•Blowfish: Blowfish is a block cipher that operates on
•Data Encryption Standard (DES): DES is a symmetric key cryptosystem derived from the Lucifer algorithm developed at IBM. DES describes the Data Encryption Algorithm (DEA). DEA operates on a
•TDES (3DES): TDES, or Triple DES, encrypts a message three times using DES. This encryption can be accomplished in several ways. For example, using two keys, the message can be encrypted with key 1, decrypted with key 2, and encrypted again with key 1. With three keys, the message can be encrypted 3 times with each encryption using a different key.
•International Data Encryption Algorithm (IDEA): The IDEA cipher is secret key block encryption algorithm developed by James Massey and Xuejia Lai. IDEA operates on
•RC4: RC4, proprietary of RSA Security Inc., is a stream cipher with a variable key length. A typical key length of
•RC5: RC5 is a cryptographic algorithm invented by Ronald Rivest of RSA Security Inc. RC5 is a block cipher of variable block length and encrypts through integer addition, the application of a bit- wise eXclusive OR, and variable rotations. The key size and number of rounds are also variable.
•Advanced encryption standard (AES): AES is a cryptographic algorithm created by researchers Joan Daemen and Vincent Rijmen. AES is an iterative,
5.12.1.4.1Asymmetric ciphers
OpenSSL on the TOE supports the following asymmetric key encryption algorithms. For a detailed description of each of these algorithms, refer to their man pages.
•Digital Signature Algorithm (DSA): DSA is based on a modification to the El Gamal digital signature methodology, which is based on discrete logarithms. DSA conforms to US Federal Information Processing Standard FIPS 186, and ANSI X9.30.
•
•RSA: RSA, derived from the last names of its inventors, Rivest, Shamir, and Addleman, is a public key crypto system, which is based on the difficulty of factoring a number that is the product of two large prime numbers.
5.12.1.4.2Certificates
OpenSSL on the TOE supports the X.509 certificate format. For a detailed description of this format, refer to its manual page.
The X.509 certificate is a structured grouping of information. X.509 contains subject information, the public key of the subject, the name of the issuer, and the active key lifetime. An X.509 certificate is digitally signed by the certificate authority.
5.12.1.4.3Hash functions
OpenSSL on the TOE supports the following hash functions to generate message authentication codes. For a detailed description of each of these functions, refer to their manual pages.
189