All:
S/MIME 3 requires a function to encrypt one Triple-DES key in another. I
posted a proposed method several weeks ago, and I got a fair amount of
feedback. The most common concern was the lack of flexibility. may people
prefered a technique that was algorithm independent. Below, I propose an
algorithm independent function, and I am writing to request review of
that function. I propose a function that provides confidentiality and
integrity.
As background, here is refresher about how S/MIME 3 will use the function.
S/MIME 3 locally generates a random content-encryption key. As the name
implies, this key will be used to encrypt the message content. Then,
Diffie-Hellman will be used to generate a pairwise key-encryption key with
each
message recipient, and the content-encryption key will be encrypted under the
pairwise key-encryption key.
The blocksize of the key-encryption algorithm can be determined from the CMS
KeyEncryptionAlgorithmIdentifier protocol field. Likewise, the size of the
content-encryption key can be determined from the CMS
ContentEncryptionAlgorithmIdentifier protocol field. Triple-DES may be an
exception here; the same identifer is used for both 2-key and 3-key Triple
DES. This is probably easily handled by always wrapping three keyes, even if
the first and third keys match.
Please do not propose improvements that are covered by any issued or pending
patents.
Thanks for your assistance,
Russ
- - - - - - - - - -
KEY CHECKSUM ALGORITHM:
1. Initialize two 16 bit integers, sum1 and sum2, to zero.
2. Loop through the octets of the content-encryption key, most
significant octet to least significant octet.
2a. Create a 16 bit integer, called temp, by concatenating
8 zero bits and the key octet.
2b. sum1 = sum1 + temp.
2c. sum2 = sum2 + sum1.
3. Use sum2 as the checksum value.
KEY WRAP ALGORITHM:
1. Adjust the parity bits on DES and Triple-DES keys.
2. Compute a 16-bit key checksum value on the content-encryption
key as described above.
3. Generate a 4-octet random salt value.
4. Concatenate the salt, content-encryption key, and key
checksum value.
5. Generate the number of pad octets necessary to make the
result a multiple of the key-encryption algorithm block
size, then append them to the result.
6. Encrypt the result with the key-encryption key. If the
algorithm requires an IV, use an IV with each octet equal
to 'A5' hexidecimal.
KEY UNWRAP ALGORITHM:
1. Decrypt the wrapped ciphertext using the key-encryption key.
If the algorithm requires an IV, use an IV with each octet
equal to 'A5' hexidecimal.
2. Check the parity of DES and Triple-DES keys. If any is
incorrect then there is an error.
3. Compute a 16-bit key checksum value on the content-encryption
key as described above.
4. If computed key checksum value does not match the decrypted
key checksum value, then there is an error.