IBM 10 SP1 EAL4 5.12.1.4.1 Asymmetric ciphers, 5.12.1.4.2 Certificates, 5.12.1.4.3 Hash functions

•Blowfish: Blowfish is a block cipher that operates on 64-bit blocks of data. It supports variable key

sizes, but generally uses 128-bit keys.

•Data Encryption Standard (DES): DES is a symmetric key cryptosystem derived from the Lucifer

algorithm developed at IBM. DES describes the Data Encryption Algorithm (DEA). DEA operates

on a 64-bit block size and uses a 56-bit key.

•TDES (3DES): TDES, or Triple DES, encrypts a message three times using DES. This encryption

can be accomplished in several ways. For example, using two keys, the message can be encrypted

with key 1, decrypted with key 2, and encrypted again with key 1. With three keys, the message can

be encrypted 3 times with each encryption using a different key.

•International Data Encryption Algorithm (IDEA): The IDEA cipher is secret key block encryption

algorithm developed by James Massey and Xuejia Lai. IDEA operates on 64-bit plain text blocks and

uses a 128-bit key.

•RC4: RC4, proprietary of RSA Security Inc., is a stream cipher with a variable key length. A typical

key length of 128-bit is used for strong encryption.

•RC5: RC5 is a cryptographic algorithm invented by Ronald Rivest of RSA Security Inc. RC5 is a

block cipher of variable block length and encrypts through integer addition, the application of a bit-

wise eXclusive OR, and variable rotations. The key size and number of rounds are also variable.

•Advanced encryption standard (AES): AES is a cryptographic algorithm created by researchers Joan

Daemen and Vincent Rijmen. AES is an iterative, symmetric-key block cipher that can use keys of

128, 192, and 256 bits, and encrypts and decrypts data in blocks of 128 bits (16 bytes).

5.12.1.4.1 Asymmetric ciphers

OpenSSL on the TOE supports the following asymmetric key encryption algorithms. For a detailed

description of each of these algorithms, refer to their man pages.

•Digital Signature Algorithm (DSA): DSA is based on a modification to the El Gamal digital

signature methodology, which is based on discrete logarithms. DSA conforms to US Federal

Information Processing Standard FIPS 186, and ANSI X9.30.

•Diffie-Hellman: The Diffie-Hellman Key Exchange is a method for exchanging secret keys over a

non-secure medium, without exposing the keys.

•RSA: RSA, derived from the last names of its inventors, Rivest, Shamir, and Addleman, is a public

key crypto system, which is based on the difficulty of factoring a number that is the product of two

large prime numbers.

5.12.1.4.2 Certificates

OpenSSL on the TOE supports the X.509 certificate format. For a detailed description of this format, refer to

its manual page.

The X.509 certificate is a structured grouping of information. X.509 contains subject information, the public

key of the subject, the name of the issuer, and the active key lifetime. An X.509 certificate is digitally signed

by the certificate authority.

5.12.1.4.3 Hash functions

OpenSSL on the TOE supports the following hash functions to generate message authentication codes. For a

detailed description of each of these functions, refer to their manual pages.

189