ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RFC2631 - RC2

2001-05-25 10:34:29
from [Housley, Russ] [Permanent Link] 
Dieter:
Your understanding is correct. To establish a 128-bit RC2 KEK, which requires 128 bits of keying material, the algorithm is run once, with a counter value of 1, with a suppPubInfo of 0x00000080, and the left-most 128 bits are directly converted to an RC2 key. 

Russ

At 04:54 PM 5/25/2001 +0200, Dieter Bratko wrote:

Hello,

Sorry for using the MS example (which indeed caused this question), but my
actual question was about the correct use of the RFC2631 suppPubInfo value.
So please let me try to spilt the question into two parts and formulate it
in another way so that it might become a question about the standard:

a.) To be CMS standard-compliant, only 128 bit RC2 key-encryption keys are
allowed.

b.) RFC2631 is part of the CMS RFC repository, but might not be used in CMS
environments only and itself does not make any restrictions about the size
the RC2 key has to be. Since RFC2631 says that "RC2 effective key lengths
are equal to RC2 real key lengths", does this mean that for RC2 the
suppPubInfo value in any case has to be equal to the number of bits got as
output from the algorithm, e.g. 128 for a 128 bit key respectively 40 for a
40 bit key? (i.e. RFC2631 only can be used for creating RC2 keys where the
effective key size is equal to the real key size).

Regards,
Dieter

-----Ursprüngliche Nachricht-----
Von: Housley, Russ [mailto:rhousley(_at_)rsasecurity(_dot_)com]
Gesendet: Freitag, 25. Mai 2001 15:34
An: Dieter Bratko
Betreff: Re: RFC2631 - RC2


Your question does not seem to be about the standard, rather about the MS
implementation.  Did I miss something?

Russ

At 09:13 AM 5/25/2001 +0200, Dieter Bratko wrote:
>Hello,
>
>I have the following question regarding the use of RC2 with Ephemeral
Static
>DH (RFC 2631) in CMS:
>
>CMS requires that "for key agreement of RC2 key-encryption keys, 128 bits
>must be generated as input to the key expansion process used to compute the
>RC2 effective key". This seems to be quite clear when using RC2
>key-encryption keys having an effective key length of 128 bits (as required
>by http://www.ietf.org/internet-drafts/draft-ietf-smime-cmsalg-00.txt
>(Cryptographic Message Syntax (CMS) Algorithms).
>However, how do decrypt the content-encryption key if wrapped using a 40
bit
>RC2 key as done by Microsoft Outlook when encrypting with a ESDH key
thereby
>not knowing the capabilities of the other party?
>MS outlook uses the algorithm given in RFC 2631 for creating key material
of
>128 bit length as required by CMS as input to the key expansion process
used
>to compute the RC2 effective key (see above). When doing so, Outlook sets
>the suppPubInfo value to 40. Is this the right way or must suppPubInfo be
>128 for generating 128 bit key material and subsequently let the RC2
>algorithm create the RC2 effective 40 bit key from it? Both, 40 and 128
only
>require one round of the key meterial generation algorithm, but there seems
>to be no parameter in OtherInfo telling to get the 128 left most bits if
>suppPubInfo is 40.
>
>Regards,
>Dieter Bratko
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • RFC2631 - RC2, Dieter Bratko
    • Re: RFC2631 - RC2, Housley, Russ <=
Previous by Date:  RFC2631 - RC2, Dieter Bratko
Next by Date:  I-D ACTION:draft-ietf-smime-rcek-04.txt, Internet-Drafts
Previous by Thread:  RFC2631 - RC2, Dieter Bratko
Next by Thread:  I-D ACTION:draft-ietf-smime-rcek-04.txt, Internet-Drafts
Indexes:  [Date] [Thread] [Top] [All Lists]