RSA BSAFE®Crypto-CCryptographic Components for CDeveloper’s GuideVersion 5.2.2
x RSA BSAFE Crypto-C Developer’s GuideAppendix A Command-Line Demos 327Overview of the Demos . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cryptography Overview78 RSA BSAFE Crypto-C Developer’s GuidePhase 1The first party randomly generates a private value, a number k1, greater than 0 but
Chapter 3 Cryptography 79Cryptography OverviewFigure 3-13 Elliptic Curve Diffie-Hellman Key AgreementThe MathEven though the two parties involved are
Cryptography Overview80 RSA BSAFE Crypto-C Developer’s GuideR2: 2nd party’s public valuexS: secret keyIn phase 1, each party computes a private value,
Chapter 3 Cryptography 81Cryptography OverviewFigure 3-14 Secret Sharing — Key Share AssignmentFigure 3-15 Secret Sharing — Full Key Generation From
Cryptography Overview82 RSA BSAFE Crypto-C Developer’s GuideKey ManagementThe term key management refers to the collection of processes and methods fo
Chapter 3 Cryptography 83Applications of CryptographyASCII Encoding and DecodingASCII encoding and decoding is required when you need to send encrypt
Applications of Cryptography84 RSA BSAFE Crypto-C Developer’s Guide• Ensure file integrity and protect against tampering. Cryptographic techniques can
Chapter 3 Cryptography 85Applications of Cryptography4. Perform the encryption and decryption using the RC4 cipher with the established key. If the a
Applications of Cryptography86 RSA BSAFE Crypto-C Developer’s Guidepublic key is communicated to the server and an entry is made in the table maintain
Chapter 3 Cryptography 87Choosing AlgorithmsChoosing AlgorithmsIn some cases, an application’s constraints determine the algorithm. In other cases, t
xiList of Figures Figure 3-1 Symmetric-Key Encryption and Decryption . . . . . . . . . . . . . . . . . . . . 36 Figure 3-2 Triple DES Encryption a
Choosing Algorithms88 RSA BSAFE Crypto-C Developer’s GuideBlock Symmetric-Key AlgorithmsThe following considerations may help when choosing between DE
Chapter 3 Cryptography 89Choosing AlgorithmsDigital envelopes are more convenient when the contact between nodes is not interactive, such as email. O
Choosing Algorithms90 RSA BSAFE Crypto-C Developer’s Guidelimited. In typical applications of cryptography, public-key operations are employed in comb
Chapter 3 Cryptography 91Security Considerationsalready in place, or where a hardware developer wants to be able to provide a platform that supports
Security Considerations92 RSA BSAFE Crypto-C Developer’s Guidethat ensure allocation of core memory, and not of virtual memory.It is a good idea to ge
Chapter 3 Cryptography 93Security Considerationsattacker can predict two or three of the bits in each seed byte. Bit 7, for instance, will always be
Security Considerations94 RSA BSAFE Crypto-C Developer’s GuideInitialization Vectors and SaltsAlthough IVs and salts are not secret information, it is
Chapter 3 Cryptography 95Security ConsiderationsStream CiphersA stream cipher (such as the RC4 cipher) will create a stream of pseudo-random bytes ba
Security Considerations96 RSA BSAFE Crypto-C Developer’s Guideparameters, then in theory, an attacker with access to accurate timings can determine un
Chapter 3 Cryptography 97Security Considerations = (r-1)(r)(md) = (1)(md) mod nCrypto-C offers bo
xii RSA BSAFE Crypto-C Developer’s Guide
Security Considerations98 RSA BSAFE Crypto-C Developer’s GuideTable 3-4 gives a summary of the recommended key sizes for the algorithms supported in C
Chapter 3 Cryptography 99Security Considerationsprogress in factoring algorithms and improvements in computing power.Diffie-Hellman Parameters and DS
Security Considerations100 RSA BSAFE Crypto-C Developer’s GuideElliptic Curve KeysFor prototyping and evaluation, RSA Security recommends setting the
101Chapter 4Using Crypto-CAlgorithms in Crypto-CWhatever algorithm Crypto-C performs, it does so from an algorithm object. An algorithm object is used
Algorithms in Crypto-C102 RSA BSAFE Crypto-C Developer’s GuideInformation Formats Provided by Crypto-CThere are four types of AIs in Crypto-C. These A
Chapter 4 Using Crypto-C 103Algorithms in Crypto-CPEM-Based Algorithm Info TypesThe Privacy Enhanced Mail (PEM) draft standard is a product of the In
Algorithms in Crypto-C104 RSA BSAFE Crypto-C Developer’s GuideNote: Not all message digests are recommended. See “Message Digests” on page 47 for deta
Chapter 4 Using Crypto-C 105Algorithms in Crypto-CAI_RC4WithMAC RC4 with message authentication code aAI_RC4WithMAC_BER RC4 with message authenticati
Algorithms in Crypto-C106 RSA BSAFE Crypto-C Developer’s GuideAI_DESX_CBCPadBER DESX-CBC, 8-byte IV, BER-encoded algorithm identifierPKCS #5 aAI_DESX_
Chapter 4 Using Crypto-C 107Algorithms in Crypto-CAI_MD2WithRC2_CBCPadBER MD2 digest followed by RC2-CBC, BER-encoded algorithm identifierPKCS #5 aAI
xiiiList of TablesTable 3-1 Calculation of 827 mod 55. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Table 3-2 Elliptic Curve
Algorithms in Crypto-C108 RSA BSAFE Crypto-C Developer’s GuideAI_PKCS_OAEP_RSAPrivateBER RSA private-key encryption/decryption with OAEP in accordance
Chapter 4 Using Crypto-C 109Algorithms in Crypto-CDigital Signatures Composite operations for signing data: digest the data, then encrypt the BER enc
Algorithms in Crypto-C110 RSA BSAFE Crypto-C Developer’s GuideTable 4-9 Diffie-Hellman Key AgreementAlgorithm Info Type Description BERParameter Gener
Chapter 4 Using Crypto-C 111Algorithms in Crypto-CElliptic Curve DSAAI_EC_DSA Raw ECDSA signature/verificationAI_EC_DSAWithDigest SHA1 digest followe
Algorithms in Crypto-C112 RSA BSAFE Crypto-C Developer’s GuideTable 4-13 Advanced Encryption Standard (AES)Algorithm Info Type DescriptionAI_AES_CBC A
Chapter 4 Using Crypto-C 113Keys In Crypto-CKeys In Crypto-CThe key object is used to hold any key-related information and to supply this information
