RSA Security Projection Television 5.2.2 Bedienungsanleitung

Stöbern Sie online oder laden Sie Bedienungsanleitung nach Software-Handbücher RSA Security Projection Television 5.2.2 herunter. RSA Security Projection Television 5.2.2 User's Manual Benutzerhandbuch

  • Herunterladen
  • Zu meinen Handbüchern hinzufügen
  • Drucken
  • Seite
    / 376
  • Inhaltsverzeichnis
  • LESEZEICHEN
  • Bewertet. / 5. Basierend auf Kundenbewertungen

Inhaltsverzeichnis

Seite 1 - Crypto-C

RSA BSAFE®Crypto-CCryptographic Components for CDeveloper’s GuideVersion 5.2.2

Seite 2 - First printing: May 2001

x RSA BSAFE Crypto-C Developer’s GuideAppendix A Command-Line Demos 327Overview of the Demos . . . . . . . . . . . . . . . . . . . . . . . . . . .

Seite 3 - Contents

Cryptography Overview78 RSA BSAFE Crypto-C Developer’s GuidePhase 1The first party randomly generates a private value, a number k1, greater than 0 but

Seite 4 - Cryptography 35

Chapter 3 Cryptography 79Cryptography OverviewFigure 3-13 Elliptic Curve Diffie-Hellman Key AgreementThe MathEven though the two parties involved are

Seite 5

Cryptography Overview80 RSA BSAFE Crypto-C Developer’s GuideR2: 2nd party’s public valuexS: secret keyIn phase 1, each party computes a private value,

Seite 6 - Using Crypto-C 101

Chapter 3 Cryptography 81Cryptography OverviewFigure 3-14 Secret Sharing — Key Share AssignmentFigure 3-15 Secret Sharing — Full Key Generation From

Seite 7

Cryptography Overview82 RSA BSAFE Crypto-C Developer’s GuideKey ManagementThe term key management refers to the collection of processes and methods fo

Seite 8 - Public-Key Operations 213

Chapter 3 Cryptography 83Applications of CryptographyASCII Encoding and DecodingASCII encoding and decoding is required when you need to send encrypt

Seite 9 - Secret Sharing Operations 305

Applications of Cryptography84 RSA BSAFE Crypto-C Developer’s Guide• Ensure file integrity and protect against tampering. Cryptographic techniques can

Seite 10 - Index 349

Chapter 3 Cryptography 85Applications of Cryptography4. Perform the encryption and decryption using the RC4 cipher with the established key. If the a

Seite 11 - List of Figures

Applications of Cryptography86 RSA BSAFE Crypto-C Developer’s Guidepublic key is communicated to the server and an entry is made in the table maintain

Seite 12

Chapter 3 Cryptography 87Choosing AlgorithmsChoosing AlgorithmsIn some cases, an application’s constraints determine the algorithm. In other cases, t

Seite 13 - List of Tables

xiList of Figures Figure 3-1 Symmetric-Key Encryption and Decryption . . . . . . . . . . . . . . . . . . . . 36 Figure 3-2 Triple DES Encryption a

Seite 14

Choosing Algorithms88 RSA BSAFE Crypto-C Developer’s GuideBlock Symmetric-Key AlgorithmsThe following considerations may help when choosing between DE

Seite 15

Chapter 3 Cryptography 89Choosing AlgorithmsDigital envelopes are more convenient when the contact between nodes is not interactive, such as email. O

Seite 16 - What’s New in Version 5.2.2?

Choosing Algorithms90 RSA BSAFE Crypto-C Developer’s Guidelimited. In typical applications of cryptography, public-key operations are employed in comb

Seite 17 - Organization of This Manual

Chapter 3 Cryptography 91Security Considerationsalready in place, or where a hardware developer wants to be able to provide a platform that supports

Seite 18

Security Considerations92 RSA BSAFE Crypto-C Developer’s Guidethat ensure allocation of core memory, and not of virtual memory.It is a good idea to ge

Seite 19 - Terms and Abbreviations

Chapter 3 Cryptography 93Security Considerationsattacker can predict two or three of the bits in each seed byte. Bit 7, for instance, will always be

Seite 20 - Related Documents

Security Considerations94 RSA BSAFE Crypto-C Developer’s GuideInitialization Vectors and SaltsAlthough IVs and salts are not secret information, it is

Seite 21

Chapter 3 Cryptography 95Security ConsiderationsStream CiphersA stream cipher (such as the RC4 cipher) will create a stream of pseudo-random bytes ba

Seite 22 - How to Contact RSA Security

Security Considerations96 RSA BSAFE Crypto-C Developer’s Guideparameters, then in theory, an attacker with access to accurate timings can determine un

Seite 23 - Introduction

Chapter 3 Cryptography 97Security Considerations = (r-1)(r)(md) = (1)(md) mod nCrypto-C offers bo

Seite 24 - The Crypto-C Toolkit

xii RSA BSAFE Crypto-C Developer’s Guide

Seite 25 - Hardware Support

Security Considerations98 RSA BSAFE Crypto-C Developer’s GuideTable 3-4 gives a summary of the recommended key sizes for the algorithms supported in C

Seite 26 - NIST Standards and Crypto-C

Chapter 3 Cryptography 99Security Considerationsprogress in factoring algorithms and improvements in computing power.Diffie-Hellman Parameters and DS

Seite 27 - PKCS Compared with NIST

Security Considerations100 RSA BSAFE Crypto-C Developer’s GuideElliptic Curve KeysFor prototyping and evaluation, RSA Security recommends setting the

Seite 28

101Chapter 4Using Crypto-CAlgorithms in Crypto-CWhatever algorithm Crypto-C performs, it does so from an algorithm object. An algorithm object is used

Seite 29 - Quick Start

Algorithms in Crypto-C102 RSA BSAFE Crypto-C Developer’s GuideInformation Formats Provided by Crypto-CThere are four types of AIs in Crypto-C. These A

Seite 30 - The Six-Step Sequence

Chapter 4 Using Crypto-C 103Algorithms in Crypto-CPEM-Based Algorithm Info TypesThe Privacy Enhanced Mail (PEM) draft standard is a product of the In

Seite 31 - Introductory Example

Algorithms in Crypto-C104 RSA BSAFE Crypto-C Developer’s GuideNote: Not all message digests are recommended. See “Message Digests” on page 47 for deta

Seite 32

Chapter 4 Using Crypto-C 105Algorithms in Crypto-CAI_RC4WithMAC RC4 with message authentication code aAI_RC4WithMAC_BER RC4 with message authenticati

Seite 33 - Chapter 2 Quick Start 11

Algorithms in Crypto-C106 RSA BSAFE Crypto-C Developer’s GuideAI_DESX_CBCPadBER DESX-CBC, 8-byte IV, BER-encoded algorithm identifierPKCS #5 aAI_DESX_

Seite 34

Chapter 4 Using Crypto-C 107Algorithms in Crypto-CAI_MD2WithRC2_CBCPadBER MD2 digest followed by RC2-CBC, BER-encoded algorithm identifierPKCS #5 aAI

Seite 35 - Chapter 2 Quick Start 13

xiiiList of TablesTable 3-1 Calculation of 827 mod 55. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Table 3-2 Elliptic Curve

Seite 36

Algorithms in Crypto-C108 RSA BSAFE Crypto-C Developer’s GuideAI_PKCS_OAEP_RSAPrivateBER RSA private-key encryption/decryption with OAEP in accordance

Seite 37 - Chapter 2 Quick Start 15

Chapter 4 Using Crypto-C 109Algorithms in Crypto-CDigital Signatures Composite operations for signing data: digest the data, then encrypt the BER enc

Seite 38

Algorithms in Crypto-C110 RSA BSAFE Crypto-C Developer’s GuideTable 4-9 Diffie-Hellman Key AgreementAlgorithm Info Type Description BERParameter Gener

Seite 39 - Chapter 2 Quick Start 17

Chapter 4 Using Crypto-C 111Algorithms in Crypto-CElliptic Curve DSAAI_EC_DSA Raw ECDSA signature/verificationAI_EC_DSAWithDigest SHA1 digest followe

Seite 40

Algorithms in Crypto-C112 RSA BSAFE Crypto-C Developer’s GuideTable 4-13 Advanced Encryption Standard (AES)Algorithm Info Type DescriptionAI_AES_CBC A

Seite 41

Chapter 4 Using Crypto-C 113Keys In Crypto-CKeys In Crypto-CThe key object is used to hold any key-related information and to supply this information

