1.1 DES in CBC Mode (DESCBC)
Connected: An Internet Encyclopedia
1.1 DES in CBC Mode (DESCBC)
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 1423
Up:
1. Message Encryption Algorithms
Prev: 1. Message Encryption Algorithms
Next: 2. Message Integrity Check Algorithms
1.1 DES in CBC Mode (DESCBC)
1.1 DES in CBC Mode (DESCBC)
Message text and, if required, message signatures are encrypted using
the Data Encryption Standard (DES) algorithm in the Cipher Block
Chaining (CBC) mode of operation. The DES algorithm is defined in
FIPS PUB 461 [1], and is equivalent to the Data Encryption Algorithm
(DEA) provided in ANSI X3.921981 [2]. The CBC mode of operation of
DES is defined in FIPS PUB 81 [3], and is equivalent to those
provided in ANSI X3.106 [4] and in ISO IS 8372 [5]. The character
string "DESCBC" within an encapsulated PEM header field indicates
the use of this algorithm/mode combination.
The input to the DES CBC encryption process shall be padded to a
multiple of 8 octets, in the following manner. Let n be the length
in octets of the input. Pad the input by appending 8(n mod 8)
octets to the end of the message, each having the value 8(n mod 8),
the number of octets being added. In hexadecimal, the possible
paddings are: 01, 0202, 030303, 04040404, 0505050505, 060606060606,
07070707070707, and 0808080808080808. All input is padded with 1 to
8 octets to produce a multiple of 8 octets in length. The padding
can be removed unambiguously after decryption.
The DES CBC encryption process requires a 64bit cryptographic key.
A new, pseudorandom key shall be generated for each ENCRYPTED PEM
message. Of the 64 bits, 56 are used directly by the DES CBC
process, and 8 are odd parity bits, with one parity bit occupying the
rightmost bit of each octet. When symmetric key management is
employed, the setting and checking of odd parity bits is encouraged,
since these bits could detect an error in the decryption of a DES key
encrypted under a symmetric key management algorithm (e.g., DES ECB).
When asymmetric key management is employed, the setting of odd parity
bits is encouraged, but the checking of odd parity bits is
discouraged, in order to facilitate interoperability, and since an
error in the decryption of a DES key can be detected by other means
(e.g., an incorrect PKCS #1 encryptionblock format). In all cases,
the encrypted form of a DES key shall carry all 64 bits of the key,
including the 8 parity bits, though those bits may have no meaning.
The DES CBC encryption process also requires a 64bit Initialization
Vector (IV). A new, pseudorandom IV shall be generated for each
ENCRYPTED PEM message. Section 4.3.1 of [7] provides rationale for
this requirement, even given the fact that individual DES keys are
generated for individual messages. The IV is transmitted with the
message within an encapsulated PEM header field.
When this algorithm/mode combination is used for message text
encryption, the "DEKInfo:" header field carries exactly two
arguments. The first argument identifies the DES CBC algorithm/mode
using the character string defined above. The second argument
contains the IV, represented as a contiguous string of 16 ASCII
hexadecimal digits.
When symmetric key management is employed with this algorithm/mode
combination, a symmetrically encrypted DES key will be represented in
the third argument of a "KeyInfo:" header field as a contiguous
string of 16 ASCII hexadecimal digits (corresponding to a 64bit
key).
To avoid any potential ambiguity regarding the ordering of the octets
of a DES key that is input as a data value to another encryption
process (e.g., RSAEncryption), the following holds true. The first
(or leftmost displayed, if one thinks in terms of a key's "print"
representation) (For purposes of discussion in this document, data
values are normalized in terms of their "print" representation. For a
octet stream, the "first" octet would appear as the one on the "left",
and the "last" octet would appear on the "right".) octet of the key
(i.e., bits 18 per FIPS PUB 461), when considered as a data value,
has numerical weight 2**56. The last (or rightmost displayed) octet
(i.e., bits 5764 per FIPS PUB 461) has numerical weight 2**0.
Next: 2. Message Integrity Check Algorithms
Connected: An Internet Encyclopedia
1.1 DES in CBC Mode (DESCBC)