Keys In Crypto-C114 RSA BSAFE Crypto-C Developer’s GuideKI_RC2_BSAFE1 RC2 key in BSAFE 1.x formatKI_RC2WithBSAFE1Params RC2 key with additional parame
Chapter 4 Using Crypto-C 115Keys In Crypto-CTable 4-18 Elliptic Curve KeysKey Information Type DescriptionKI_ECPrivate EC private key and underlying
System Considerations In Crypto-C116 RSA BSAFE Crypto-C Developer’s GuideSystem Considerations In Crypto-CAlgorithm ChoosersWhen you use an AI, it in
Chapter 4 Using Crypto-C 117System Considerations In Crypto-CRC5, or RSA encryption. So we could have built an algorithm chooser that included only o
xiv RSA BSAFE Crypto-C Developer’s Guide
System Considerations In Crypto-C118 RSA BSAFE Crypto-C Developer’s Guidedescription of AI_X962Random_V0 instead of AI_SHA1Random:Note: The previous a
Chapter 4 Using Crypto-C 119System Considerations In Crypto-CChapter 1 also gives the form that a surrender function must have:If you define a surren
System Considerations In Crypto-C120 RSA BSAFE Crypto-C Developer’s GuideA routine that calls Crypto-C functions would use the above surrender functio
Chapter 4 Using Crypto-C 121System Considerations In Crypto-Cobject. When you call B_GetAlgorithmState, you receive a buffer that contains all of the
System Considerations In Crypto-C122 RSA BSAFE Crypto-C Developer’s Guideinformation it is looking for. This information, though, belongs to Crypto-C;
Chapter 4 Using Crypto-C 123System Considerations In Crypto-CSome applications may need to be completely autonomous; that is, they should have no nee
System Considerations In Crypto-C124 RSA BSAFE Crypto-C Developer’s Guidemore individuals. For example, users may need to transmit a public key, ellip
Chapter 4 Using Crypto-C 125System Considerations In Crypto-CCrypto-C returns a pointer to the location where we can find the info, not the info itse
System Considerations In Crypto-C126 RSA BSAFE Crypto-C Developer’s GuideInput and OutputSome of the AI entries in the Reference Manual include the ca
Chapter 4 Using Crypto-C 127System Considerations In Crypto-CCrypto-C offers padding for the symmetric block-encryption algorithms, which have no res
xvPrefaceDear Crypto-C Developer:Congratulations on your purchase of RSA BSAFE® Crypto-C (Crypto-C), the state-of-the-art in cryptographic software to
System Considerations In Crypto-C128 RSA BSAFE Crypto-C Developer’s GuideThis applies to PKCS #1 v1.5 block 02 padding. Set OAEP or PKCS #12 OAEP have
Chapter 4 Using Crypto-C 129System Considerations In Crypto-CKey SizeIn cryptography, security is measured in key size: the bigger the key, the great
System Considerations In Crypto-C130 RSA BSAFE Crypto-C Developer’s Guideends and the public exponent begins. It would be a good idea to put identifyi
Chapter 4 Using Crypto-C 131System Considerations In Crypto-C• Total: 484 bytesIn addition, when the most significant bit of the most significant byt
Using Cryptographic Hardware132 RSA BSAFE Crypto-C Developer’s GuideUsing Cryptographic HardwareCrypto-C lets you enhance the security and speed of cr
Chapter 4 Using Crypto-C 133Using Cryptographic Hardwarethe application has been compiled. If more than one hardware method is present for the same A
Using Cryptographic Hardware134 RSA BSAFE Crypto-C Developer’s GuidePKCS #11 SupportPKCS #11 support has been added to Crypto-C v5.1. The routine will
Chapter 4 Using Crypto-C 135Using Cryptographic HardwareUsing a PKCS #11 Device with Crypto-CIf you want to have Crypto-C use a PKCS #11 device to pe
Using Cryptographic Hardware136 RSA BSAFE Crypto-C Developer’s GuideIn this example, we passed 0 for sessionHandle and NULL_PTR for cryptokiFunctions.
Chapter 4 Using Crypto-C 137Using Cryptographic Hardwaresurrender context (private key operations are more susceptible to a timing attack when you us
What’s New in Version 5.2.2?xvi RSA BSAFE Crypto-C Developer’s GuideWhat’s New in Version 5.2.2?Following is a list of RSA BSAFE Crypto-C features tha
Using Cryptographic Hardware138 RSA BSAFE Crypto-C Developer’s Guidewant to create a hardware chooser only, and if you want to do the task in hardware
Chapter 4 Using Crypto-C 139Using Cryptographic HardwareThis AI has an associated info data struct that allows you to set attributes. See the Referen
Using Cryptographic Hardware140 RSA BSAFE Crypto-C Developer’s Guidemay need to set the attributes manually for the token to work.You can use this AI
Chapter 4 Using Crypto-C 141Using Cryptographic Hardwareinfo types if it is a key that resides on the token and is not private.Now you can send the p
Using Cryptographic Hardware142 RSA BSAFE Crypto-C Developer’s GuideThis code looks just like regular code. Whether you are signing with software or h
Chapter 4 Using Crypto-C 143Using Cryptographic Hardware CK_RV rv; CK_SESSION_HANDLE sessionHandle; HINSTANCE libHandle; GetFunctionList GetList
Using Cryptographic Hardware144 RSA BSAFE Crypto-C Developer’s GuidePKCS #11 Support for DSA Key Pair GenerationThis section describes how to generate
Chapter 4 Using Crypto-C 145Using Cryptographic HardwareNow that you have a key pair, extract the public key, part of the public key is a struct cont
Using Cryptographic Hardware146 RSA BSAFE Crypto-C Developer’s Guidedestroying, or copy it into your own buffer. Since you generated the key pair only
Chapter 4 Using Crypto-C 147Using Cryptographic HardwareAdvanced PKCS #11This chapter earlier described internalKey as the collection of three items:
Organization of This ManualPreface xviiV5.2. Use this AI to save the internal state of an RC4 encryption or decryption object, or to create a new ob
Using Cryptographic Hardware148 RSA BSAFE Crypto-C Developer’s GuideIn real life, you may never have to use this feature. Mostly you will retrieve the
Chapter 4 Using Crypto-C 149Using Cryptographic HardwareTo implement this, the hardware accelerator might require you to call its key-wrapping routin
150
151Chapter 5Non-Cryptographic OperationsCrypto-C supplies a number of non-cryptographic algorithms that are necessary for cryptographic applications.
