2.1 RSA-MD2 Message Digest Algorithm

The RSA-MD2 message digest is computed using the algorithm defined in RFC 1319 [9]. ( An error has been identified in RFC 1319. The statement in the text of Section 3.2 which reads "Set C[j] to S[c xor L]" should read "Set C[j] to S[c xor L] xor C[j]". Note that the C source code in the appendix of RFC 1319 is correct.) The character string "RSA-MD2" within an encapsulated PEM header field indicates the use of this algorithm. Also, as defined in RFC 1319, the ASN.1 object identifier

     md2 OBJECT IDENTIFIER ::= {
         iso(1) member-body(2) US(840) rsadsi(113549)
         digestAlgorithm(2) 2
     }

identifies this algorithm. When this object identifier is used with the ASN.1 type AlgorithmIdentifier, the parameters component of that type is the ASN.1 type NULL. The RSA-MD2 message digest algorithm accepts as input a message of any length and produces as output a 16-octet quantity. When symmetric key management is employed, an RSA-MD2 MIC is encrypted by splitting the MIC into two 8-octet halves, independently encrypting each half, and concatenating the results.

When symmetric key management is employed with this MIC algorithm, the symmetrically encrypted MD2 message digest is represented in a the fourth argument of a "Key-Info:" header field as a contiguous string of 32 ASCII hexadecimal digits (corresponding to a 128-bit MD2 message digest).

To avoid any potential ambiguity regarding the ordering of the octets of an MD2 message digest that is input as a data value to another encryption process (e.g., RSAEncryption), the following holds true. The first (or left-most displayed, if one thinks in terms of a digest's "print" representation) octet of the digest (i.e., digest[0] as specified in RFC 1319), when considered as an RSA data value, has numerical weight 2**120. The last (or right-most displayed) octet (i.e., digest[15] as specified in RFC 1319) has numerical weight 2**0.