Seite 42

Keys In Crypto-C114 RSA BSAFE Crypto-C Developer’s GuideKI_RC2_BSAFE1 RC2 key in BSAFE 1.x formatKI_RC2WithBSAFE1Params RC2 key with additional parame

Seite 43 - Chapter 2 Quick Start 21

Chapter 4 Using Crypto-C 115Keys In Crypto-CTable 4-18 Elliptic Curve KeysKey Information Type DescriptionKI_ECPrivate EC private key and underlying

Seite 44 - Putting It All Together

System Considerations In Crypto-C116 RSA BSAFE Crypto-C Developer’s GuideSystem Considerations In Crypto-CAlgorithm ChoosersWhen you use an AI, it in

Seite 45

Chapter 4 Using Crypto-C 117System Considerations In Crypto-CRC5, or RSA encryption. So we could have built an algorithm chooser that included only o

Seite 46

xiv RSA BSAFE Crypto-C Developer’s Guide

Seite 47 - Chapter 2 Quick Start 25

System Considerations In Crypto-C118 RSA BSAFE Crypto-C Developer’s Guidedescription of AI_X962Random_V0 instead of AI_SHA1Random:Note: The previous a

Seite 48

Chapter 4 Using Crypto-C 119System Considerations In Crypto-CChapter 1 also gives the form that a surrender function must have:If you define a surren

Seite 49

System Considerations In Crypto-C120 RSA BSAFE Crypto-C Developer’s GuideA routine that calls Crypto-C functions would use the above surrender functio

Seite 50

Chapter 4 Using Crypto-C 121System Considerations In Crypto-Cobject. When you call B_GetAlgorithmState, you receive a buffer that contains all of the

Seite 51 - Multiple Updates

System Considerations In Crypto-C122 RSA BSAFE Crypto-C Developer’s Guideinformation it is looking for. This information, though, belongs to Crypto-C;

Seite 52

Chapter 4 Using Crypto-C 123System Considerations In Crypto-CSome applications may need to be completely autonomous; that is, they should have no nee

Seite 53 - Chapter 2 Quick Start 31

System Considerations In Crypto-C124 RSA BSAFE Crypto-C Developer’s Guidemore individuals. For example, users may need to transmit a public key, ellip

Seite 54 - Summary of the Six Steps

Chapter 4 Using Crypto-C 125System Considerations In Crypto-CCrypto-C returns a pointer to the location where we can find the info, not the info itse

Seite 55

System Considerations In Crypto-C126 RSA BSAFE Crypto-C Developer’s GuideInput and OutputSome of the AI entries in the Reference Manual include the ca

Seite 56

Chapter 4 Using Crypto-C 127System Considerations In Crypto-CCrypto-C offers padding for the symmetric block-encryption algorithms, which have no res

Seite 57 - Cryptography

xvPrefaceDear Crypto-C Developer:Congratulations on your purchase of RSA BSAFE® Crypto-C (Crypto-C), the state-of-the-art in cryptographic software to

Seite 58 - Cryptography Overview

System Considerations In Crypto-C128 RSA BSAFE Crypto-C Developer’s GuideThis applies to PKCS #1 v1.5 block 02 padding. Set OAEP or PKCS #12 OAEP have

Seite 59 - Ciphers in Crypto-C

Chapter 4 Using Crypto-C 129System Considerations In Crypto-CKey SizeIn cryptography, security is measured in key size: the bigger the key, the great

Seite 60 - Triple DES

System Considerations In Crypto-C130 RSA BSAFE Crypto-C Developer’s Guideends and the public exponent begins. It would be a good idea to put identifyi

Seite 61 - • key size (in bytes)

Chapter 4 Using Crypto-C 131System Considerations In Crypto-C• Total: 484 bytesIn addition, when the most significant bit of the most significant byt

Seite 62

Using Cryptographic Hardware132 RSA BSAFE Crypto-C Developer’s GuideUsing Cryptographic HardwareCrypto-C lets you enhance the security and speed of cr

Seite 63 - Modes of Operation

Chapter 4 Using Crypto-C 133Using Cryptographic Hardwarethe application has been compiled. If more than one hardware method is present for the same A

Seite 64

Using Cryptographic Hardware134 RSA BSAFE Crypto-C Developer’s GuidePKCS #11 SupportPKCS #11 support has been added to Crypto-C v5.1. The routine will

Seite 65 - Cipher Feedback (CFB) Mode

Chapter 4 Using Crypto-C 135Using Cryptographic HardwareUsing a PKCS #11 Device with Crypto-CIf you want to have Crypto-C use a PKCS #11 device to pe

Seite 66

Using Cryptographic Hardware136 RSA BSAFE Crypto-C Developer’s GuideIn this example, we passed 0 for sessionHandle and NULL_PTR for cryptokiFunctions.

Seite 67 - Output Feedback (OFB) Mode

Chapter 4 Using Crypto-C 137Using Cryptographic Hardwaresurrender context (private key operations are more susceptible to a timing attack when you us

Seite 68

What’s New in Version 5.2.2?xvi RSA BSAFE Crypto-C Developer’s GuideWhat’s New in Version 5.2.2?Following is a list of RSA BSAFE Crypto-C features tha

Seite 69

Using Cryptographic Hardware138 RSA BSAFE Crypto-C Developer’s Guidewant to create a hardware chooser only, and if you want to do the task in hardware

Seite 70

Chapter 4 Using Crypto-C 139Using Cryptographic HardwareThis AI has an associated info data struct that allows you to set attributes. See the Referen

Seite 71

Using Cryptographic Hardware140 RSA BSAFE Crypto-C Developer’s Guidemay need to set the attributes manually for the token to work.You can use this AI

Seite 72 - Public-Key Cryptography

Chapter 4 Using Crypto-C 141Using Cryptographic Hardwareinfo types if it is a key that resides on the token and is not private.Now you can send the p

Seite 73

Using Cryptographic Hardware142 RSA BSAFE Crypto-C Developer’s GuideThis code looks just like regular code. Whether you are signing with software or h

Seite 74 - MultiPrime Numbers

Chapter 4 Using Crypto-C 143Using Cryptographic Hardware CK_RV rv; CK_SESSION_HANDLE sessionHandle; HINSTANCE libHandle; GetFunctionList GetList

Seite 75

Using Cryptographic Hardware144 RSA BSAFE Crypto-C Developer’s GuidePKCS #11 Support for DSA Key Pair GenerationThis section describes how to generate

Seite 76 - Security

Chapter 4 Using Crypto-C 145Using Cryptographic HardwareNow that you have a key pair, extract the public key, part of the public key is a struct cont

Seite 77 - Digital Envelopes

Using Cryptographic Hardware146 RSA BSAFE Crypto-C Developer’s Guidedestroying, or copy it into your own buffer. Since you generated the key pair only

Seite 78 - Figure 3-10 Digital Envelope

Chapter 4 Using Crypto-C 147Using Cryptographic HardwareAdvanced PKCS #11This chapter earlier described internalKey as the collection of three items:

Seite 79 - Chapter 3 Cryptography 57

Organization of This ManualPreface xviiV5.2. Use this AI to save the internal state of an RC4 encryption or decryption object, or to create a new ob

Seite 80 - • A message

Using Cryptographic Hardware148 RSA BSAFE Crypto-C Developer’s GuideIn real life, you may never have to use this feature. Mostly you will retrieve the

Seite 81 - Chapter 3 Cryptography 59

Chapter 4 Using Crypto-C 149Using Cryptographic HardwareTo implement this, the hardware accelerator might require you to call its key-wrapping routin

Seite 83 - Digital Certificates

151Chapter 5Non-Cryptographic OperationsCrypto-C supplies a number of non-cryptographic algorithms that are necessary for cryptographic applications.

