RSA Security 5 manual KIDES8

KI_DES8

KI_DES8

Purpose:

This KI allows you to specify an 8-byte key used by the DES algorithm. The key object will satisfy the DES parity requirement. Unlike KI_DES8Strong, it does not check against known DES weak keys. See the section “DES Weak Keys” in the User’s Manual.

Type of information this allows you to use:

an 8-byte value for a DES key where the information stored in the key object must be DES-parity adjusted according to FIPS 46-1. Crypto-C treats the least significant bit of each byte of the key data as the DES parity adjustment bit.

Format of info supplied to B_SetKeyInfo:

pointer to an unsigned char array that holds the 8-byte DES key. The key is DES parity adjusted when it is copied to the key object.

For added security, it is prudent to check the proposed key data against known byte sequences that produce weak DES keys before calling B_SetKeyInfo. See the section “DES Weak Keys” in the User’s Manual.

Format of info returned by B_GetKeyInfo:

pointer to an unsigned char array that holds the 8-byte DES key that is DES parity adjusted.

Can get this info type if key object already has:

KI_DES8, KI_Item (if the length of the ITEM is 8 and the data's DES parity is correct), or KI_8Byte (if the DES parity is correct).

Notes:

It is more secure to use KI_DES8Strong instead of KI_DES8. When you call

B_SetAlgorithmInfo with KI_DES8Strong, Crypto-C checks the key against a list of known weak keys and returns an error if the resulting key would be weak. See the section “DES Weak Keys” in the User’s Manual.