AI_MD2WithRC2_CBCPad

AI_MD2WithRC2_CBCPad

Purpose:

This AI allows you to perform password-based encryption. This means that the input data will be encrypted with a secret key derived from a password, and it can be successfully decrypted only when the correct password is provided. Although this AI can be used to encrypt arbitrary data, its intended primary use is for encrypting private keys when transferring them from one computer system to another, as described in PKCS #8.

This AI employs RC2 block cipher with padding, where the secret key is derived from a password using the MD2 message digest algorithm. MD2 is described in RFC 1319. RC2 is described in RFC 2268. The CBC mode is similar to the one used in RC5-CBC, which can be found in RFC 2040. Other algorithms that can be used for password- based encryption are AI_MD5WithDES_CBCPad, AI_MD5WithRC2_CBCPad, AI_MD2WithDES_CBCPad, and AI_SHA1WithDES_CBCPad.

Type of information this allows you to use:

the effective key size, salt, and iteration count for the MD2 With RC2-CBC password- based encryption algorithm, as defined by RSA Security Inc.

Format of info supplied to B_SetAlgorithmInfo:

pointer to a B_RC2_PBE_PARAMS structure:

typedef struct {

 

 

unsigned int

effectiveKeyBits;

/* effective key size in bits */

unsigned char

*salt;

/* pointer to 8-byte salt value */

unsigned int

iterationCount;

/* iteration count */

}B_RC2_PBE_PARAMS;

This algorithm will accept a maximum of 1024 effective key bits for domestic use and 40 effective key bits for export. RSA Security Inc. recommends a minimum iteration

count of 1,000. However, for an additional byte or two of security, the iteration should be 28 to 216.

C h a p t e r 2 A l g o r i t h m I n f o Ty p e s

109

Page 118 Page 120
Page 119
Image 119
RSA Security 5 manual AIMD2WithRC2CBCPad, Pointer to a BRC2PBEPARAMS structure
Page 118 Page 120
Top Page Image Contents