rfc2898.txt
来自「RFC 的详细文档!」· 文本 代码 · 共 1,738 行 · 第 1/5 页
TXT
1,738 行
RC5-CBC-Parameters ::= SEQUENCE {
version INTEGER {v1-0(16)} (v1-0),
rounds INTEGER (8..127),
blockSizeInBits INTEGER (64 | 128),
iv OCTET STRING OPTIONAL }
Kaliski Informational [Page 25]
RFC 2898 Password-Based Cryptography September 2000
The fields of type RC5-CBC-Parameters have the following meanings:
- version is the version of the algorithm, which shall be v1-0.
- rounds is the number of rounds in the encryption operation, which
shall be between 8 and 127.
- blockSizeInBits is the block size in bits, which shall be 64 or
128.
- iv is the initialization vector, an eight-octet string for 64-bit
RC5 and a 16-octet string for 128-bit RC5. The default is a string
of the appropriate length consisting of zero octets.
B.3 Message Authentication Schemes
An example message authentication scheme for PBMAC1 (Section 7.1) is
HMAC-SHA-1.
B.3.1 HMAC-SHA-1
HMAC-SHA-1 is the HMAC message authentication scheme [7] based on the
SHA-1 hash function [18]. HMAC-SHA-1 has a variable key length and a
20-octet (160-bit) message authentication code.
The object identifier id-hmacWithSHA1 (see Appendix B.1.1) identifies
the HMAC-SHA-1 message authentication scheme. (The object identifier
is the same for both the pseudorandom function and the message
authentication scheme; the distinction is to be understood by
context.) This object identifier is intended to be employed in the
object set PBMAC1-Macs (Appendix A.5).
C. ASN.1 Module
For reference purposes, the ASN.1 syntax in the preceding sections is
presented as an ASN.1 module here.
-- PKCS #5 v2.0 ASN.1 Module
-- Revised March 25, 1999
-- This module has been checked for conformance with the
-- ASN.1 standard by the OSS ASN.1 Tools
PKCS5v2-0 {iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-5(5) modules(16) pkcs5v2-0(1)}
DEFINITIONS ::= BEGIN
Kaliski Informational [Page 26]
RFC 2898 Password-Based Cryptography September 2000
-- Basic object identifiers
rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) 113549}
pkcs OBJECT IDENTIFIER ::= {rsadsi 1}
pkcs-5 OBJECT IDENTIFIER ::= {pkcs 5}
-- Basic types and classes
AlgorithmIdentifier { ALGORITHM-IDENTIFIER:InfoObjectSet } ::=
SEQUENCE {
algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}),
parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet}
{@algorithm}) OPTIONAL
}
ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER
-- PBKDF2
PBKDF2Algorithms ALGORITHM-IDENTIFIER ::=
{ {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ...}
id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
algid-hmacWithSHA1 AlgorithmIdentifier {{PBKDF2-PRFs}} ::=
{algorithm id-hmacWithSHA1, parameters NULL : NULL}
PBKDF2-params ::= SEQUENCE {
salt CHOICE {
specified OCTET STRING,
otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
},
iterationCount INTEGER (1..MAX),
keyLength INTEGER (1..MAX) OPTIONAL,
prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT
algid-hmacWithSHA1
}
PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... }
PBKDF2-PRFs ALGORITHM-IDENTIFIER ::=
{ {NULL IDENTIFIED BY id-hmacWithSHA1}, ... }
-- PBES1
PBES1Algorithms ALGORITHM-IDENTIFIER ::= {
Kaliski Informational [Page 27]
RFC 2898 Password-Based Cryptography September 2000
{PBEParameter IDENTIFIED BY pbeWithMD2AndDES-CBC} |
{PBEParameter IDENTIFIED BY pbeWithMD2AndRC2-CBC} |
{PBEParameter IDENTIFIED BY pbeWithMD5AndDES-CBC} |
{PBEParameter IDENTIFIED BY pbeWithMD5AndRC2-CBC} |
{PBEParameter IDENTIFIED BY pbeWithSHA1AndDES-CBC} |
{PBEParameter IDENTIFIED BY pbeWithSHA1AndRC2-CBC},
...
}
pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1}
pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4}
pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3}
pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6}
pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10}
pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11}
PBEParameter ::= SEQUENCE {
salt OCTET STRING (SIZE(8)),
iterationCount INTEGER
}
-- PBES2
PBES2Algorithms ALGORITHM-IDENTIFIER ::=
{ {PBES2-params IDENTIFIED BY id-PBES2}, ...}
id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
PBES2-params ::= SEQUENCE {
keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
}
PBES2-KDFs ALGORITHM-IDENTIFIER ::=
{ {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }
PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
-- PBMAC1
PBMAC1Algorithms ALGORITHM-IDENTIFIER ::=
{ {PBMAC1-params IDENTIFIED BY id-PBMAC1}, ...}
id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14}
PBMAC1-params ::= SEQUENCE {
keyDerivationFunc AlgorithmIdentifier {{PBMAC1-KDFs}},
messageAuthScheme AlgorithmIdentifier {{PBMAC1-MACs}}
Kaliski Informational [Page 28]
RFC 2898 Password-Based Cryptography September 2000
}
PBMAC1-KDFs ALGORITHM-IDENTIFIER ::=
{ {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }
PBMAC1-MACs ALGORITHM-IDENTIFIER ::= { ... }
-- Supporting techniques
digestAlgorithm OBJECT IDENTIFIER ::= {rsadsi 2}
encryptionAlgorithm OBJECT IDENTIFIER ::= {rsadsi 3}
SupportingAlgorithms ALGORITHM-IDENTIFIER ::= {
{NULL IDENTIFIED BY id-hmacWithSHA1} |
{OCTET STRING (SIZE(8)) IDENTIFIED BY desCBC} |
{OCTET STRING (SIZE(8)) IDENTIFIED BY des-EDE3-CBC} |
{RC2-CBC-Parameter IDENTIFIED BY rc2CBC} |
{RC5-CBC-Parameters IDENTIFIED BY rc5-CBC-PAD},
...
