Network Working Group                                         R. Housley
Request for Comments: 3217                              RSA Laboratories
Category: Informational                                    December 2001
        
Network Working Group                                         R. Housley
Request for Comments: 3217                              RSA Laboratories
Category: Informational                                    December 2001
        

Triple-DES and RC2 Key Wrapping

三重DES和RC2密钥封装

Status of this Memo

本备忘录的状况

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (2001). All Rights Reserved.

版权所有(C)互联网协会(2001年)。版权所有。

Abstract

摘要

This document specifies the algorithm for wrapping one Triple-DES key with another Triple-DES key and the algorithm for wrapping one RC2 key with another RC2 key. These key wrap algorithms were originally published in section 12.6 of RFC 2630. They are republished since these key wrap algorithms have been found to be useful in contexts beyond those supported by RFC 2630.

本文件规定了用另一个三重DES密钥包装一个三重DES密钥的算法,以及用另一个RC2密钥包装一个RC2密钥的算法。这些密钥封装算法最初发布在RFC 2630的第12.6节中。由于这些密钥封装算法在RFC2630支持的上下文之外的上下文中非常有用,因此它们被重新发布。

1 Introduction

1导言

Management of symmetric cryptographic keys often leads to situations where one symmetric key is used to encrypt (or wrap) another. Key wrap algorithms are commonly used in two situations. First, key agreement algorithms (such as Diffie-Hellman [DH-X9.42]) generate a pairwise key-encryption key, and a key wrap algorithm is used to encrypt the content-encryption key or a multicast key with the pairwise key-encryption key. Second, a key wrap algorithm is used to encrypt the content-encryption key, multicast key, or session key in a locally generated storage key-encryption key or a key-encryption key that was distributed out-of-band.

对称加密密钥的管理通常会导致使用一个对称密钥加密(或包装)另一个对称密钥的情况。密钥换行算法通常用于两种情况。首先,密钥协商算法(例如Diffie Hellman[DH-X9.42])生成成对密钥加密密钥,并且密钥包裹算法用于使用成对密钥加密密钥加密内容加密密钥或多播密钥。其次,密钥包裹算法用于在本地生成的存储密钥加密密钥或在带外分发的密钥加密密钥中加密内容加密密钥、多播密钥或会话密钥。

This document specifies the algorithm for wrapping one Triple-DES key with another Triple-DES key [3DES], and it specifies the algorithm for wrapping one RC2 key with another RC2 key [RC2]. Encryption of a Triple-DES key with another Triple-DES key uses the algorithm specified in section 3. Encryption of a RC2 key with another RC2 key uses the algorithm specified in section 4. Both of these algorithms rely on the key checksum algorithm specified in section 2. Triple-DES and RC2 content-encryption keys are encrypted in Cipher Block Chaining (CBC) mode [MODES].

本文件规定了将一个三重DES密钥与另一个三重DES密钥[3DES]包装的算法,并规定了将一个RC2密钥与另一个RC2密钥[RC2]包装的算法。使用另一个三重DES密钥对三重DES密钥进行加密时,使用第3节中指定的算法。使用另一个RC2密钥对RC2密钥进行加密时,使用第4节中指定的算法。这两种算法都依赖于第2节中指定的密钥校验和算法。三重DES和RC2内容加密密钥以密码块链接(CBC)模式[模式]进行加密。

In this document, the key words MUST, MUST NOT, REQUIRED, SHOULD, SHOULD NOT, RECOMMENDED, and MAY are to be interpreted as described by Scott Bradner in [STDWORDS].

在本文件中,关键字“必须”、“不得”、“必需”、“应该”、“不应该”、“建议”和“可能”将按照Scott Bradner在[STDWORDS]中的描述进行解释。

2 Key Checksum

2键校验和

The key checksum algorithm is used to provide a key integrity check value. The algorithm is:

密钥校验和算法用于提供密钥完整性校验值。算法是:

1. Compute a 20 octet SHA-1 [SHA1] message digest on the key that is to be wrapped. 2. Use the most significant (first) eight octets of the message digest value as the checksum value.

1. 在要包装的密钥上计算20个八位组的SHA-1[SHA1]消息摘要。2.使用消息摘要值的最高有效(前)八位字节作为校验和值。

3 Triple-DES Key Wrapping and Unwrapping

3三重DES键包装和展开

This section specifies the algorithms for wrapping and unwrapping one Triple-DES key with another Triple-DES key [3DES].

本节规定了用另一个三重DES密钥[3DES]包装和展开一个三重DES密钥的算法。

The same key wrap algorithm is used for both Two-key Triple-DES and Three-key Triple-DES keys. When a Two-key Triple-DES key is to be wrapped, a third DES key with the same value as the first DES key is created. Thus, all wrapped Triple-DES keys include three DES keys. However, a Two-key Triple-DES key MUST NOT be used to wrap a Three-key Triple-DES key that is comprised of three unique DES keys.

两个密钥三重DES和三个密钥三重DES密钥使用相同的密钥包裹算法。当两个密钥三重DES密钥被包装时,将创建与第一个DES密钥具有相同值的第三个DES密钥。因此,所有包装的三重DES键都包括三个DES键。但是,不得使用双密钥三重DES密钥包装由三个唯一DES密钥组成的三密钥三重DES密钥。

3.1 Triple-DES Key Wrap
3.1 三重DES密钥包

The Triple-DES key wrap algorithm encrypts a Triple-DES key with a Triple-DES key-encryption key. The Triple-DES key wrap algorithm is:

三重DES密钥包裹算法使用三重DES密钥加密密钥加密三重DES密钥。三重DES密钥包裹算法是:

1. Set odd parity for each of the DES key octets comprising the Three-Key Triple-DES key that is to be wrapped, call the result CEK. 2. Compute an 8 octet key checksum value on CEK as described above in Section 2, call the result ICV. 3. Let CEKICV = CEK || ICV. 4. Generate 8 octets at random, call the result IV. 5. Encrypt CEKICV in CBC mode using the key-encryption key. Use the random value generated in the previous step as the initialization vector (IV). Call the ciphertext TEMP1. 6. Let TEMP2 = IV || TEMP1. 7. Reverse the order of the octets in TEMP2. That is, the most significant (first) octet is swapped with the least significant (last) octet, and so on. Call the result TEMP3. 8. Encrypt TEMP3 in CBC mode using the key-encryption key. Use an initialization vector (IV) of 0x4adda22c79e82105. The ciphertext is 40 octets long.

1. 为每个DES密钥八位组设置奇数奇偶校验,包括要包装的三个密钥三重DES密钥,调用结果CEK。2.如上文第2节所述,在CEK上计算8个八位组密钥校验和值,调用结果ICV。3.设CEKICV=CEK | | ICV。4.随机生成8个八位组,调用结果IV.5。使用密钥加密密钥在CBC模式下加密CEKICV。使用上一步中生成的随机值作为初始化向量(IV)。调用密文TEMP1。6.设TEMP2=IV | | TEMP1。7.颠倒TEMP2中八位字节的顺序。也就是说,最高有效(第一个)八位字节与最低有效(最后一个)八位字节交换,依此类推。调用结果TEMP3。8.使用密钥加密密钥在CBC模式下加密TEMP3。使用0x4adda22c79e82105的初始化向量(IV)。密文有40个八位字节长。

Note: When the same Three-Key Triple-DES key is wrapped in different key-encryption keys, a fresh initialization vector (IV) must be generated for each invocation of the key wrap algorithm.

注意:当相同的三密钥三重DES密钥包装在不同的密钥加密密钥中时,必须为每次调用密钥包装算法生成一个新的初始化向量(IV)。

3.2 Triple-DES Key Unwrap
3.2 三重DES键展开

The Triple-DES key unwrap algorithm decrypts a Triple-DES key using a Triple-DES key-encryption key. The Triple-DES key unwrap algorithm is:

三重DES密钥展开算法使用三重DES密钥加密密钥解密三重DES密钥。三重DES密钥展开算法为:

1. If the wrapped key is not 40 octets, then error. 2. Decrypt the wrapped key in CBC mode using the key-encryption key. Use an initialization vector (IV) of 0x4adda22c79e82105. Call the output TEMP3. 3. Reverse the order of the octets in TEMP3. That is, the most significant (first) octet is swapped with the least significant (last) octet, and so on. Call the result TEMP2. 4. Decompose TEMP2 into IV and TEMP1. IV is the most significant (first) 8 octets, and TEMP1 is the least significant (last) 32 octets. 5. Decrypt TEMP1 in CBC mode using the key-encryption key. Use the IV value from the previous step as the initialization vector. Call the ciphertext CEKICV. 6. Decompose CEKICV into CEK and ICV. CEK is the most significant (first) 24 octets, and ICV is the least significant (last) 8 octets. 7. Compute an 8 octet key checksum value on CEK as described above in Section 2. If the computed key checksum value does not match the decrypted key checksum value, ICV, then error. 8. Check for odd parity each of the DES key octets comprising CEK. If parity is incorrect, then error. 9. Use CEK as a Triple-DES key.

1. 如果包装的密钥不是40个八位字节,则为错误。2.使用密钥加密密钥在CBC模式下解密包装的密钥。使用0x4adda22c79e82105的初始化向量(IV)。调用输出TEMP3。3.在TEMP3中颠倒八位组的顺序。也就是说,最高有效(第一个)八位字节与最低有效(最后一个)八位字节交换,依此类推。调用结果TEMP2。4.将TEMP2分解为IV和TEMP1。IV是最重要的(前)8个八位字节,TEMP1是最不重要的(后)32个八位字节。5.使用密钥加密密钥在CBC模式下解密TEMP1。使用上一步中的IV值作为初始化向量。调用密文CEKICV。6.将CEKICV分解为CEK和ICV。CEK是最重要的(前)24个八位字节,ICV是最不重要的(后)8个八位字节。7.如上文第2节所述,在CEK上计算8个八位键的校验和值。如果计算的密钥校验和值与解密的密钥校验和值ICV不匹配,则出现错误。8.检查组成CEK的每个DES键八位字节是否奇偶校验。如果奇偶校验不正确,则为错误。9使用CEK作为三重DES键。

3.3 Triple-DES Key Wrap Algorithm Identifier
3.3 三重DES密钥包裹算法标识符

Some security protocols employ ASN.1 [X.208-88, X.209-88], and these protocols employ algorithm identifiers to name cryptographic algorithms. To support these protocols, the Triple-DES key wrap algorithm has been assigned the following algorithm identifier:

一些安全协议使用ASN.1[X.208-88,X.209-88],这些协议使用算法标识符来命名加密算法。为了支持这些协议,已为三重DES密钥封装算法分配了以下算法标识符:

      id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
         us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }
        
      id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
         us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }
        

The AlgorithmIdentifier parameter field MUST be NULL.

AlgorithmIdentifier参数字段必须为空。

3.4 Triple-DES Key Wrap Example
3.4 三重DES密钥封装示例

This section contains a Triple-DES Key Wrap example. Intermediate values corresponding to the named items in section 3.1 are given in hexadecimal.

本节包含一个三重DES密钥换行示例。第3.1节中命名项目对应的中间值以十六进制表示。

CEK: 2923 bf85 e06d d6ae 5291 49f1 f1ba e9ea b3a7 da3d 860d 3e98 KEK: 255e 0d1c 07b6 46df b313 4cc8 43ba 8aa7 1f02 5b7c 0838 251f ICV: 181b 7e96 86e0 4a4e CEKICV: 2923 bf85 e06d d6ae 5291 49f1 f1ba e9ea b3a7 da3d 860d 3e98 181b 7e96 86e0 4a4e IV: 5dd4 cbfc 96f5 453b TEMP1: cfc1 a789 c675 dd2a b49a 3204 ef92 cc03 5c1f 973b 7a79 60f6 a44d cc5f 729d 8449 TEMP2: 5dd4 cbfc 96f5 453b cfc1 a789 c675 dd2a b49a 3204 ef92 cc03 5c1f 973b 7a79 60f6 a44d cc5f 729d 8449 TEMP3: 4984 9d72 5fcc 4da4 f660 797a 3b97 1f5c 03cc 92ef 0432 9ab4 2add 75c6 89a7 c1cf 3b45 f596 fccb d45d RESULT: 6901 0761 8ef0 92b3 b48c a179 6b23 4ae9 fa33 ebb4 1596 0403 7db5 d6a8 4eb3 aac2 768c 6327 75a4 67d4

CEK:2923 bf85 e06d d6ae 5291 49f1 f1ba e9ea b3a7 da3d 860d 3e98 KEK:255e 0d1c 07b6 DF b313 4cc8 43ba 8aa7 1f02 5b7c 0838 25F ICV:181b 7e96 86e0 4a4e CEKICV:2923 bf85 e06d d6ae 5291 f1ba e9ea b3a7 da3d 860d 3e98 181b 7e96 E0 4a4e IV:5dd4 FC 96f5 453b TEMP1:cfc1 7e96 86e0 4A75 cfc1 7B4 cfc1 7D675 CFC 674 CFC 609 CFC 7B4 5B4 CFC 609 CFC 979 CFC 609 CFC 609 CFC 609 CFC 609 CFC 609 CFC 609 CFC 609 CFC 609 CFC 6098449 TEMP2:5dd4 cbfc 96f5 453b cfc1 a789 c675 dd2a b49a 3204 ef92 cc03 5c1f 973b 7a79 60f6 a44d cc5f 729d 8449 TEMP3:4984 9d72 5fcc 4da4 f660 797a 3b97 1f5c 03cc 92ef 0432 9ab4 ADD 75c6 89a7 c1cf 3b45 f596 fccb d45d结果:6901 0761 8ef0 92b3 b48c A16B23 4ae9 fa33 ebb4 1596 0403 7B4 7B6 7D68 7C 637

4 RC2 Key Wrapping and Unwrapping

4 RC2钥匙包装和拆开

This section specifies the algorithms for wrapping and unwrapping one RC2 key with another RC2 key [RC2].

本节规定了用另一个RC2密钥[RC2]包装和展开一个RC2密钥的算法。

RC2 supports variable length keys. RC2 128-bit keys MUST be used as key-encryption keys; however, the wrapped RC2 key MAY be of any size.

RC2支持可变长度键。RC2 128位密钥必须用作密钥加密密钥;但是,包裹的RC2密钥可以是任何大小。

4.1 RC2 Key Wrap
4.1 RC2钥匙套

The RC2 key wrap algorithm encrypts a RC2 key with a RC2 key-encryption key. The RC2 key wrap algorithm is:

RC2密钥包裹算法使用RC2密钥加密密钥对RC2密钥进行加密。RC2密钥换行算法是:

1. Let the RC2 key be called CEK, and let the length of CEK in octets be called LENGTH. LENGTH is a single octet. 2. Let LCEK = LENGTH || CEK. 3. Let LCEKPAD = LCEK || PAD. If the length of LCEK is a multiple of 8, the PAD has a length of zero. If the length of LCEK is not a multiple of 8, then PAD contains the fewest number of random octets to make the length of LCEKPAD a multiple of 8. 4. Compute an 8 octet key checksum value on LCEKPAD as described above in Section 2, call the result ICV. 5. Let LCEKPADICV = LCEKPAD || ICV. 6. Generate 8 octets at random, call the result IV. 7. Encrypt LCEKPADICV in CBC mode using the key-encryption key. Use the random value generated in the previous step as the initialization vector (IV). Call the ciphertext TEMP1.

