Token Header |
000 | 001 | Token identifier.
- X'00'
- Null token
- X'1E'
- External token
- X'1F'
- Internal token; the private key is protected by the master key
|
001 | 001 | Version, X'00'. |
002 | 002 | Length of the key token structure
excluding the internal information section. |
004 | 004 | Ignored; should be zero. |
| | |
ECC Token Private section |
000 | 001 | X'20', section identifier,
ECC private key |
001 | 001 | X'00', version. |
002 | 002 | Section length. |
004 | 001 | Wrapping Method: This value indicates the wrapping
method used to protect the data in the encrypted section. It is not
the method used to protect the Object Protection Key (OPK).
- X'00'
- Clear - section is unencrypted.
- X'01'
- AESKW
- X'02'
- CBC Wrap - Other
|
005 | 001 | Hash used for Wrapping
- X'01'
- SHA224
- X'02'
- SHA256
- X'04'
- Reserved.
- X'08 '
- Reserved
|
006 | 002 | Reserved Binary Zero |
008 | 001 | Key Usage:
- X'C0'
- Key Agreement
- X'80'
- Both signature generation and key agreement
- X'00'
- Signature generation only
- X'02'
- Translate allowed
The two high-order bits indicate permitted key usage in the decryption
of symmetric keys and in the generation of digital signatures. The
bit in the second nibble indicates if the key is translatable. A key
is translatable if it can be re-encrypted from one key encrypting
key to another. |
009 | 001 | Curve type:
- X'00'
- Prime curve
- X'01'
- Brainpool curve
|
010 | 001 | Key Format and Security Flag.
External Token:
- X'40'
- Unencrypted ECC private key identifier
- X'42'
- Encrypted ECC private key identifier
Internal Token:
- X'08'
- Encrypted ECC private key identifier
|
011 | 001 | Reserved Binary Zero |
012 | 002 | Length of p in bits
- X'00C0'
- Prime P-192
- X'00E0'
- Prime P-224
- X'0100'
- Prime P-256
- X'0180'
- Prime P-384
- X'0209'
- Prime P-521
- X'00A0'
- Brainpool p-160
- X'00C0'
- Brainpool P-192
- X'00E0'
- Brainpool P-224
- X'0100'
- Brainpool P-256
- X'0140'
- Brainpool P-320
- X'0180'
- Brainpool P-384
- X'0200'
- Brainpool P-512)
|
014 | 002 | IBM Associated Data length. The length of this
field must be greater than or equal to 16 |
016 | 008 | External Token:
- Unencrypted – Reserved Binary 0x'00'
- Encrypted – KVP of the AESKEK
Internal Token: MKVP |
024 | 048 | External Token: reserved binary zeros.
Internal
Token: Object Protection Key (OPK), ICV (Integrity Check value), 8
byte confounder and a 256-bit AES key used with the AESKW algorithm
to encrypt the ECC private key.
The OPK is encrypted by the
AES master key using AESKW as well. Example format for OPK data passed
to AESKW:
- 8 bytes = A6A6A6A6A6A60000
- 40 bytes = Confounder(8)/Key(32)
|
072 | 002 | Associated data length, aa |
074 | 002 | Length of formatted section in bytes, bb |
076 | aa | Associated data (See Table 71 for
the Associated Data format). |
076 + aa | Start of formatted section | If this section is in the clear it contains
private key d.
If it is encrypted it contains the AESKW wrapped
payload. |
76 + aa | bb | Formatted section which includes Private key
d
See Table 72 for the format of the AESKW Wrapped
Payload |
76 + aa + bb | End of formatted section | |
ECC Token Public Section |
000 | 001 | X'21', section identifier |
001 | 001 | X'00', version. |
002 | 002 | Section length |
004 | 004 | Reserved field, binary zero |
008 | 001 | Curve type
- X'00'
- Prime curve
- X'01'
- Brainpool curve
|
009 | 001 | Reserved field, binary zero |
010 | 002 | Length of p in bits:
- X'00C0'
- Prime P-192
- X'00E0'
- Prime P-224
- X'0100'
- Prime P-256
- X'0180'
- Prime P-384
- X'0209'
- Prime P-521
- X'00A0'
- Brainpool P-160
- X'00C0'
- Brainpool P-192
- X'00E0'
- Brainpool P-224
- X'0100'
- Brainpool P-256
- X'0140'
- Brainpool P-320
- X'0180'
- Brainpool P-384
- X'0200'
- Brainpool P-512
|
012 | 002 | This field is the length of the public key q
value in bytes, the maximum value could be up to 133 bytes, cc. The
value includes the key material length and one byte to indicate if
the key material is compressed or uncompressed. |
014 | cc | Public Key , q field |