Hello,
I have the following question regarding the use of RC2 with Ephemeral Static
DH (RFC 2631) in CMS:
CMS requires that "for key agreement of RC2 key-encryption keys, 128 bits
must be generated as input to the key expansion process used to compute the
RC2 effective key". This seems to be quite clear when using RC2
key-encryption keys having an effective key length of 128 bits (as required
by http://www.ietf.org/internet-drafts/draft-ietf-smime-cmsalg-00.txt
(Cryptographic Message Syntax (CMS) Algorithms).
However, how do decrypt the content-encryption key if wrapped using a 40 bit
RC2 key as done by Microsoft Outlook when encrypting with a ESDH key thereby
not knowing the capabilities of the other party?
MS outlook uses the algorithm given in RFC 2631 for creating key material of
128 bit length as required by CMS as input to the key expansion process used
to compute the RC2 effective key (see above). When doing so, Outlook sets
the suppPubInfo value to 40. Is this the right way or must suppPubInfo be
128 for generating 128 bit key material and subsequently let the RC2
algorithm create the RC2 effective 40 bit key from it? Both, 40 and 128 only
require one round of the key meterial generation algorithm, but there seems
to be no parameter in OtherInfo telling to get the 128 left most bits if
suppPubInfo is 40.
Regards,
Dieter Bratko
smime.p7s
Description: S/MIME cryptographic signature