IBM 10 SP1 EAL4 manual Asymmetric ciphers, Certificates, Hash functions

•Blowfish: Blowfish is a block cipher that operates on 64-bit blocks of data. It supports variable key sizes, but generally uses 128-bit keys.

•Data Encryption Standard (DES): DES is a symmetric key cryptosystem derived from the Lucifer algorithm developed at IBM. DES describes the Data Encryption Algorithm (DEA). DEA operates on a 64-bit block size and uses a 56-bit key.

•TDES (3DES): TDES, or Triple DES, encrypts a message three times using DES. This encryption can be accomplished in several ways. For example, using two keys, the message can be encrypted with key 1, decrypted with key 2, and encrypted again with key 1. With three keys, the message can be encrypted 3 times with each encryption using a different key.

•International Data Encryption Algorithm (IDEA): The IDEA cipher is secret key block encryption algorithm developed by James Massey and Xuejia Lai. IDEA operates on 64-bit plain text blocks and uses a 128-bit key.

•RC4: RC4, proprietary of RSA Security Inc., is a stream cipher with a variable key length. A typical key length of 128-bit is used for strong encryption.

•RC5: RC5 is a cryptographic algorithm invented by Ronald Rivest of RSA Security Inc. RC5 is a block cipher of variable block length and encrypts through integer addition, the application of a bit- wise eXclusive OR, and variable rotations. The key size and number of rounds are also variable.

•Advanced encryption standard (AES): AES is a cryptographic algorithm created by researchers Joan Daemen and Vincent Rijmen. AES is an iterative, symmetric-key block cipher that can use keys of 128, 192, and 256 bits, and encrypts and decrypts data in blocks of 128 bits (16 bytes).

5.12.1.4.1Asymmetric ciphers

OpenSSL on the TOE supports the following asymmetric key encryption algorithms. For a detailed description of each of these algorithms, refer to their man pages.

•Digital Signature Algorithm (DSA): DSA is based on a modification to the El Gamal digital signature methodology, which is based on discrete logarithms. DSA conforms to US Federal Information Processing Standard FIPS 186, and ANSI X9.30.

•Diffie-Hellman: The Diffie-Hellman Key Exchange is a method for exchanging secret keys over a non-secure medium, without exposing the keys.

•RSA: RSA, derived from the last names of its inventors, Rivest, Shamir, and Addleman, is a public key crypto system, which is based on the difficulty of factoring a number that is the product of two large prime numbers.

5.12.1.4.2Certificates

OpenSSL on the TOE supports the X.509 certificate format. For a detailed description of this format, refer to its manual page.

The X.509 certificate is a structured grouping of information. X.509 contains subject information, the public key of the subject, the name of the issuer, and the active key lifetime. An X.509 certificate is digitally signed by the certificate authority.

5.12.1.4.3Hash functions

OpenSSL on the TOE supports the following hash functions to generate message authentication codes. For a detailed description of each of these functions, refer to their manual pages.

189