Message Digests152 RSA BSAFE Crypto-C Developer’s GuideMessage DigestsA message digest is a fixed-length, statistically-unique identifier that corresp
Chapter 5 Non-Cryptographic Operations 153Message DigestsStep 3: InitTo initialize a message digest, call B_DigestInit. The Reference Manual Chapter
Message Digests154 RSA BSAFE Crypto-C Developer’s GuideYour call will be the following:Step 5: FinalAn MD2 or MD5 digest is always 16 bytes; an SHA1 d
Chapter 5 Non-Cryptographic Operations 155Message DigestsStep 6: DestroyRemember to destroy all objects when you are done with them:BER-Encoding the
Message Digests156 RSA BSAFE Crypto-C Developer’s GuideThe following example BER-encodes the preceeding sample digest:To decode BER-encoded informatio
Chapter 5 Non-Cryptographic Operations 157Message DigestsB_DigestUpdate before calling B_DigestFinal(). This is useful when an application is called
Conventions Used in This Manualxviii RSA BSAFE Crypto-C Developer’s GuideConventions Used in This ManualThe following typographical conventions are us
Message Digests158 RSA BSAFE Crypto-C Developer’s Guidestate of the algorithm object following the call to B_DigestUpdate. The digestAI argument is s
Chapter 5 Non-Cryptographic Operations 159Message DigestsTable 5-1 Code Sample: DigestDataSavedState() int DigestDataSavedState (ITEM *stateInfo, B_I
Message Digests160 RSA BSAFE Crypto-C Developer’s GuideThis routine can be called until all of the data blocks have been digested. We can then restor
Chapter 5 Non-Cryptographic Operations 161Hash-Based Message Authentication Code Hash-Based Message Authentication Code (HMAC)A hash-based message au
Hash-Based Message Authentication Code (HMAC)162 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitFor hash-based message authentication, you need a key
Chapter 5 Non-Cryptographic Operations 163Hash-Based Message Authentication Code Once you have properly initialized the key object, you can call B_Di
Hash-Based Message Authentication Code (HMAC)164 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalAfter the data to digest has been processed by calls
Chapter 5 Non-Cryptographic Operations 165Generating Random NumbersGenerating Random NumbersIn the “Introductory Example” on page 9, we hard-coded th
Generating Random Numbers166 RSA BSAFE Crypto-C Developer’s GuideStep 2: Setting The Algorithm ObjectYou need to supply an appropriate algorithm info
Chapter 5 Non-Cryptographic Operations 167Generating Random NumbersRefer to “Saving State” on page 120 for a discussion of how to save the state of t
Terms and AbbreviationsPreface xixTerms and AbbreviationsThe following table lists terms and abbreviations used in this document. Refer to the Gloss
Generating Random Numbers168 RSA BSAFE Crypto-C Developer’s Guidepredict or reproduce. Once you have seeded the random algorithm, the algorithm can pr
Chapter 5 Non-Cryptographic Operations 169Generating Random NumbersNow that you have a random seed, you can call B_RandomUpdate. The length argument
Generating Random Numbers170 RSA BSAFE Crypto-C Developer’s GuideStep 6: DestroyRemember to destroy all objects when done with them. You must also cal
Chapter 5 Non-Cryptographic Operations 171Generating Random NumbersFor this example, you will specify six streams of randomness, and provide a seed s
Converting Data Between Binary and ASCII172 RSA BSAFE Crypto-C Developer’s GuideConverting Data Between Binary and ASCIIIf you have data in binary for
Chapter 5 Non-Cryptographic Operations 173Converting Data Between Binary and ASCIIStep 4: UpdateEnter the data to encode through B_EncodeUpdate. The
Converting Data Between Binary and ASCII174 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalFinalize the encoding process, writing out any remaining
Chapter 5 Non-Cryptographic Operations 175Converting Data Between Binary and ASCIIStep 3: InitTo initialize decoding, call B_DecodeInit. This functio
Converting Data Between Binary and ASCII176 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalFinalize the decoding process, writing out any bytes rema
177Chapter 6Symmetric-Key OperationsRecall that the RC4 algorithm of the “Introductory Example” on page 9 is called symmetric-key encryption because t
© 2001 RSA Security Inc. All rights reserved. 001-019003-522-001-000First printing: May 2001See our Web Site for regional Customer Service telephone a
Related Documentsxx RSA BSAFE Crypto-C Developer’s GuideRelated DocumentsFollowing is a list of documents referenced in this book and suggested materi
Block Ciphers178 RSA BSAFE Crypto-C Developer’s GuideBlock CiphersDES with CBCThe example in this section corresponds to the file descbc.c.Step 1: Cre
Chapter 6 Symmetric-Key Operations 179Block CiphersencryptionMethodName is the block cipher that you will use; for this example, use “des”. The infor
Block Ciphers180 RSA BSAFE Crypto-C Developer’s GuideYou must also indicate that you want to use the standard CBC padding which is defined in PKCS#5;
Chapter 6 Symmetric-Key Operations 181Block CiphersStep 3b: Setting the Key ObjectYou want to use a KI compatible with DES encryption, so return to
Block Ciphers182 RSA BSAFE Crypto-C Developer’s GuideNow that you have a key, you need an algorithm chooser and a surrender context. This is a speedy
Chapter 6 Symmetric-Key Operations 183Block CiphersStep 5: FinalStep 6: DestroyRemember to destroy all objects that you created and free up any memor
Block Ciphers184 RSA BSAFE Crypto-C Developer’s GuideThe RC2 CipherThe RC2 cipher is a variable-key-size block cipher. Whereas a DES key requires eigh
Chapter 6 Symmetric-Key Operations 185Block CiphersOnce again, encryptionMethodName is the block cipher that you will use; in this example, use “rc2”
Block Ciphers186 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitYou need a key before you can initialize the algorithm object for encryption.Step 3a:
Chapter 6 Symmetric-Key Operations 187Block CiphersUse a random number generator to come up with 24 bytes.It is a good idea to zeroize any sensitive
Related DocumentsPreface xxi• Results from the RSA Factoring Challenge• Recommendations on Elliptic Curve Cryptosystems• Recent Results for MD2, MD4
Block Ciphers188 RSA BSAFE Crypto-C Developer’s GuideYou need an algorithm chooser and a surrender context. This is a speedy function, so it is reason
Chapter 6 Symmetric-Key Operations 189Block CiphersStep 5: FinalStep 6: DestroyRemember to destroy all objects created and free up any memory allocat
Block Ciphers190 RSA BSAFE Crypto-C Developer’s GuideDecryptingAs with the “Introductory Example” on page 9, decrypting is similar to encrypting. Use
Chapter 6 Symmetric-Key Operations 191Block CiphersStep 2: Setting The Algorithm ObjectThere are a number of RC5 AIs from which to choose. Table 4-6
Block Ciphers192 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitYou need a key before you can initialize the algorithm object for encryption. You wil
Chapter 6 Symmetric-Key Operations 193Block CiphersUse a random number generator to create 10 bytes:It is a good idea to zeroize any sensitive data a
Block Ciphers194 RSA BSAFE Crypto-C Developer’s GuideNow that you have a key, you need an algorithm chooser and a surrender context. This is a speedy
Chapter 6 Symmetric-Key Operations 195Block CiphersStep 5: FinalStep 6: DestroyRemember to destroy all objects that you created and free up any memor
Block Ciphers196 RSA BSAFE Crypto-C Developer’s GuideDecryptingAs in the “Introductory Example” on page 9, decrypting is similar to encrypting. Use th
Chapter 6 Symmetric-Key Operations 197Block Ciphersthat, as specified in the Reference Manual entry for AI_RC6_CBCPad, this AI requires an initialize
How to Contact RSA Securityxxii RSA BSAFE Crypto-C Developer’s GuideHow to Contact RSA SecurityRSA Security Web SiteYou can visit the RSA Security Web
Block Ciphers198 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitThe next step is to make a call to B_EncryptInit. To do this, you need a key object.