Seite 84 - The Algorithm

Message Digests152 RSA BSAFE Crypto-C Developer’s GuideMessage DigestsA message digest is a fixed-length, statistically-unique identifier that corresp

Seite 85 - Parameter Generation

Chapter 5 Non-Cryptographic Operations 153Message DigestsStep 3: InitTo initialize a message digest, call B_DigestInit. The Reference Manual Chapter

Seite 86

Message Digests154 RSA BSAFE Crypto-C Developer’s GuideYour call will be the following:Step 5: FinalAn MD2 or MD5 digest is always 16 bytes; an SHA1 d

Seite 87 - Elliptic Curve Cryptography

Chapter 5 Non-Cryptographic Operations 155Message DigestsStep 6: DestroyRemember to destroy all objects when you are done with them:BER-Encoding the

Seite 88 - Elliptic Curve Parameters

Message Digests156 RSA BSAFE Crypto-C Developer’s GuideThe following example BER-encodes the preceeding sample digest:To decode BER-encoded informatio

Seite 89 - Fields of Even Characteristic

Chapter 5 Non-Cryptographic Operations 157Message DigestsB_DigestUpdate before calling B_DigestFinal(). This is useful when an application is called

Seite 90

Conventions Used in This Manualxviii RSA BSAFE Crypto-C Developer’s GuideConventions Used in This ManualThe following typographical conventions are us

Seite 91 - The Point P and its Order

Message Digests158 RSA BSAFE Crypto-C Developer’s Guidestate of the algorithm object following the call to B_DigestUpdate. The digestAI argument is s

Seite 92 - A Point of Prime Order

Chapter 5 Non-Cryptographic Operations 159Message DigestsTable 5-1 Code Sample: DigestDataSavedState() int DigestDataSavedState (ITEM *stateInfo, B_I

Seite 93 - The Cofactor

Message Digests160 RSA BSAFE Crypto-C Developer’s GuideThis routine can be called until all of the data blocks have been digested. We can then restor

Seite 94

Chapter 5 Non-Cryptographic Operations 161Hash-Based Message Authentication Code Hash-Based Message Authentication Code (HMAC)A hash-based message au

Seite 95 - ECDSA Signature Scheme

Hash-Based Message Authentication Code (HMAC)162 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitFor hash-based message authentication, you need a key

Seite 96 - Verifying a Signature

Chapter 5 Non-Cryptographic Operations 163Hash-Based Message Authentication Code Once you have properly initialized the key object, you can call B_Di

Seite 97

Hash-Based Message Authentication Code (HMAC)164 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalAfter the data to digest has been processed by calls

Seite 98 -

Chapter 5 Non-Cryptographic Operations 165Generating Random NumbersGenerating Random NumbersIn the “Introductory Example” on page 9, we hard-coded th

Seite 99

Generating Random Numbers166 RSA BSAFE Crypto-C Developer’s GuideStep 2: Setting The Algorithm ObjectYou need to supply an appropriate algorithm info

Seite 100

Chapter 5 Non-Cryptographic Operations 167Generating Random NumbersRefer to “Saving State” on page 120 for a discussion of how to save the state of t

Seite 101 - The Math

Terms and AbbreviationsPreface xixTerms and AbbreviationsThe following table lists terms and abbreviations used in this document. Refer to the Gloss

Seite 102 - Secret Sharing

Generating Random Numbers168 RSA BSAFE Crypto-C Developer’s Guidepredict or reproduce. Once you have seeded the random algorithm, the algorithm can pr

Seite 103 - Working with Keys

Chapter 5 Non-Cryptographic Operations 169Generating Random NumbersNow that you have a random seed, you can call B_RandomUpdate. The length argument

Seite 104 - Key Escrow

Generating Random Numbers170 RSA BSAFE Crypto-C Developer’s GuideStep 6: DestroyRemember to destroy all objects when done with them. You must also cal

Seite 105 - Applications of Cryptography

Chapter 5 Non-Cryptographic Operations 171Generating Random NumbersFor this example, you will specify six streams of randomness, and provide a seed s

Seite 106 - Point-to-Point Applications

Converting Data Between Binary and ASCII172 RSA BSAFE Crypto-C Developer’s GuideConverting Data Between Binary and ASCIIIf you have data in binary for

Seite 107 - Client/Server Applications

Chapter 5 Non-Cryptographic Operations 173Converting Data Between Binary and ASCIIStep 4: UpdateEnter the data to encode through B_EncodeUpdate. The

Seite 108 - Peer-to-Peer Applications

Converting Data Between Binary and ASCII174 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalFinalize the encoding process, writing out any remaining

Seite 109 - Choosing Algorithms

Chapter 5 Non-Cryptographic Operations 175Converting Data Between Binary and ASCIIStep 3: InitTo initialize decoding, call B_DecodeInit. This functio

Seite 110

Converting Data Between Binary and ASCII176 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalFinalize the decoding process, writing out any bytes rema

Seite 111 - Elliptic Curve Algorithms

177Chapter 6Symmetric-Key OperationsRecall that the RC4 algorithm of the “Introductory Example” on page 9 is called symmetric-key encryption because t

Seite 112 - Interoperability

© 2001 RSA Security Inc. All rights reserved. 001-019003-522-001-000First printing: May 2001See our Web Site for regional Customer Service telephone a

Seite 113 - Security Considerations

Related Documentsxx RSA BSAFE Crypto-C Developer’s GuideRelated DocumentsFollowing is a list of documents referenced in this book and suggested materi

Seite 114 - Temporary Buffers

Block Ciphers178 RSA BSAFE Crypto-C Developer’s GuideBlock CiphersDES with CBCThe example in this section corresponds to the file descbc.c.Step 1: Cre

Seite 115 - Choosing Passwords

Chapter 6 Symmetric-Key Operations 179Block CiphersencryptionMethodName is the block cipher that you will use; for this example, use “des”. The infor

Seite 116 - DES Weak Keys

Block Ciphers180 RSA BSAFE Crypto-C Developer’s GuideYou must also indicate that you want to use the standard CBC padding which is defined in PKCS#5;

Seite 117 - Timing Attacks and Blinding

Chapter 6 Symmetric-Key Operations 181Block CiphersStep 3b: Setting the Key ObjectYou want to use a KI compatible with DES encryption, so return to

Seite 118 - · s mod n

Block Ciphers182 RSA BSAFE Crypto-C Developer’s GuideNow that you have a key, you need an algorithm chooser and a surrender context. This is a speedy

Seite 119 - Choosing Key Sizes

Chapter 6 Symmetric-Key Operations 183Block CiphersStep 5: FinalStep 6: DestroyRemember to destroy all objects that you created and free up any memor

Seite 120 - RSA Keys

Block Ciphers184 RSA BSAFE Crypto-C Developer’s GuideThe RC2 CipherThe RC2 cipher is a variable-key-size block cipher. Whereas a DES key requires eigh

Seite 121 - Triple DES Keys

Chapter 6 Symmetric-Key Operations 185Block CiphersOnce again, encryptionMethodName is the block cipher that you will use; in this example, use “rc2”

Seite 122 - Elliptic Curve Keys

Block Ciphers186 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitYou need a key before you can initialize the algorithm object for encryption.Step 3a:

Seite 123 - Using Crypto-C

Chapter 6 Symmetric-Key Operations 187Block CiphersUse a random number generator to come up with 24 bytes.It is a good idea to zeroize any sensitive

Seite 124 - Basic Algorithm Info Types

Related DocumentsPreface xxi• Results from the RSA Factoring Challenge• Recommendations on Elliptic Curve Cryptosystems• Recent Results for MD2, MD4

Seite 125 - Summary of AIs

Block Ciphers188 RSA BSAFE Crypto-C Developer’s GuideYou need an algorithm chooser and a surrender context. This is a speedy function, so it is reason

Seite 126 - Table 4-3 ASCII Encoding

Chapter 6 Symmetric-Key Operations 189Block CiphersStep 5: FinalStep 6: DestroyRemember to destroy all objects created and free up any memory allocat

Seite 127 - Symmetric Stream Ciphers

Block Ciphers190 RSA BSAFE Crypto-C Developer’s GuideDecryptingAs with the “Introductory Example” on page 9, decrypting is similar to encrypting. Use

Seite 128

Chapter 6 Symmetric-Key Operations 191Block CiphersStep 2: Setting The Algorithm ObjectThere are a number of RC5 AIs from which to choose. Table 4-6

Seite 129 - RSA Public-Key Cryptography

Block Ciphers192 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitYou need a key before you can initialize the algorithm object for encryption. You wil

Seite 130

Chapter 6 Symmetric-Key Operations 193Block CiphersUse a random number generator to create 10 bytes:It is a good idea to zeroize any sensitive data a

Seite 131 - DSA Public-Key Cryptography

Block Ciphers194 RSA BSAFE Crypto-C Developer’s GuideNow that you have a key, you need an algorithm chooser and a surrender context. This is a speedy

Seite 132 - Diffie-Hellman Key Agreement

Chapter 6 Symmetric-Key Operations 195Block CiphersStep 5: FinalStep 6: DestroyRemember to destroy all objects that you created and free up any memor

Seite 133 - Hardware Interface

Block Ciphers196 RSA BSAFE Crypto-C Developer’s GuideDecryptingAs in the “Introductory Example” on page 9, decrypting is similar to encrypting. Use th

Seite 134

Chapter 6 Symmetric-Key Operations 197Block Ciphersthat, as specified in the Reference Manual entry for AI_RC6_CBCPad, this AI requires an initialize

Seite 135 - Keys In Crypto-C

How to Contact RSA Securityxxii RSA BSAFE Crypto-C Developer’s GuideHow to Contact RSA SecurityRSA Security Web SiteYou can visit the RSA Security Web

Seite 136 - Block Cipher Keys

Block Ciphers198 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitThe next step is to make a call to B_EncryptInit. To do this, you need a key object.

Seite 137 - Token Keys

Chapter 6 Symmetric-Key Operations 199Block CiphersTo call B_EncryptInit, we also need an algorithm chooser. The Reference Manual entry for AI_RC6_C

Seite 138 - Algorithm Choosers

Block Ciphers200 RSA BSAFE Crypto-C Developer’s Guidefor the surrender context:Step 5: FinalStep 6: DestroyRemember to destroy any objects that you cr

Seite 139 - An RSA Algorithm Chooser

Chapter 6 Symmetric-Key Operations 201Block Ciphersbeen allocated:DecryptingAs in the “Introductory Example” on page 9, decrypting is similar to encr

Seite 140 - The Surrender Context

Block Ciphers202 RSA BSAFE Crypto-C Developer’s GuideCBC mode requires an initialization vector, so assume that you have the following buffer containi

Seite 141 - A Sample Surrender Function

Chapter 6 Symmetric-Key Operations 203Block CiphersStep 3a: Creating a Key ObjectStep 3b: Setting the Key DataNow you need to set the key size and pa

Seite 142 - Saving State

Block Ciphers204 RSA BSAFE Crypto-C Developer’s GuideTo call B_EncryptInit, we also need an algorithm chooser. The Reference Manual entry for AI_AES_

Seite 143 - When to Allocate Memory

Chapter 6 Symmetric-Key Operations 205Block CiphersStep 5: FinalStep 6: DestroyRemember to destroy any objects that you created and to free up any me

Seite 144 - Memory-Management Routines

Block Ciphers206 RSA BSAFE Crypto-C Developer’s GuidePassword-Based EncryptionIn previous encryption methods, you used a random number generator to pr

Seite 145 - BER/DER Encoding

Chapter 6 Symmetric-Key Operations 207Block CiphersStep 2: Setting The Algorithm ObjectThere are a number of PBE AIs from which to choose (see “Summa

Seite 146

1Chapter 1IntroductionThis chapter introduces the Crypto-C toolkit. It lists the algorithms, cryptographic standards, NIST standards, and ANSI X9 stan

Seite 147 - Chapter 4 Using Crypto-C 125

Block Ciphers208 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitYou need a key before you can initialize the algorithm object for encryption. In PBE,

Seite 148 - Input and Output

Chapter 6 Symmetric-Key Operations 209Block Cipherssecure; it is used for illustrative purposes only. It is not for duplication:You should zeroize an

Seite 149 - The RSA Algorithm

Block Ciphers210 RSA BSAFE Crypto-C Developer’s GuideStep 4: UpdateEnter the data to encrypt through B_EncryptUpdate. The Reference Manual Chapter 2 e

Seite 150 - General Considerations

Chapter 6 Symmetric-Key Operations 211Block CiphersStep 5: FinalStep 6: DestroyRemember to destroy all objects and free up any allocated memory:Decry

Seite 152 - Private Key Size

213Chapter 7Public-Key OperationsIn public-key cryptography, two associated keys are necessary: one to encrypt, and the other to decrypt. The sender e

Seite 153 - • Total: 484 bytes

Performing RSA Operations214 RSA BSAFE Crypto-C Developer’s GuidePerforming RSA OperationsThe RSA algorithm is a public-key algorithm that relies on t

Seite 154 - Using Cryptographic Hardware

Chapter 7 Public-Key Operations 215Performing RSA OperationsStep 2: Setting the Algorithm ObjectFor this example, use AI_RSAKeyGen to generate an RSA

Seite 155 - B_CreateSessionchooser is

Performing RSA Operations216 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitLook up the description and prototype for B_GenerateInit in Chapter 4 of

Seite 156 - PKCS #11 Support

Chapter 7 Public-Key Operations 217Performing RSA Operationsgenerates a candidate and tests to see if it is prime. If the candidate passes the test,

Seite 157 - Chapter 4 Using Crypto-C 135

The Crypto-C Toolkit2 RSA BSAFE Crypto-C Developer’s GuideThe Crypto-C ToolkitCrypto-C provides developers with a state-of-the-art implementation of t

Seite 158

MultiPrime218 RSA BSAFE Crypto-C Developer’s GuideMultiPrimeThis section provides an overview of the MulitPrime enhancement to Crypto-C including info

Seite 159 - Chapter 4 Using Crypto-C 137

Chapter 7 Public-Key Operations 219MultiPrimeThis means 3-prime private operations can be about 38% faster than 2-prime operations. Or with 2-prime R

Seite 160

MultiPrime220 RSA BSAFE Crypto-C Developer’s Guidedoes not allow you to generate an RSA key pair if the number of primes is more than three. Furthermo

Seite 161 - Chapter 4 Using Crypto-C 139

Chapter 7 Public-Key Operations 221MultiPrimeB_ALGORITHM_METHOD *RSA_GEN_CHOOSER[] = { &AM_RSA_KEY_GEN, (B_ALGORITHM_METHOD *)NULL_PTR};A_RSA_M

Seite 162

MultiPrime222 RSA BSAFE Crypto-C Developer’s GuideGenerating an RSA MultiPrime KeyRefer to the RSA_CreateMultiPrimeRSAKeypair routine defined in the s

Seite 163 - Chapter 4 Using Crypto-C 141

Chapter 7 Public-Key Operations 223MultiPrimeStep 3: InitNow, make the appropriate adjustments to the algorithm chooser so that the algorithm methods

Seite 164

MultiPrime224 RSA BSAFE Crypto-C Developer’s GuideCrypto-C FormatpublicKey is a key object that was set by the Crypto-C function B_GenerateKeypair. It

Seite 165

Chapter 7 Public-Key Operations 225MultiPrimeis unique to Crypto-C. If the recipient is not using Crypto-C, how do you give that recipient the inform

Seite 166

MultiPrime226 RSA BSAFE Crypto-C Developer’s Guidesend it off. Remember to free any memory you allocated:Note: The conversion into BER or DER is known

Seite 167

Chapter 7 Public-Key Operations 227MultiPrimeinfo to B_SetAlgorithmInfo as NULL_PTR:Step 3: InitYou will encrypt using the recipient’s RSA public key

Seite 168

Chapter 1 Introduction 3The Crypto-C ToolkitPublic-Key Algorithms• RSA Public Key Cryptosystem• Diffie-Hellman Key AgreementDigital Signatures• DSA•

Seite 169 - Advanced PKCS #11

MultiPrime228 RSA BSAFE Crypto-C Developer’s GuideYou are encrypting 8 bytes, so you do not need to worry about that constraint. However, the output o

Seite 170 - Hardware Issues

Chapter 7 Public-Key Operations 229MultiPrimeStep 6: DestroyWhen you are done with all your objects, remember to destroy them.RSA Private-Key Decrypt

Seite 171 - Chapter 4 Using Crypto-C 149

MultiPrime230 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitTo decrypt, you must use the RSA private key that is associated with the public key that

Seite 172

Chapter 7 Public-Key Operations 231MultiPrimeStep 5: FinalStep 6: DestroyWhen you are done with all objects, remember to destroy them:Optimal Asymetr

Seite 173 - Non-Cryptographic Operations

MultiPrime232 RSA BSAFE Crypto-C Developer’s Guideencrypt is usually 8, 16, or (for BER-encoded digests) 34 or 35. If you want to encrypt and decrypt

Seite 174 - Message Digests

Chapter 7 Public-Key Operations 233MultiPrimeRSA Digital SignaturesThe section “Authentication and Digital Signatures” on page 57 discusses what a di

Seite 175 - Step 4: Update

MultiPrime234 RSA BSAFE Crypto-C Developer’s GuideB_CreateAlgorithmObject:Step 2: Setting The Algorithm ObjectCrypto-C provides three methods for comp

