encryption
Click on the red underlined text to get to the source
... Salt and iteration count formed the basis for password-based
encryption in PKCS #5 v1.5, and adopted here as well for the various
cryptographic operations. Thus, password-based ...
... key derivation function, it is straightforward
to define password-based encryption and message authentication
schemes. As in PKCS #5 v1.5, the password-based encryption ...
... encryption and message authentication
schemes. As in PKCS #5 v1.5, the password-based encryption schemes
here are based on an underlying, conventional encryption scheme,
...
... password-based encryption schemes
here are based on an underlying, conventional encryption scheme,
where the key for the conventional scheme is derived from the
password ...
... password-based key derivation functions may
find other applications than just the encryption and message
authentication schemes defined here. For instance, one might derive a
set of keys with a single application of a key derivation ...
... addresses some of the concerns about interactions between
multiple uses of the same key, which may apply for some
encryption and authentication techniques.
...
...
In password-based encryption, the party encrypting a message can gain
assurance that these benefits are realized simply by selecting a
...
... encrypting a message can gain
assurance that these benefits are realized simply by selecting a
large and sufficiently random salt when deriving an encryption key
from a password. A party generating a message authentication code ...
... operation, in an attempt to exploit interactions between multiple
uses of the same key. For instance, suppose two legitimate parties
exchange a encrypted message, where the encryption key is an 80-bit
...
... uses of the same key. For instance, suppose two legitimate parties
exchange a encrypted message, where the encryption key is an 80-bit
key derived from a shared password ...
... key derived from a shared password with some salt. An opponent could
take the salt from that encryption and provide it to one of the
parties as though it were for a 40-bit key. If the party reveals the
...
... additional, non-random octet that specifies whether the derived key
is for encryption, for message authentication, or for some other
operation.
...
... prefix of that key) with the password-
based encryption and authentication techniques supported for a
given password ...
... encoding of a
structure that specifies detailed information about the derived
key, such as the encryption or authentication technique and a
sequence number ...
... password-based key derivation
functions defined here is in the encryption schemes in Section 6 and
the message authentication scheme in Section 7. Other applications
...
... Encryption Schemes ...
...
An encryption scheme, in the symmetric setting, consists of an
encryption operation and a decryption ...
... An encryption scheme, in the symmetric setting, consists of an
encryption operation and a decryption operation, where the encryption
...
... encryption operation and a decryption operation, where the encryption
operation produces a ciphertext from a message under a key, and the
...
... ciphertext under
the same key. In a password-based encryption scheme, the key is a
password.
...
...
A typical application of a password-based encryption scheme is a
private-key protection method ...
... key protection method, where the message contains private-key
information, as in PKCS #8. The encryption schemes defined here would
be suitable encryption algorithms in that context ...
... information, as in PKCS #8. The encryption schemes defined here would
be suitable encryption algorithms in that context.
...
... PBES1 is recommended only for compatibility with existing
applications, since it supports only two underlying encryption
schemes, each of which has a key size (56 or 64 bits ...
... Encryption Operation ...
...
The encryption operation for PBES1 consists of the following steps,
which encrypt a message M under a password ...
... The encryption operation for PBES1 consists of the following steps,
which encrypt a message M under a password P to produce a ciphertext
...
...
3. Separate the derived key DK into an encryption key K consisting
of the first eight octets of DK and an initialization vector ...
... (DES or RC2) in cipher block chaining mode under the encryption
key K with initialization vector IV to produce the ciphertext ...
...
3. Separate the derived key DK into an encryption key K consisting
of the first eight octets of DK and an initialization vector ...
... DES
or RC2) in cipher block chaining mode under the encryption key
K with initialization vector IV ...
... PBKDF2 (Section 5.2) for this version of PKCS #5, with an
underlying encryption scheme (see Appendix B.2 for examples). The key
length and any other parameters for the underlying encryption scheme
...
... underlying encryption scheme (see Appendix B.2 for examples). The key
length and any other parameters for the underlying encryption scheme
depend on the scheme.
...
... Encryption Operation ...
...
The encryption operation for PBES2 consists of the following steps,
which encrypt a message M under a password ...
... The encryption operation for PBES2 consists of the following steps,
which encrypt a message M under a password P to produce a ciphertext
...
... key derivation function KDF and a selected
underlying encryption scheme:
1. Select a salt S and an iteration count c, as outlined in
...
... 2. Select the length in octets, dkLen, for the derived key for the
underlying encryption scheme.