Chapter 6 Symmetric-Key Operations 199Block CiphersTo call B_EncryptInit, we also need an algorithm chooser. The Reference Manual entry for AI_RC6_C
Block Ciphers200 RSA BSAFE Crypto-C Developer’s Guidefor the surrender context:Step 5: FinalStep 6: DestroyRemember to destroy any objects that you cr
Chapter 6 Symmetric-Key Operations 201Block Ciphersbeen allocated:DecryptingAs in the “Introductory Example” on page 9, decrypting is similar to encr
Block Ciphers202 RSA BSAFE Crypto-C Developer’s GuideCBC mode requires an initialization vector, so assume that you have the following buffer containi
Chapter 6 Symmetric-Key Operations 203Block CiphersStep 3a: Creating a Key ObjectStep 3b: Setting the Key DataNow you need to set the key size and pa
Block Ciphers204 RSA BSAFE Crypto-C Developer’s GuideTo call B_EncryptInit, we also need an algorithm chooser. The Reference Manual entry for AI_AES_
Chapter 6 Symmetric-Key Operations 205Block CiphersStep 5: FinalStep 6: DestroyRemember to destroy any objects that you created and to free up any me
Block Ciphers206 RSA BSAFE Crypto-C Developer’s GuidePassword-Based EncryptionIn previous encryption methods, you used a random number generator to pr
Chapter 6 Symmetric-Key Operations 207Block CiphersStep 2: Setting The Algorithm ObjectThere are a number of PBE AIs from which to choose (see “Summa
1Chapter 1IntroductionThis chapter introduces the Crypto-C toolkit. It lists the algorithms, cryptographic standards, NIST standards, and ANSI X9 stan
Block Ciphers208 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitYou need a key before you can initialize the algorithm object for encryption. In PBE,
Chapter 6 Symmetric-Key Operations 209Block Cipherssecure; it is used for illustrative purposes only. It is not for duplication:You should zeroize an
Block Ciphers210 RSA BSAFE Crypto-C Developer’s GuideStep 4: UpdateEnter the data to encrypt through B_EncryptUpdate. The Reference Manual Chapter 2 e
Chapter 6 Symmetric-Key Operations 211Block CiphersStep 5: FinalStep 6: DestroyRemember to destroy all objects and free up any allocated memory:Decry
213Chapter 7Public-Key OperationsIn public-key cryptography, two associated keys are necessary: one to encrypt, and the other to decrypt. The sender e
Performing RSA Operations214 RSA BSAFE Crypto-C Developer’s GuidePerforming RSA OperationsThe RSA algorithm is a public-key algorithm that relies on t
Chapter 7 Public-Key Operations 215Performing RSA OperationsStep 2: Setting the Algorithm ObjectFor this example, use AI_RSAKeyGen to generate an RSA
Performing RSA Operations216 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitLook up the description and prototype for B_GenerateInit in Chapter 4 of
Chapter 7 Public-Key Operations 217Performing RSA Operationsgenerates a candidate and tests to see if it is prime. If the candidate passes the test,
The Crypto-C Toolkit2 RSA BSAFE Crypto-C Developer’s GuideThe Crypto-C ToolkitCrypto-C provides developers with a state-of-the-art implementation of t
MultiPrime218 RSA BSAFE Crypto-C Developer’s GuideMultiPrimeThis section provides an overview of the MulitPrime enhancement to Crypto-C including info
Chapter 7 Public-Key Operations 219MultiPrimeThis means 3-prime private operations can be about 38% faster than 2-prime operations. Or with 2-prime R
MultiPrime220 RSA BSAFE Crypto-C Developer’s Guidedoes not allow you to generate an RSA key pair if the number of primes is more than three. Furthermo
Chapter 7 Public-Key Operations 221MultiPrimeB_ALGORITHM_METHOD *RSA_GEN_CHOOSER[] = { &AM_RSA_KEY_GEN, (B_ALGORITHM_METHOD *)NULL_PTR};A_RSA_M
MultiPrime222 RSA BSAFE Crypto-C Developer’s GuideGenerating an RSA MultiPrime KeyRefer to the RSA_CreateMultiPrimeRSAKeypair routine defined in the s
Chapter 7 Public-Key Operations 223MultiPrimeStep 3: InitNow, make the appropriate adjustments to the algorithm chooser so that the algorithm methods
MultiPrime224 RSA BSAFE Crypto-C Developer’s GuideCrypto-C FormatpublicKey is a key object that was set by the Crypto-C function B_GenerateKeypair. It
Chapter 7 Public-Key Operations 225MultiPrimeis unique to Crypto-C. If the recipient is not using Crypto-C, how do you give that recipient the inform
MultiPrime226 RSA BSAFE Crypto-C Developer’s Guidesend it off. Remember to free any memory you allocated:Note: The conversion into BER or DER is known
Chapter 7 Public-Key Operations 227MultiPrimeinfo to B_SetAlgorithmInfo as NULL_PTR:Step 3: InitYou will encrypt using the recipient’s RSA public key
Chapter 1 Introduction 3The Crypto-C ToolkitPublic-Key Algorithms• RSA Public Key Cryptosystem• Diffie-Hellman Key AgreementDigital Signatures• DSA•
MultiPrime228 RSA BSAFE Crypto-C Developer’s GuideYou are encrypting 8 bytes, so you do not need to worry about that constraint. However, the output o
Chapter 7 Public-Key Operations 229MultiPrimeStep 6: DestroyWhen you are done with all your objects, remember to destroy them.RSA Private-Key Decrypt
MultiPrime230 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitTo decrypt, you must use the RSA private key that is associated with the public key that
Chapter 7 Public-Key Operations 231MultiPrimeStep 5: FinalStep 6: DestroyWhen you are done with all objects, remember to destroy them:Optimal Asymetr
MultiPrime232 RSA BSAFE Crypto-C Developer’s Guideencrypt is usually 8, 16, or (for BER-encoded digests) 34 or 35. If you want to encrypt and decrypt
Chapter 7 Public-Key Operations 233MultiPrimeRSA Digital SignaturesThe section “Authentication and Digital Signatures” on page 57 discusses what a di
MultiPrime234 RSA BSAFE Crypto-C Developer’s GuideB_CreateAlgorithmObject:Step 2: Setting The Algorithm ObjectCrypto-C provides three methods for comp
Chapter 7 Public-Key Operations 235MultiPrimeentry for the AI in use:Note: If you want to sign using the blinding technique to thwart timing attacks
MultiPrime236 RSA BSAFE Crypto-C Developer’s Guidesurrender context outlined in “The Surrender Context” on page 118:Step 6: DestroyWhen you are done w
Chapter 7 Public-Key Operations 237MultiPrimeB_CreateAlgorithmObject:Step 2: Setting The Algorithm ObjectThe signer should tell you which message dig
Cryptographic Standards and Crypto-C4 RSA BSAFE Crypto-C Developer’s GuideCryptographic Standards and Crypto-CPKCS Standards and Crypto-CCrypto-C is a
MultiPrime238 RSA BSAFE Crypto-C Developer’s GuideNote: If the algorithm object was not set to AI_MD5WithRSAEncryption, AI_MD2WithRSAEncryption, AI_SH
Chapter 7 Public-Key Operations 239Performing DSA OperationsStep 6: DestroyWhen you are done with all objects, remember to destroy them:Performing DS