Seite 176 - Step 5: Final

Chapter 7 Public-Key Operations 235MultiPrimeentry for the AI in use:Note: If you want to sign using the blinding technique to thwart timing attacks

Seite 177 - BER-Encoding the Digest

MultiPrime236 RSA BSAFE Crypto-C Developer’s Guidesurrender context outlined in “The Surrender Context” on page 118:Step 6: DestroyWhen you are done w

Seite 178 - Saved State

Chapter 7 Public-Key Operations 237MultiPrimeB_CreateAlgorithmObject:Step 2: Setting The Algorithm ObjectThe signer should tell you which message dig

Seite 179

Cryptographic Standards and Crypto-C4 RSA BSAFE Crypto-C Developer’s GuideCryptographic Standards and Crypto-CPKCS Standards and Crypto-CCrypto-C is a

Seite 180 - B_SetAlgorithmInfo call

MultiPrime238 RSA BSAFE Crypto-C Developer’s GuideNote: If the algorithm object was not set to AI_MD5WithRSAEncryption, AI_MD2WithRSAEncryption, AI_SH

Seite 181

Chapter 7 Public-Key Operations 239Performing DSA OperationsStep 6: DestroyWhen you are done with all objects, remember to destroy them:Performing DS

Seite 182

Performing DSA Operations240 RSA BSAFE Crypto-C Developer’s Guideof info supplied to B_SetAlgorithmInfo is a pointer to the following:Crypto-C will ge

Seite 183 - Code (HMAC)

Chapter 7 Public-Key Operations 241Performing DSA OperationsStep 5: GenerateTo generate DSA parameters, call the Crypto-C function B_GenerateParamete

Seite 184

Performing DSA Operations242 RSA BSAFE Crypto-C Developer’s GuideGenerating a DSA Key PairThe previous code generated the DSA parameters and set an al

Seite 185

Chapter 7 Public-Key Operations 243Performing DSA Operationscontains the AM for SHA1 random number generation. The last argument is the surrender con

Seite 186 - Step 6: Destroy

Performing DSA Operations244 RSA BSAFE Crypto-C Developer’s GuideComputing a Digital SignatureStep 1: Creating An Algorithm ObjectDeclare a variable t

Seite 187 - Generating Random Numbers

Chapter 7 Public-Key Operations 245Performing DSA Operationsproperly cast NULL_PTR for the surrender context:Step 4: UpdateDigest the data to sign wi

Seite 188

Performing DSA Operations246 RSA BSAFE Crypto-C Developer’s Guidepage 118:Step 6: DestroyWhen you are done with all objects, remember to destroy them:

Seite 189

Chapter 7 Public-Key Operations 247Performing DSA OperationsStep 2: Setting The Algorithm ObjectTo verify the signature created here, use the same AI

Seite 190

Chapter 1 Introduction 5Cryptographic Standards and Crypto-C• Secure Hash Algorithm (SHA1), as specified in FIPS PUB 180-1, Secure Hash Standard (SHS

Seite 191 - Step 5: Generate

Performing DSA Operations248 RSA BSAFE Crypto-C Developer’s Guidedata and you know its length, your call is the following:Step 5: FinalB_VerifyUpdate

Seite 192 - Step 2: Set

Chapter 7 Public-Key Operations 249Performing Diffie-Hellman Key AgreementPerforming Diffie-Hellman Key AgreementDiffie-Hellman Key Agreement is a me

Seite 193 - Steps 4, 5, 6

Performing Diffie-Hellman Key Agreement250 RSA BSAFE Crypto-C Developer’s GuideStep 2: Setting The Algorithm ObjectThere is only one AI for generating

Seite 194 - Encoding Binary Data To ASCII

Chapter 7 Public-Key Operations 251Performing Diffie-Hellman Key AgreementStep 3: InitInitialize the generation process with B_GenerateInit. Build an

Seite 195

Performing Diffie-Hellman Key Agreement252 RSA BSAFE Crypto-C Developer’s GuideThe second is a result algorithm object. Crypto-C will generate some va

Seite 196 - Decoding ASCII-Encoded Data

Chapter 7 Public-Key Operations 253Performing Diffie-Hellman Key AgreementDistributing Diffie-Hellman ParametersThe central authority, after computin

Seite 197

Performing Diffie-Hellman Key Agreement254 RSA BSAFE Crypto-C Developer’s GuideIf you look at the elements of the struct:dhKeyAgreeParams->prime.da

Seite 198

Chapter 7 Public-Key Operations 255Performing Diffie-Hellman Key AgreementCrypto-C returns a pointer to where that information resides, not the infor

Seite 199 - Symmetric-Key Operations

Performing Diffie-Hellman Key Agreement256 RSA BSAFE Crypto-C Developer’s GuideDiffie-Hellman Key AgreementIf you are one of the parties involved in t

Seite 200 - Block Ciphers

Chapter 7 Public-Key Operations 257Performing Diffie-Hellman Key AgreementStep 3: InitInitialize the algorithm object with B_KeyAgreeInit. The Refere

Seite 201

Cryptographic Standards and Crypto-C6 RSA BSAFE Crypto-C Developer’s GuideANSI X9 Standards and Crypto-CCrypto-C also complies with a number of standa

Seite 202

Performing Diffie-Hellman Key Agreement258 RSA BSAFE Crypto-C Developer’s GuideThe fourth is the size of the buffer you allocated; if the buffer is no

Seite 203 - Cipher KIs

Chapter 7 Public-Key Operations 259Performing Diffie-Hellman Key Agreementparties might only need eight bytes for a session key. If that is the case,

Seite 204

Performing Elliptic Curve Operations260 RSA BSAFE Crypto-C Developer’s GuidePerforming Elliptic Curve OperationsElliptic curve cryptosystems can be us

Seite 205 - Decrypting

Chapter 7 Public-Key Operations 261Performing Elliptic Curve OperationsThe second, ecParamsObj, is set and initialized by B_GenerateParameters; it wi

Seite 206 - The RC2 Cipher

Performing Elliptic Curve Operations262 RSA BSAFE Crypto-C Developer’s Guideversion number; in Crypto-C, the only version available is 0. The second a

Seite 207

Chapter 7 Public-Key Operations 263Performing Elliptic Curve OperationsStep 3: InitYou can pass a NULL_PTR for the surrender context, because B_Gener

Seite 208

Performing Elliptic Curve Operations264 RSA BSAFE Crypto-C Developer’s GuideStep 5: Generate This function may take a while, so you should use a surre

Seite 209

Chapter 7 Public-Key Operations 265Performing Elliptic Curve OperationsThe Reference Manual Chapter 2 entry for AI_ECParameters also states that the

Seite 210

Performing Elliptic Curve Operations266 RSA BSAFE Crypto-C Developer’s GuideThe following procedure, AllocAndCopyECParamInfo, is an example of an appl

Seite 211

Chapter 7 Public-Key Operations 267Performing Elliptic Curve OperationsFor this example application, use AllocAndCopyECParamInfo() to make a copy of

Seite 212 - The RC5 Cipher

7Chapter 2Quick StartThis chapter provides an introduction to using Crypto-C. You are first presented with the Crypto-C model and then you are present

Seite 213

Performing Elliptic Curve Operations268 RSA BSAFE Crypto-C Developer’s GuideIn the sample code, FreeECParamInfo is implemented as follows:Generating a

Seite 214

Chapter 7 Public-Key Operations 269Performing Elliptic Curve OperationsStep 2: SetThe Reference Manual indicates that the appropriate AI to use for g

Seite 215

Performing Elliptic Curve Operations270 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitializeHere, you can pass a NULL_PTR for the surrender context,

Seite 216

Chapter 7 Public-Key Operations 271Performing Elliptic Curve OperationsRetrieving an Elliptic Curve KeyIf you need to store or transport information

Seite 217

Performing Elliptic Curve Operations272 RSA BSAFE Crypto-C Developer’s GuideB_GetKeyInfo gives a pointer to memory, but this memory is owned by Crypto

Seite 218 - The RC6 Cipher

Chapter 7 Public-Key Operations 273Performing Elliptic Curve OperationsGenerating Acceleration TablesAn acceleration table stores precomputed version

Seite 219

Performing Elliptic Curve Operations274 RSA BSAFE Crypto-C Developer’s GuideStep 1: CreateDeclare a variable to be B_ALGORITHM_OBJ. As defined in the

Seite 220

Chapter 7 Public-Key Operations 275Performing Elliptic Curve OperationsThe first field in this structure, parameterInfoType, is used to interpret the

Seite 221

Performing Elliptic Curve Operations276 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalStep 5a: Allocate memoryYou must allocate sufficient memory t

Seite 222

Chapter 7 Public-Key Operations 277Performing Elliptic Curve OperationsStep 6: DestroyYou must free all allocated memory and destroy all objects when

Seite 223 - The AES Cipher

iiiContentsPreface xvWhat’s New in Version 5.2.2? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviImproved per

Seite 224

The Six-Step Sequence8 RSA BSAFE Crypto-C Developer’s GuideThe Six-Step SequenceThe Crypto-C model generally follows a six-step sequence:1. Create2. S

Seite 225 - Step 3b: Setting the Key Data

Performing Elliptic Curve Operations278 RSA BSAFE Crypto-C Developer’s GuideOf course, you can write your own versions of these procedures to satisfy

Seite 226

Chapter 7 Public-Key Operations 279Performing Elliptic Curve OperationsStep 3: InitTo initialize the proper algorithms, you must supply an algorithm

Seite 227

Performing Elliptic Curve Operations280 RSA BSAFE Crypto-C Developer’s GuideStep 5b: Build the public-key acceleration tableIt can take a while to gen

Seite 228 - Password-Based Encryption

Chapter 7 Public-Key Operations 281Performing Elliptic Curve OperationsTo initialize ecParamsObj with a set of parameters describing an elliptic curv

Seite 229

Performing Elliptic Curve Operations282 RSA BSAFE Crypto-C Developer’s GuideBecause you have the EC parameters in the A_EC_PARAMS structure ecParams,

Seite 230

Chapter 7 Public-Key Operations 283Performing Elliptic Curve OperationsYou must allocate space to hold the results of Phase 1 and Phase 2. The larges

Seite 231

Performing Elliptic Curve Operations284 RSA BSAFE Crypto-C Developer’s GuideStep 5: Phase 2By the time you have reached this step, Alice and Bob have

Seite 232

Chapter 7 Public-Key Operations 285Performing Elliptic Curve OperationsTo sign an arbitrarily long message with the elliptic curve version of DSA, yo

Seite 233

Performing Elliptic Curve Operations286 RSA BSAFE Crypto-C Developer’s GuideAssume that the steps in “Generating an Elliptic Curve Key Pair” on page 2

Seite 234

Chapter 7 Public-Key Operations 287Performing Elliptic Curve OperationsStep 2b (optional): Set Acceleration Table InfoGo through the steps in the sec

Seite 235 - Public-Key Operations

Chapter 2 Quick Start 9Introductory ExampleIntroductory ExampleThe CD containing the Crypto-C library distribution also includes sample source code t

Seite 236 - Performing RSA Operations

Performing Elliptic Curve Operations288 RSA BSAFE Crypto-C Developer’s GuideStep 4: UpdateNow, using B_SignUpdate, pass in the data to be signed:Step

Seite 237

Chapter 7 Public-Key Operations 289Performing Elliptic Curve Operationsinitialized random algorithm in B_SignFinal:Step 6: DestroyDestroy all objects

Seite 238

Performing Elliptic Curve Operations290 RSA BSAFE Crypto-C Developer’s GuideStep 2b (Optional): Set Public Key Acceleration Table InfoYou can use eith

Seite 239

Chapter 7 Public-Key Operations 291Performing Elliptic Curve OperationsStep 6: DestroyDestroy all objects that are no longer needed:Performing ECDSA

Seite 240 - MultiPrime

Performing Elliptic Curve Operations292 RSA BSAFE Crypto-C Developer’s GuideStep 2: Setting the Algorithm ObjectYou need to set the algorithm object t

Seite 241 - How Many Primes?

Chapter 7 Public-Key Operations 293Performing Elliptic Curve OperationsGenerating an EC Key PairSee “Generating an Elliptic Curve Key Pair” on page 2

Seite 242

Performing Elliptic Curve Operations294 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitBuild an algorithm chooser with the appropriate AMs:Now associ

Seite 243

Chapter 7 Public-Key Operations 295Performing Elliptic Curve OperationsStep 5: FinalFirst you must allocate space to store the signature. The output

Seite 244 - Structure

Performing Elliptic Curve Operations296 RSA BSAFE Crypto-C Developer’s GuideVerifying a Digital SignatureTo verify the signature, you must go through

Seite 245

Chapter 7 Public-Key Operations 297Performing Elliptic Curve OperationsStep 5: FinalPass in the signature that was received with the message. B_Veri

Seite 246 - Crypto-C Format

Introductory Example10 RSA BSAFE Crypto-C Developer’s Guidespecify the type of algorithm that is being used, supply any special information or paramet

Seite 247

Performing Elliptic Curve Operations298 RSA BSAFE Crypto-C Developer’s GuideUsing Elliptic Curve ParametersSee the section “Generating Elliptic Curve

Seite 248 - RSA Public-Key Encryption

Chapter 7 Public-Key Operations 299Performing Elliptic Curve OperationsStep 1: CreateFirst, create the algorithm object that will hold the informatio

Seite 249

Performing Elliptic Curve Operations300 RSA BSAFE Crypto-C Developer’s GuideStep 3: InitYou must initialize the algorithm object to perform encryptio

Seite 250

Chapter 7 Public-Key Operations 301Performing Elliptic Curve Operations Step 5: FinalStep 6: DestroyDestroy all objects that are no longer needed. Al

Seite 251 - RSA Private-Key Decryption

Performing Elliptic Curve Operations302 RSA BSAFE Crypto-C Developer’s GuideECAES Private-Key DecryptionThe steps for decryption are similar to those

Seite 252

Chapter 7 Public-Key Operations 303Performing Elliptic Curve Operations Step 5: FinalStep 6: DestroyDestroy any objects that are no longer needed. Al

Seite 254

305Chapter 8Secret Sharing OperationsSecret SharingSecret sharing allows a system to require a certain number of “shares” to retrieve a secret. The pr

Seite 255 - RSA Digital Signatures

Secret Sharing306 RSA BSAFE Crypto-C Developer’s GuideThe example in this section corresponds to the file scrtshar.c.Step 1: Creating An Algorithm Obj

Seite 256

Chapter 8 Secret Sharing Operations 307Secret SharingStep 4: UpdateCall B_EncryptUpdate once for each of the total number of shares. Each call to B_E

Seite 257

Chapter 2 Quick Start 11Introductory ExampleStandard RSA Security coding practices use the above do-while construct to make it easy to break out of a

Seite 258 - Verifying a Digital Signature

Secret Sharing308 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalFinalize the process with B_EncryptFinal. This function does not need a random algo

Seite 259

Chapter 8 Secret Sharing Operations 309Secret SharingReconstructing the SecretTo reconstruct the secret, call B_DecryptUpdate for each share you are

Seite 260

Secret Sharing310 RSA BSAFE Crypto-C Developer’s GuideStep 4: UpdateCall B_DecryptUpdate once for each of the shares you are using to reconstruct the

Seite 261 - Performing DSA Operations

Chapter 8 Secret Sharing Operations 311Secret SharingStep 6: DestroyRemember to destroy all objects and free up any allocated memory when you are don

Seite 263

313Chapter 9Putting It All Together: An X9.31 ExampleThe example in this chapter shows how to perform RSA digital signing and verifying according to t

Seite 264 - Generating a DSA Key Pair

The X9.31 Sample Program314 RSA BSAFE Crypto-C Developer’s GuideThe X9.31 Sample Program#include <stdio.h>#include <string.h> #include &

Seite 265 - DSA Signatures

Chapter 9 Putting It All Together: An X9.31 Example 315The X9.31 Sample ProgramGenerating Random BytesThe first thing the application must do is to g

Seite 266 - Computing a Digital Signature

The X9.31 Sample Program316 RSA BSAFE Crypto-C Developer’s GuideTo create a random algorithm object and set the parameters: /* ===================

Seite 267

Chapter 9 Putting It All Together: An X9.31 Example 317The X9.31 Sample ProgramProviding the SeedIn this example, the seed is provided by keyboard in

Seite 268

Introductory Example12 RSA BSAFE Crypto-C Developer’s Guidethere is a single stream cipher, the RC4 cipher, and a number of AIs that can be used to im

Seite 269

The X9.31 Sample Program318 RSA BSAFE Crypto-C Developer’s GuideGenerating a Key PairOnce you have the random bytes, you can use them to generate an R

Seite 270

Chapter 9 Putting It All Together: An X9.31 Example 319The X9.31 Sample Program /* ======================================================== */