}
id-hmacWithSHA1 OBJECT IDENTIFIER ::= {digestAlgorithm 7}
desCBC OBJECT IDENTIFIER ::=
{iso(1) identified-organization(3) oiw(14) secsig(3)
algorithms(2) 7} -- from OIW
des-EDE3-CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 7}
rc2CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 2}
RC2-CBC-Parameter ::= SEQUENCE {
rc2ParameterVersion INTEGER OPTIONAL,
iv OCTET STRING (SIZE(8))
}
rc5-CBC-PAD OBJECT IDENTIFIER ::= {encryptionAlgorithm 9}
RC5-CBC-Parameters ::= SEQUENCE {
version INTEGER {v1-0(16)} (v1-0),
rounds INTEGER (8..127),
blockSizeInBits INTEGER (64 | 128),
iv OCTET STRING OPTIONAL
}
END
Kaliski Informational [Page 29]
RFC 2898 Password-Based Cryptography September 2000
Intellectual Property Considerations
RSA Security makes no patent claims on the general constructions
described in this document, although specific underlying techniques
may be covered. Among the underlying techniques, the RC5 encryption
algorithm (Appendix B.2.4) is protected by U.S. Patents 5,724,428
[22] and 5,835,600 [23].
RC2 and RC5 are trademarks of RSA Security.
License to copy this document is granted provided that it is
identified as RSA Security Inc. Public-Key Cryptography Standards
(PKCS) in all material mentioning or referencing this document.
RSA Security makes no representations regarding intellectual property
claims by other parties. Such determination is the responsibility of
the user.
Revision history
Versions 1.0-1.3
Versions 1.0-1.3 were distributed to participants in RSA Data
Security Inc.'s Public-Key Cryptography Standards meetings in
February and March 1991.
Version 1.4
Version 1.4 was part of the June 3, 1991 initial public release of
PKCS. Version 1.4 was published as NIST/OSI Implementors' Workshop
document SEC-SIG-91-20.
Version 1.5
Version 1.5 incorporated several editorial changes, including
updates to the references and the addition of a revision history.
Version 2.0
Version 2.0 incorporates major editorial changes in terms of the
document structure, and introduces the PBES2 encryption scheme,
the PBMAC1 message authentication scheme, and independent
password-based key derivation functions. This version continues to
support the encryption process in version 1.5.
Kaliski Informational [Page 30]
RFC 2898 Password-Based Cryptography September 2000
References
[1] American National Standard X9.52 - 1998, Triple Data Encryption
Algorithm Modes of Operation. Working draft, Accredited
Standards Committee X9, July 27, 1998.
[2] Baldwin, R. and R. Rivest, "The RC5, RC5-CBC, RC5-CBC-Pad, and
RC5-CTS Algorithms", RFC 2040, October 1996.
[3] Balenson, D., "Privacy Enhancement for Internet Electronic Mail:
Part III: Algorithms, Modes, and Identifiers", RFC 1423,
February 1993.
[4] S.M. Bellovin and M. Merritt. Encrypted key exchange:
Password-based protocols secure against dictionary attacks. In
Proceedings of the 1992 IEEE Computer Society Conference on
Research in Security and Privacy, pages 72-84, IEEE Computer
Society, 1992.
[5] D. Jablon. Strong password-only authenticated key exchange. ACM
Computer Communications Review, October 1996.
[6] Kaliski, B., "The MD2 Message-Digest Algorithm", RFC 1319, April
1992.
[7] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing
for Message Authentication", RFC 2104, February 1997.
[8] Robert Morris and Ken Thompson. Password security: A case
history. Communications of the ACM, 22(11):594-597, November
1979.
[9] ISO/IEC 8824-1:1995: Information technology - Abstract Syntax
Notation One (ASN.1) - Specification of basic notation. 1995.
[10] ISO/IEC 8824-1:1995/Amd.1:1995 Information technology - Abstract
Syntax Notation One (ASN.1) - Specification of basic notation -
Amendment 1 - Rules of extensibility. 1995.
[11] ISO/IEC 8824-2:1995 Information technology - Abstract Syntax
Notation One (ASN.1) - Information object specification. 1995.
[12] ISO/IEC 8824-2:1995/Amd.1:1995 Information technology - Abstract
Syntax Notation One (ASN.1) - Information object specification -
Amendment 1 - Rules of extensibility. 1995.
[13] ISO/IEC 8824-3:1995 Information technology - Abstract Syntax
Notation One (ASN.1) - Constraint specification. 1995.
Kaliski Informational ⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?