Performing DSA Operations240 RSA BSAFE Crypto-C Developer’s Guideof info supplied to B_SetAlgorithmInfo is a pointer to the following:Crypto-C will ge
Chapter 7 Public-Key Operations 241Performing DSA OperationsStep 5: GenerateTo generate DSA parameters, call the Crypto-C function B_GenerateParamete
Performing DSA Operations242 RSA BSAFE Crypto-C Developer’s GuideGenerating a DSA Key PairThe previous code generated the DSA parameters and set an al
Chapter 7 Public-Key Operations 243Performing DSA Operationscontains the AM for SHA1 random number generation. The last argument is the surrender con
Performing DSA Operations244 RSA BSAFE Crypto-C Developer’s GuideComputing a Digital SignatureStep 1: Creating An Algorithm ObjectDeclare a variable t
Chapter 7 Public-Key Operations 245Performing DSA Operationsproperly cast NULL_PTR for the surrender context:Step 4: UpdateDigest the data to sign wi
Performing DSA Operations246 RSA BSAFE Crypto-C Developer’s Guidepage 118:Step 6: DestroyWhen you are done with all objects, remember to destroy them:
Chapter 7 Public-Key Operations 247Performing DSA OperationsStep 2: Setting The Algorithm ObjectTo verify the signature created here, use the same AI
Chapter 1 Introduction 5Cryptographic Standards and Crypto-C• Secure Hash Algorithm (SHA1), as specified in FIPS PUB 180-1, Secure Hash Standard (SHS
Performing DSA Operations248 RSA BSAFE Crypto-C Developer’s Guidedata and you know its length, your call is the following:Step 5: FinalB_VerifyUpdate
Chapter 7 Public-Key Operations 249Performing Diffie-Hellman Key AgreementPerforming Diffie-Hellman Key AgreementDiffie-Hellman Key Agreement is a me
Performing Diffie-Hellman Key Agreement250 RSA BSAFE Crypto-C Developer’s GuideStep 2: Setting The Algorithm ObjectThere is only one AI for generating
Chapter 7 Public-Key Operations 251Performing Diffie-Hellman Key AgreementStep 3: InitInitialize the generation process with B_GenerateInit. Build an
Performing Diffie-Hellman Key Agreement252 RSA BSAFE Crypto-C Developer’s GuideThe second is a result algorithm object. Crypto-C will generate some va
Chapter 7 Public-Key Operations 253Performing Diffie-Hellman Key AgreementDistributing Diffie-Hellman ParametersThe central authority, after computin
Performing Diffie-Hellman Key Agreement254 RSA BSAFE Crypto-C Developer’s GuideIf you look at the elements of the struct:dhKeyAgreeParams->prime.da
Chapter 7 Public-Key Operations 255Performing Diffie-Hellman Key AgreementCrypto-C returns a pointer to where that information resides, not the infor
Performing Diffie-Hellman Key Agreement256 RSA BSAFE Crypto-C Developer’s GuideDiffie-Hellman Key AgreementIf you are one of the parties involved in t
Chapter 7 Public-Key Operations 257Performing Diffie-Hellman Key AgreementStep 3: InitInitialize the algorithm object with B_KeyAgreeInit. The Refere
Cryptographic Standards and Crypto-C6 RSA BSAFE Crypto-C Developer’s GuideANSI X9 Standards and Crypto-CCrypto-C also complies with a number of standa
Performing Diffie-Hellman Key Agreement258 RSA BSAFE Crypto-C Developer’s GuideThe fourth is the size of the buffer you allocated; if the buffer is no
Chapter 7 Public-Key Operations 259Performing Diffie-Hellman Key Agreementparties might only need eight bytes for a session key. If that is the case,
Performing Elliptic Curve Operations260 RSA BSAFE Crypto-C Developer’s GuidePerforming Elliptic Curve OperationsElliptic curve cryptosystems can be us
Chapter 7 Public-Key Operations 261Performing Elliptic Curve OperationsThe second, ecParamsObj, is set and initialized by B_GenerateParameters; it wi
Performing Elliptic Curve Operations262 RSA BSAFE Crypto-C Developer’s Guideversion number; in Crypto-C, the only version available is 0. The second a
Chapter 7 Public-Key Operations 263Performing Elliptic Curve OperationsStep 3: InitYou can pass a NULL_PTR for the surrender context, because B_Gener
Performing Elliptic Curve Operations264 RSA BSAFE Crypto-C Developer’s GuideStep 5: Generate This function may take a while, so you should use a surre
Chapter 7 Public-Key Operations 265Performing Elliptic Curve OperationsThe Reference Manual Chapter 2 entry for AI_ECParameters also states that the
Performing Elliptic Curve Operations266 RSA BSAFE Crypto-C Developer’s GuideThe following procedure, AllocAndCopyECParamInfo, is an example of an appl
Chapter 7 Public-Key Operations 267Performing Elliptic Curve OperationsFor this example application, use AllocAndCopyECParamInfo() to make a copy of
7Chapter 2Quick StartThis chapter provides an introduction to using Crypto-C. You are first presented with the Crypto-C model and then you are present
Performing Elliptic Curve Operations268 RSA BSAFE Crypto-C Developer’s GuideIn the sample code, FreeECParamInfo is implemented as follows:Generating a
Chapter 7 Public-Key Operations 269Performing Elliptic Curve OperationsStep 2: SetThe Reference Manual indicates that the appropriate AI to use for g
Performing Elliptic Curve Operations270 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitializeHere, you can pass a NULL_PTR for the surrender context,
Chapter 7 Public-Key Operations 271Performing Elliptic Curve OperationsRetrieving an Elliptic Curve KeyIf you need to store or transport information
Performing Elliptic Curve Operations272 RSA BSAFE Crypto-C Developer’s GuideB_GetKeyInfo gives a pointer to memory, but this memory is owned by Crypto
Chapter 7 Public-Key Operations 273Performing Elliptic Curve OperationsGenerating Acceleration TablesAn acceleration table stores precomputed version
Performing Elliptic Curve Operations274 RSA BSAFE Crypto-C Developer’s GuideStep 1: CreateDeclare a variable to be B_ALGORITHM_OBJ. As defined in the
Chapter 7 Public-Key Operations 275Performing Elliptic Curve OperationsThe first field in this structure, parameterInfoType, is used to interpret the
Performing Elliptic Curve Operations276 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalStep 5a: Allocate memoryYou must allocate sufficient memory t
Chapter 7 Public-Key Operations 277Performing Elliptic Curve OperationsStep 6: DestroyYou must free all allocated memory and destroy all objects when
iiiContentsPreface xvWhat’s New in Version 5.2.2? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviImproved per
The Six-Step Sequence8 RSA BSAFE Crypto-C Developer’s GuideThe Six-Step SequenceThe Crypto-C model generally follows a six-step sequence:1. Create2. S
Performing Elliptic Curve Operations278 RSA BSAFE Crypto-C Developer’s GuideOf course, you can write your own versions of these procedures to satisfy
Chapter 7 Public-Key Operations 279Performing Elliptic Curve OperationsStep 3: InitTo initialize the proper algorithms, you must supply an algorithm