3. Apply the selected key derivation ...
... KDF (P, S, c, dkLen) .
4. Encrypt the message M with the underlying encryption scheme
under the derived key ...
...
4. Encrypt the message M with the underlying encryption scheme
under the derived key DK to produce a ciphertext ...
... identifiers for the key derivation function and the underlying
encryption scheme may be conveyed to the party performing decryption
in an AlgorithmIdentifier value (see Appendix A.4).
...
... key length in octets, dkLen, for the derived key for
the underlying encryption scheme.
4. Apply the selected key derivation ...
...
5. Decrypt the ciphertext C with the underlying encryption scheme
under the derived key DK to recover a message M. If the
...
... different uses to minimize the possibility of unintended
interactions. For password-based encryption with a single algorithm,
a random salt is sufficient to ensure that different keys will be
...
... ASN.1 syntax for the key derivation functions,
the encryption schemes, the message authentication scheme, and
supporting techniques. The intended application of these definitions
...
... supporting techniques. The intended application of these definitions
includes PKCS #8 and other syntax for key management, encrypted data,
and integrity-protected data. (Various aspects of ASN.1 ...
... structure that specifies detailed information about the derived
key as suggested in Section 4.1. Some of the information may be
carried elsewhere, e.g., in the encryption algorithm ID. However,
such facilities are deferred to a future version of PKCS #5.
...
...
Different object identifiers identify the PBES1 encryption scheme
(Section 6.1) according to the underlying hash function in the key
derivation ...
...
The object identifier id-PBES2 identifies the PBES2 encryption scheme
(Section 6.2).
...
... PBKDF2}, ... }
- encryptionScheme identifies the underlying encryption scheme. It
shall be an algorithm ID with an OID ...
... OID in the set PBES2-Encs, whose
definition is left to the application. Example underlying
encryption schemes are given in Appendix B.2.
PBES2-Encs ALGORITHM ...
... set PBMAC1-MACs, whose definition is left to the application. Example
underlying encryption schemes are given in Appendix B.3.
PBMAC1-MACs ...
... B.2 Encryption Schemes ...
... padding operation (see Section 6.1.1). DES-CBC-Pad has an eight-octet
encryption key and an eight-octet initialization vector. The key is
considered as a 64-bit ...
... 1423hist padding operation. DES-EDE3-CBC-Pad has a 24-octet encryption
key and an eight-octet initialization vector. The key is considered
as the concatenation ...
... initialization vector.
RC5-CBC-Pad also has a variable number of "rounds" in the encryption
operation, from 8 to 127.
...
... algorithm, which shall be v1-0.
- rounds is the number of rounds in the encryption operation, which
shall be between 8 and 127.
...
... RSA Security makes no patent claims on the general constructions
described in this document, although specific underlying techniques
may be covered. Among the underlying techniques, the RC5 encryption
algorithm (Appendix B.2.4) is protected by U.S. Patents 5,724,428
[22] and 5,835,600 [23 ...
... Version 2.0 incorporates major editorial changes in terms of the
document structure, and introduces the PBES2 encryption scheme,
the PBMAC1 message authentication scheme, and independent
...
... key derivation functions. This version continues to
support the encryption process in version 1.5.
...
... American National Standard X9.52 - 1998, Triple Data Encryption Algorithm Modes of Operation. Working draft, Accredited Standards Committee X9, July 27, 1998. ...
... S.M. Bellovin and M. Merritt. Encrypted key exchange: Password-based protocols secure against dictionary attacks ...
... National Institute of Standards and Technology (NIST). FIPS PUB 46-2: Data Encryption Standard. December 30, 1993. ...
... R.L. Rivest. The RC5 encryption algorithm. In Proceedings of the Second International Workshop on Fast Software Encryption, pages 86-96, Springer-Verlag, 1994. ...
... R.L. Rivest. The RC5 encryption algorithm. In Proceedings of the Second International Workshop on Fast Software Encryption, pages 86-96, Springer-Verlag, 1994. ...
... Rivest, R., "A Description of the RC2(r) Encryption Algorithm", RFC 2268, March 1998. ...
... R.L. Rivest. Block-Encryption Algorithm with Data-Dependent Rotations. U.S. Patent No. 5,724,428, March 3, 1998. ...
... R.L. Rivest. Block Encryption Algorithm with Data-Dependent Rotations. U.S. Patent No. 5,835,600, November 10, 1998. ...