| 000 |
001 |
Section identifier:
- X'30'
- RSA private-key, 8192-bit Modulus-Exponent format (RSAAESM2) with
AES-encrypted OPK.
|
| 001 |
001 |
Section version number (X'00'). |
| 002 |
002 |
Section length in bytes: 122 + nnn + ppp
Key size in bits Section length in bytes
4096 122 + 512 + 553 = 1187 (0x04A3)
6144 122 + 768 + 809 = 1699 (0x06A3)
8192 122 + 1024 + 1065 = 2211 (0x08A3)
|
| 004 |
002 |
Length of Associated Data section: 46 |
| 006 |
002 |
Length of payload data in bytes: (ppp)
Key size in bits Payload data length in bytes
4096 553 (0x0229)
6144 809 (0x0329)
8192 1065 (0x0429
|
| 008 |
002 |
Reserved, binary zero. |
|
Sub-section: Associated Data |
| 010 |
001 |
Associated Data Version:
- X'02'
- Version 2
- X'03'
- Version 3 (CRT)
- X'04'
- Version 4
|
| 011 |
001 |
Key format and security flag: External format:
- X'00'
- Unencrypted ME RSA private-key subsection identifier
- X'82'
- Encrypted ME RSA private-key subsection identifier
Internal format:
- X'02'
- Encrypted ME RSA private-key subsection identifier
All other values are reserved and undefined. |
| 012 |
001 |
Key source flag: External key-token: Reserved, binary zero.
Internal key-token:
- X'21'
- External private key was specified in the clear.
- X'22'
- External private key was encrypted.
- X'23'
- Private key was generated using regeneration data
- X'24'
- Private key was randomly generated
All other values are reserved and undefined.
|
| 013 |
001 |
When associated data section version is X'02': Reserved, binary zero. When associated
data section version is X'04': Compliance and export control byte.
- Bit
- Meaning
- B'1xxx xxxx'
- Compliant-tagged key.
- B'0xxx xxxx'
- Non-compliant-tagged key.
- B'xxxx xx1x'
- Private key translation is allowed (XLATE-OK).
- B'xxxx xx0x'
- Private key translation is not allowed (NO-XLATE).
All other bits are reserved and must be zero. |
| 014 |
001 |
Hash type:
- X'00'
- Clear key
- X'02'
- SHA-256
|
| 015 |
032 |
When associated data section version is X'02': SHA-256 hash of all optional sections that
follow the public key section, if any. Otherwise, 32 bytes of binary zero. When associated data
section version is X'04': Hash value of:
- The public key section (section identifier X'04')
- All optional sections that follow the public key section, if any.
If there are no optional sections, the hash covers only the public keys section. |
| 047 |
001 |
Reserved, binary zero. |
| 048 |
002 |
When associated data section version is X'02': Reserved, binary zero. When associated data
section version is X'04':
Usage bytes:
- Offset 48:
- Bit
- Meaning
- B'1xxx xxxx'
- Digital Signature usage is allowed (U-DIGSIG). Services: CSNDDSG, CSNDDSV, CSNDT34B,
CSNDT34D.
- B'x1xx xxxx'
- Non-Repudiation usage is allowed (U-NONRPD). Services: CSNDDSG, CSNDDSV.
- B'xx1x xxxx'
- Key Encipherment usage is allowed (U-KEYENC). Services: CSNDSYG, CSNDSYX, CSNDSYI, CSNDSYI2,
CSNDT34R, CSNDPKE, CSNDPKD.
- B'xxx1 xxxx'
- Data Encipherment usage is allowed (U-DATENC). Services: CSNDPKE, CSNDPKD.
- B'xxxx 1xxx'
- Key agreement usage is allowed (U-KEYAGR).
- B'xxxx x1xx'
- keyCertSign usage is allowed (U-KCRTSN). Services: CSNDDSG, CSNDDSV.
- B'xxxx xx1x'
- Certificate Revocation List Sign usage is allowed (U-CRLSN). Services: CSNDDSG, CSNDDSV.
- B'xxxx xxx1'
- Only encipher operations are allowed during key agreement (U-ENCONL).
- Offset 49:
- Bit
- Meaning
- B'1xxx xxxx'
- Only decipher operations are allowed during key agreement (U-DECONL).
|
| 048 |
002 |
Continued description for Offset 048:
Comp-tag single-usage restrictions and bits that are allowed to be ON together: The
left-column of the table shows the exclusive key types that are allowed with respect to CCA services and the usage bit that corresponds
to each type.
Note:
- For some services, CCA cannot
distinguish subsets of those service types operationally. The bits that correspond to the function
subsets are allowed to be on at the same time as the key type bit, as shown in the table.
- There are cases in RFC 5280 where one bit depends on another bit. Bits that control unique
CCA services are not allowed to be ON
at the same time.