Seite 271

The X9.31 Sample Program320 RSA BSAFE Crypto-C Developer’s GuideComputing a Digital SignatureNow you can use the key pair to compute a digital signatu

Seite 272

Chapter 9 Putting It All Together: An X9.31 Example 321The X9.31 Sample Program• For digestMethodName, use "sha1"; currently this is the on

Seite 273

The X9.31 Sample Program322 RSA BSAFE Crypto-C Developer’s Guide signVerifyParams.encryptionMethodName = (unsigned char *)"rsaSignX931";

Seite 274

Chapter 9 Putting It All Together: An X9.31 Example 323The X9.31 Sample ProgramVerifying the SignatureVerifying an X9.31 RSA signature is almost iden

Seite 275

The X9.31 Sample Program324 RSA BSAFE Crypto-C Developer’s Guide /* Step 4: Update */ if ((status = B_VerifyUpdate (digitalVerifier, (

Seite 276 - BER Format

Chapter 9 Putting It All Together: An X9.31 Example 325The X9.31 Sample ProgramSurrendering ControlThe following function, included as part of x931.c

Seite 277

The X9.31 Sample Program326 RSA BSAFE Crypto-C Developer’s GuidePrinting the Buffer ContentsThe following procedure prints the current contents of the

Seite 278

327Appendix ACommand-Line DemosOverview of the DemosIn addition to the sample programs included on the CD, there are three Crypto-C command-line demo

Seite 279 - Step 4: Phase 1

Chapter 2 Quick Start 13Introductory ExampleSee the description and prototype in Chapter 4 of the Reference Manual for B_EncryptInit:As in Step 2, th

Seite 280 - Step 5: Phase 2

Command-Line Demo User’s Guide328 RSA BSAFE Crypto-C Developer’s Guide• BDEMOEC can use ECDSA to create and verify digital signatures for a file, and

Seite 281 - Saving the Object State

Appendix A Command-Line Demos 329Command-Line Demo User’s Guide> bdemo -s < testinNotice that this uses ‘<’ to redirect testin as the input

Seite 282

Command-Line Demo User’s Guide330 RSA BSAFE Crypto-C Developer’s Guide• the name and location of the file to be signed• the name of the file you want

Seite 283

Appendix A Command-Line Demos 331Command-Line Demo User’s Guide• the name and location of the file that contains the encrypted data • the name and lo

Seite 284

Command-Line Demo User’s Guide332 RSA BSAFE Crypto-C Developer’s GuideBDEMODSABDEMODSA demonstrates the use of DSA to digitally sign and verify the in

Seite 285

Appendix A Command-Line Demos 333Command-Line Demo User’s GuideOnce a key pair has been generated, the following top-level menu is displayed:S - Sign

Seite 286

Command-Line Demo User’s Guide334 RSA BSAFE Crypto-C Developer’s GuideBDEMOECBDEMOEC provides the same functionality as BDEMO, but uses elliptic curve

Seite 287

Appendix A Command-Line Demos 335File ReferenceFile ReferenceThe C source code files for the demo programs provide a convenient means to learn Crypto

Seite 288 - The following procedure

BSLite336 RSA BSAFE Crypto-C Developer’s GuideBSLiteBSLite is a collection of routines that interface with the Crypto-C library. BSLite demonstrates h

Seite 289

Appendix A Command-Line Demos 337BSLiteA single C source file, bslite.c, with a single header file, bslite.h, contains the entire BSLite Code. For mo

Seite 290

Introductory Example14 RSA BSAFE Crypto-C Developer’s Guideobject as an RC4 key, we need to use B_SetKeyInfo. See Chapter 4 of the Reference Manual fo

Seite 292 - Step 3: Initialize

339GlossaryThis section lists security and cryptographic terms and abbreviations, along with their definitions, that are used throughout the RSA BSAFE

Seite 293

340 RSA BSAFE Crypto-C Developer’s GuideAESAdvanced Encryption Standard.algorithmA series of steps used to complete a task.AliceThe name traditionally

Seite 294

Glossary 341Data Encryption StandardSee DES.decryptionThe inverse (reverse) of encryption. The process by which the ciphertext is converted into pla

Seite 295

342 RSA BSAFE Crypto-C Developer’s GuideECDSAElliptic Curve DSA (Digital Signature Algorithm). An elliptic curve analogue of DSA.EDIElectronic (busine

Seite 296

Glossary 343identificationA process through which one ascertains the identity of another person or entity.keyA string of bits used widely in cryptog

Seite 297

344 RSA BSAFE Crypto-C Developer’s GuideNISTNational Institute of Standards and Technology. A United States agency that produces security and cryptogr

Seite 298

Glossary 345private keyIn public-key cryptography, this key is the secret key. It is primarily used for decryption but is also used for encryption w

Seite 299

346 RSA BSAFE Crypto-C Developer’s Guidesecret sharingSplitting a secret (for examle, a private key) into many pieces such that any specified subset o

Seite 300

Glossary 347verificationThe act of recognizing that a person or entity is who or what it claims to be.XORA binary bitwise operator yielding the resu

Seite 301

Chapter 2 Quick Start 15Introductory ExampleNow we can complete the call to B_SetKeyInfo:As with algorithm objects, once you have set a key object, y

Seite 303

349IndexAacceleration table 273Adelman, Leonard 52Advanced Encryption Standard xviiSee AESAdvanced PKCS #11 147AES xvii, 40, 41AI See algorithm info t

Seite 304

350 RSA BSAFE Crypto-C Developer’s Guidecertificate See digital certificateCFB See modes of operationcharacteristic See elliptic curve cryptographycho

Seite 305

Index 351elliptic curve cryptography 65–79algorithm info types 110curve generation 262examplesacceleration table 273–280key pair generation 268–270k

Seite 306 - Step 5: Phase 2

352 RSA BSAFE Crypto-C Developer’s Guidekey (continued)RC2 39, 99RC4 87, 99RC5 99, 190recovery 89registering 61RSA 53, 54, 97, 98size 97, 98, 129token

Seite 307 - Generating an EC Key Pair

Index 353Ppadding 37, 126, 180RSA algorithm 227parametersDiffie-Hellman key agreement 63, 99, 249Digital Signature Algorithm 60, 239surrender contex

Seite 308

354 RSA BSAFE Crypto-C Developer’s GuideRSA Security Inc.FAQ 55Web site 48Ssalt 49, 94iterations 207sample program filesberder.c 124descbc.c 178dhagre

Seite 309

Introductory Example16 RSA BSAFE Crypto-C Developer’s Guideinstructions on writing an algorithm chooser. For the purposes of our example, we see that

Seite 310

Chapter 2 Quick Start 17Introductory Exampleinformation that it needs to perform RC4 encryption. In Step 4, we can enter the data to encrypt with the

Seite 311

iv RSA BSAFE Crypto-C Developer’s GuideCryptographic Standards and Crypto-C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Seite 312 - Step 3: Init

Introductory Example18 RSA BSAFE Crypto-C Developer’s GuideFor now, we declare:For a stream cipher, the length of the encrypted (output) data is equal

Seite 313

Chapter 2 Quick Start 19Introductory Examplefunction must know the size of the buffer. The Update function will not attempt to place data into unallo

Seite 314

Introductory Example20 RSA BSAFE Crypto-C Developer’s GuideFor our example, the first argument is rc4Encrypter. The second argument is a pointer to th

Seite 315

Chapter 2 Quick Start 21Introductory Examplefunction calls after the do-while construct. That way, even if there is an error somewhere and the progra

Seite 316

Introductory Example22 RSA BSAFE Crypto-C Developer’s GuideFor this example, call T_free as follows:Note: Using T_free means you can no longer access

Seite 317

Chapter 2 Quick Start 23Introductory Example static char dataToEncrypt[] = "Encrypt this sentence."; unsigned char *encryptedData = NULL_

Seite 318

Introductory Example24 RSA BSAFE Crypto-C Developer’s Guide /* Step 4: Update */ encryptedData = T_malloc (dataToEncryptLen); if ((status

Seite 319 - Using ECAES

Chapter 2 Quick Start 25Introductory ExampleYou may find it a useful exercise to compile and link this program. Also, it could also be instructive to

Seite 320 - ECAES Public-Key Encryption

Decrypting the Introductory Example26 RSA BSAFE Crypto-C Developer’s GuideDecrypting the Introductory ExampleDecrypting data is similar to encrypting.