1. 将RC2密钥称为CEK,并将CEK的长度(以八位字节为单位)称为长度。长度是一个八位组。2.设LCEK=长度| | CEK。3.让LCEKPAD=LCEK | | PAD。如果LCEK的长度是8的倍数,则焊盘的长度为零。如果LCEK的长度不是8的倍数,则PAD包含的随机八位字节数最少,以使LCEKPAD的长度为8的倍数。4.如上文第2节所述,在LCEKPAD上计算8个八位键的校验和值,调用结果ICV。5.设LCEKPADICV=LCEKPAD | | ICV。6.随机生成8个八位组,调用结果IV.7。使用密钥加密密钥在CBC模式下加密LCEKPADICV。使用上一步中生成的随机值作为初始化向量(IV)。调用密文TEMP1。

8. Let TEMP2 = IV || TEMP1. 9. Reverse the order of the octets in TEMP2. That is, the most significant (first) octet is swapped with the least significant (last) octet, and so on. Call the result TEMP3. 10. Encrypt TEMP3 in CBC mode using the key-encryption key. Use an initialization vector (IV) of 0x4adda22c79e82105.

8. 设TEMP2=IV | | TEMP1。9颠倒TEMP2中八位字节的顺序。也就是说,最高有效(第一个)八位字节与最低有效(最后一个)八位字节交换,依此类推。调用结果TEMP3。10使用密钥加密密钥在CBC模式下加密TEMP3。使用0x4adda22c79e82105的初始化向量(IV)。

Note: When the same RC2 key is wrapped in different key-encryption keys, a fresh initialization vector (IV) must be generated for each invocation of the key wrap algorithm.

注意:当相同的RC2密钥包装在不同的密钥加密密钥中时,必须为每次调用密钥包装算法生成一个新的初始化向量(IV)。

4.2 RC2 Key Unwrap
4.2 RC2钥匙展开

The RC2 key unwrap algorithm decrypts a RC2 key using a RC2 key-encryption key. The RC2 key unwrap algorithm is:

RC2密钥展开算法使用RC2密钥加密密钥解密RC2密钥。RC2密钥展开算法为:

1. If the wrapped key is not a multiple of 8 octets, then error. 2. Decrypt the wrapped key in CBC mode using the key-encryption key. Use an initialization vector (IV) of 0x4adda22c79e82105. Call the output TEMP3. 3. Reverse the order of the octets in TEMP3. That is, the most significant (first) octet is swapped with the least significant (last) octet, and so on. Call the result TEMP2. 4. Decompose the TEMP2 into IV and TEMP1. IV is the most significant (first) 8 octets, and TEMP1 is the remaining octets. 5. Decrypt TEMP1 in CBC mode using the key-encryption key. Use the IV value from the previous step as the initialization vector. Call the plaintext LCEKPADICV. 6. Decompose the LCEKPADICV into LCEKPAD, and ICV. ICV is the least significant (last) octet 8 octets. LCEKPAD is the remaining octets. 7. Compute an 8 octet key checksum value on LCEKPAD as described above in Section 2. If the computed key checksum value does not match the decrypted key checksum value, ICV, then error. 8. Decompose the LCEKPAD into LENGTH, CEK, and PAD. LENGTH is the most significant (first) octet. CEK is the following LENGTH octets. PAD is the remaining octets, if any. 9. If the length of PAD is more than 7 octets, then error. 10. Use CEK as an RC2 key.

1. 如果包装的密钥不是8个八位字节的倍数,则返回错误。2.使用密钥加密密钥在CBC模式下解密包装的密钥。使用0x4adda22c79e82105的初始化向量(IV)。调用输出TEMP3。3.在TEMP3中颠倒八位组的顺序。也就是说,最高有效(第一个)八位字节与最低有效(最后一个)八位字节交换,依此类推。调用结果TEMP2。4.将TEMP2分解为IV和TEMP1。IV是最重要的(前)8个八位字节,TEMP1是剩余的八位字节。5.使用密钥加密密钥在CBC模式下解密TEMP1。使用上一步中的IV值作为初始化向量。调用明文LCEKPADICV。6.将LCEKPADICV分解为LCEKPAD和ICV。ICV是最不显著(最后)的八位字节8个八位字节。LCEKPAD是剩余的八位字节。7.如上文第2节所述,在LCEKPAD上计算8个八位键的校验和值。如果计算的密钥校验和值与解密的密钥校验和值ICV不匹配,则出现错误。8.将LCEKPAD分解为长度、CEK和PAD。长度是最重要的(第一个)八位组。CEK是以下长度的八位字节。PAD是剩余的八位字节(如果有)。9如果PAD的长度超过7个八位字节,则为错误。10使用CEK作为RC2密钥。