Performing Elliptic Curve Operations280 RSA BSAFE Crypto-C Developer’s GuideStep 5b: Build the public-key acceleration tableIt can take a while to gen
Chapter 7 Public-Key Operations 281Performing Elliptic Curve OperationsTo initialize ecParamsObj with a set of parameters describing an elliptic curv
Performing Elliptic Curve Operations282 RSA BSAFE Crypto-C Developer’s GuideBecause you have the EC parameters in the A_EC_PARAMS structure ecParams,
Chapter 7 Public-Key Operations 283Performing Elliptic Curve OperationsYou must allocate space to hold the results of Phase 1 and Phase 2. The larges
Performing Elliptic Curve Operations284 RSA BSAFE Crypto-C Developer’s GuideStep 5: Phase 2By the time you have reached this step, Alice and Bob have
Chapter 7 Public-Key Operations 285Performing Elliptic Curve OperationsTo sign an arbitrarily long message with the elliptic curve version of DSA, yo
Performing Elliptic Curve Operations286 RSA BSAFE Crypto-C Developer’s GuideAssume that the steps in “Generating an Elliptic Curve Key Pair” on page 2
Chapter 7 Public-Key Operations 287Performing Elliptic Curve OperationsStep 2b (optional): Set Acceleration Table InfoGo through the steps in the sec
Chapter 2 Quick Start 9Introductory ExampleIntroductory ExampleThe CD containing the Crypto-C library distribution also includes sample source code t
Performing Elliptic Curve Operations288 RSA BSAFE Crypto-C Developer’s GuideStep 4: UpdateNow, using B_SignUpdate, pass in the data to be signed:Step
Chapter 7 Public-Key Operations 289Performing Elliptic Curve Operationsinitialized random algorithm in B_SignFinal:Step 6: DestroyDestroy all objects
Performing Elliptic Curve Operations290 RSA BSAFE Crypto-C Developer’s GuideStep 2b (Optional): Set Public Key Acceleration Table InfoYou can use eith
Chapter 7 Public-Key Operations 291Performing Elliptic Curve OperationsStep 6: DestroyDestroy all objects that are no longer needed:Performing ECDSA
Performing Elliptic Curve Operations292 RSA BSAFE Crypto-C Developer’s GuideStep 2: Setting the Algorithm ObjectYou need to set the algorithm object t
Chapter 7 Public-Key Operations 293Performing Elliptic Curve OperationsGenerating an EC Key PairSee “Generating an Elliptic Curve Key Pair” on page 2
Performing Elliptic Curve Operations294 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitBuild an algorithm chooser with the appropriate AMs:Now associ
Chapter 7 Public-Key Operations 295Performing Elliptic Curve OperationsStep 5: FinalFirst you must allocate space to store the signature. The output
Performing Elliptic Curve Operations296 RSA BSAFE Crypto-C Developer’s GuideVerifying a Digital SignatureTo verify the signature, you must go through
Chapter 7 Public-Key Operations 297Performing Elliptic Curve OperationsStep 5: FinalPass in the signature that was received with the message. B_Veri
Introductory Example10 RSA BSAFE Crypto-C Developer’s Guidespecify the type of algorithm that is being used, supply any special information or paramet
Performing Elliptic Curve Operations298 RSA BSAFE Crypto-C Developer’s GuideUsing Elliptic Curve ParametersSee the section “Generating Elliptic Curve
Chapter 7 Public-Key Operations 299Performing Elliptic Curve OperationsStep 1: CreateFirst, create the algorithm object that will hold the informatio
Performing Elliptic Curve Operations300 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitYou must initialize the algorithm object to perform encryptio
Chapter 7 Public-Key Operations 301Performing Elliptic Curve Operations Step 5: FinalStep 6: DestroyDestroy all objects that are no longer needed. Al
Performing Elliptic Curve Operations302 RSA BSAFE Crypto-C Developer’s GuideECAES Private-Key DecryptionThe steps for decryption are similar to those
Chapter 7 Public-Key Operations 303Performing Elliptic Curve Operations Step 5: FinalStep 6: DestroyDestroy any objects that are no longer needed. Al
304
305Chapter 8Secret Sharing OperationsSecret SharingSecret sharing allows a system to require a certain number of “shares” to retrieve a secret. The pr
Secret Sharing306 RSA BSAFE Crypto-C Developer’s GuideThe example in this section corresponds to the file scrtshar.c.Step 1: Creating An Algorithm Obj
Chapter 8 Secret Sharing Operations 307Secret SharingStep 4: UpdateCall B_EncryptUpdate once for each of the total number of shares. Each call to B_E
Chapter 2 Quick Start 11Introductory ExampleStandard RSA Security coding practices use the above do-while construct to make it easy to break out of a
Secret Sharing308 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalFinalize the process with B_EncryptFinal. This function does not need a random algo
Chapter 8 Secret Sharing Operations 309Secret SharingReconstructing the SecretTo reconstruct the secret, call B_DecryptUpdate for each share you are
Secret Sharing310 RSA BSAFE Crypto-C Developer’s GuideStep 4: UpdateCall B_DecryptUpdate once for each of the shares you are using to reconstruct the
Chapter 8 Secret Sharing Operations 311Secret SharingStep 6: DestroyRemember to destroy all objects and free up any allocated memory when you are don
312
313Chapter 9Putting It All Together: An X9.31 ExampleThe example in this chapter shows how to perform RSA digital signing and verifying according to t
The X9.31 Sample Program314 RSA BSAFE Crypto-C Developer’s GuideThe X9.31 Sample Program#include <stdio.h>#include <string.h> #include &
Chapter 9 Putting It All Together: An X9.31 Example 315The X9.31 Sample ProgramGenerating Random BytesThe first thing the application must do is to g
The X9.31 Sample Program316 RSA BSAFE Crypto-C Developer’s GuideTo create a random algorithm object and set the parameters: /* ===================
Chapter 9 Putting It All Together: An X9.31 Example 317The X9.31 Sample ProgramProviding the SeedIn this example, the seed is provided by keyboard in
Introductory Example12 RSA BSAFE Crypto-C Developer’s Guidethere is a single stream cipher, the RC4 cipher, and a number of AIs that can be used to im
The X9.31 Sample Program318 RSA BSAFE Crypto-C Developer’s GuideGenerating a Key PairOnce you have the random bytes, you can use them to generate an R
Chapter 9 Putting It All Together: An X9.31 Example 319The X9.31 Sample Program /* ======================================================== */
The X9.31 Sample Program320 RSA BSAFE Crypto-C Developer’s GuideComputing a Digital SignatureNow you can use the key pair to compute a digital signatu
Chapter 9 Putting It All Together: An X9.31 Example 321The X9.31 Sample Program• For digestMethodName, use "sha1"; currently this is the on
The X9.31 Sample Program322 RSA BSAFE Crypto-C Developer’s Guide signVerifyParams.encryptionMethodName = (unsigned char *)"rsaSignX931";
Chapter 9 Putting It All Together: An X9.31 Example 323The X9.31 Sample ProgramVerifying the SignatureVerifying an X9.31 RSA signature is almost iden
The X9.31 Sample Program324 RSA BSAFE Crypto-C Developer’s Guide /* Step 4: Update */ if ((status = B_VerifyUpdate (digitalVerifier, (
Chapter 9 Putting It All Together: An X9.31 Example 325The X9.31 Sample ProgramSurrendering ControlThe following function, included as part of x931.c
The X9.31 Sample Program326 RSA BSAFE Crypto-C Developer’s GuidePrinting the Buffer ContentsThe following procedure prints the current contents of the
327Appendix ACommand-Line DemosOverview of the DemosIn addition to the sample programs included on the CD, there are three Crypto-C command-line demo
Chapter 2 Quick Start 13Introductory ExampleSee the description and prototype in Chapter 4 of the Reference Manual for B_EncryptInit:As in Step 2, th
Command-Line Demo User’s Guide328 RSA BSAFE Crypto-C Developer’s Guide• BDEMOEC can use ECDSA to create and verify digital signatures for a file, and
Appendix A Command-Line Demos 329Command-Line Demo User’s Guide> bdemo -s < testinNotice that this uses ‘<’ to redirect testin as the input
Command-Line Demo User’s Guide330 RSA BSAFE Crypto-C Developer’s Guide• the name and location of the file to be signed• the name of the file you want
Appendix A Command-Line Demos 331Command-Line Demo User’s Guide• the name and location of the file that contains the encrypted data • the name and lo
Command-Line Demo User’s Guide332 RSA BSAFE Crypto-C Developer’s GuideBDEMODSABDEMODSA demonstrates the use of DSA to digitally sign and verify the in
Appendix A Command-Line Demos 333Command-Line Demo User’s GuideOnce a key pair has been generated, the following top-level menu is displayed:S - Sign
Command-Line Demo User’s Guide334 RSA BSAFE Crypto-C Developer’s GuideBDEMOECBDEMOEC provides the same functionality as BDEMO, but uses elliptic curve
Appendix A Command-Line Demos 335File ReferenceFile ReferenceThe C source code files for the demo programs provide a convenient means to learn Crypto
BSLite336 RSA BSAFE Crypto-C Developer’s GuideBSLiteBSLite is a collection of routines that interface with the Crypto-C library. BSLite demonstrates h
Appendix A Command-Line Demos 337BSLiteA single C source file, bslite.c, with a single header file, bslite.h, contains the entire BSLite Code. For mo
Introductory Example14 RSA BSAFE Crypto-C Developer’s Guideobject as an RC4 key, we need to use B_SetKeyInfo. See Chapter 4 of the Reference Manual fo
338
339GlossaryThis section lists security and cryptographic terms and abbreviations, along with their definitions, that are used throughout the RSA BSAFE
340 RSA BSAFE Crypto-C Developer’s GuideAESAdvanced Encryption Standard.algorithmA series of steps used to complete a task.AliceThe name traditionally
Glossary 341Data Encryption StandardSee DES.decryptionThe inverse (reverse) of encryption. The process by which the ciphertext is converted into pla
342 RSA BSAFE Crypto-C Developer’s GuideECDSAElliptic Curve DSA (Digital Signature Algorithm). An elliptic curve analogue of DSA.EDIElectronic (busine
Glossary 343identificationA process through which one ascertains the identity of another person or entity.keyA string of bits used widely in cryptog
344 RSA BSAFE Crypto-C Developer’s GuideNISTNational Institute of Standards and Technology. A United States agency that produces security and cryptogr
Glossary 345private keyIn public-key cryptography, this key is the secret key. It is primarily used for decryption but is also used for encryption w
346 RSA BSAFE Crypto-C Developer’s Guidesecret sharingSplitting a secret (for examle, a private key) into many pieces such that any specified subset o
Glossary 347verificationThe act of recognizing that a person or entity is who or what it claims to be.XORA binary bitwise operator yielding the resu
Chapter 2 Quick Start 15Introductory ExampleNow we can complete the call to B_SetKeyInfo:As with algorithm objects, once you have set a key object, y
348
349IndexAacceleration table 273Adelman, Leonard 52Advanced Encryption Standard xviiSee AESAdvanced PKCS #11 147AES xvii, 40, 41AI See algorithm info t
350 RSA BSAFE Crypto-C Developer’s Guidecertificate See digital certificateCFB See modes of operationcharacteristic See elliptic curve cryptographycho
Index 351elliptic curve cryptography 65–79algorithm info types 110curve generation 262examplesacceleration table 273–280key pair generation 268–270k
352 RSA BSAFE Crypto-C Developer’s Guidekey (continued)RC2 39, 99RC4 87, 99RC5 99, 190recovery 89registering 61RSA 53, 54, 97, 98size 97, 98, 129token
Index 353Ppadding 37, 126, 180RSA algorithm 227parametersDiffie-Hellman key agreement 63, 99, 249Digital Signature Algorithm 60, 239surrender contex
354 RSA BSAFE Crypto-C Developer’s GuideRSA Security Inc.FAQ 55Web site 48Ssalt 49, 94iterations 207sample program filesberder.c 124descbc.c 178dhagre
Introductory Example16 RSA BSAFE Crypto-C Developer’s Guideinstructions on writing an algorithm chooser. For the purposes of our example, we see that
Chapter 2 Quick Start 17Introductory Exampleinformation that it needs to perform RC4 encryption. In Step 4, we can enter the data to encrypt with the
iv RSA BSAFE Crypto-C Developer’s GuideCryptographic Standards and Crypto-C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Introductory Example18 RSA BSAFE Crypto-C Developer’s GuideFor now, we declare:For a stream cipher, the length of the encrypted (output) data is equal
Chapter 2 Quick Start 19Introductory Examplefunction must know the size of the buffer. The Update function will not attempt to place data into unallo
Introductory Example20 RSA BSAFE Crypto-C Developer’s GuideFor our example, the first argument is rc4Encrypter. The second argument is a pointer to th
Chapter 2 Quick Start 21Introductory Examplefunction calls after the do-while construct. That way, even if there is an error somewhere and the progra
Introductory Example22 RSA BSAFE Crypto-C Developer’s GuideFor this example, call T_free as follows:Note: Using T_free means you can no longer access
Chapter 2 Quick Start 23Introductory Example static char dataToEncrypt[] = "Encrypt this sentence."; unsigned char *encryptedData = NULL_
Introductory Example24 RSA BSAFE Crypto-C Developer’s Guide /* Step 4: Update */ encryptedData = T_malloc (dataToEncryptLen); if ((status
Chapter 2 Quick Start 25Introductory ExampleYou may find it a useful exercise to compile and link this program. Also, it could also be instructive to
Decrypting the Introductory Example26 RSA BSAFE Crypto-C Developer’s GuideDecrypting the Introductory ExampleDecrypting data is similar to encrypting.
