Version 2.0 of the PKCS #1 standard ⁴ defines methods for formatting keys and hashes prior to RSA encryption of the resulting data structures. The lower versions of the PKCS #1 standard defined block types 0, 1, and 2, but in the current standard that terminology is dropped.

ICSF implemented these processes using the terminology of the Version 2.0 standard:

• For formatting keys for secured transport (CSNDSYX, CSNDSYG, CSNDSYI):
  • RSAES-OAEP, the preferred method for key-encipherment ⁵ when exchanging DATA keys between systems. Keyword PKCSOAEP is used to invoke this formatting technique. The P parameter described in the standard is not used and its length is set to zero.
  • RSAES-PKCS1-v1_5, is an older method for formatting keys. Keyword PKCS-1.2 is used to invoke this formatting technique.
• For formatting hashes for digital signatures (CSNDDSG and CSNDDSV):
  • RSASSA-PKCS1-v1_5, the newer name for the block-type 1 format. Keyword PKCS-1.1 is used to invoke this formatting technique.
  • The PKCS #1 specification no longer discusses use of block-type 0. Keyword PKCS-1.0 is used to invoke this formatting technique. Use of block-type 0 is discouraged.

Using the terminology from older versions of the PKCS #1 standard, block types 0 and 1 are used to format a hash and block type 2 is used to format a DES key. The blocks consist of (|| means concatenation): X'00' || BT || PS || X'00' D where:

• BT is the block type, X'00', X'01', X'02'.
• PS is the padding of as many bytes as required to make the block the same length as the modulus of the RSA key, and is bytes of X'00' for block type 0, X'01' for block type 1, and random and non-X'00' for block type 2. The length of PS must be at least 8 bytes.
• D is the key, or the concatenation of the BER-encoded hash identifier and the hash.

You can create the BER encoding of an MD5 or SHA-1 value by prepending these strings to the 16 or 20-byte hash values, respectively: