RSA private key token, 8192-bit Modulus-Exponent
This RSA private key token is supported on a CCA Crypto Express coprocessor (external and internal X'09' token).
| Offset (decimal) | Number of bytes | Description |
|---|---|---|
| 000 | 001 | X'09', section identifier, RSA private key, modulus-exponent format (RSAMEVAR). This format is used for a clear or an encrypted RSA private-key in an external key-token up to a modulus size of 8192 bits. |
| 001 | 001 | Section version number (X'00'). |
| 002 | 002 | Length of the RSA private key section: 132+ddd+nnn+xxx. |
| 004 | 020 | SHA-1 hash value of the private key subsection cleartext, offset 28 to the section end. This hash value is checked after an enciphered private key is deciphered for use. |
| 024 | 002 |
External fomat: Length of the encrypted private key section 8+ddd+xxx. Internal fomat: Length in bytes of the optionally encrypted secure subsection, or X'0000' if the subsection is not encrypted. |
| 026 | 002 | Reserved; set to binary zero. |
| 028 | 001 | Key format and security flags: External token:
All other values are reserved and undefined. |
| 029 | 001 |
External format: Reserved, set to binary zero. Internal format: Private key source flag:
|
| 030 | 020 | SHA-1 hash of the optional key-name section. If there is no key-name section, then 20 bytes of X'00'. |
| 050 | 001 | Key-usage and translation control flag byte. Key usage:
Translation control:
All other bits are reserved and must be zero. |
| 051 | 065 | Reserved; set to binary zero. |
| 116 | 002 | Private-key exponent field length, in bytes: ddd. |
| 118 | 002 | Private-key modulus field length, in bytes: nnn. |
| 120 | 002 | Length of padding field, in bytes: xxx. Padding of X'00' bytes for a length of xxx bytes such that the length from the start of the confounder at offset 124 to the end of the padding field is a multiple of 8 bytes. |
| 122 | 002 | Reserved; set to binary zero. |
| Start of the (optionally) encrypted subsection; all of the fields starting with the confounder field and ending with the variable-length pad field are enciphered for key confidentiality when the key format and security flags (offset 28) indicate that the private key is enciphered. | ||
| 124 | 008 | Confounder. This is an eight-byte random number. Data encrypted with two-part key-encrypting key. |
| 132 | ddd | Private-key exponent, d:
where
1 < d < n, and e
is the public exponent. The transport key encrypts the private key exponent using the EDE2 algorithm. |
| 132 + ddd | xxx | Pad of X'00' bytes. |
| End of the optionally encrypted subsection. | ||
| 132 + ddd + xxx | nnn | Private-key modulus. |