ECC Key Token Format

z/OS Cryptographic Services ICSF System Programmer's Guide

ECC Key Token Format

z/OS Cryptographic Services ICSF System Programmer's Guide
SA22-7520-17

The following table presents the format of the ECC Key Token.

Table 70. ECC Key Token Format
Offset (Dec)	Number of Bytes	Description
Token Header
000	001	Token identifier. X'00' Null token X'1E' External token X'1F' Internal token; the private key is protected by the master key
001	001	Version, X'00'.
002	002	Length of the key token structure excluding the internal information section.
004	004	Ignored; should be zero.

ECC Token Private section
000	001	X'20', section identifier, ECC private key
001	001	X'00', version.
002	002	Section length.
004	001	Wrapping Method: This value indicates the wrapping method used to protect the data in the encrypted section. It is not the method used to protect the Object Protection Key (OPK). X'00' Clear - section is unencrypted. X'01' AESKW X'02' CBC Wrap - Other
005	001	Hash used for Wrapping X'01' SHA224 X'02' SHA256 X'04' Reserved. X'08 ' Reserved
006	002	Reserved Binary Zero
008	001	Key Usage: X'C0' Key Agreement X'80' Both signature generation and key agreement X'00' Signature generation only X'02' Translate allowed The two high-order bits indicate permitted key usage in the decryption of symmetric keys and in the generation of digital signatures. The bit in the second nibble indicates if the key is translatable. A key is translatable if it can be re-encrypted from one key encrypting key to another.
009	001	Curve type: X'00' Prime curve X'01' Brainpool curve
010	001	Key Format and Security Flag. External Token: X'40' Unencrypted ECC private key identifier X'42' Encrypted ECC private key identifier Internal Token: X'08' Encrypted ECC private key identifier
011	001	Reserved Binary Zero
012	002	Length of p in bits X'00C0' Prime P-192 X'00E0' Prime P-224 X'0100' Prime P-256 X'0180' Prime P-384 X'0209' Prime P-521 X'00A0' Brainpool p-160 X'00C0' Brainpool P-192 X'00E0' Brainpool P-224 X'0100' Brainpool P-256 X'0140' Brainpool P-320 X'0180' Brainpool P-384 X'0200' Brainpool P-512)
014	002	IBM Associated Data length. The length of this field must be greater than or equal to 16
016	008	External Token: Unencrypted – Reserved Binary 0x'00' Encrypted – KVP of the AESKEK Internal Token: MKVP
024	048	External Token: reserved binary zeros. Internal Token: Object Protection Key (OPK), ICV (Integrity Check value), 8 byte confounder and a 256-bit AES key used with the AESKW algorithm to encrypt the ECC private key. The OPK is encrypted by the AES master key using AESKW as well. Example format for OPK data passed to AESKW: 8 bytes = A6A6A6A6A6A60000 40 bytes = Confounder(8)/Key(32)
072	002	Associated data length, aa
074	002	Length of formatted section in bytes, bb
076	aa	Associated data (See Table 71 for the Associated Data format).
076 + aa	Start of formatted section	If this section is in the clear it contains private key d. If it is encrypted it contains the AESKW wrapped payload.
76 + aa	bb	Formatted section which includes Private key d See Table 72 for the format of the AESKW Wrapped Payload
76 + aa + bb	End of formatted section
ECC Token Public Section
000	001	X'21', section identifier
001	001	X'00', version.
002	002	Section length
004	004	Reserved field, binary zero
008	001	Curve type X'00' Prime curve X'01' Brainpool curve
009	001	Reserved field, binary zero
010	002	Length of p in bits: X'00C0' Prime P-192 X'00E0' Prime P-224 X'0100' Prime P-256 X'0180' Prime P-384 X'0209' Prime P-521 X'00A0' Brainpool P-160 X'00C0' Brainpool P-192 X'00E0' Brainpool P-224 X'0100' Brainpool P-256 X'0140' Brainpool P-320 X'0180' Brainpool P-384 X'0200' Brainpool P-512
012	002	This field is the length of the public key q value in bytes, the maximum value could be up to 133 bytes, cc. The value includes the key material length and one byte to indicate if the key material is compressed or uncompressed.
014	cc	Public Key , q field

Associated Data Format for ECC Token

The table below defines the associated data as it is stored in the ECC token in the clear. Associated data is data whose integrity but not confidentiality is protected by a key wrap mechanism.

Table 71. Associated Data Format for ECC Private Key Token
Offset (Dec)	Number of Bytes	Description
000	001	Associated Data Version. 0 for ECC
001	001	Length of Key Label, kl
002	002	IBM Associated Data length, 16 + kl + xxx
004	002	IBM Extended Associated Data length, xxx
006	001	User Definable Associated Data length, yyy. User definable lengths are from 0 bytes to 100 bytes.
007	001	Curve Type
008	002	Length of p in bits
010	001	Usage flag
011	001	Format and Security flag
012	004	reserved
016	kl	Key Label (optional)
016 + kl	xxx	IBM Extended Associated Data
016 + kl + xxx	yyy	User-definable Associated Data

AESKW Wrapped Payload Format for ECC Private Key Token

This table defines the contents of the AESKW payload: data will be copied into this format, then encrypted with the OPK according to the AESKW specification, and the result will be stored in the encrypted data section.

Table 72. AESKW Wrapped Payload Format for ECC Private Key Token
Offset (Dec)	Number of Bytes	Description
000	006	ICV (‘A6'....)
006	001	Length of padding in bits
007	001	Length of the hash of the associated data in bytes, ii
008	004	Hash options
012	ii	Hash of Associated Data
12+ii	mm	Key data
12+ii+mm	0-7	Padding to a multiple of 8 bytes

Notices | Terms of use | Support | Contact z/OS | zFavorites