Chapter 2 Algorithm Info Types 105
AI_MD2WithDES_CBCPad
AI_MD2WithDES_CBCPadPurpose:
This AI allows you to perform password-based encryption. This means that the input
data will be encrypted with a secret key derived from a password, and it can be
successfully decrypted only when the correct password is provided. Although this AI
can be used to encrypt arbitrary data, its intended primary use is for encrypting
private keys when transferring them from one computer system to another, as
described in PKCS #8.
This AI employs DES secret-key encryption in cipher-block chaining (CBC) mode
with padding, where the secret key is derived from a password using the MD2
message digest algorithm. The details of this algorithm are contained in PKCS #5. DES
is defined in FIPS PUB 81, and CBC mode of DES is defined in FIPS PUB 46-1. RFC
1319 describes MD2. Other algorithms that can be used for password-based
encryption are AI_MD5WithDES_CBCPad, AI_MD5WithRC2_CBCPad,
AI_MD2WithRC2_CBCPad, and AI_SHA1WithDES_CBCPad.
Type of information this allows you to use:
the salt and iteration count for the MD2 With DES-CBC password-based encryption
algorithm as defined in PKCS #5.
Format of info supplied to B_SetAlgorithmInfo:
pointer to a B_PBE_PARAMS structure:
RSA Security Inc. recommends a minimum iteration count of 1,000. However, for an
additional byte or two of security the iteration should be 28 to 216.
Format of info returned by B_GetAlgorithmInfo:
pointer to a B_PBE_PARAMS structure (see above).
typedef struct {
unsigned char *salt; /* pointer to 8-byte salt value */
unsigned int iterationCount; /* iteration count */
} B_PBE_PARAMS;