IBM Crypto Education Community

Expand all | Collapse all

Struggling with the layout of rsa 4096 ME record

  • 1.  Struggling with the layout of rsa 4096 ME record

    Posted Wed September 15, 2021 06:28 AM
    I'm trying to understand the layout of the record in appendix B of the APG.
    I have
    Exists: CSNDKRR read PKDS2 PKDS rc 0 rs 0 No error found .
    00000000 : 1F0001C2 00000000 300001AA 002E00B0 ...B............ ........0.......
    00000010 : 00000202 24000200 00000000 00000000 ................ ....¢...........
    00000020 : 00000000 00000000 00000000 00000000 ................ ................
    00000030 : 00000000 00000000 00008000 00800080 ................ ................

    000001A0 : E75C6F4C C462E166 0F962B7A 897C92E4
    000001B0 : CF250400 00100000 0004>0400< 00000001
    000001C0 : 0001
    The 30  according to table 588 is RSA private key, 4096-bit Modulus-Exponent format with AES-encrypted OPK. Internal and external format
    The 04 is  (Table 597) is  public ...   the 0400 is the  Public key modulus length in bits .... which is 1024

    If I display it using the ISPF panels it gives

    Algorithm: RSA Modulus (bits): 1024 which ties up with the public

    My question is  - Why is this called a 4096 ME when the Modulus length is 1024?

    If I want to display the RSA key size...  do I need to look at the x'04' section... and not rely on the title of the x'30' section?

    Thank you

    Colin

    ------------------------------
    Colin Paice
    ------------------------------


  • 2.  RE: Struggling with the layout of rsa 4096 ME record

    Posted Wed September 15, 2021 07:58 AM
    Why is this called a 4096 ME when the Modulus length is 1024?

    4096 is the largest possible modulus length for this kind of token. (Almost) anything from 1024 to 4096 would be supported.

    If I want to display the RSA key size...  do I need to look at the x'04' section... and not rely on the title of the x'30' section?

    Yes, you can rely on the contents of the token to tell you what you need to know.


    ------------------------------
    Eric Rossman
    ------------------------------