4.3 RC2 Key Wrap Algorithm Identifier
4.3 RC2密钥包裹算法标识符

Some security protocols employ ASN.1 [X.208-88, X.209-88], and these protocols employ algorithm identifiers to name cryptographic algorithms. To support these protocols, the RC2 key wrap algorithm has been assigned the following algorithm identifier:

一些安全协议使用ASN.1[X.208-88,X.209-88],这些协议使用算法标识符来命名加密算法。为支持这些协议,RC2密钥包裹算法已分配以下算法标识符:

      id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
         us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }
        
      id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
         us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }
        

The AlgorithmIdentifier parameter field MUST be RC2wrapParameter:

AlgorithmIdentifier参数字段必须是RC2wrapParameter:

      RC2wrapParameter ::= RC2ParameterVersion
        
      RC2wrapParameter ::= RC2ParameterVersion
        
      RC2ParameterVersion ::= INTEGER
        
      RC2ParameterVersion ::= INTEGER
        

The RC2 effective-key-bits (key size) greater than 32 and less than 256 is encoded in the RC2ParameterVersion. For the effective-key-bits of 40, 64, and 128, the rc2ParameterVersion values are 160, 120, and 58 respectively. These values are not simply the RC2 key length. Note that the value 160 must be encoded as two octets (00 A0), because the one octet (A0) encoding represents a negative number.

大于32且小于256的RC2有效密钥位(密钥大小)在RC2参数版本中进行编码。对于有效密钥位40、64和128,RC2参数版本值分别为160、120和58。这些值不仅仅是RC2密钥长度。注意,值160必须编码为两个八位字节(00A0),因为一个八位字节(A0)编码表示负数。

4.4 RC2 Key Wrap Example
4.4 RC2密钥封装示例

This section contains a RC2 Key Wrap example. Intermediate values corresponding to the named items in section 4.1 are given in hexadecimal.

本节包含一个RC2密钥封装示例。第4.1节中命名项目对应的中间值以十六进制表示。

CEK: b70a 25fb c9d8 6a86 050c e0d7 11ea d4d9 KEK: fd04 fd08 0607 07fb 0003 feff fd02 fe05 LENGTH: 10 LCEK: 10b7 0a25 fbc9 d86a 8605 0ce0 d711 ead4 d9 PAD: 4845 cce7 fd12 50 LCEKPAD: 10b7 0a25 fbc9 d86a 8605 0ce0 d711 ead4 d948 45cc e7fd 1250 ICV: 0a6f f19f db40 4988 LCEKPADICV: 10b7 0a25 fbc9 d86a 8605 0ce0 d711 ead4 d948 45cc e7fd 1250 0a6f f19f db40 4988 IV: c7d9 0059 b29e 97f7 TEMP1: a01d a259 3793 1260 e48c 55f5 04ce 70b8 ac8c d79e ffe8 9932 9fa9 8a07 a31f f7a7 TEMP2: c7d9 0059 b29e 97f7 a01d a259 3793 1260 e48c 55f5 04ce 70b8 ac8c d79e ffe8 9932 9fa9 8a07 a31f f7a7 TEMP3: a7f7 1fa3 078a a99f 3299 8eff 9ed7 8cac b870 ce04 f555 8ce4 6012 9337 59a2 1da0 f797 9eb2 5900 d9c7 RESULT: 70e6 99fb 5701 f783 3330 fb71 e87c 85a4 20bd c99a f05d 22af 5a0e 48d3 5f31 3898 6cba afb4 b28d 4f35

