RSA Security Projection Television 5.2.2 Manuel d'utilisateur

RSA BSAFE®Crypto-CCryptographic Components for CDeveloper’s GuideVersion 5.2.2

x RSA BSAFE Crypto-C Developer’s GuideAppendix A Command-Line Demos 327Overview of the Demos . . . . . . . . . . . . . . . . . . . . . . . . . . .

Cryptography Overview78 RSA BSAFE Crypto-C Developer’s GuidePhase 1The first party randomly generates a private value, a number k1, greater than 0 but

Chapter 3 Cryptography 79Cryptography OverviewFigure 3-13 Elliptic Curve Diffie-Hellman Key AgreementThe MathEven though the two parties involved are

Cryptography Overview80 RSA BSAFE Crypto-C Developer’s GuideR2: 2nd party’s public valuexS: secret keyIn phase 1, each party computes a private value,

Chapter 3 Cryptography 81Cryptography OverviewFigure 3-14 Secret Sharing — Key Share AssignmentFigure 3-15 Secret Sharing — Full Key Generation From

Cryptography Overview82 RSA BSAFE Crypto-C Developer’s GuideKey ManagementThe term key management refers to the collection of processes and methods fo

Chapter 3 Cryptography 83Applications of CryptographyASCII Encoding and DecodingASCII encoding and decoding is required when you need to send encrypt

Applications of Cryptography84 RSA BSAFE Crypto-C Developer’s Guide• Ensure file integrity and protect against tampering. Cryptographic techniques can

Chapter 3 Cryptography 85Applications of Cryptography4. Perform the encryption and decryption using the RC4 cipher with the established key. If the a

Applications of Cryptography86 RSA BSAFE Crypto-C Developer’s Guidepublic key is communicated to the server and an entry is made in the table maintain

Chapter 3 Cryptography 87Choosing AlgorithmsChoosing AlgorithmsIn some cases, an application’s constraints determine the algorithm. In other cases, t

xiList of Figures Figure 3-1 Symmetric-Key Encryption and Decryption . . . . . . . . . . . . . . . . . . . . 36 Figure 3-2 Triple DES Encryption a

Choosing Algorithms88 RSA BSAFE Crypto-C Developer’s GuideBlock Symmetric-Key AlgorithmsThe following considerations may help when choosing between DE

Chapter 3 Cryptography 89Choosing AlgorithmsDigital envelopes are more convenient when the contact between nodes is not interactive, such as email. O

Choosing Algorithms90 RSA BSAFE Crypto-C Developer’s Guidelimited. In typical applications of cryptography, public-key operations are employed in comb

Chapter 3 Cryptography 91Security Considerationsalready in place, or where a hardware developer wants to be able to provide a platform that supports

Security Considerations92 RSA BSAFE Crypto-C Developer’s Guidethat ensure allocation of core memory, and not of virtual memory.It is a good idea to ge

Chapter 3 Cryptography 93Security Considerationsattacker can predict two or three of the bits in each seed byte. Bit 7, for instance, will always be

Security Considerations94 RSA BSAFE Crypto-C Developer’s GuideInitialization Vectors and SaltsAlthough IVs and salts are not secret information, it is

Chapter 3 Cryptography 95Security ConsiderationsStream CiphersA stream cipher (such as the RC4 cipher) will create a stream of pseudo-random bytes ba

Security Considerations96 RSA BSAFE Crypto-C Developer’s Guideparameters, then in theory, an attacker with access to accurate timings can determine un

Chapter 3 Cryptography 97Security Considerations = (r-1)(r)(md) = (1)(md) mod nCrypto-C offers bo

xii RSA BSAFE Crypto-C Developer’s Guide

Security Considerations98 RSA BSAFE Crypto-C Developer’s GuideTable 3-4 gives a summary of the recommended key sizes for the algorithms supported in C

Chapter 3 Cryptography 99Security Considerationsprogress in factoring algorithms and improvements in computing power.Diffie-Hellman Parameters and DS

Security Considerations100 RSA BSAFE Crypto-C Developer’s GuideElliptic Curve KeysFor prototyping and evaluation, RSA Security recommends setting the

101Chapter 4Using Crypto-CAlgorithms in Crypto-CWhatever algorithm Crypto-C performs, it does so from an algorithm object. An algorithm object is used

Algorithms in Crypto-C102 RSA BSAFE Crypto-C Developer’s GuideInformation Formats Provided by Crypto-CThere are four types of AIs in Crypto-C. These A

Chapter 4 Using Crypto-C 103Algorithms in Crypto-CPEM-Based Algorithm Info TypesThe Privacy Enhanced Mail (PEM) draft standard is a product of the In

Algorithms in Crypto-C104 RSA BSAFE Crypto-C Developer’s GuideNote: Not all message digests are recommended. See “Message Digests” on page 47 for deta

Chapter 4 Using Crypto-C 105Algorithms in Crypto-CAI_RC4WithMAC RC4 with message authentication code aAI_RC4WithMAC_BER RC4 with message authenticati

Algorithms in Crypto-C106 RSA BSAFE Crypto-C Developer’s GuideAI_DESX_CBCPadBER DESX-CBC, 8-byte IV, BER-encoded algorithm identifierPKCS #5 aAI_DESX_

Chapter 4 Using Crypto-C 107Algorithms in Crypto-CAI_MD2WithRC2_CBCPadBER MD2 digest followed by RC2-CBC, BER-encoded algorithm identifierPKCS #5 aAI

xiiiList of TablesTable 3-1 Calculation of 827 mod 55. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Table 3-2 Elliptic Curve

Algorithms in Crypto-C108 RSA BSAFE Crypto-C Developer’s GuideAI_PKCS_OAEP_RSAPrivateBER RSA private-key encryption/decryption with OAEP in accordance

Chapter 4 Using Crypto-C 109Algorithms in Crypto-CDigital Signatures Composite operations for signing data: digest the data, then encrypt the BER enc

Algorithms in Crypto-C110 RSA BSAFE Crypto-C Developer’s GuideTable 4-9 Diffie-Hellman Key AgreementAlgorithm Info Type Description BERParameter Gener

Chapter 4 Using Crypto-C 111Algorithms in Crypto-CElliptic Curve DSAAI_EC_DSA Raw ECDSA signature/verificationAI_EC_DSAWithDigest SHA1 digest followe

Algorithms in Crypto-C112 RSA BSAFE Crypto-C Developer’s GuideTable 4-13 Advanced Encryption Standard (AES)Algorithm Info Type DescriptionAI_AES_CBC A

Chapter 4 Using Crypto-C 113Keys In Crypto-CKeys In Crypto-CThe key object is used to hold any key-related information and to supply this information

Keys In Crypto-C114 RSA BSAFE Crypto-C Developer’s GuideKI_RC2_BSAFE1 RC2 key in BSAFE 1.x formatKI_RC2WithBSAFE1Params RC2 key with additional parame

Chapter 4 Using Crypto-C 115Keys In Crypto-CTable 4-18 Elliptic Curve KeysKey Information Type DescriptionKI_ECPrivate EC private key and underlying

System Considerations In Crypto-C116 RSA BSAFE Crypto-C Developer’s GuideSystem Considerations In Crypto-CAlgorithm ChoosersWhen you use an AI, it in

Chapter 4 Using Crypto-C 117System Considerations In Crypto-CRC5, or RSA encryption. So we could have built an algorithm chooser that included only o

xiv RSA BSAFE Crypto-C Developer’s Guide

System Considerations In Crypto-C118 RSA BSAFE Crypto-C Developer’s Guidedescription of AI_X962Random_V0 instead of AI_SHA1Random:Note: The previous a

Chapter 4 Using Crypto-C 119System Considerations In Crypto-CChapter 1 also gives the form that a surrender function must have:If you define a surren

System Considerations In Crypto-C120 RSA BSAFE Crypto-C Developer’s GuideA routine that calls Crypto-C functions would use the above surrender functio

Chapter 4 Using Crypto-C 121System Considerations In Crypto-Cobject. When you call B_GetAlgorithmState, you receive a buffer that contains all of the

System Considerations In Crypto-C122 RSA BSAFE Crypto-C Developer’s Guideinformation it is looking for. This information, though, belongs to Crypto-C;

Chapter 4 Using Crypto-C 123System Considerations In Crypto-CSome applications may need to be completely autonomous; that is, they should have no nee

System Considerations In Crypto-C124 RSA BSAFE Crypto-C Developer’s Guidemore individuals. For example, users may need to transmit a public key, ellip

Chapter 4 Using Crypto-C 125System Considerations In Crypto-CCrypto-C returns a pointer to the location where we can find the info, not the info itse

System Considerations In Crypto-C126 RSA BSAFE Crypto-C Developer’s GuideInput and OutputSome of the AI entries in the Reference Manual include the ca

Chapter 4 Using Crypto-C 127System Considerations In Crypto-CCrypto-C offers padding for the symmetric block-encryption algorithms, which have no res

xvPrefaceDear Crypto-C Developer:Congratulations on your purchase of RSA BSAFE® Crypto-C (Crypto-C), the state-of-the-art in cryptographic software to

System Considerations In Crypto-C128 RSA BSAFE Crypto-C Developer’s GuideThis applies to PKCS #1 v1.5 block 02 padding. Set OAEP or PKCS #12 OAEP have

Chapter 4 Using Crypto-C 129System Considerations In Crypto-CKey SizeIn cryptography, security is measured in key size: the bigger the key, the great

System Considerations In Crypto-C130 RSA BSAFE Crypto-C Developer’s Guideends and the public exponent begins. It would be a good idea to put identifyi

Chapter 4 Using Crypto-C 131System Considerations In Crypto-C• Total: 484 bytesIn addition, when the most significant bit of the most significant byt

Using Cryptographic Hardware132 RSA BSAFE Crypto-C Developer’s GuideUsing Cryptographic HardwareCrypto-C lets you enhance the security and speed of cr

Chapter 4 Using Crypto-C 133Using Cryptographic Hardwarethe application has been compiled. If more than one hardware method is present for the same A

Using Cryptographic Hardware134 RSA BSAFE Crypto-C Developer’s GuidePKCS #11 SupportPKCS #11 support has been added to Crypto-C v5.1. The routine will

Chapter 4 Using Crypto-C 135Using Cryptographic HardwareUsing a PKCS #11 Device with Crypto-CIf you want to have Crypto-C use a PKCS #11 device to pe

Using Cryptographic Hardware136 RSA BSAFE Crypto-C Developer’s GuideIn this example, we passed 0 for sessionHandle and NULL_PTR for cryptokiFunctions.

Chapter 4 Using Crypto-C 137Using Cryptographic Hardwaresurrender context (private key operations are more susceptible to a timing attack when you us

What’s New in Version 5.2.2?xvi RSA BSAFE Crypto-C Developer’s GuideWhat’s New in Version 5.2.2?Following is a list of RSA BSAFE Crypto-C features tha

Using Cryptographic Hardware138 RSA BSAFE Crypto-C Developer’s Guidewant to create a hardware chooser only, and if you want to do the task in hardware

Chapter 4 Using Crypto-C 139Using Cryptographic HardwareThis AI has an associated info data struct that allows you to set attributes. See the Referen

Using Cryptographic Hardware140 RSA BSAFE Crypto-C Developer’s Guidemay need to set the attributes manually for the token to work.You can use this AI

Chapter 4 Using Crypto-C 141Using Cryptographic Hardwareinfo types if it is a key that resides on the token and is not private.Now you can send the p

Using Cryptographic Hardware142 RSA BSAFE Crypto-C Developer’s GuideThis code looks just like regular code. Whether you are signing with software or h

Chapter 4 Using Crypto-C 143Using Cryptographic Hardware CK_RV rv; CK_SESSION_HANDLE sessionHandle; HINSTANCE libHandle; GetFunctionList GetList

Using Cryptographic Hardware144 RSA BSAFE Crypto-C Developer’s GuidePKCS #11 Support for DSA Key Pair GenerationThis section describes how to generate

Chapter 4 Using Crypto-C 145Using Cryptographic HardwareNow that you have a key pair, extract the public key, part of the public key is a struct cont

Using Cryptographic Hardware146 RSA BSAFE Crypto-C Developer’s Guidedestroying, or copy it into your own buffer. Since you generated the key pair only

Chapter 4 Using Crypto-C 147Using Cryptographic HardwareAdvanced PKCS #11This chapter earlier described internalKey as the collection of three items:

Organization of This ManualPreface xviiV5.2. Use this AI to save the internal state of an RC4 encryption or decryption object, or to create a new ob

Using Cryptographic Hardware148 RSA BSAFE Crypto-C Developer’s GuideIn real life, you may never have to use this feature. Mostly you will retrieve the

Chapter 4 Using Crypto-C 149Using Cryptographic HardwareTo implement this, the hardware accelerator might require you to call its key-wrapping routin

150

151Chapter 5Non-Cryptographic OperationsCrypto-C supplies a number of non-cryptographic algorithms that are necessary for cryptographic applications.

Message Digests152 RSA BSAFE Crypto-C Developer’s GuideMessage DigestsA message digest is a fixed-length, statistically-unique identifier that corresp

Chapter 5 Non-Cryptographic Operations 153Message DigestsStep 3: InitTo initialize a message digest, call B_DigestInit. The Reference Manual Chapter

Message Digests154 RSA BSAFE Crypto-C Developer’s GuideYour call will be the following:Step 5: FinalAn MD2 or MD5 digest is always 16 bytes; an SHA1 d

Chapter 5 Non-Cryptographic Operations 155Message DigestsStep 6: DestroyRemember to destroy all objects when you are done with them:BER-Encoding the

Message Digests156 RSA BSAFE Crypto-C Developer’s GuideThe following example BER-encodes the preceeding sample digest:To decode BER-encoded informatio

Chapter 5 Non-Cryptographic Operations 157Message DigestsB_DigestUpdate before calling B_DigestFinal(). This is useful when an application is called

Conventions Used in This Manualxviii RSA BSAFE Crypto-C Developer’s GuideConventions Used in This ManualThe following typographical conventions are us

Message Digests158 RSA BSAFE Crypto-C Developer’s Guidestate of the algorithm object following the call to B_DigestUpdate. The digestAI argument is s

Chapter 5 Non-Cryptographic Operations 159Message DigestsTable 5-1 Code Sample: DigestDataSavedState() int DigestDataSavedState (ITEM *stateInfo, B_I

Message Digests160 RSA BSAFE Crypto-C Developer’s GuideThis routine can be called until all of the data blocks have been digested. We can then restor

Chapter 5 Non-Cryptographic Operations 161Hash-Based Message Authentication Code Hash-Based Message Authentication Code (HMAC)A hash-based message au

Hash-Based Message Authentication Code (HMAC)162 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitFor hash-based message authentication, you need a key

Chapter 5 Non-Cryptographic Operations 163Hash-Based Message Authentication Code Once you have properly initialized the key object, you can call B_Di

Hash-Based Message Authentication Code (HMAC)164 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalAfter the data to digest has been processed by calls

Chapter 5 Non-Cryptographic Operations 165Generating Random NumbersGenerating Random NumbersIn the “Introductory Example” on page 9, we hard-coded th

Generating Random Numbers166 RSA BSAFE Crypto-C Developer’s GuideStep 2: Setting The Algorithm ObjectYou need to supply an appropriate algorithm info

Chapter 5 Non-Cryptographic Operations 167Generating Random NumbersRefer to “Saving State” on page 120 for a discussion of how to save the state of t

Terms and AbbreviationsPreface xixTerms and AbbreviationsThe following table lists terms and abbreviations used in this document. Refer to the Gloss

Generating Random Numbers168 RSA BSAFE Crypto-C Developer’s Guidepredict or reproduce. Once you have seeded the random algorithm, the algorithm can pr

Chapter 5 Non-Cryptographic Operations 169Generating Random NumbersNow that you have a random seed, you can call B_RandomUpdate. The length argument

Generating Random Numbers170 RSA BSAFE Crypto-C Developer’s GuideStep 6: DestroyRemember to destroy all objects when done with them. You must also cal

Chapter 5 Non-Cryptographic Operations 171Generating Random NumbersFor this example, you will specify six streams of randomness, and provide a seed s

Converting Data Between Binary and ASCII172 RSA BSAFE Crypto-C Developer’s GuideConverting Data Between Binary and ASCIIIf you have data in binary for

Chapter 5 Non-Cryptographic Operations 173Converting Data Between Binary and ASCIIStep 4: UpdateEnter the data to encode through B_EncodeUpdate. The

Converting Data Between Binary and ASCII174 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalFinalize the encoding process, writing out any remaining

Chapter 5 Non-Cryptographic Operations 175Converting Data Between Binary and ASCIIStep 3: InitTo initialize decoding, call B_DecodeInit. This functio

Converting Data Between Binary and ASCII176 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalFinalize the decoding process, writing out any bytes rema

177Chapter 6Symmetric-Key OperationsRecall that the RC4 algorithm of the “Introductory Example” on page 9 is called symmetric-key encryption because t

© 2001 RSA Security Inc. All rights reserved. 001-019003-522-001-000First printing: May 2001See our Web Site for regional Customer Service telephone a

Related Documentsxx RSA BSAFE Crypto-C Developer’s GuideRelated DocumentsFollowing is a list of documents referenced in this book and suggested materi

Block Ciphers178 RSA BSAFE Crypto-C Developer’s GuideBlock CiphersDES with CBCThe example in this section corresponds to the file descbc.c.Step 1: Cre

Chapter 6 Symmetric-Key Operations 179Block CiphersencryptionMethodName is the block cipher that you will use; for this example, use “des”. The infor

Block Ciphers180 RSA BSAFE Crypto-C Developer’s GuideYou must also indicate that you want to use the standard CBC padding which is defined in PKCS#5;

Chapter 6 Symmetric-Key Operations 181Block CiphersStep 3b: Setting the Key ObjectYou want to use a KI compatible with DES encryption, so return to

Block Ciphers182 RSA BSAFE Crypto-C Developer’s GuideNow that you have a key, you need an algorithm chooser and a surrender context. This is a speedy

Chapter 6 Symmetric-Key Operations 183Block CiphersStep 5: FinalStep 6: DestroyRemember to destroy all objects that you created and free up any memor

Block Ciphers184 RSA BSAFE Crypto-C Developer’s GuideThe RC2 CipherThe RC2 cipher is a variable-key-size block cipher. Whereas a DES key requires eigh

Chapter 6 Symmetric-Key Operations 185Block CiphersOnce again, encryptionMethodName is the block cipher that you will use; in this example, use “rc2”

Block Ciphers186 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitYou need a key before you can initialize the algorithm object for encryption.Step 3a:

Chapter 6 Symmetric-Key Operations 187Block CiphersUse a random number generator to come up with 24 bytes.It is a good idea to zeroize any sensitive

Related DocumentsPreface xxi• Results from the RSA Factoring Challenge• Recommendations on Elliptic Curve Cryptosystems• Recent Results for MD2, MD4

Block Ciphers188 RSA BSAFE Crypto-C Developer’s GuideYou need an algorithm chooser and a surrender context. This is a speedy function, so it is reason

Chapter 6 Symmetric-Key Operations 189Block CiphersStep 5: FinalStep 6: DestroyRemember to destroy all objects created and free up any memory allocat

Block Ciphers190 RSA BSAFE Crypto-C Developer’s GuideDecryptingAs with the “Introductory Example” on page 9, decrypting is similar to encrypting. Use

Chapter 6 Symmetric-Key Operations 191Block CiphersStep 2: Setting The Algorithm ObjectThere are a number of RC5 AIs from which to choose. Table 4-6

Block Ciphers192 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitYou need a key before you can initialize the algorithm object for encryption. You wil

Chapter 6 Symmetric-Key Operations 193Block CiphersUse a random number generator to create 10 bytes:It is a good idea to zeroize any sensitive data a

Block Ciphers194 RSA BSAFE Crypto-C Developer’s GuideNow that you have a key, you need an algorithm chooser and a surrender context. This is a speedy

Chapter 6 Symmetric-Key Operations 195Block CiphersStep 5: FinalStep 6: DestroyRemember to destroy all objects that you created and free up any memor

Block Ciphers196 RSA BSAFE Crypto-C Developer’s GuideDecryptingAs in the “Introductory Example” on page 9, decrypting is similar to encrypting. Use th

Chapter 6 Symmetric-Key Operations 197Block Ciphersthat, as specified in the Reference Manual entry for AI_RC6_CBCPad, this AI requires an initialize

How to Contact RSA Securityxxii RSA BSAFE Crypto-C Developer’s GuideHow to Contact RSA SecurityRSA Security Web SiteYou can visit the RSA Security Web

Block Ciphers198 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitThe next step is to make a call to B_EncryptInit. To do this, you need a key object.

Chapter 6 Symmetric-Key Operations 199Block CiphersTo call B_EncryptInit, we also need an algorithm chooser. The Reference Manual entry for AI_RC6_C

Block Ciphers200 RSA BSAFE Crypto-C Developer’s Guidefor the surrender context:Step 5: FinalStep 6: DestroyRemember to destroy any objects that you cr

Chapter 6 Symmetric-Key Operations 201Block Ciphersbeen allocated:DecryptingAs in the “Introductory Example” on page 9, decrypting is similar to encr

Block Ciphers202 RSA BSAFE Crypto-C Developer’s GuideCBC mode requires an initialization vector, so assume that you have the following buffer containi

Chapter 6 Symmetric-Key Operations 203Block CiphersStep 3a: Creating a Key ObjectStep 3b: Setting the Key DataNow you need to set the key size and pa

Block Ciphers204 RSA BSAFE Crypto-C Developer’s GuideTo call B_EncryptInit, we also need an algorithm chooser. The Reference Manual entry for AI_AES_

Chapter 6 Symmetric-Key Operations 205Block CiphersStep 5: FinalStep 6: DestroyRemember to destroy any objects that you created and to free up any me

Block Ciphers206 RSA BSAFE Crypto-C Developer’s GuidePassword-Based EncryptionIn previous encryption methods, you used a random number generator to pr

Chapter 6 Symmetric-Key Operations 207Block CiphersStep 2: Setting The Algorithm ObjectThere are a number of PBE AIs from which to choose (see “Summa

1Chapter 1IntroductionThis chapter introduces the Crypto-C toolkit. It lists the algorithms, cryptographic standards, NIST standards, and ANSI X9 stan

Block Ciphers208 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitYou need a key before you can initialize the algorithm object for encryption. In PBE,

Chapter 6 Symmetric-Key Operations 209Block Cipherssecure; it is used for illustrative purposes only. It is not for duplication:You should zeroize an

Block Ciphers210 RSA BSAFE Crypto-C Developer’s GuideStep 4: UpdateEnter the data to encrypt through B_EncryptUpdate. The Reference Manual Chapter 2 e

Chapter 6 Symmetric-Key Operations 211Block CiphersStep 5: FinalStep 6: DestroyRemember to destroy all objects and free up any allocated memory:Decry

212

213Chapter 7Public-Key OperationsIn public-key cryptography, two associated keys are necessary: one to encrypt, and the other to decrypt. The sender e

Performing RSA Operations214 RSA BSAFE Crypto-C Developer’s GuidePerforming RSA OperationsThe RSA algorithm is a public-key algorithm that relies on t

Chapter 7 Public-Key Operations 215Performing RSA OperationsStep 2: Setting the Algorithm ObjectFor this example, use AI_RSAKeyGen to generate an RSA

Performing RSA Operations216 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitLook up the description and prototype for B_GenerateInit in Chapter 4 of

Chapter 7 Public-Key Operations 217Performing RSA Operationsgenerates a candidate and tests to see if it is prime. If the candidate passes the test,

The Crypto-C Toolkit2 RSA BSAFE Crypto-C Developer’s GuideThe Crypto-C ToolkitCrypto-C provides developers with a state-of-the-art implementation of t

MultiPrime218 RSA BSAFE Crypto-C Developer’s GuideMultiPrimeThis section provides an overview of the MulitPrime enhancement to Crypto-C including info

Chapter 7 Public-Key Operations 219MultiPrimeThis means 3-prime private operations can be about 38% faster than 2-prime operations. Or with 2-prime R

MultiPrime220 RSA BSAFE Crypto-C Developer’s Guidedoes not allow you to generate an RSA key pair if the number of primes is more than three. Furthermo

Chapter 7 Public-Key Operations 221MultiPrimeB_ALGORITHM_METHOD *RSA_GEN_CHOOSER[] = { &AM_RSA_KEY_GEN, (B_ALGORITHM_METHOD *)NULL_PTR};A_RSA_M

MultiPrime222 RSA BSAFE Crypto-C Developer’s GuideGenerating an RSA MultiPrime KeyRefer to the RSA_CreateMultiPrimeRSAKeypair routine defined in the s

Chapter 7 Public-Key Operations 223MultiPrimeStep 3: InitNow, make the appropriate adjustments to the algorithm chooser so that the algorithm methods

MultiPrime224 RSA BSAFE Crypto-C Developer’s GuideCrypto-C FormatpublicKey is a key object that was set by the Crypto-C function B_GenerateKeypair. It

Chapter 7 Public-Key Operations 225MultiPrimeis unique to Crypto-C. If the recipient is not using Crypto-C, how do you give that recipient the inform

MultiPrime226 RSA BSAFE Crypto-C Developer’s Guidesend it off. Remember to free any memory you allocated:Note: The conversion into BER or DER is known

Chapter 7 Public-Key Operations 227MultiPrimeinfo to B_SetAlgorithmInfo as NULL_PTR:Step 3: InitYou will encrypt using the recipient’s RSA public key

Chapter 1 Introduction 3The Crypto-C ToolkitPublic-Key Algorithms• RSA Public Key Cryptosystem• Diffie-Hellman Key AgreementDigital Signatures• DSA•

MultiPrime228 RSA BSAFE Crypto-C Developer’s GuideYou are encrypting 8 bytes, so you do not need to worry about that constraint. However, the output o

Chapter 7 Public-Key Operations 229MultiPrimeStep 6: DestroyWhen you are done with all your objects, remember to destroy them.RSA Private-Key Decrypt

MultiPrime230 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitTo decrypt, you must use the RSA private key that is associated with the public key that

Chapter 7 Public-Key Operations 231MultiPrimeStep 5: FinalStep 6: DestroyWhen you are done with all objects, remember to destroy them:Optimal Asymetr

MultiPrime232 RSA BSAFE Crypto-C Developer’s Guideencrypt is usually 8, 16, or (for BER-encoded digests) 34 or 35. If you want to encrypt and decrypt

Chapter 7 Public-Key Operations 233MultiPrimeRSA Digital SignaturesThe section “Authentication and Digital Signatures” on page 57 discusses what a di

MultiPrime234 RSA BSAFE Crypto-C Developer’s GuideB_CreateAlgorithmObject:Step 2: Setting The Algorithm ObjectCrypto-C provides three methods for comp

Chapter 7 Public-Key Operations 235MultiPrimeentry for the AI in use:Note: If you want to sign using the blinding technique to thwart timing attacks

MultiPrime236 RSA BSAFE Crypto-C Developer’s Guidesurrender context outlined in “The Surrender Context” on page 118:Step 6: DestroyWhen you are done w

Chapter 7 Public-Key Operations 237MultiPrimeB_CreateAlgorithmObject:Step 2: Setting The Algorithm ObjectThe signer should tell you which message dig

Cryptographic Standards and Crypto-C4 RSA BSAFE Crypto-C Developer’s GuideCryptographic Standards and Crypto-CPKCS Standards and Crypto-CCrypto-C is a

MultiPrime238 RSA BSAFE Crypto-C Developer’s GuideNote: If the algorithm object was not set to AI_MD5WithRSAEncryption, AI_MD2WithRSAEncryption, AI_SH

Chapter 7 Public-Key Operations 239Performing DSA OperationsStep 6: DestroyWhen you are done with all objects, remember to destroy them:Performing DS

Performing DSA Operations240 RSA BSAFE Crypto-C Developer’s Guideof info supplied to B_SetAlgorithmInfo is a pointer to the following:Crypto-C will ge

Chapter 7 Public-Key Operations 241Performing DSA OperationsStep 5: GenerateTo generate DSA parameters, call the Crypto-C function B_GenerateParamete

Performing DSA Operations242 RSA BSAFE Crypto-C Developer’s GuideGenerating a DSA Key PairThe previous code generated the DSA parameters and set an al

Chapter 7 Public-Key Operations 243Performing DSA Operationscontains the AM for SHA1 random number generation. The last argument is the surrender con

Performing DSA Operations244 RSA BSAFE Crypto-C Developer’s GuideComputing a Digital SignatureStep 1: Creating An Algorithm ObjectDeclare a variable t

Chapter 7 Public-Key Operations 245Performing DSA Operationsproperly cast NULL_PTR for the surrender context:Step 4: UpdateDigest the data to sign wi

Performing DSA Operations246 RSA BSAFE Crypto-C Developer’s Guidepage 118:Step 6: DestroyWhen you are done with all objects, remember to destroy them:

Chapter 7 Public-Key Operations 247Performing DSA OperationsStep 2: Setting The Algorithm ObjectTo verify the signature created here, use the same AI

Chapter 1 Introduction 5Cryptographic Standards and Crypto-C• Secure Hash Algorithm (SHA1), as specified in FIPS PUB 180-1, Secure Hash Standard (SHS

Performing DSA Operations248 RSA BSAFE Crypto-C Developer’s Guidedata and you know its length, your call is the following:Step 5: FinalB_VerifyUpdate

Chapter 7 Public-Key Operations 249Performing Diffie-Hellman Key AgreementPerforming Diffie-Hellman Key AgreementDiffie-Hellman Key Agreement is a me

Performing Diffie-Hellman Key Agreement250 RSA BSAFE Crypto-C Developer’s GuideStep 2: Setting The Algorithm ObjectThere is only one AI for generating

Chapter 7 Public-Key Operations 251Performing Diffie-Hellman Key AgreementStep 3: InitInitialize the generation process with B_GenerateInit. Build an

Performing Diffie-Hellman Key Agreement252 RSA BSAFE Crypto-C Developer’s GuideThe second is a result algorithm object. Crypto-C will generate some va

Chapter 7 Public-Key Operations 253Performing Diffie-Hellman Key AgreementDistributing Diffie-Hellman ParametersThe central authority, after computin

Performing Diffie-Hellman Key Agreement254 RSA BSAFE Crypto-C Developer’s GuideIf you look at the elements of the struct:dhKeyAgreeParams->prime.da

Chapter 7 Public-Key Operations 255Performing Diffie-Hellman Key AgreementCrypto-C returns a pointer to where that information resides, not the infor

Performing Diffie-Hellman Key Agreement256 RSA BSAFE Crypto-C Developer’s GuideDiffie-Hellman Key AgreementIf you are one of the parties involved in t

Chapter 7 Public-Key Operations 257Performing Diffie-Hellman Key AgreementStep 3: InitInitialize the algorithm object with B_KeyAgreeInit. The Refere

Cryptographic Standards and Crypto-C6 RSA BSAFE Crypto-C Developer’s GuideANSI X9 Standards and Crypto-CCrypto-C also complies with a number of standa

Performing Diffie-Hellman Key Agreement258 RSA BSAFE Crypto-C Developer’s GuideThe fourth is the size of the buffer you allocated; if the buffer is no

Chapter 7 Public-Key Operations 259Performing Diffie-Hellman Key Agreementparties might only need eight bytes for a session key. If that is the case,

Performing Elliptic Curve Operations260 RSA BSAFE Crypto-C Developer’s GuidePerforming Elliptic Curve OperationsElliptic curve cryptosystems can be us

Chapter 7 Public-Key Operations 261Performing Elliptic Curve OperationsThe second, ecParamsObj, is set and initialized by B_GenerateParameters; it wi

Performing Elliptic Curve Operations262 RSA BSAFE Crypto-C Developer’s Guideversion number; in Crypto-C, the only version available is 0. The second a

Chapter 7 Public-Key Operations 263Performing Elliptic Curve OperationsStep 3: InitYou can pass a NULL_PTR for the surrender context, because B_Gener

Performing Elliptic Curve Operations264 RSA BSAFE Crypto-C Developer’s GuideStep 5: Generate This function may take a while, so you should use a surre

Chapter 7 Public-Key Operations 265Performing Elliptic Curve OperationsThe Reference Manual Chapter 2 entry for AI_ECParameters also states that the

Performing Elliptic Curve Operations266 RSA BSAFE Crypto-C Developer’s GuideThe following procedure, AllocAndCopyECParamInfo, is an example of an appl

Chapter 7 Public-Key Operations 267Performing Elliptic Curve OperationsFor this example application, use AllocAndCopyECParamInfo() to make a copy of

7Chapter 2Quick StartThis chapter provides an introduction to using Crypto-C. You are first presented with the Crypto-C model and then you are present

Performing Elliptic Curve Operations268 RSA BSAFE Crypto-C Developer’s GuideIn the sample code, FreeECParamInfo is implemented as follows:Generating a

Chapter 7 Public-Key Operations 269Performing Elliptic Curve OperationsStep 2: SetThe Reference Manual indicates that the appropriate AI to use for g

Performing Elliptic Curve Operations270 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitializeHere, you can pass a NULL_PTR for the surrender context,

Chapter 7 Public-Key Operations 271Performing Elliptic Curve OperationsRetrieving an Elliptic Curve KeyIf you need to store or transport information

Performing Elliptic Curve Operations272 RSA BSAFE Crypto-C Developer’s GuideB_GetKeyInfo gives a pointer to memory, but this memory is owned by Crypto

Chapter 7 Public-Key Operations 273Performing Elliptic Curve OperationsGenerating Acceleration TablesAn acceleration table stores precomputed version

Performing Elliptic Curve Operations274 RSA BSAFE Crypto-C Developer’s GuideStep 1: CreateDeclare a variable to be B_ALGORITHM_OBJ. As defined in the

Chapter 7 Public-Key Operations 275Performing Elliptic Curve OperationsThe first field in this structure, parameterInfoType, is used to interpret the

Performing Elliptic Curve Operations276 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalStep 5a: Allocate memoryYou must allocate sufficient memory t

Chapter 7 Public-Key Operations 277Performing Elliptic Curve OperationsStep 6: DestroyYou must free all allocated memory and destroy all objects when

iiiContentsPreface xvWhat’s New in Version 5.2.2? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviImproved per

The Six-Step Sequence8 RSA BSAFE Crypto-C Developer’s GuideThe Six-Step SequenceThe Crypto-C model generally follows a six-step sequence:1. Create2. S

Performing Elliptic Curve Operations278 RSA BSAFE Crypto-C Developer’s GuideOf course, you can write your own versions of these procedures to satisfy

Chapter 7 Public-Key Operations 279Performing Elliptic Curve OperationsStep 3: InitTo initialize the proper algorithms, you must supply an algorithm

Performing Elliptic Curve Operations280 RSA BSAFE Crypto-C Developer’s GuideStep 5b: Build the public-key acceleration tableIt can take a while to gen

Chapter 7 Public-Key Operations 281Performing Elliptic Curve OperationsTo initialize ecParamsObj with a set of parameters describing an elliptic curv

Performing Elliptic Curve Operations282 RSA BSAFE Crypto-C Developer’s GuideBecause you have the EC parameters in the A_EC_PARAMS structure ecParams,

Chapter 7 Public-Key Operations 283Performing Elliptic Curve OperationsYou must allocate space to hold the results of Phase 1 and Phase 2. The larges

