|
Command: |
Translate a DES key from encryption under an LMK pair to encryption under a public key. |
|
Field |
Length & Type |
Details |
|---|---|---|
|
COMMAND MESSAGE |
||
|
Message header |
m A |
(Subsequently returned to the Host unchanged). |
|
Command code |
2 A |
Value GK. |
|
Encryption identifier |
2 A |
Identifier of the algorithm used to encrypt the DES key. |
|
Pad mode identifier |
2 N |
Identifier of the pad mode used in the encryption process. 01 = PKCS#1 v1.5 method |
|
Mask Generation Function |
2N |
01 = MGF1 as defined in PKCS#1 v2.0 (see Reference 3) Optional, only present if PAD Mode Identifier is 02 (OAEP) |
|
MGF Hash Function |
2N |
01 = SHA-1 |
|
OAEP Encoding Parameters Length |
2N |
Optional, only present if Pad Mode Identifier is 02 (OAEP). |
|
OAEP Encoding Parameters
|
NB |
Optional, only present if Pad Mode Identifier is 02 (OAEP) If present, this field should be encoded according to Reference 3 section 11.2.1. The HSM does not interpret or validate the contents of this field. If OAEP padding is used, but no Encoding Parameters are provided, then OAEP Parameters Length should be “00”, and this field will be empty. |
|
OAEP Encoding Parameters Delimiter |
1A |
Value “;”. Optional, only present if Pad Mode Identifier is 02 (OAEP) |
|
DES key type |
4 N |
Indicates the required LMK pair, including the LMK variant. |
|
DES key flag |
1 N |
Flag indicates the length of the DES key: 0 : single-length key 1 : double-length key 2 : triple-length key |
|
DES key (LMK) |
16H or 32H or |
DES key, encrypted under the LMK pair indicated by DES key type (length indicated by DES key flag). |
|
Check value |
16 H |
Check value on the DES key. |
|
MAC |
4 B |
MAC on the public key and authentication data, calculated using LMK pair 36-37. |
|
Public key |
n B |
Public key, DER encoded in ASN.1 format (sequence of modulus, exponent). Modulus length 0320 to 2048 bits. |
|
Authentication Data |
n A |
Optional. Additional data to be included in the MAC calculation (must not include “;”). |
|
Delimiter |
1A |
Value “;”. Only Present if the Key Block Type below is present. |
|
Key Block Type |
2N |
01 = Key Block format backward compatible 02 = Key Block Template (format of template is specified below) 03 = Unformatted Key Block This field is Optional for Key Block Type 01, but must be provided if alternative Key Block Type is used. |
|
Key Block Template Length |
4N |
Length of Key Block data Optional. Only present if Key Block Type = 02. |
|
Key Block Template |
NH |
Key Block, DER encoded in ASN.1 format. Key data and Check Value data (if present) zero filled. Optional. Only present if Key Block Type = 02. |
|
Delimiter |
1A |
Value “;”. Optional. Only present if Key Block Type = 02. |
|
DES Key Offset |
4N |
Offset to the position within the Key Block to insert the DES Key Optional. Only present if Key Block Type = 02. |
|
Check value length |
2N |
Length in bytes of Check value field. Permitted values 0-8. If no check value is required then this field will be 0. If Check Value is supplied then the HSM will generate a check value and include it in the Key Block. If Key Block Type = 02 then Check Value is inserted at position indicated by Check Value Offset. Optional. Only present if Key Block Type = 02. |
|
Check Value Offset |
4N |
Offset to the position within the Key Block to insert a check value. If Check Value length is 0 then this field is ignored. Optional. Only present if Key Block Type = 02. |
|
End message delimiter |
1 C |
Optional. Must be present if a message trailer is present. Value X’19. |
|
Message trailer |
n A |
Optional. Maximum length 32 characters. |
|
Field |
Length & Type |
Details |
|---|---|---|
|
RESPONSE MESSAGE |
||
|
Message header |
n A |
Returned to the Host unchanged. |
|
Response code |
2 A |
Value GL. |
|
Error code |
2 N |
00 : No error 01 : MAC verification failure 02 : Check value verification failure 04 : Public key does not conform to encoding rules 05 : Invalid DES key type 06 : Invalid encryption identifier 07 : Invalid pad mode identifier 10 : Key parity error 13 : LMK error ; report to supervisor 15 : Error in input data 47 : DSP error; report to supervisor 51 : Invalid Key Block Type 76 : Public key length error 81: Invalid Key Block type 82 : Invalid check value length 83 : Key block format error 84 : Key block check value error 85 : Invalid OAEP Mask Generation Function 86 : Invalid OAEP MGF Hash Function 87 : OAEP Parameter Error 88 : OAEP Error |
|
Initialization value |
16 H |
Initialization value for the DES key. Optional. Only present if Key Block Type = 01. |
|
DES key length |
4 N |
Length (in bytes) of the next field. |
|
DES key (PK) |
n B |
DES key, encrypted under the public key. |
|
End message delimiter |
1 C |
Present only if present in the command message. Value X’19. |
|
Message trailer |
n A |
Present only if present in the command message. Maximum length 32 characters. |