AI_MD2WithDES_CBCPad AI_MD5WithDES_CBCPad

AI_SHA1WithDES_CBCPad

AI_SHA1WithDES_CBCPad

Purpose:

This AI allows you to perform password-based encryption. This means that the input data will be encrypted with a secret key derived from a password, and it can be successfully decrypted only when the correct password is provided. Although this AI can be used to encrypt arbitrary data, its intended primary use is for encrypting private keys when transferring them from one computer system to another, as described in PKCS #8.

This AI employs DES secret-key encryption in cipher-block chaining (CBC) mode with padding, where the secret key is derived from a password using the SHA1 message digest algorithm. The details of this algorithm are contained in PKCS #5. DES is defined in FIPS PUB 81, and CBC mode of DES is defined in FIPS PUB 46-1. FIPS PUB 180-1 describes SHA1.

Other algorithms that can be used for password-based encryption are

, AI_MD2WithRC2_CBCPad, AI_MD5WithRC2_CBCPad, and

.

Type of information this allows you to use:

the salt and iteration count for the SHA1 With DES-CBC password-based encryption algorithm. The salt is concatenated with the password before being digested by SHA1, and the iteration count specifies how many times the digest needs to be run. The count of 2 indicates that the result of digesting the password-and-salt string needs to be run once more through SHA1. The first 8 bytes of the final digest become the secret key for the DES cipher after being adjusted for parity as required by FIPS PUB 81, the next 8 bytes become the initialization vector, and the last 4 bytes are ignored.

Format of info supplied to B_SetAlgorithmInfo:

pointer to a B_PBE_PARAMS structure:

typedef struct

{

 

unsigned char *salt;

/* pointer to 8-byte salt value */

unsigned int

iterationCount;

/* iteration count */

}B_PBE_PARAMS;

2 2 8

R S A B S A F E C r y p t o - C L i b r a r y R e f e r e n c e M a n u a l

Page 238
Image 238
RSA Security 5 manual AISHA1WithDESCBCPad, Pointer to a Bpbeparams structure