Performing Elliptic Curve Operations284 RSA BSAFE Crypto-C Developer’s GuideStep 5: Phase 2By the time you have reached this step, Alice and Bob have

Chapter 7 Public-Key Operations 285Performing Elliptic Curve OperationsTo sign an arbitrarily long message with the elliptic curve version of DSA, yo

Performing Elliptic Curve Operations286 RSA BSAFE Crypto-C Developer’s GuideAssume that the steps in “Generating an Elliptic Curve Key Pair” on page 2

Chapter 7 Public-Key Operations 287Performing Elliptic Curve OperationsStep 2b (optional): Set Acceleration Table InfoGo through the steps in the sec

Chapter 2 Quick Start 9Introductory ExampleIntroductory ExampleThe CD containing the Crypto-C library distribution also includes sample source code t

Performing Elliptic Curve Operations288 RSA BSAFE Crypto-C Developer’s GuideStep 4: UpdateNow, using B_SignUpdate, pass in the data to be signed:Step

Chapter 7 Public-Key Operations 289Performing Elliptic Curve Operationsinitialized random algorithm in B_SignFinal:Step 6: DestroyDestroy all objects

Performing Elliptic Curve Operations290 RSA BSAFE Crypto-C Developer’s GuideStep 2b (Optional): Set Public Key Acceleration Table InfoYou can use eith

Chapter 7 Public-Key Operations 291Performing Elliptic Curve OperationsStep 6: DestroyDestroy all objects that are no longer needed:Performing ECDSA

Performing Elliptic Curve Operations292 RSA BSAFE Crypto-C Developer’s GuideStep 2: Setting the Algorithm ObjectYou need to set the algorithm object t

Chapter 7 Public-Key Operations 293Performing Elliptic Curve OperationsGenerating an EC Key PairSee “Generating an Elliptic Curve Key Pair” on page 2

Performing Elliptic Curve Operations294 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitBuild an algorithm chooser with the appropriate AMs:Now associ

Chapter 7 Public-Key Operations 295Performing Elliptic Curve OperationsStep 5: FinalFirst you must allocate space to store the signature. The output

Performing Elliptic Curve Operations296 RSA BSAFE Crypto-C Developer’s GuideVerifying a Digital SignatureTo verify the signature, you must go through

Chapter 7 Public-Key Operations 297Performing Elliptic Curve OperationsStep 5: FinalPass in the signature that was received with the message. B_Veri

Introductory Example10 RSA BSAFE Crypto-C Developer’s Guidespecify the type of algorithm that is being used, supply any special information or paramet

Performing Elliptic Curve Operations298 RSA BSAFE Crypto-C Developer’s GuideUsing Elliptic Curve ParametersSee the section “Generating Elliptic Curve

Chapter 7 Public-Key Operations 299Performing Elliptic Curve OperationsStep 1: CreateFirst, create the algorithm object that will hold the informatio

Performing Elliptic Curve Operations300 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitYou must initialize the algorithm object to perform encryptio

Chapter 7 Public-Key Operations 301Performing Elliptic Curve Operations Step 5: FinalStep 6: DestroyDestroy all objects that are no longer needed. Al

Performing Elliptic Curve Operations302 RSA BSAFE Crypto-C Developer’s GuideECAES Private-Key DecryptionThe steps for decryption are similar to those

Chapter 7 Public-Key Operations 303Performing Elliptic Curve Operations Step 5: FinalStep 6: DestroyDestroy any objects that are no longer needed. Al

304

305Chapter 8Secret Sharing OperationsSecret SharingSecret sharing allows a system to require a certain number of “shares” to retrieve a secret. The pr

Secret Sharing306 RSA BSAFE Crypto-C Developer’s GuideThe example in this section corresponds to the file scrtshar.c.Step 1: Creating An Algorithm Obj

Chapter 8 Secret Sharing Operations 307Secret SharingStep 4: UpdateCall B_EncryptUpdate once for each of the total number of shares. Each call to B_E

Chapter 2 Quick Start 11Introductory ExampleStandard RSA Security coding practices use the above do-while construct to make it easy to break out of a

Secret Sharing308 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalFinalize the process with B_EncryptFinal. This function does not need a random algo

Chapter 8 Secret Sharing Operations 309Secret SharingReconstructing the SecretTo reconstruct the secret, call B_DecryptUpdate for each share you are

Secret Sharing310 RSA BSAFE Crypto-C Developer’s GuideStep 4: UpdateCall B_DecryptUpdate once for each of the shares you are using to reconstruct the

Chapter 8 Secret Sharing Operations 311Secret SharingStep 6: DestroyRemember to destroy all objects and free up any allocated memory when you are don

312

313Chapter 9Putting It All Together: An X9.31 ExampleThe example in this chapter shows how to perform RSA digital signing and verifying according to t

The X9.31 Sample Program314 RSA BSAFE Crypto-C Developer’s GuideThe X9.31 Sample Program#include <stdio.h>#include <string.h> #include &

Chapter 9 Putting It All Together: An X9.31 Example 315The X9.31 Sample ProgramGenerating Random BytesThe first thing the application must do is to g

The X9.31 Sample Program316 RSA BSAFE Crypto-C Developer’s GuideTo create a random algorithm object and set the parameters: /* ===================

Chapter 9 Putting It All Together: An X9.31 Example 317The X9.31 Sample ProgramProviding the SeedIn this example, the seed is provided by keyboard in

Introductory Example12 RSA BSAFE Crypto-C Developer’s Guidethere is a single stream cipher, the RC4 cipher, and a number of AIs that can be used to im

The X9.31 Sample Program318 RSA BSAFE Crypto-C Developer’s GuideGenerating a Key PairOnce you have the random bytes, you can use them to generate an R

Chapter 9 Putting It All Together: An X9.31 Example 319The X9.31 Sample Program /* ======================================================== */

The X9.31 Sample Program320 RSA BSAFE Crypto-C Developer’s GuideComputing a Digital SignatureNow you can use the key pair to compute a digital signatu

Chapter 9 Putting It All Together: An X9.31 Example 321The X9.31 Sample Program• For digestMethodName, use "sha1"; currently this is the on

The X9.31 Sample Program322 RSA BSAFE Crypto-C Developer’s Guide signVerifyParams.encryptionMethodName = (unsigned char *)"rsaSignX931";

Chapter 9 Putting It All Together: An X9.31 Example 323The X9.31 Sample ProgramVerifying the SignatureVerifying an X9.31 RSA signature is almost iden

The X9.31 Sample Program324 RSA BSAFE Crypto-C Developer’s Guide /* Step 4: Update */ if ((status = B_VerifyUpdate (digitalVerifier, (

Chapter 9 Putting It All Together: An X9.31 Example 325The X9.31 Sample ProgramSurrendering ControlThe following function, included as part of x931.c

The X9.31 Sample Program326 RSA BSAFE Crypto-C Developer’s GuidePrinting the Buffer ContentsThe following procedure prints the current contents of the

327Appendix ACommand-Line DemosOverview of the DemosIn addition to the sample programs included on the CD, there are three Crypto-C command-line demo

Chapter 2 Quick Start 13Introductory ExampleSee the description and prototype in Chapter 4 of the Reference Manual for B_EncryptInit:As in Step 2, th