Chapter 2 Quick Start 27Decrypting the Introductory ExampleStep 3b: Setting the Key ObjectWe need to fill our key with the same 10 bytes of data we
Contents vOptimal Asymmetric Encryption Padding (OAEP) . . . . . . . . . . . . . . . . . . . . . . . . . . .55Authentication and Digital Signatures
Decrypting the Introductory Example28 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalIn the “Introductory Example” on page 9, the plaintext was a st
Chapter 2 Quick Start 29Multiple UpdatesMultiple UpdatesAn application can do multiple updates before the Final call. For example, suppose you have d
Multiple Updates30 RSA BSAFE Crypto-C Developer’s Guideplaces them into the given buffer, and sets a flag indicating whether the bytes returned are th
Chapter 2 Quick Start 31Multiple UpdatesIn the preceeding code example, we took dataToEncryptLen bytes of data to encrypt and passed them to B_Encryp
Summary of the Six Steps32 RSA BSAFE Crypto-C Developer’s GuideSummary of the Six StepsA typical implementation uses the six steps as follows:Step 0:
Chapter 2 Quick Start 33Summary of the Six Steps• For some algorithms, such as generating a public/private key pair, there is no Update step. Step 5:
34
35Chapter 3Cryptography This chapter contains a brief outline of the basic cryptographic principles and terminology used throughout this manual and do
Cryptography Overview36 RSA BSAFE Crypto-C Developer’s GuideCryptography OverviewSymmetric-Key CryptographyIn symmetric-key cryptography, as Figure 3-
Chapter 3 Cryptography 37Cryptography OverviewBlock CiphersBlock ciphers encrypt data block-by-block. They can encrypt each block separately as in EC
vi RSA BSAFE Crypto-C Developer’s GuideElliptic Curve Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cryptography Overview38 RSA BSAFE Crypto-C Developer’s GuideTriple DESTriple DES executes DES three times, which triples the number of bits in an encr
Chapter 3 Cryptography 39Cryptography Overviewit is proprietary to RSA Security. The RC2 cipher has an eight-byte block size. Therefore, the input mu
Cryptography Overview40 RSA BSAFE Crypto-C Developer’s Guidefor 12-round RC5-32, recent cryptanalytic work suggests 16 rounds is now a more conservati
Chapter 3 Cryptography 41Cryptography Overviewwould slow down the encryption and decryption operations. In addition, if the 20-round version of RC6 i
Cryptography Overview42 RSA BSAFE Crypto-C Developer’s GuideElectronic Codebook (ECB) ModeECB is not a feedback mode; it encrypts each block of input
Chapter 3 Cryptography 43Cryptography OverviewCipher Block Chaining (CBC) ModeWith CBC mode, each plaintext block is XORed with the previous cipherte
Cryptography Overview44 RSA BSAFE Crypto-C Developer’s Guide Figure 3-5 Cipher Feedback (CFB) ModeTo encrypt plaintext using CFB mode:1. Generate your
Chapter 3 Cryptography 45Cryptography OverviewOutput Feedback (OFB) ModeOutput feedback mode is similar to CFB mode, except that the quantity XORed w
Cryptography Overview46 RSA BSAFE Crypto-C Developer’s GuideFigure 3-6 Output Feedback Mode (OFB)Stream CiphersA stream cipher processes the input dat
Chapter 3 Cryptography 47Cryptography Overviewguess), an attacker would be able to determine some of the original message bytes by XORing two sets of
Contents viiMemory-Management Routines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122Memory-Management Rou
Cryptography Overview48 RSA BSAFE Crypto-C Developer’s Guide• It is computationally infeasible to produce data that has a specific digest. In other wo
Chapter 3 Cryptography 49Cryptography OverviewHash-Based Message Authentication Codes (HMAC)A hash-based message authentication code (HMAC) combines
Cryptography Overview50 RSA BSAFE Crypto-C Developer’s GuideNormally, the mixing is a message digest. This makes the task of getting from password to
Chapter 3 Cryptography 51Cryptography Overviewher message using that public key. Unlike symmetric-key cryptography, the key used for encryption will
Cryptography Overview52 RSA BSAFE Crypto-C Developer’s Guideauthentication that MIT professors Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman in
Chapter 3 Cryptography 53Cryptography Overviewbelow. To compute ciphertext c from a plaintext message m, find c = me mod n. To decrypt, determine the
Cryptography Overview54 RSA BSAFE Crypto-C Developer’s GuideThe calculation is shown in Table 3-1:SummaryTake two large primes, p and q, and find thei
Chapter 3 Cryptography 55Cryptography OverviewHowever, for very large numbers, factoring is very difficult. The RSA Laboratories publication, Frequen
Cryptography Overview56 RSA BSAFE Crypto-C Developer’s Guideto reveal the contents of a digital envelope. The main features of OAEP are redundancy and
Chapter 3 Cryptography 57Cryptography OverviewAuthentication and Digital SignaturesSuppose Alice and Bob are disputing a contract. Alice says that Bo
viii RSA BSAFE Crypto-C Developer’s GuideChapter 6 Symmetric-Key Operations 177Block Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . .
Cryptography Overview58 RSA BSAFE Crypto-C Developer’s Guide1. Alice and Bob compose a contract in digital format. The file can be in any form, such a
Chapter 3 Cryptography 59Cryptography Overview4. Digest the message file.5. If the digest matches the 16 bytes you obtained from decrypting the origi
Cryptography Overview60 RSA BSAFE Crypto-C Developer’s GuideDigital Signature Algorithm (DSA)The Digital Signature Algorithm (DSA) is part of the Digi
Chapter 3 Cryptography 61Cryptography Overviewa = gu1 mod pb = yu2 mod pv = (a · b mod p) mod q3. If v = r, the signature is verified. If v ≠ r, the
Cryptography Overview62 RSA BSAFE Crypto-C Developer’s GuideA certificate connects an entity to a public key. For instance, it can list an individual’
Chapter 3 Cryptography 63Cryptography Overview• Phase 1• Phase 2Figure 3-12 The Diffie-Hellman Key Agreement ProtocolParameter GenerationA central au
Cryptography Overview64 RSA BSAFE Crypto-C Developer’s Guide3. The two parties exchange the public values.These private and public values correspond t
Chapter 3 Cryptography 65Cryptography OverviewSecurityThe security of Diffie-Hellman key agreement relies on the difficulty of computing nth roots mo
Cryptography Overview66 RSA BSAFE Crypto-C Developer’s Guide• Elliptic Curve Signature Schemes (ECDSA)• Elliptic Curve Authenticated Encryption Scheme
Chapter 3 Cryptography 67Cryptography Overview• An odd prime field, Fp, where p is an odd prime.• A field of even characteristic, F2m.For more inform
Contents ixPerforming Diffie-Hellman Key Agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249Generating Diffie-Hellman Param
Cryptography Overview68 RSA BSAFE Crypto-C Developer’s Guide0=0·I≡ (2·2m–1)·I mod2m= 2·(2m–1·I)≡ 2·1 mod 2m=2Instead, we create the field F2m in a com
Chapter 3 Cryptography 69Cryptography Overviewelliptic curve parameters.Coefficients Over a Field of Even CharacteristicAn elliptic curve E over a fi
Cryptography Overview70 RSA BSAFE Crypto-C Developer’s Guideis written E(Fq).The Order of an Elliptic CurveThe addition system that makes the points o
Chapter 3 Cryptography 71Cryptography Overview• The order n of P P is sometimes called the base point.The CofactorWe mentioned previously that the pr
Cryptography Overview72 RSA BSAFE Crypto-C Developer’s GuideRepresenting Fields of Even CharacteristicFor fields of even characteristic (fields of the
Chapter 3 Cryptography 73Cryptography OverviewCreating the Key PairTo compute a public/private key pair:1. Generate a random value, d, between 1 and
Cryptography Overview74 RSA BSAFE Crypto-C Developer’s Guide, you will be using regular arithmetic. This is so different from arithmetic in F2m that,
Chapter 3 Cryptography 75Cryptography OverviewThe following calculations are really just a series of substitutions that can be made by looking back a
Cryptography Overview76 RSA BSAFE Crypto-C Developer’s GuideEncrypting a Message Using the Public KeyAnyone who wishes to send Bob an encrypted messag
Chapter 3 Cryptography 77Cryptography Overview6. Compute an authentication tag, tag = SHA1 (x1 || M’). That is, tag is the SHA1 hash of concatenation
Commentaires sur ces manuels