CEK:b70a 25fb c9d8 6a86 050c e0d7 11ea d4d9 KEK:fd04 fd08 0607 07fb 0003 feff fd02 fe05长度:10 LCEK:10b7 0a25 fbc9 d86a 8605 0ce0 d711 ead4 d9焊盘:4845 cce7 fd12 50 LCEKPAD:10b7 0a25 fbc9 d86a 8605 0ce0 d711 EAD948 45cc e7fd 1250 ICV:0a6f f19f db40 4988 LCEKPADIV:10b7 0a25 fbc9 D865 EAD948 EAD9F E7Fdb40 4988 IV:c7d9 0059 b29e 97f7时间段1:a01d a259 3793 1260 e48c 55f5 04ce 70b8 ac8c d79e ffe8 9932 9fa9 8a07 a31f f7a7时间段2:c7d9 0059 b29e 97f7 a01d a259 3793 1260 e48c 55f5 04ce 70b8 ac8c d79e ffe8 9932 FA9 8a07 a31f f7a7时间段3:a7f7 1FA7 078 078a a99f 3299 8cac 870 8E9E692结果:E798E707E6E707E6E9E6E6E7E7E7E7E7E7E9E7结果段99fb 5701 f783 3330 fb71 e87c 85a4 20bd c99a f05d 22af 5a0e 48d3 5f31 3898 6cba afb4 b28d 4f35

5 References

5参考文献

[3DES] American National Standards Institute. ANSI X9.52-1998, Triple Data Encryption Algorithm Modes of Operation. 1998.

[3DES]美国国家标准协会。ANSI X9.52-1998,三重数据加密算法操作模式。1998

[CMS] Housley, R., "Cryptographic Message Syntax", RFC 2630, June 1999.

[CMS]Housley,R.,“加密消息语法”,RFC 2630,1999年6月。

[DES] American National Standards Institute. ANSI X3.106, "American National Standard for Information Systems - Data Link Encryption". 1983.

[DES]美国国家标准协会。ANSI X3.106,“美国信息系统国家标准-数据链路加密”。1983

[DH-X9.42] Rescorla, E., "Diffie-Hellman Key Agreement Method", RFC 2631, June 1999.

[DH-X9.42]Rescorla,E.,“Diffie-Hellman密钥协商方法”,RFC 26311999年6月。

[DSS] National Institute of Standards and Technology. FIPS Pub 186: Digital Signature Standard. 19 May 1994.

[DSS]国家标准与技术研究所。FIPS Pub 186:数字签名标准。1994年5月19日。

[MODES] National Institute of Standards and Technology. FIPS Pub 81: DES Modes of Operation. 2 December 1980.

[模式]国家标准与技术研究所。FIPS Pub 81:DES操作模式。1980年12月2日。

[RANDOM] Eastlake, D., Crocker, S. and J. Schiller, "Randomness Recommendations for Security", RFC 1750, December 1994.

[随机]Eastlake,D.,Crocker,S.和J.Schiller,“安全的随机性建议”,RFC 1750,1994年12月。

[RC2] Rivest, R., "A Description of the RC2 (r) Encryption Algorithm", RFC 2268, March 1998.

[RC2]Rivest,R.,“RC2(R)加密算法的描述”,RFC 2268,1998年3月。

[SHA1] National Institute of Standards and Technology. FIPS Pub 180-1: Secure Hash Standard. 17 April 1995.

[SHA1]国家标准与技术研究所。FIPS Pub 180-1:安全哈希标准。1995年4月17日。

[STDWORDS] Bradner, S., "Key Words for Use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[STDWORDS]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[X.208-88] CCITT. Recommendation X.208: Specification of Abstract Syntax Notation One (ASN.1). 1988.

[X.208-88]CCITT。建议X.208:抽象语法符号1(ASN.1)的规范。1988

[X.209-88] CCITT. Recommendation X.209: Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1). 1988.

