4.2 Encryption Algorithms, Modes, and Parameters

For use in conjunction with this RFC, RFC 1423 defines the appropriate algorithms, modes, and associated identifiers to be used for encryption of message text with DEKs.

The mechanisms defined in this RFC incorporate facilities for transmission of cryptographic parameters (e.g., pseudorandom Initializing Vectors (IVs)) with PEM messages to which the confidentiality service is applied, when required by symmetric message encryption algorithms and modes specified in RFC 1423.

Certain operations require encryption of DEKs, MICs, and digital signatures under an IK for purposes of transmission. A header facility indicates the mode in which the IK is used for encryption. RFC 1423 specifies encryption algorithm and mode identifiers and minimum essential support requirements for key encryption processing.

RFC 1422 specifies asymmetric, certificate-based key management procedures based on CCITT Recommendation X.509 to support the message processing procedures defined in this document. Support for the key management approach defined in RFC 1422 is strongly recommended. The message processing procedures can also be used with symmetric key management, given prior distribution of suitable symmetric IKs, but no current RFCs specify key distribution procedures for such IKs.