RSA private key, 8192-bit Chinese Remainder Theorem with OPK

This RSA private key token with up to 8192-bit modulus is supported on the z9®,z10™, or later machines with the Nov. 2007 or later version of the licensed internal code installed on the CCA Crypto Express coprocessor.

Table 1. RSA private key token, 8192-bit Chinese Remainder Theorem with OPK section (X'08')

RSA private key token, 8192-bit Chinese Remainder Theorem with OPK section (X'08')

Offset (decimal) Number of bytes Description
000 001 X'08', section identifier, RSA private key, CRT format (RSA-CRT) with OPK
001 001 X'00', version.
002 002 Length of the RSA private-key section, 132 + ppp + qqq + rrr + sss + uuu + xxx + nnn.
004 020 SHA-1 hash value of the private-key subsection cleartext, offset 28 to the end of the modulus.
024 004 Reserved; set to binary zero.
028 001 Key format and security flag:

External key token:

X'40'
Unencrypted RSA private-key subsection identifier
X'42'
Encrypted RSA private-key subsection identifier

Internal key token:

X'08'
Encrypted RSA private-key subsection identifier, Chinese Remainder form.

All other values are reserved and undefined.

029 001 Key source flag byte:

External key tokens: Reserved, binary zero.

Internal key tokens:

X'21'
External private key was specified in the clear.
X'22'
External private key was encrypted.
X'23'
Private key was generated using regeneration data.
X'24'
Private key was randomly generated.
030 020 SHA-1 hash of the optional key-name section and any following sections. If there are no optional sections, then 20 bytes of X'00'.
050 001 Key use and translation control flag byte.

Key usage:

B'11xx xxxx'
Only key unwrapping (KM-ONLY)
B'10xx xxxx'
Both signature generation and key unwrapping (KEY-MGMT)
B'01xx xxxx'
Undefined
B'00x xxxx'
Undefined

Translation control:

B'xxxx xx1x'
Private key translation is allowed (XLATE-OK)
B'xxxx xx0x'
Private key translation is not allowed (NO-XLATE)

All other bits reserved, set to binary zero.

051 003 Reserved, binary zero.
054 002 Length of prime number p in bytes: ppp.
056 002 Length of prime number q in bytes: qqq.
058 002 Length of dp in bytes: rrr.
060 002 Length of dq in bytes: sss.
062 002 Length of U in bytes: uuu.
064 002 Length of modulus n in bytes: nnn.
066 002 Reserved, binary zero.
068 002 Reserved, binary zero.
070 002 Length of padding field in bytes: xxx.
072 004 Reserved, set to binary zero.
076 016 External key token: Reserved, binary zero.

Internal key token:

Asymmetric master-key verification pattern.
092 032 External key token: Reserved, binary zero.

Internal key token:

Object Protection Key (OPK) data, 8-byte confounder and three 8-byte DES keys used in the Triple-DES CBC process to encrypt the private key and blinding information. These 32 bytes are Triple-DES CBC encrypted by the asymmetric master key.

124 Start of the (optionally) encrypted subsection.

External key token:

  • When offset 028 is X'40', the subsection is not encrypted.
  • When offset 028 is X'42', the subsection is encrypted by the double-length transport key using the Triple-DES CBC process.

Internal key token:

  • When offset 028 is X'08', the subsection is encrypted by the triple-length OPK using the Triple-DES CBC process.
124 008 Random number confounder.
132 ppp Prime number p.
132 + ppp qqq Prime number q
132 + ppp + qqq rrr dp = d mod(p - 1)
132 + ppp + qqq + rrr sss dq = d mod(q - 1)
132 + ppp + qqq + rrr + sss uuu U = q**-1 mod(p).
132 + ppp + qqq + rrr + sss + uuu xxx X'00' padding of length xxx bytes such that the length from the start of the confounder at offset 124 to the end of the padding field is a multiple of eight bytes.
End of the encrypted secure subsection; all of the fields starting with the confounder field and ending with the variable length pad field are encrypted under the OPK using TDES (CBC outer chaining) for key confidentiality.
132 + ppp + qqq + rrr + sss + uuu + xxx nnn Modulus n. n = pq where p and q are prime and 2512 ≤ n < 24096.