RSA Private Key Token, 4096-bit Chinese Remainder Theorem Internal Form

This RSA private key token with up to 2048-bit modulus is supported on all coprocessors. The modulus size is increased to 4096-bit on the z9 EC, z9 BC, z10 EC, z10 BC, or later machines with the Nov. 2007 or later version of the licensed internal code installed on the CCA Crypto Express coprocessor.

Table 1. RSA Private Internal Key Token, 4096-bit Chinese Remainder Theorem Internal Format
Offset (Dec) Number of Bytes Description
000 001 X'08', section identifier, RSA private key, CRT format (RSA-CRT)
001 001 X'00', version.
002 002 Length of the RSA private-key section, 132 + ppp + qqq + rrr + sss + uuu + ttt + iii + xxx + nnn.
004 020 SHA-1 hash value of the private-key subsection cleartext, offset 28 to the end of the modulus.
024 004 Reserved; set to binary zero.
028 001 Key format and security:
X'08'
Encrypted RSA private-key subsection identifier, Chinese Remainder form.
029 001 Key derivation method:
X'21'
External private key was specified in the clear.
X'22'
External private key was encrypted.
X'23'
Private key was generated using regeneration data.
X'24'
Private key was randomly generated.
030 020 SHA-1 hash of the optional key-name section and any following sections. If there are no optional sections, then 20 bytes of X'00'.
050 004 Key use flag bits:
Bit
Meaning When Set On
0
Key management usage permitted.
1
Signature usage not permitted.

All other bits reserved, set to binary zero.
054 002 Length of prime number, p, in bytes: ppp.
056 002 Length of prime number, q, in bytes: qqq.
058 002 Length of dp, in bytes: rrr.
060 002 Length of dq, in bytes: sss.
062 002 Length of U, in bytes: uuu.
064 002 Length of modulus, n, in bytes: nnn.
066 002 Length of the random number r, in bytes: ttt.
068 002 Length of the random number r**-1, in bytes: iii.
070 002 Length of padding field, in bytes: xxx.
072 004 Reserved, set to binary zero.
076 016 RSA Master Key hash pattern.
092 032 Object Protection Key (OPK) encrypted under the RSA Master Key using the TDES (CBC outer chaining) algorithm.
124 Start of the encrypted secure subsection, encrypted under the OPK using TDES (CBC outer chaining).
124 008 Random number, confounder.
132 ppp Prime number, p.
132 + ppp qqq Prime number, q
132 + ppp + qqq rrr dp = d mod(p - 1)
132 + ppp + qqq + rrr sss dq = d mod(q - 1)
132 + ppp + qqq + rrr + sss uuu U = –1mod(p). q**-1 mod(p).
132 + ppp + qqq + rrr + sss + uuu ttt Random number r (used in blinding).
132 + ppp + qqq + rrr + sss + uuu + ttt iii Random number –1 r**-1 (used in blinding).
132 + ppp + qqq + rrr + sss + uuu + ttt + iii xxx X'00' padding of length xxx bytes such that the length from the start of the confounder at offset 124 to the end of the padding field is a multiple of eight bytes.
  End of the encrypted secure subsection; all of the fields starting with the confounder field and ending with the variable length pad field are encrypted under the OPK using TDES (CBC outer chaining) for key confidentiality.
132 + ppp + qqq + rrr + sss + uuu + ttt + iii + xxx nnn Modulus, n. n = pq where p and q are prime and 1<n<2**2048.
Parent topic: RSA private internal key token