AI_MD2WithDES_CBCPad
AI_MD2WithDES_CBCPad
Purpose:
This AI allows you to perform password-based encryption. This means that the input data will be encrypted with a secret key derived from a password, and it can be successfully decrypted only when the correct password is provided. Although this AI can be used to encrypt arbitrary data, its intended primary use is for encrypting private keys when transferring them from one computer system to another, as described in PKCS #8.
This AI employs DES secret-key encryption in cipher-block chaining (CBC) mode with padding, where the secret key is derived from a password using the MD2 message digest algorithm. The details of this algorithm are contained in PKCS #5. DES is defined in FIPS PUB 81, and CBC mode of DES is defined in FIPS PUB 46-1. RFC 1319 describes MD2. Other algorithms that can be used for password-based encryption are AI_MD5WithDES_CBCPad, AI_MD5WithRC2_CBCPad, AI_MD2WithRC2_CBCPad, and AI_SHA1WithDES_CBCPad.
Type of information this allows you to use:
the salt and iteration count for the MD2 With DES-CBC password-based encryption algorithm as defined in PKCS #5.
Format of info supplied to B_SetAlgorithmInfo:
pointer to a B_PBE_PARAMS structure:
typedef struct { | | |
unsigned char | *salt; | /* pointer to 8-byte salt value */ |
unsigned int | iterationCount; | /* iteration count */ |
} B_PBE_PARAMS; | | |
| | |
RSA Security Inc. recommends a minimum iteration count of 1,000. However, for an additional byte or two of security the iteration should be 28 to 216.
Format of info returned by B_GetAlgorithmInfo:
pointer to a B_PBE_PARAMS structure (see above).
C h a p t e r 2 A l g o r i t h m I n f o Ty p e s | 105 |