- For keyAgreement, the subset bit or dependent bit is not a stand-in for the
primary key type bit. If encipherOnly is enabled, then
keyAgreement must also be enabled.
- For digitalSignature the case is different, all of the bits that map to the
CCA SIGN-ONLY usage are independent.
For example, a digitalSignature private key is usable in CSNDDSG. If the key token also has the
nonrepudiation bit set, the key token will still be acceptable for use in CSNDDSG and as a Comp-tag token. Also, if the
nonrepudiation bit is set and the digitalSignature bit is not set, then the key
token is usable with CSNDDSG
Single Use Key bits allowed to be
allowed bits enabled at the same time
(Any of the 4 bits at right) (0 - 0x80), digitalSignature
== CCA SIGN-ONLY (1 - 0x40), nonrepudiation,
subset of CCA SIGN-ONLY
(5 - 0x04), keyCertSign,
subset of CCA SIGN-ONLY
(6 - 0x02), cRLSign,
subset of CCA SIGN-ONLY
(2 - 0x20), keyEncipherment NONE
== CCA KM-ONLY
(3 - 0x10), dataEncipherment NONE
== CCA services CSNDPKE, CNSDPKD
(4 - 0x08), keyAgreement (7 - 0x01), encipherOnly, cannot be
== no current CCA service for RSA ON at the same time as decipherOnly
(8 - 0x80), decipherOnly, cannot be
ON at the same time as encipherOnly
|
| 050 |
001 |
When associated data section version is X'02': Key-usage and translation control flag:
Key-usage flag:
- B'11xx xxxx'
- Only key unwrapping (KM-ONLY)
- B'10xx xxxx'
- Both signature generation and key unwrapping (KEY-MGMT)
- B'01xx xxxx'
- Undefined
- B'00xx xxxx'
- Only signature generation (SIG-ONLY)
All other values are undefined.
Translation control:
- B'xxxx xx1x'
- Private key translation is allowed (XLATE-OK)
- B'xxxx xx0x'
- Private key translation is not allowed (NO-XLATE)
All other bits are reserved and must be zero.
When associated data section version is X'04': Reserved, binary zero.
|
| 051 |
001 |
Format restriction for digital-signature hash-formatting method:
- Value
- Meaning
- B'0000 0000'
- No format restriction
- B'0000 0001'
- ISO-9796 only
- B'0000 0010'
- PKCS-1.0 only
- B'0000 0011'
- PKCS-1.1 only
- B'0000 0100'
- PKCS-PSS only
- B'0000 0101'
- X9.31 only
- B'0000 0110'
- ZERO-PAD only
All other values are reserved and undefined.
|
| 052 |
002 |
Length in bytes of modulus: nnn
Key size in bit Modulus length in bytes
4096 512 (0x0200)
6144 768 (0x0300)
8192 1024 (0x0400)
|
| 054 |
002 |
Length in bytes of private exponent: ddd
Key size in bit Modulus length in bytes
4096 512 (0x0200)
6144 768 (0x0300)
8192 1024 (0x0400)
|
|
Sub-section: Object Protection + Payload |
| 056 |
048 |
Object Protection Key (OPK) Data: The OPK consists of a 16 byte confounder and a 256-bit AES
key. External token: The OPK data is wrapped with an AES key-encrypting key using the AESKW (ANS
X9.102) algorithm.
Internal token: The OPK data is wrapped with an APKA master key using the AESKW
algorithm. |
| 104 |
016 |
Key verification pattern External key-token:
- For an encrypted private key
- Key-encrypting key verification pattern (KVP)
- For a clear private key
- Binary zero
- For a skeleton
- Binary zero
Internal key-token:
- For an encrypted private key
-
- When a non-compliant-tagged token (bit 0 at offset 13 is not set), the APKA master-key verification pattern (MKVP).
- When a compliant-tagged token (bit 0 at offset 13 is set), 5 bytes of the ECC MKVP followed by 3
bytes of internal compliance information.
- For a skeleton
- Binary zero
|
| 120 |
002 |
Reserved, binary zeros. |
| 122 |
nnn |
Modulus n. |
| 122+nnn |
ppp |
Formatted section (payload), including private key (exponent) d: opaque, no
change for comp-tag. Payload fields:
- X9.102 header fields: (x9102HashPtHdr_t)
- 6 B ICV
- 1 B padlen
- 1 B hlen
- 1 B hashOpt
- 32 B: SHA256 hash over
- Associated Data
- 'n', the modulus
- d, private key, length of d bytes
Key size in bit Total length in bytes
4096 122 + 512 + 553 = 1187 (0x04A3)
6144 122 + 768 + 809 = 1699 (0x06A3)
8192 122 + 1024 + 1065 = 2211 (0x08A3)
|