Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Triple-DES and RC2 Key Wrapping (RFC3217)

IP.com Disclosure Number: IPCOM000006213D
Original Publication Date: 2001-Dec-01
Included in the Prior Art Database: 2001-Dec-14
Document File: 10 page(s) / 20K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

R. Housley: AUTHOR

Abstract

This document specifies the algorithm for wrapping one Triple-DES key with another Triple-DES key and the algorithm for wrapping one RC2 key with another RC2 key. These key wrap algorithms were originally published in section 12.6 of RFC 2630. They are republished since these key wrap algorithms have been found to be useful in contexts beyond those supported by RFC 2630.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 17% of the total text.

Network Working Group                                         R. Housley

Request for Comments: 3217                              RSA Laboratories

Category: Informational                                    December 2001

                    Triple-DES and RC2 Key Wrapping

Status of this Memo

   This memo provides information for the Internet community.  It does

   not specify an Internet standard of any kind.  Distribution of this

   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

Abstract

   This document specifies the algorithm for wrapping one Triple-DES key

   with another Triple-DES key and the algorithm for wrapping one RC2

   key with another RC2 key.  These key wrap algorithms were originally

   published in section 12.6 of RFC 2630.  They are republished since

   these key wrap algorithms have been found to be useful in contexts

   beyond those supported by RFC 2630.

1  Introduction

   Management of symmetric cryptographic keys often leads to situations

   where one symmetric key is used to encrypt (or wrap) another.  Key

   wrap algorithms are commonly used in two situations.  First, key

   agreement algorithms (such as Diffie-Hellman [DH-X9.42]) generate a

   pairwise key-encryption key, and a key wrap algorithm is used to

   encrypt the content-encryption key or a multicast key with the

   pairwise key-encryption key.  Second, a key wrap algorithm is used to

   encrypt the content-encryption key, multicast key, or session key in

   a locally generated storage key-encryption key or a key-encryption

   key that was distributed out-of-band.

   This document specifies the algorithm for wrapping one Triple-DES key

   with another Triple-DES key [3DES], and it specifies the algorithm

   for wrapping one RC2 key with another RC2 key [RC2].  Encryption of a

   Triple-DES key with another Triple-DES key uses the algorithm

   specified in section 3.  Encryption of a RC2 key with another RC2 key

   uses the algorithm specified in section 4.  Both of these algorithms

   rely on the key checksum algorithm specified in section 2.  Triple-

   DES and RC2 content-encryption keys are encrypted in Cipher Block

   Chaining (CBC) mode [MODES].

Housley                      Informational                      [Page 1]

RFC 3217            Triple-DES and RC2 Key Wrapping        December 2001

   In this document, the key words MUST, MUST NOT, REQUIRED, SHOULD,

   SHOULD NOT, RECOMMENDED, and MAY are to be interpreted as described

   by Scott Bradner in [STDWORDS].

2  Key Checksum

   The key checksum algorithm is used to provide a key integrity check

   value.  The algorithm is:

   1. Compute a 20 octet SHA-1 [SHA1] message digest on the key that is

      to be wrapped.

   2. Use the most significant (first) eight octets of the message

      digest value as the checksum value.

3  Triple-DES Key Wrapping and Unwrapping

   This section specifies the algorithms for wrapping and unwrapping one

   Triple-DES key with another Triple-DES key [3DES].

   The same key wrap algorithm is used for both Two-key Triple-DES and

   Three-key Triple-DES keys.  When a Two-key Triple-DES key is to be

   wrapped, a third DES key with the same value as the first DES key is

   created.  Thus, all wrapped Triple-DES keys include three DES keys.

   However, a Two-k...