[X.209-88]CCITT。建议X.209:抽象语法符号1(ASN.1)的基本编码规则规范。1988

6 Security Considerations

6安全考虑

Implementations must protect the key-encryption key. Compromise of the key-encryption key may result in the disclosure of all keys that have been wrapped with the key-encryption key, which may lead to the disclosure of all traffic protected with those wrapped key.

实现必须保护密钥加密密钥。密钥加密密钥的泄露可能会导致泄漏已使用密钥加密密钥包装的所有密钥,这可能会导致泄漏使用这些包装密钥保护的所有通信量。

Implementations must randomly generate initialization vectors (IVs) and padding. The generation of quality random numbers is difficult. RFC 1750 [RANDOM] offers important guidance in this area, and Appendix 3 of FIPS Pub 186 [DSS] provides one quality PRNG technique.

实现必须随机生成初始化向量(IVs)和填充。生成高质量的随机数是困难的。RFC 1750[RANDOM]在这方面提供了重要的指导,FIPS Pub 186[DSS]的附录3提供了一种高质量的PRNG技术。

If the key-encryption key and wrapped key are associated with different symmetric encryption algorithms, the effective security provided to data encrypted with the wrapped key is determined by the weaker of the two algorithms. If, for example, data is encrypted with 168-bit Triple-DES and that Triple-DES key is wrapped with a 40-bit RC2 key, then at most 40 bits of protection is provided. A trivial search to determine the value of the 40-bit RC2 key can recover Triple-DES key, and then the Triple-DES key can be used to decrypt the content. Therefore, implementers must ensure that key-encryption algorithms are as strong or stronger than content-encryption algorithms.

如果密钥加密密钥和包装密钥与不同的对称加密算法相关联,则为使用包装密钥加密的数据提供的有效安全性由两种算法中较弱的算法决定。例如,如果数据用168位三重DES加密,并且三重DES密钥用40位RC2密钥包装,则最多提供40位保护。确定40位RC2密钥值的简单搜索可以恢复三重DES密钥,然后可以使用三重DES密钥解密内容。因此,实现者必须确保密钥加密算法与内容加密算法一样强大。

These key wrap algorithms specified in this document have been reviewed for use with Triple-DES and RC2, and they have not been reviewed for use with other encryption algorithms. Similarly, the key wrap algorithms make use of CBC mode [MODES], and they have not been reviewed for use with other cryptographic modes.

本文档中指定的这些密钥封装算法已经过审查,可与Triple DES和RC2一起使用,但尚未审查是否可与其他加密算法一起使用。类似地,密钥封装算法使用CBC模式[MODES],并且还没有对它们与其他加密模式的使用进行审查。

7 Acknowledgments

7致谢

This document is the result of contributions from many professionals. I appreciate the hard work of all members of the IETF S/MIME Working Group. I extend a special thanks to Carl Ellison, Peter Gutmann, Bob Jueneman, Don Johnson, Burt Kaliski, John Pawling, and Jim Schaad for their support in defining these algorithms and generating this specification.

本文件是许多专业人士贡献的成果。我感谢IETF S/MIME工作组所有成员的辛勤工作。我特别感谢Carl Ellison、Peter Gutmann、Bob Jueneman、Don Johnson、Burt Kaliski、John Pawling和Jim Schaad在定义这些算法和生成本规范方面提供的支持。

8 Author Address

8作者地址

Russell Housley RSA Laboratories 918 Spring Knoll Drive Herndon, VA 20170 USA

美国弗吉尼亚州赫恩登斯普林诺尔大道918号拉塞尔·霍斯利RSA实验室,邮编:20170

   EMail: rhousley@rsasecurity.com
        
   EMail: rhousley@rsasecurity.com
        

9 Full Copyright Statement

9完整版权声明

Copyright (C) The Internet Society (2001). All Rights Reserved.

版权所有(C)互联网协会(2001年)。版权所有。

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.

本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。

The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.

上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。

This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Acknowledgement

确认

Funding for the RFC Editor function is currently provided by the Internet Society.

RFC编辑功能的资金目前由互联网协会提供。