| 000 |
001 |
Section identifier:
- X'31'
- RSA private key, 8192-bit Chinese-Remainder Theorem format with AES
encrypted OPK (RSA-AESC)
|
| 001 |
001 |
Section version number (X'00'). |
| 002 |
002 |
Section length in bytes: 134 + nnn + ppp
Key size in bits Section Length in bytes
4096 134 + 512 + 1065 = 1711 (0x06AF)
6144 134 + 768 + 1577 = 2479 (0x09AF)
8192 134 + 1024 + 2089 = 3247 (0x0CAF)
|
| 004 |
002 |
Length in bytes of Associated Data section |
| 006 |
002 |
Length in bytes of payload data: ppp
Key size in bits Payload length in bytes
4096 1065 (0x0429)
6144 1577 (0x0629)
8192 2089 (0x0829)
|
| 008 |
002 |
Reserved, binary zero. |
| Start of Associated Data section |
| 010 |
001 |
Associated Data version:
- X'03'
- Version 3
- X'05'
- Version 5
|
| 011 |
001 |
Key format and security flag: External key-token:
- X'40'
- Unencrypted RSA private-key subsection identifier
- X'42'
- Encrypted RSA private-key subsection identifier
Internal key-token:
- X'08'
- Encrypted RSA private-key subsection identifier
All other values are reserved and undefined.
|
| 012 |
001 |
Key source flag: External key-token: Reserved, binary zero. Internal
key-token:
- X'21'
- External private key was specified in the clear.
- X'22'
- External private key was encrypted.
- X'23'
- Private key was generated using regeneration data.
- X'24'
- Private key was randomly generated.
All other values are reserved and undefined.
|
| 013 |
001 |
When associated data section version is X'03': Reserved, binary zero. When associated
data section version is X'05': Compliance and export control byte.
- Bit
- Meaning
- B'1xxx xxxx'
- Compliant-tagged key.
- B'0xxx xxxx'
- Non-compliant-tagged key.
- B'xxxx xx1x'
- Private key translation is allowed (XLATE-OK).
- B'xxxx xx0x'
- Private key translation is not allowed (NO-XLATE).
All other bits are reserved and must be zero. |
| 014 |
001 |
Hash type:
- X'00'
- Clear key
- X'02'
- SHA-256
|
| 015 |
032 |
When associated data section version is X'03': SHA-256 hash of all optional sections that
follow the public key section, if any. Otherwise, 32 bytes of binary zero. When associated data
section version is X'04': Hash value of:
- The public key section (section identifier X'04')
- All optional sections that follow the public key section, if any.
If there are no optional sections, the hash covers only the public keys section. |
| 047 |
001 |
Reserved, binary zero. |
| 048 |
002 |
When associated data section version is X'03': Reserved, binary zero. When associated data
section version is X'05':
Usage bytes:
- Offset 48:
- Bit
- Meaning
- B'1xxx xxxx'
- Digital Signature usage is allowed (U-DIGSIG). Services: CSNDDSG, CSNDDSV, CSNDT34B,
CSNDT34D.
- B'x1xx xxxx'
- Non-Repudiation usage is allowed (U-NONRPD). Services: CSNDDSG, CSNDDSV.
- B'xx1x xxxx'
- Key Encipherment usage is allowed (U-KEYENC). Services: CSNDSYG, CSNDSYX, CSNDSYI, CSNDSYI2,
CSNDT34R, CSNDPKE, CSNDPKD.
- B'xxx1 xxxx'
- Data Encipherment usage is allowed (U-DATENC). Services: CSNDPKE, CSNDPKD.
- B'xxxx 1xxx'
- Key agreement usage is allowed (U-KEYAGR).
- B'xxxx x1xx'
- keyCertSign usage is allowed (U-KCRTSN). Services: CSNDDSG, CSNDDSV.
- B'xxxx xx1x'
- Certificate Revocation List Sign usage is allowed (U-CRLSN). Services: CSNDDSG, CSNDDSV.
- B'xxxx xxx1'
- Only encipher operations are allowed during key agreement (U-ENCONL).
- Offset 49:
- Bit
- Meaning
- B'1xxx xxxx'
- Only decipher operations are allowed during key agreement (U-DECONL).
|
| 048 |
002 |
Continued description for Offset 048:
Comp-tag single-usage restrictions and bits that are allowed to be ON together: The
left-column of the table shows the exclusive key types that are allowed with respect to CCA services and the usage bit that corresponds
to each type.
Note:
- For some services, CCA cannot
distinguish subsets of those service types operationally. The bits that correspond to the function
subsets are allowed to be on at the same time as the key type bit, as shown in the table.
- There are cases in RFC 5280 where one bit depends on another bit. Bits that control unique
CCA services are not allowed to be ON
at the same time.
- For keyAgreement, the subset bit or dependent bit is not a stand-in for the primary key type
bit. If encipherOnly is enabled, then keyAgreement must also be enabled.
- For digitalSignature the case is different, all of the bits that map to the CCA SIGN-ONLY usage are independent. For
example, a digitalSignature private key is usable in CSNDDSG. If the key token also has the
nonrepudiation bit set, the key token will still be acceptable for use in CSNDDSG and as a Comp-tag token. Also, if the
nonrepudiation bit is set and the digitalSignature bit is not set, then the key token is usable with
CSNDDSG.
