A trusted block is a concatenation of a header followed by an unordered set of sections. The data structures of these sections are summarized in the following table:
Section | Reference | Usage |
---|---|---|
Header | Table 1 | Trusted block token header |
X'11' | Table 2 | Trusted block public key |
X'12' | Table 3 | Trusted block rule |
X'13' | Table 10 | Trusted block name (key label) |
X'14' | Table 11 | Trusted block information |
X'15' | Table 15 | Trusted block application-defined data |
Following the token header of a trusted block is an unordered set of sections. A trusted block is formed by concatenating these sections to a trusted block header:
The trusted block trusted RSA public-key section includes the key itself in addition to a key-usage flag. No multiple sections are allowed.
A trusted block may have zero or more rule sections.
The trusted block name section provides a 64-byte variable to identify the trusted block, just as key labels are used to identify other CCA keys. This name, or label, enables a host access-control system such as RACF to use the name to verify that the application has authority to use the trusted block. No multiple sections are allowed.
The trusted block information section contains control and security information related to the trusted block. The information section is required while the others are optional. This section contains the cryptographic information that guarantees its integrity and binds it to the local system. No multiple sections are allowed.
The trusted block application-defined data section can be used to include application-defined data in the trusted block. The purpose of the data in this section is defined by the application. CCA does not examine or use this data in any way. No multiple sections are allowed.