All:
Right now, I am leaning toward the double encryption wrap algorithm. I
think it will be easy to implement, and it yeilds a shorter result that the
OAEP method. To convince myself that it was easy to implement, I did an
implementation. It took me about two hours while watching an old Jimmy
Stewart movie. Of course, I already have SHA-1 and Triple-DES CBC
routines. S/MIME v3 will require these algorithms for other capabilities
besides key wrapping.
If someone else is willing to do an implementation, I would like to compare
results. This will allow a test vector to be included with the algorithm
description.
Does anyone have any strong objections to the double encryption wrap
algorithm being selected?
Russ
WRAP ALOGRITHM #1: DOUBLE ENCRYPTION
Key Checksum
The CMS Checksum Algorithm is used to provide an content-encryption key
integrity check value. The algorithm is:
1. Compute a 20 octet SHA-1 message digest on the
content-encryption key.
2. Use the most significant (first) eight octets of the
message digest value as the checksum value.
Triple-DES Key Wrap
1. Set odd parity for each of the DES key octets comprising
the content-encryption key, call the result CEK.
2. Compute a 8 octet key checksum value on CEK as described above,
call the result ICV.
3. Let CEKICV = CEK || ICV.
4. Encrypt CEKICV in CBC mode using the key-encryption key. Use
an IV of 0xc302e3c1ad8bb738.
5. Reverse the order of the ciphertext octets. That is, the most
significant (first) octet is swapped with the least significant
(last) octet, and so on. Call the result TEMP.
6. Encrypt TEMP in CBC mode using the key-encryption key. Use
an IV of 0x61a197e5b132e196. The ciphertext is 32 octets long.