All:
S/MIME 3 requires a function to encrypt one Triple-DES key in another.
Below, I propose such a function, and I am writing to request review of
that function.
Here is how S/MIME 3 will use the function. S/MIME 3 locally generate a
random content-encryption Triple-DES key. As the name implies, this key
will be used to encrypt the message content. Then, Diffie-Hellman will be
used to generate a pairwise Triple-DES key with each message recipient, and
the content-encryption key will be encrypted under the pairwise key. I was
unable to find a standard for the encryption of one Triple-DES key in
another Triple-DES key. The obvious encryption of the three DES keys in
ECB mode does not seem sufficient to me. This method would allow an
attacker to rearrange the three blocks and the recipient could not detect
the problem until the entire message we decrypted. So, I have proposed a
technique that provides confidentiality and integrity.
Please do not propose improvements that are covered by any issued or
pending patents.
Thanks for your assistance,
Russ
- - - - - - - - - -
Mechanism: Triple-DES with Checksum
Wrapping Key Type: Triple-DES (3 keys)
Type of key to be wrapped: Triple-DES (3 keys)
KEY CHECKSUM ALGORITHM:
1. Initialize two 16 bit integers, sum1 and sum2, to zero.
2. Arrange the Triple-DES key into a string of 24 octets as follows:
2a. Key 1 followed by Key 2 followed by Key 3.
2b. Order the octets of each key most to least significant.
3. Loop through the 24 octets of the Triple-DES key.
3a. Create a 16 bit integer, called temp, by concatenating 8 zero bits and
the key octet.
3b. sum1 = sum1 + temp.
3c. sum2 = sum2 + sum1.
4. Use sum2 as the checksum value.
KEY WRAP ALGORITHM:
1. Adjust the parity bits on the three DES keys as necessary to give each octet
odd parity: Key 1, Key 2, and Key 3.
2. Compute a 16-bit check word on the key as described above.
3. Using ECB mode, encrypt Key 1, Key 2, and Key 3 in the wrapping key.
4. Create a temporary block from the concatenation of the low order six
octets of the encrypted Key 3 and the two octets of the check word.
5. Using ECB mode, encrypt the temporary block in the wrapping key.
6. Concatenate the encrypted Key 1, Key 2, and Key 3 with the low order two
octets of the encrypted temporary block to form the 26 octet (208 bits)
wrapped key.
KEY UNWRAP ALGORITHM:
1. Break the high order 24 octets into three 8 octet blocks, and decrypt
each using the wrapping key with ECB mode. The result will be the
original key, Key 1, Key 2, and Key 3, if no errors are encountered
in the following steps.
2. Check the parity of Key 1, Key 2, and Key 3. If any is incorrect then
there is an error.
3. Compute 16-bit check word on the decrypted key as described above.
4. Create a temporary block from the concatenation of the low order six
octets of the encrypted Key 3 value and the check word.
5. Using DES ECB, encrypt the temporary block in the wrapping key.
6. If the low order two octets of the wrapped key do not match the low
order two octets of the encrypted temporary block then there is an error.