Browse Prior Art Database

The ESP Triple DES Transform (RFC1851)

IP.com Disclosure Number: IPCOM000004107D
Original Publication Date: 1995-Sep-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 8 page(s) / 18K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

P. Karn: AUTHOR [+3]

Abstract

This document describes the Triple DES-CBC security transform for the IP Encapsulating Security Payload (ESP).

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 16% of the total text.

Network Working Group P. Karn

Request for Comments: 1851 Qualcomm

Category: Experimental P. Metzger

Piermont

W. Simpson

Daydreamer

September 1995

The ESP Triple DES Transform

Status of this Memo

This document defines an Experimental Protocol for the Internet

community. This does not specify an Internet standard of any kind.

Discussion and suggestions for improvement are requested.

Distribution of this memo is unlimited.

Abstract

This document describes the Triple DES-CBC security transform for the

IP Encapsulating Security Payload (ESP).

Table of Contents

1. Introduction .......................................... 2

1.1 Keys ............................................ 2

1.2 Initialization Vector ........................... 2

1.3 Data Size ....................................... 3

1.4 Performance ..................................... 3

2. Payload Format ........................................ 4

3. Algorithm ............................................. 6

3.1 Encryption ...................................... 6

3.2 Decryption ...................................... 7

SECURITY CONSIDERATIONS ...................................... 7

ACKNOWLEDGEMENTS ............................................. 8

REFERENCES ................................................... 9

AUTHOR'S ADDRESS ............................................. 11

1. Introduction

The Encapsulating Security Payload (ESP) [RFC-1827] provides

confidentiality for IP datagrams by encrypting the payload data to be

protected. This specification describes the ESP use of a variant of

of the Cipher Block Chaining (CBC) mode of the US Data Encryption

Standard (DES) algorithm [FIPS-46, FIPS-46-1, FIPS-74, FIPS-81].

This variant, known as Triple DES (3DES), processes each block of the

plaintext three times, each time with a different key [Tuchman79].

This document assumes that the reader is familiar with the related

document "Security Architecture for the Internet Protocol" [RFC-

1825], which defines the overall security plan for IP, and provides

important background for this specification.

1.1. Keys

The secret 3DES key shared between the communicating parties is

effectively 168-bits long. This key consists of three independent

56-bit quantities used by the DES algorithm. Each of the three 56-

bit subkeys is stored as a 64-bit (eight octet) quantity, with the

least significant bit of each octet used as a parity bit.

1.2. Initializati...