protection Key (OPK) data. 8-byte confounder, three 8-byte DES keys, and two 8-byte
initialization vector values. External key-token: Reserved, binary zero. Internal key-token: The asymmetric master key encrypts the OPK data using the EDE3 algorithm. See Triple-DES ciphering algorithms. |
| 108 | 128 | Private-key exponent, d. d =
e-1mod((p-1)(q-1)), 1 < d < n, and where
e is the public exponent. The OPK encrypts the private key exponent using the EDE5 algorithm. See Triple-DES ciphering algorithms. |
| 236 | 128 | Modulus, n. n = pq, where p and q are prime and 2512 ≤ n < 21024. |
| 364 | 016 | Asymmetric-keys master-key verification pattern. |
| 380 | 020 | SHA-1 hash value of the subsection cleartext, offset 400 to the section end. This hash value is checked after an enciphered private key is deciphered for use. |
| 400 | 002 | Reserved, binary zero. |
| 402 | 002 | Reserved, binary zero. |
| 404 | 002 | Reserved, binary zero. |
| 406 | 002 | Reserved, binary zero. |