Variable-Length Cryptographic Key Data Set (CKDS) Record Format

z/OS Cryptographic Services ICSF System Programmer's Guide

Variable-Length Cryptographic Key Data Set (CKDS) Record Format

z/OS Cryptographic Services ICSF System Programmer's Guide
SA22-7520-17

The CKDS record includes the CKDS header and the key record. These tables show the format of each of these records.

The following table presents the format of the variable-length CKDS header record

Table 27. Cryptographic Key Data Set Header Record Format
Offset (Dec)	Number of Bytes	Field Name	Description
0	72	Constant	VSAM key of the CKDS header.
72	8	Creation date	The date the CKDS was initialized in the format yyyymmdd.
80	8	Creation time	The initial time the CKDS was created in the format hhmmssth.
88	8	Last update date	The most recent date the CKDS was updated, in the format yyyymmdd.
96	8	Last update time	The most recent time the CKDS was updated, in the format hhmmssth.
104	2	Sequence number	Initially zero in binary. Incremented each time the data set is processed.
106	2	header flag bytes	Flag bytes. Bit Meaning When Set On 0 The DES master key verification pattern is valid. 1 The DES master key authentication pattern is valid. 2 The AES master key verification pattern is valid. 3–8 Reserved. 9 The record format is variable — always 1 10-15 Reserved. Note: After the bits are set on, the given values remain constant in ICSF.
108	8	DES master key verification pattern	The system DES master key verification pattern.
116	8	DES master key authentication pattern	The system DES master key authentication pattern.
124	8	AES master key verification pattern.	The system AES master key verification pattern.
132	4	Record length	Length of the record in bytes.
136	60	Reserved
196	52	Installation data
248	4	Authentication code	CKDS header authentication code.

The following table presents the format of each variable-length data set record.

Table 28. Variable-Length Cryptographic Key Data Set Record Format
Offset (Dec)	Number of Bytes	Field Name	Description
0	64	Key label	The label or name of this CKDS record. The key label is the first field of the key index.
64	8	Key type	The type of key the record contains. The key type is the second field of the key index.
72	8	Creation date	The initial date the CKDS record was created in the format yyyymmdd.
80	8	Creation time	The initial time the CKDS record was created in the format hhmmssth.
88	8	Last update date	The most recent date the CKDS record was updated in the format yyyymmdd.
96	8	Last update time	The most recent time the CKDS record was updated in the format hhmmssth.
104	4	Record length	Length of the entire record including the key token.
108	60		Reserved.
168	2	CKDS flag bytes	Flag bytes. Bit Meaning When Set On 0 The key within the key token field is a partial key. 1 Reserved. 2 CKDS label must be unique. 3 The record format is variable — always 1 4-7 Reserved. Note: When bit 0 is off, the key within the key token field (offset 104) is an entire key.
170	26		Reserved.
196	52	Installation data
248	20	Authentication code	The record authentication code.
268	variable	Key token	The key token.