z/OS Cryptographic Services ICSF System Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


AES Internal Key Token

z/OS Cryptographic Services ICSF System Programmer's Guide
SA22-7520-17

Table 47 shows the format for an AES internal key token.

Table 47. Internal Key Token Format
BytesDescription
0X'01' (flag indicating this is an internal key token)
1-3Implementation-dependent bytes (X'000000' for ICSF)
4Key token version number (X'04')
5Reserved - must be set to X'00'
6Flag byte
Bit
Meaning When Set On
0
Encrypted key and master key verification pattern (MKVP) are present.

Off for a clear key token, on for an encrypted key token.

1
Control vector (CV) value in this token has been applied to the key.
2
No key is present or the AES MKVP is not present if the key is encrypted.
3- 7
Reserved. Must be set to 0.
71-byte LRC checksum of clear key value.
8-15Master key verification pattern (MKVP)

(For a clear AES key token this value will be hex zeros.)

16-47128-bit, 192-bit, or 256-bit key value, left-justified and padded on the right with hex zeros.
48-558-byte control vector.

(For a clear AES key token this value will be hex zeros.)

56-572-byte integer specifying the length in bits of the clear key value.
58-592-byte integer specifying the length in bytes of the encrypted key value.

(For a clear AES key token this value will be hex zeros.)

60-63Token validation value (TVV). See Token Validation Value for more information.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014