See more on Chunks in general.
A key definition of this KEYD subtype is used to specify the actual key material within the payload.
A literal key definition must itself be encrypted. Otherwise, it’s pointless as a key! Note that if you want to store the key in a keyring file, you want a External Key Definition, not a Literal Key.
Typically, a literal key will be encrypted using a Passphrase Key or a Public Key Reference. You can introduce one at any point in a chain of keys, though, to serve as a session key to prevent key reuse, but a Generational Key or Derived Key can do that in a more compact record.
The payload contains an lpbinary holding the key material. The key may be of any length, since the only use of the key is to feed it into a hash to form a derived key, so the hash will accept any length of input and always produces the standard size output.
So, to keep the record short you need only specify as many bytes as you need for the desired keystrength (e.g. 10 bytes for an 80-bit key). They lpbinary may not be of zero length. An implementation may contain an option to give a security error if the key size is below some specified minimum.
Page content copyright 2003 by John M. Dlugosz. Home:http://www.dlugosz.com, email:mailto:email@example.com