Browse Prior Art Database

Use of the KEA and SKIPJACK Algorithms in CMS (RFC2876)

IP.com Disclosure Number: IPCOM000003477D
Original Publication Date: 2000-Jul-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 10 page(s) / 27K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Pawling: AUTHOR

Abstract

This document describes the conventions for using the Key Exchange Algorithm (KEA) and SKIPJACK encryption algorithm in conjunction with the Cryptographic Message Syntax [CMS] enveloped-data and encrypted- data content types.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 10% of the total text.

Network Working Group J. Pawling

Request for Comments: 2876 WGSI, A Getronics Company

Category: Informational July 2000

Use of the KEA and SKIPJACK Algorithms in CMS

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard of any kind. Distribution of this

memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

This document describes the conventions for using the Key Exchange

Algorithm (KEA) and SKIPJACK encryption algorithm in conjunction with

the Cryptographic Message Syntax [CMS] enveloped-data and encrypted-

data content types.

1. Introduction

Throughout this document, the terms MUST, MUST NOT, SHOULD and MAY

are used in capital letters. This conforms to the definitions in

[MUSTSHOULD]. [MUSTSHOULD] defines the use of these key words to help

make the intent of standards track documents as clear as possible.

The same key words are used in this document to help implementers

achieve interoperability. Software that claims compliance with this

document MUST provide the capabilities as indicated by the MUST, MUST

NOT, SHOULD and MAY terms. The KEA and SKIPJACK cryptographic

algorithms are described in [SJ-KEA].

2. Content Encryption Process

This section applies to the construction of both the enveloped-data

and encrypted-data content types. Compliant software MUST meet the

requirements stated in [CMS] Section 6.3, "Content-encryption

Process". The input to the encryption process MUST be padded to a

multiple of eight octets using the padding rules described in [CMS]

Section 6.3. The content MUST be encrypted as a single string using

the SKIPJACK algorithm in 64-bit Cipher Block Chaining (CBC) mode

using randomly-generated 8-byte Initialization Vector (IV) and 80-bit

SKIPJACK content-encryption key (CEK) values.

3. Content Decryption Process

This section applies to the processing of both the enveloped-data and

encrypted-data content types. The encryptedContent MUST be decrypted

as a single string using the SKIPJACK algorithm in 64-bit CBC mode.

The 80-bit SKIPJACK CEK and the 8-byte IV MUST be used as inputs to

the SKIPJACK decryption process. Following decryption, the padding

MUST be removed from the decrypted data. The padding rules are

described in [CMS] Section 6.3, "Content-encryption Process".

4. Enveloped-data Conventions

The CMS enveloped-data content type consists of an encrypted content

and wrapped C...