0 | X'02' (flag indicating an
external key token) |
1 | Reserved (X'00') |
2–3 | Implementation-dependent bytes (X'0000' for ICSF) |
4 | Key token version number (X'00' or X'01') |
5 | Reserved (X'00') |
6 | Flag byte
- Bit
- Meaning When Set On
- 0
- Encrypted key is present.
- 1
- Control vector (CV) value has been applied to the key.
Other bits are reserved and are binary zeros. |
7 |
- Bit
- Meaning When Set On
- 0-2
- Key value encryption method.
- 000 - the key is encrypted using the original CCA method (ECB).
- 001 - the key is encrypted using the X9.24 enhanced method (CBC).
These bits are ignored if the token contains no key or a clear
key.
- 3-7
- Reserved.
|
8–15 | Reserved (X'0000000000000000') |
16–23 | Single-length key or left half of
a double-length key, or Part A of a triple-length key. The value is
encrypted under a transport key-encrypting key when flag bit
0 is on, otherwise it is in the clear. |
24–31 | X'0000000000000000' if a
single-length key or right half of a double-length key, or Part B
of a triple-length key. The right half of a double-length key or Part
B of a triple-length key is encrypted under a transport key-encrypting
key when flag bit 0 is on, otherwise it is in the clear. |
32–39 | Control vector (CV) for single-length
key or left half of CV for double-length key |
40–47 | X'0000000000000000' if single-length
key or right half of CV for double-length key |
48–55 | X'0000000000000000' if a
single-length key, double-length key, or Part C of a triple-length
key. This key part is encrypted under a transport key-encrypting
key when flag bit 0 is on, otherwise it is in the clear. |
56–58 | Reserved (X'000000') |
59 bits 0 and 1 | B'00' |
59 bits 2 and 3 |
- B'00'
- Indicates single-length key (version 0 only).
- B'01'
- Indicates double-length key (version 1 only).
- B'10'
- Indicates triple-length key (version 1 only).
|
59 bits 4–7 | B'0000' |
60-63 | Token validation value (see Token Validation Value for a description). |