Command-Line Demo User’s Guide328 RSA BSAFE Crypto-C Developer’s Guide• BDEMOEC can use ECDSA to create and verify digital signatures for a file, and

Appendix A Command-Line Demos 329Command-Line Demo User’s Guide> bdemo -s < testinNotice that this uses ‘<’ to redirect testin as the input

Command-Line Demo User’s Guide330 RSA BSAFE Crypto-C Developer’s Guide• the name and location of the file to be signed• the name of the file you want

Appendix A Command-Line Demos 331Command-Line Demo User’s Guide• the name and location of the file that contains the encrypted data • the name and lo

Command-Line Demo User’s Guide332 RSA BSAFE Crypto-C Developer’s GuideBDEMODSABDEMODSA demonstrates the use of DSA to digitally sign and verify the in

Appendix A Command-Line Demos 333Command-Line Demo User’s GuideOnce a key pair has been generated, the following top-level menu is displayed:S - Sign

Command-Line Demo User’s Guide334 RSA BSAFE Crypto-C Developer’s GuideBDEMOECBDEMOEC provides the same functionality as BDEMO, but uses elliptic curve

Appendix A Command-Line Demos 335File ReferenceFile ReferenceThe C source code files for the demo programs provide a convenient means to learn Crypto

BSLite336 RSA BSAFE Crypto-C Developer’s GuideBSLiteBSLite is a collection of routines that interface with the Crypto-C library. BSLite demonstrates h

Appendix A Command-Line Demos 337BSLiteA single C source file, bslite.c, with a single header file, bslite.h, contains the entire BSLite Code. For mo

Introductory Example14 RSA BSAFE Crypto-C Developer’s Guideobject as an RC4 key, we need to use B_SetKeyInfo. See Chapter 4 of the Reference Manual fo

338

339GlossaryThis section lists security and cryptographic terms and abbreviations, along with their definitions, that are used throughout the RSA BSAFE

340 RSA BSAFE Crypto-C Developer’s GuideAESAdvanced Encryption Standard.algorithmA series of steps used to complete a task.AliceThe name traditionally

Glossary 341Data Encryption StandardSee DES.decryptionThe inverse (reverse) of encryption. The process by which the ciphertext is converted into pla

342 RSA BSAFE Crypto-C Developer’s GuideECDSAElliptic Curve DSA (Digital Signature Algorithm). An elliptic curve analogue of DSA.EDIElectronic (busine

Glossary 343identificationA process through which one ascertains the identity of another person or entity.keyA string of bits used widely in cryptog

344 RSA BSAFE Crypto-C Developer’s GuideNISTNational Institute of Standards and Technology. A United States agency that produces security and cryptogr

Glossary 345private keyIn public-key cryptography, this key is the secret key. It is primarily used for decryption but is also used for encryption w

346 RSA BSAFE Crypto-C Developer’s Guidesecret sharingSplitting a secret (for examle, a private key) into many pieces such that any specified subset o

Glossary 347verificationThe act of recognizing that a person or entity is who or what it claims to be.XORA binary bitwise operator yielding the resu

Chapter 2 Quick Start 15Introductory ExampleNow we can complete the call to B_SetKeyInfo:As with algorithm objects, once you have set a key object, y

348

349IndexAacceleration table 273Adelman, Leonard 52Advanced Encryption Standard xviiSee AESAdvanced PKCS #11 147AES xvii, 40, 41AI See algorithm info t

350 RSA BSAFE Crypto-C Developer’s Guidecertificate See digital certificateCFB See modes of operationcharacteristic See elliptic curve cryptographycho

Index 351elliptic curve cryptography 65–79algorithm info types 110curve generation 262examplesacceleration table 273–280key pair generation 268–270k

352 RSA BSAFE Crypto-C Developer’s Guidekey (continued)RC2 39, 99RC4 87, 99RC5 99, 190recovery 89registering 61RSA 53, 54, 97, 98size 97, 98, 129token

Index 353Ppadding 37, 126, 180RSA algorithm 227parametersDiffie-Hellman key agreement 63, 99, 249Digital Signature Algorithm 60, 239surrender contex

354 RSA BSAFE Crypto-C Developer’s GuideRSA Security Inc.FAQ 55Web site 48Ssalt 49, 94iterations 207sample program filesberder.c 124descbc.c 178dhagre

Introductory Example16 RSA BSAFE Crypto-C Developer’s Guideinstructions on writing an algorithm chooser. For the purposes of our example, we see that

Chapter 2 Quick Start 17Introductory Exampleinformation that it needs to perform RC4 encryption. In Step 4, we can enter the data to encrypt with the

iv RSA BSAFE Crypto-C Developer’s GuideCryptographic Standards and Crypto-C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Introductory Example18 RSA BSAFE Crypto-C Developer’s GuideFor now, we declare:For a stream cipher, the length of the encrypted (output) data is equal

Chapter 2 Quick Start 19Introductory Examplefunction must know the size of the buffer. The Update function will not attempt to place data into unallo

Introductory Example20 RSA BSAFE Crypto-C Developer’s GuideFor our example, the first argument is rc4Encrypter. The second argument is a pointer to th

Chapter 2 Quick Start 21Introductory Examplefunction calls after the do-while construct. That way, even if there is an error somewhere and the progra

Introductory Example22 RSA BSAFE Crypto-C Developer’s GuideFor this example, call T_free as follows:Note: Using T_free means you can no longer access

Chapter 2 Quick Start 23Introductory Example static char dataToEncrypt[] = "Encrypt this sentence."; unsigned char *encryptedData = NULL_

Introductory Example24 RSA BSAFE Crypto-C Developer’s Guide /* Step 4: Update */ encryptedData = T_malloc (dataToEncryptLen); if ((status

Chapter 2 Quick Start 25Introductory ExampleYou may find it a useful exercise to compile and link this program. Also, it could also be instructive to

Decrypting the Introductory Example26 RSA BSAFE Crypto-C Developer’s GuideDecrypting the Introductory ExampleDecrypting data is similar to encrypting.

Chapter 2 Quick Start 27Decrypting the Introductory ExampleStep 3b: Setting the Key ObjectWe need to fill our key with the same 10 bytes of data we

Contents vOptimal Asymmetric Encryption Padding (OAEP) . . . . . . . . . . . . . . . . . . . . . . . . . . .55Authentication and Digital Signatures

Decrypting the Introductory Example28 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalIn the “Introductory Example” on page 9, the plaintext was a st

Chapter 2 Quick Start 29Multiple UpdatesMultiple UpdatesAn application can do multiple updates before the Final call. For example, suppose you have d

Multiple Updates30 RSA BSAFE Crypto-C Developer’s Guideplaces them into the given buffer, and sets a flag indicating whether the bytes returned are th

Chapter 2 Quick Start 31Multiple UpdatesIn the preceeding code example, we took dataToEncryptLen bytes of data to encrypt and passed them to B_Encryp

Summary of the Six Steps32 RSA BSAFE Crypto-C Developer’s GuideSummary of the Six StepsA typical implementation uses the six steps as follows:Step 0:

Chapter 2 Quick Start 33Summary of the Six Steps• For some algorithms, such as generating a public/private key pair, there is no Update step. Step 5:

