Grab your ankles, ladies and gents. This won't hurt a bit... Cheers, Bob Hettinga <Wait, isn't that a freight train in the distance?> --- begin forwarded text From: Bob Baldwin <baldwin@rsa.com> To: "'set-dev'" <set-dev@terisa.com> Subject: Algorithm Identifier for CDMF Date: Wed, 8 Jan 1997 09:41:08 -0800 Mime-Version: 1.0 Sender: owner-set-dev@terisa.com Precedence: bulk The SET protocol needs an algorithm identifier for a 40 bit variant of des called CDMF for use with the AcqBackMsg. This note defines the value for that identifier. --Bob Baldwin -------------------------- ALGORITHM IDENTIFIER FOR IBM's CDMF ALGORITHM INTRODUCTION The Commercial Data Masking Facility (CDMF) is an application of DES that weakens the DES key from 56 to 40 bits using a key shortening algorithm patented by IBM. Licensing information for the CDMF patent is available from the Director of Licensing, IBM Corporation, 500 Columbus Avenue, Thornwood, NY 10594. This note defines the ASN.1 algorithm identifier and algorithm parameters for IBM's CDMF that has been registered by RSA Data Security Inc. RSA Data Security, Inc.'s Open Systems Interconnection (OSI) object identifier is 1.2.840.113549 (2a, 0x86, 0x48, 0x86, 0xf7, 0x0d in hex), as registered by the American National Standards Institute (ANSI). In the following, the prefix "rsadsi" refers to that object identifier. All object identifiers registered by RSA Data Security begin with this prefix. CDMFCBCPad This is a Cipher Block Chaining mode of operation with padding of a 40-bit variant of DES. It is defined in: IBM Journal of Research and Development, "The Commercial Data Masking Facility (CDMF) Data Privacy Algorithm", Volume 38, Number 2, March 1994. Following the ASN.1 style of the "Agreements for Open Systems Interconnection Protocols: Part 12 OS Security", it is defined by: ALGORITHM MACRO ::= BEGIN TYPE NOTATION ::= "PARAMETER" type VALUE NOTATION ::= value(VALUE OBJECT IDENTIFIER) END -- of ALGORITHM IV8 ::= OCTET STRING (SIZE(8)) CBC8Parameter ::= IV8 CDMFCBCPad ALGORITHM PARAMETER CBC8Parameter ::= {iso(1) member-body(2) US(840) rsadsi(113549) encryptionAlgorithm(3) 10} -- In hex, the CDMFCBCPad algorithm ID is: -- { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x0A } The PARAMETER is needed to specify the Initialization Vector, which need not be kept secret. It is 8 octets long. This mode should be used to encrypt multiple blocks, where the full message is available. The random IV prevents codebook analysis of the start of the chain. The IV may be public. This mode will propagate a single bit error in one plaintext block into all succeeding blocks, and will propagate a single bit error in the ciphertext into a garbled plaintext block on decryption as well as a single bit error in the next plaintext block. The following padding mechanism should be used if the data to be encrypted is octet aligned, unless the security policy dictates otherwise: The input to the CDMF CBC encryption process must be padded to a multiple of 8 octet, in the following manner. Let n be the length in octets of the input. Pad the input by appending 8-(n mod 8) octet to the end of the message, each having the value 8-(n mod 8), the number of octets being added. In hexadecimal, the possible paddings are: 01, 0202, 030303, 04040404, 0505050505, 060606060606, 07070707070707, and 0808080808080808. All input is padded with 1 to 8 octets to produce a multiple of 8 octets in length. The padding can be removed unambiguously after decryption. Editor's Note - If adding the padding rules would cause existing implementations to break, this should be registered as a separate algorithm identifier. Note, however, that [FIPS 81] specifies its own padding rules for padding binary data, in the absence of application-defined rules such as those above; those rules require an indication (which could be conveyed as an algorithm PARAMETER) of whether the data has been padded or not. --- end forwarded text ----------------- Robert Hettinga (rah@shipwright.com), Philodox, e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ FC97: Anguilla, anyone? http://offshore.com.ai/fc97/