AI_SHA1WithDES_CBCPad
228 RSA BSAFE Crypto-C Library Reference Manual
AI_SHA1WithDES_CBCPad
Purpose:
This AI allows you to perform password-based encryption. This means that the input
data will be encrypted with a secret key derived from a password, and it can be
successfully decrypted only when the correct password is provided. Although this AI
can be used to encrypt arbitrary data, its intended primary use is for encrypting
private keys when transferring them from one computer system to another, as
described in PKCS #8.
This AI employs DES secret-key encryption in cipher-block chaining (CBC) mode
with padding, where the secret key is derived from a password using the SHA1
message digest algorithm. The details of this algorithm are contained in PKCS #5. DES
is defined in FIPS PUB 81, and CBC mode of DES is defined in FIPS PUB 46-1. FIPS
PUB 180-1 describes SHA1.
Other algorithms that can be used for password-based encryption are
AI_MD2WithDES_CBCPad, AI_MD2WithRC2_CBCPad, AI_MD5WithRC2_CBCPad, and
AI_MD5WithDES_CBCPad.
Type of information this allows you to use:
the salt and iteration count for the SHA1 With DES-CBC password-based encryption
algorithm. The salt is concatenated with the password before being digested by
SHA1, and the iteration count specifies how many times the digest needs to be run.
The count of 2 indicates that the result of digesting the password-and-salt string
needs to be run once more through SHA1. The first 8 bytes of the final digest become
the secret key for the DES cipher after being adjusted for parity as required by FIPS
PUB 81, the next 8 bytes become the initialization vector, and the last 4 bytes are
ignored.
Format of info supplied to B_SetAlgorithmInfo:
pointer to a B_PBE_PARAMS structure:
typedef struct {
unsigned char *salt; /* pointer to 8-byte salt value */
unsigned int iterationCount; /* iteration count */
} B_PBE_PARAMS ;
