Applications of Cryptography
84 RSA BSAFE Crypto-C Developer’s Guide
• Ensure file integrity and protect against tampering. Cryptographic techniques can
be used to guarantee that only authorized personnel can modify or install certain
files.
• Archive important data so that it can be accessed only by authorized personnel.
• Protect intellectual property.
Point-to-Point Applications
Applications that require establishing a secure link between two nodes are very
common and may have different topologies. However, their similarities allow them to
be treated in a comparable manner. Secure point-to-point communication is needed if:
• Communication takes place between exactly two nodes.
• The primary security consideration is to allow the two nodes to communicate
privately and to prevent others from eavesdropping on the traffic.
Here are some applications that require secure point-to-point data communication:
• Computer hardware links connecting two nodes
• Satellite or cellular communications
• A single transaction between two nodes in a larger network
Here is a typical scenario for implementing applications in this class, using key
agreement with stream-cipher encryption.
1. Compute the Diffie-Hellman parameters for both nodes. This must be done before
a communication session is established. When a link is requested, the parameters
should be waiting for the nodes.
A new Diffie-Hellman parameter set is not necessary each time you generate a
session key; it is safe to use one set of Diffie-Hellman parameters for many key-
agreement sessions. In addition, either of the nodes can generate the parameters
and transmit the values over any channel.
2. Establish an agreed-upon secret value using Phase 1 and Phase 2 of the Diffie-
Hellman key-agreement protocol. See “Diffie-Hellman Public Key Agreement” on
page 62 for an overview of this process.
3. Compute an RC4 key for the session using the agreed-upon secret value. The RC4
key may be shorter than a Diffie-Hellman secret value. The application must
determine the procedure for extracting the required bits. A single Diffie-Hellman
agreement may also be used to generate multiple RC4 keys.
