z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


DES External Key Token

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

Table 334 shows the format for a DES external key token.

Table 334. Format of External Key Tokens
BytesDescription
0X'02' (flag indicating an external key token)
1Reserved (X'00')
2–3Implementation-dependent bytes (X'0000' for ICSF)
4Key token version number (X'00' or X'01')
5Reserved (X'00')
6Flag byte
Bit
Meaning When Set On
0
Encrypted key is present.
1
Control vector (CV) value has been applied to the key.

Other bits are reserved and are binary zeros.

7
Bit
Meaning When Set On
0-2
Key value encryption method.
  • 000 - the key is encrypted using the original CCA method (ECB).
  • 001 - the key is encrypted using the X9.24 enhanced method (CBC).
These bits are ignored if the token contains no key or a clear key.
3-7
Reserved.
8–15Reserved (X'0000000000000000')
16–23Single-length key or left half of a double-length key, or Part A of a triple-length key. The value is encrypted under a transport key-encrypting key when flag bit 0 is on, otherwise it is in the clear.
24–31X'0000000000000000' if a single-length key or right half of a double-length key, or Part B of a triple-length key. The right half of a double-length key or Part B of a triple-length key is encrypted under a transport key-encrypting key when flag bit 0 is on, otherwise it is in the clear.
32–39Control vector (CV) for single-length key or left half of CV for double-length key
40–47X'0000000000000000' if single-length key or right half of CV for double-length key
48–55X'0000000000000000' if a single-length key, double-length key, or Part C of a triple-length key. This key part is encrypted under a transport key-encrypting key when flag bit 0 is on, otherwise it is in the clear.
56–58Reserved (X'000000')
59 bits 0 and 1B'00'
59 bits 2 and 3
B'00'
Indicates single-length key (version 0 only).
B'01'
Indicates double-length key (version 1 only).
B'10'
Indicates triple-length key (version 1 only).
59 bits 4–7B'0000'
60-63Token validation value (see Token Validation Value for a description).

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014