Single Use Key bits allowed to be
allowed bits enabled at the same time
(Any of the 4 bits at right) (0 - 0x80), digitalSignature
== CCA SIGN-ONLY (1 - 0x40), nonrepudiation,
subset of CCA SIGN-ONLY
(5 - 0x04), keyCertSign,
subset of CCA SIGN-ONLY
(6 - 0x02), cRLSign,
subset of CCA SIGN-ONLY
(2 - 0x20), keyEncipherment NONE
== CCA KM-ONLY
(3 - 0x10), dataEncipherment NONE
== CCA services CSNDPKE, CNSDPKD
(4 - 0x08), keyAgreement (7 - 0x01), encipherOnly, cannot be
== no current CCA service for RSA ON at the same time as decipherOnly
(8 - 0x80), decipherOnly, cannot be
ON at the same time as encipherOnly
|
| 050 |
001 |
Key-usage flag:
- B'11xx xxxx'
- Only key unwrapping (KM-ONLY)
- B'10xx xxxx'
- Both signature generation and key unwrapping (KEY-MGMT)
- B'01xx xxxx'
- Undefined
- B'00xx xxxx'
- Only signature generation (SIG-ONLY)
Translation control flag:
- B'xxxx xx1x'
- Private key translation is allowed (XLATE-OK)
- B'xxxx xx0x'
- Private key translation is not allowed (NO-XLATE)
All other bits are reserved and must be zero.
When associated data section version is X'05': Reserved, binary zero. |
| 051 |
001 |
Format restriction for digital-signature hash-formatting method:
- Value
- Meaning
- B'0000 0000'
- No format restriction
- B'0000 0001'
- ISO-9796 only
- B'0000 0010'
- PKCS-1.0 only
- B'0000 0011'
- PKCS-1.1 only
- B'0000 0100'
- PKCS-PSS only
- B'0000 0101'
- X9.31 only
- B'0000 0110'
- ZERO-PAD only
All other values are reserved and undefined.
|
| 052 |
002 |
Length in bytes of the prime number p: ppp.
Key size in bits Prime p length in bytes
4096 256 (0x0100)
6144 384 (0x0180)
8192 512 (0x0200)
|
| 054 |
002 |
Length in bytes of the prime number q: qqq
Key size in bits Prime p length in bytes
4096 256 (0x0100)
6144 384 (0x0180)
8192 512 (0x0200)
|
| 056 |
002 |
Length in bytes of dp: rrr
Key size in bits Prime dp length in bytes
4096 256 (0x0100)
6144 384 (0x0180)
8192 512 (0x0200)
|
| 058 |
002 |
Length in bytes of dq: sss
Key size in bits Prime dp length in bytes
4096 256 (0x0100)
6144 384 (0x0180)
8192 512 (0x0200)
|
| 060 |
002 |
Length in bytes of U: uuu
Key size in bits U length in bytes
4096 256 (0x0100)
6144 384 (0x0180)
8192 512 (0x0200)
|
| 062 |
002 |
Length of modulus n: nnn.
Key size in bits Modulus length in bytes
4096 512 (0x0200)
6144 768 (0x0300)
8192 1024 (0x0400)
|
| 064 |
004 |
Reserved, binary zero. |
| Sub-section: Object Protection + Payload |
| 068 |
048 |
Object Protection Key (OPK) data: 16-byte confounder followed by 32-byte AES key. External
key-token: Encrypted with an AES key-encrypting key (AES KEK) Internal key-token: Encrypted
with the APKA master key.
|
| 116 |
016 |
Key verification pattern External key-token:
- For an encrypted private key
- Key-encrypting key verification pattern (KVP)
- For a clear private key
- Binary zero
- For a skeleton
- Binary zero
Internal key-token:
- For an encrypted private key
-
- When a non-compliant-tagged token (bit 0 at offset 13 is not set), the APKA master-key verification pattern (MKVP).
- When a compliant-tagged token (bit 0 at offset 13 is set), 5 bytes of the ECC MKVP followed by 3
bytes of internal compliance information.
- For a skeleton
- Binary zero
|
| 132 |
002 |
Reserved, binary zeros |
| 134 |
nnn |
Modulus n. |
| 134+nnn |
ppp |
Formatted section (payload), including private key (exponent) d: opaque, no change for
comp-tag. Payload fields:
- X9.102 header fields: (x9102HashPtHdr_t)
- 6 B ICV
- 1 B padlen
- 1 B hlen
- 1 B hashOpt
- 32 B: SHA256 hash over
- Associated Data
- 'n', the modulus
- p, private key part, length of p bytes
- q, private key part, length of q bytes
- dp, private key part, length of dp bytes
- dq, private key part, length of dq bytes
Length in bytes of U: uuu
Key size in bits Total length in bytes
4096 134 + 512 + 1065 = 1711 (0x06AF)
6144 134 + 768 + 1577 = 2479 (0x09AF)
8192 134 + 1024 + 2089 = 3247 (0x0CAF)
|