34

35Chapter 3Cryptography This chapter contains a brief outline of the basic cryptographic principles and terminology used throughout this manual and do

Cryptography Overview36 RSA BSAFE Crypto-C Developer’s GuideCryptography OverviewSymmetric-Key CryptographyIn symmetric-key cryptography, as Figure 3-

Chapter 3 Cryptography 37Cryptography OverviewBlock CiphersBlock ciphers encrypt data block-by-block. They can encrypt each block separately as in EC

vi RSA BSAFE Crypto-C Developer’s GuideElliptic Curve Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Cryptography Overview38 RSA BSAFE Crypto-C Developer’s GuideTriple DESTriple DES executes DES three times, which triples the number of bits in an encr

Chapter 3 Cryptography 39Cryptography Overviewit is proprietary to RSA Security. The RC2 cipher has an eight-byte block size. Therefore, the input mu

Cryptography Overview40 RSA BSAFE Crypto-C Developer’s Guidefor 12-round RC5-32, recent cryptanalytic work suggests 16 rounds is now a more conservati

Chapter 3 Cryptography 41Cryptography Overviewwould slow down the encryption and decryption operations. In addition, if the 20-round version of RC6 i

Cryptography Overview42 RSA BSAFE Crypto-C Developer’s GuideElectronic Codebook (ECB) ModeECB is not a feedback mode; it encrypts each block of input

Chapter 3 Cryptography 43Cryptography OverviewCipher Block Chaining (CBC) ModeWith CBC mode, each plaintext block is XORed with the previous cipherte

Cryptography Overview44 RSA BSAFE Crypto-C Developer’s Guide Figure 3-5 Cipher Feedback (CFB) ModeTo encrypt plaintext using CFB mode:1. Generate your

Chapter 3 Cryptography 45Cryptography OverviewOutput Feedback (OFB) ModeOutput feedback mode is similar to CFB mode, except that the quantity XORed w

Cryptography Overview46 RSA BSAFE Crypto-C Developer’s GuideFigure 3-6 Output Feedback Mode (OFB)Stream CiphersA stream cipher processes the input dat

Chapter 3 Cryptography 47Cryptography Overviewguess), an attacker would be able to determine some of the original message bytes by XORing two sets of

Contents viiMemory-Management Routines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122Memory-Management Rou

Cryptography Overview48 RSA BSAFE Crypto-C Developer’s Guide• It is computationally infeasible to produce data that has a specific digest. In other wo

Chapter 3 Cryptography 49Cryptography OverviewHash-Based Message Authentication Codes (HMAC)A hash-based message authentication code (HMAC) combines

Cryptography Overview50 RSA BSAFE Crypto-C Developer’s GuideNormally, the mixing is a message digest. This makes the task of getting from password to

Chapter 3 Cryptography 51Cryptography Overviewher message using that public key. Unlike symmetric-key cryptography, the key used for encryption will

Cryptography Overview52 RSA BSAFE Crypto-C Developer’s Guideauthentication that MIT professors Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman in

Chapter 3 Cryptography 53Cryptography Overviewbelow. To compute ciphertext c from a plaintext message m, find c = me mod n. To decrypt, determine the

Cryptography Overview54 RSA BSAFE Crypto-C Developer’s GuideThe calculation is shown in Table 3-1:SummaryTake two large primes, p and q, and find thei

Chapter 3 Cryptography 55Cryptography OverviewHowever, for very large numbers, factoring is very difficult. The RSA Laboratories publication, Frequen

Cryptography Overview56 RSA BSAFE Crypto-C Developer’s Guideto reveal the contents of a digital envelope. The main features of OAEP are redundancy and

Chapter 3 Cryptography 57Cryptography OverviewAuthentication and Digital SignaturesSuppose Alice and Bob are disputing a contract. Alice says that Bo

viii RSA BSAFE Crypto-C Developer’s GuideChapter 6 Symmetric-Key Operations 177Block Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . .

Cryptography Overview58 RSA BSAFE Crypto-C Developer’s Guide1. Alice and Bob compose a contract in digital format. The file can be in any form, such a

Chapter 3 Cryptography 59Cryptography Overview4. Digest the message file.5. If the digest matches the 16 bytes you obtained from decrypting the origi

Cryptography Overview60 RSA BSAFE Crypto-C Developer’s GuideDigital Signature Algorithm (DSA)The Digital Signature Algorithm (DSA) is part of the Digi

Chapter 3 Cryptography 61Cryptography Overviewa = gu1 mod pb = yu2 mod pv = (a · b mod p) mod q3. If v = r, the signature is verified. If v ≠ r, the

Cryptography Overview62 RSA BSAFE Crypto-C Developer’s GuideA certificate connects an entity to a public key. For instance, it can list an individual’

Chapter 3 Cryptography 63Cryptography Overview• Phase 1• Phase 2Figure 3-12 The Diffie-Hellman Key Agreement ProtocolParameter GenerationA central au

Cryptography Overview64 RSA BSAFE Crypto-C Developer’s Guide3. The two parties exchange the public values.These private and public values correspond t

Chapter 3 Cryptography 65Cryptography OverviewSecurityThe security of Diffie-Hellman key agreement relies on the difficulty of computing nth roots mo

Cryptography Overview66 RSA BSAFE Crypto-C Developer’s Guide• Elliptic Curve Signature Schemes (ECDSA)• Elliptic Curve Authenticated Encryption Scheme

Chapter 3 Cryptography 67Cryptography Overview• An odd prime field, Fp, where p is an odd prime.• A field of even characteristic, F2m.For more inform

Contents ixPerforming Diffie-Hellman Key Agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249Generating Diffie-Hellman Param

Cryptography Overview68 RSA BSAFE Crypto-C Developer’s Guide0=0·I≡ (2·2m–1)·I mod2m= 2·(2m–1·I)≡ 2·1 mod 2m=2Instead, we create the field F2m in a com

Chapter 3 Cryptography 69Cryptography Overviewelliptic curve parameters.Coefficients Over a Field of Even CharacteristicAn elliptic curve E over a fi

Cryptography Overview70 RSA BSAFE Crypto-C Developer’s Guideis written E(Fq).The Order of an Elliptic CurveThe addition system that makes the points o

Chapter 3 Cryptography 71Cryptography Overview• The order n of P P is sometimes called the base point.The CofactorWe mentioned previously that the pr

Cryptography Overview72 RSA BSAFE Crypto-C Developer’s GuideRepresenting Fields of Even CharacteristicFor fields of even characteristic (fields of the

Chapter 3 Cryptography 73Cryptography OverviewCreating the Key PairTo compute a public/private key pair:1. Generate a random value, d, between 1 and

Cryptography Overview74 RSA BSAFE Crypto-C Developer’s Guide, you will be using regular arithmetic. This is so different from arithmetic in F2m that,

Chapter 3 Cryptography 75Cryptography OverviewThe following calculations are really just a series of substitutions that can be made by looking back a

Cryptography Overview76 RSA BSAFE Crypto-C Developer’s GuideEncrypting a Message Using the Public KeyAnyone who wishes to send Bob an encrypted messag

Chapter 3 Cryptography 77Cryptography Overview6. Compute an authentication tag, tag = SHA1 (x1 || M’). That is, tag is the SHA1 hash of concatenation