Format of trusted block sections
- A token identifier, which specifies if the token contains an external or internal key-token
- A token version number to allow for future changes
- A length in bytes of the trusted block, including the length of the header
| Offset (bytes) | Length (bytes) | Description |
|---|---|---|
| 000 | 001 | Token identifier (a flag that indicates token
type)
|
| 001 | 001 | Token version number (X'00'). |
| 002 | 002 | Length of the key-token structure in bytes. |
| 004 | 004 | Reserved, binary zero. |
Following the header, in no particular order, are trusted block sections. There are five different sections defined, each identified by a one-byte section identifier (X'11' - X'15'). Two of the five sections have subsections defined. A subsection is a tag-length-value (TLV) object, identified by a two-byte subsection tag.
Only sections X'12' and X'14' have subsections defined; the other sections do not. A section and its subsections, if any, are one contiguous unit of data. The subsections are concatenated to the related section, but are otherwise in no particular order. Section X'12' has five subsections defined (X'0001' - X'0005'), and section X'14' has two (X'0001' and X'0002'). Of all the subsections, only subsection X'0001' of section X'14' is required. Section X'14' is also required.
The trusted block sections and subsections are described in detail in the following sections.