Seite 321

Chapter 2 Quick Start 27Decrypting the Introductory ExampleStep 3b: Setting the Key ObjectWe need to fill our key with the same 10 bytes of data we

Seite 322

Contents vOptimal Asymmetric Encryption Padding (OAEP) . . . . . . . . . . . . . . . . . . . . . . . . . . .55Authentication and Digital Signatures

Seite 323

Decrypting the Introductory Example28 RSA BSAFE Crypto-C Developer’s GuideStep 5: FinalIn the “Introductory Example” on page 9, the plaintext was a st

Seite 324 - Step 4: Update

Chapter 2 Quick Start 29Multiple UpdatesMultiple UpdatesAn application can do multiple updates before the Final call. For example, suppose you have d

Seite 325

Multiple Updates30 RSA BSAFE Crypto-C Developer’s Guideplaces them into the given buffer, and sets a flag indicating whether the bytes returned are th

Seite 326

Chapter 2 Quick Start 31Multiple UpdatesIn the preceeding code example, we took dataToEncryptLen bytes of data to encrypt and passed them to B_Encryp

Seite 327 - Secret Sharing Operations

Summary of the Six Steps32 RSA BSAFE Crypto-C Developer’s GuideSummary of the Six StepsA typical implementation uses the six steps as follows:Step 0:

Seite 328

Chapter 2 Quick Start 33Summary of the Six Steps• For some algorithms, such as generating a public/private key pair, there is no Update step. Step 5:

Seite 330

35Chapter 3Cryptography This chapter contains a brief outline of the basic cryptographic principles and terminology used throughout this manual and do

Seite 331 - Reconstructing the Secret

Cryptography Overview36 RSA BSAFE Crypto-C Developer’s GuideCryptography OverviewSymmetric-Key CryptographyIn symmetric-key cryptography, as Figure 3-

Seite 332

Chapter 3 Cryptography 37Cryptography OverviewBlock CiphersBlock ciphers encrypt data block-by-block. They can encrypt each block separately as in EC

Seite 333

vi RSA BSAFE Crypto-C Developer’s GuideElliptic Curve Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Seite 334

Cryptography Overview38 RSA BSAFE Crypto-C Developer’s GuideTriple DESTriple DES executes DES three times, which triples the number of bits in an encr

Seite 335 - An X9.31 Example

Chapter 3 Cryptography 39Cryptography Overviewit is proprietary to RSA Security. The RC2 cipher has an eight-byte block size. Therefore, the input mu

Seite 336 - The X9.31 Sample Program

Cryptography Overview40 RSA BSAFE Crypto-C Developer’s Guidefor 12-round RC5-32, recent cryptanalytic work suggests 16 rounds is now a more conservati

Seite 337 - Generating Random Bytes

Chapter 3 Cryptography 41Cryptography Overviewwould slow down the encryption and decryption operations. In addition, if the 20-round version of RC6 i

Seite 338

Cryptography Overview42 RSA BSAFE Crypto-C Developer’s GuideElectronic Codebook (ECB) ModeECB is not a feedback mode; it encrypts each block of input

Seite 339 - Providing the Seed

Chapter 3 Cryptography 43Cryptography OverviewCipher Block Chaining (CBC) ModeWith CBC mode, each plaintext block is XORed with the previous cipherte

Seite 340 - Generating a Key Pair

Cryptography Overview44 RSA BSAFE Crypto-C Developer’s Guide Figure 3-5 Cipher Feedback (CFB) ModeTo encrypt plaintext using CFB mode:1. Generate your

Seite 341

Chapter 3 Cryptography 45Cryptography OverviewOutput Feedback (OFB) ModeOutput feedback mode is similar to CFB mode, except that the quantity XORed w

Seite 342

Cryptography Overview46 RSA BSAFE Crypto-C Developer’s GuideFigure 3-6 Output Feedback Mode (OFB)Stream CiphersA stream cipher processes the input dat

Seite 343

Chapter 3 Cryptography 47Cryptography Overviewguess), an attacker would be able to determine some of the original message bytes by XORing two sets of

Seite 344

Contents viiMemory-Management Routines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122Memory-Management Rou

Seite 345 - Verifying the Signature

Cryptography Overview48 RSA BSAFE Crypto-C Developer’s Guide• It is computationally infeasible to produce data that has a specific digest. In other wo

Seite 346

Chapter 3 Cryptography 49Cryptography OverviewHash-Based Message Authentication Codes (HMAC)A hash-based message authentication code (HMAC) combines

Seite 347 - Surrendering Control

Cryptography Overview50 RSA BSAFE Crypto-C Developer’s GuideNormally, the mixing is a message digest. This makes the task of getting from password to

Seite 348 - Printing the Buffer Contents

Chapter 3 Cryptography 51Cryptography Overviewher message using that public key. Unlike symmetric-key cryptography, the key used for encryption will

Seite 349 - Command-Line Demos

Cryptography Overview52 RSA BSAFE Crypto-C Developer’s Guideauthentication that MIT professors Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman in

Seite 350 - Starting BDEMO

Chapter 3 Cryptography 53Cryptography Overviewbelow. To compute ciphertext c from a plaintext message m, find c = me mod n. To decrypt, determine the

Seite 351 - Using BDEMO

Cryptography Overview54 RSA BSAFE Crypto-C Developer’s GuideThe calculation is shown in Table 3-1:SummaryTake two large primes, p and q, and find thei

Seite 352 - Open a File Envelope

Chapter 3 Cryptography 55Cryptography OverviewHowever, for very large numbers, factoring is very difficult. The RSA Laboratories publication, Frequen

Seite 353 - Generate a Key Pair

Cryptography Overview56 RSA BSAFE Crypto-C Developer’s Guideto reveal the contents of a digital envelope. The main features of OAEP are redundancy and

Seite 354 - BDEMODSA

Chapter 3 Cryptography 57Cryptography OverviewAuthentication and Digital SignaturesSuppose Alice and Bob are disputing a contract. Alice says that Bo

Seite 355 - Sign a File

viii RSA BSAFE Crypto-C Developer’s GuideChapter 6 Symmetric-Key Operations 177Block Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . .

Seite 356 - Using BDEMOEC

Cryptography Overview58 RSA BSAFE Crypto-C Developer’s Guide1. Alice and Bob compose a contract in digital format. The file can be in any form, such a

Seite 357 - File Reference

Chapter 3 Cryptography 59Cryptography Overview4. Digest the message file.5. If the digest matches the 16 bytes you obtained from decrypting the origi

Seite 358

Cryptography Overview60 RSA BSAFE Crypto-C Developer’s GuideDigital Signature Algorithm (DSA)The Digital Signature Algorithm (DSA) is part of the Digi

Seite 359

Chapter 3 Cryptography 61Cryptography Overviewa = gu1 mod pb = yu2 mod pv = (a · b mod p) mod q3. If v = r, the signature is verified. If v ≠ r, the

Seite 360

Cryptography Overview62 RSA BSAFE Crypto-C Developer’s GuideA certificate connects an entity to a public key. For instance, it can list an individual’

Seite 361 - Glossary

Chapter 3 Cryptography 63Cryptography Overview• Phase 1• Phase 2Figure 3-12 The Diffie-Hellman Key Agreement ProtocolParameter GenerationA central au

Seite 362

Cryptography Overview64 RSA BSAFE Crypto-C Developer’s Guide3. The two parties exchange the public values.These private and public values correspond t

Seite 363

Chapter 3 Cryptography 65Cryptography OverviewSecurityThe security of Diffie-Hellman key agreement relies on the difficulty of computing nth roots mo

Seite 364

Cryptography Overview66 RSA BSAFE Crypto-C Developer’s Guide• Elliptic Curve Signature Schemes (ECDSA)• Elliptic Curve Authenticated Encryption Scheme

Seite 365

Chapter 3 Cryptography 67Cryptography Overview• An odd prime field, Fp, where p is an odd prime.• A field of even characteristic, F2m.For more inform

Seite 366

Contents ixPerforming Diffie-Hellman Key Agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249Generating Diffie-Hellman Param

Seite 367

Cryptography Overview68 RSA BSAFE Crypto-C Developer’s Guide0=0·I≡ (2·2m–1)·I mod2m= 2·(2m–1·I)≡ 2·1 mod 2m=2Instead, we create the field F2m in a com

Seite 368

Chapter 3 Cryptography 69Cryptography Overviewelliptic curve parameters.Coefficients Over a Field of Even CharacteristicAn elliptic curve E over a fi

Seite 369

Cryptography Overview70 RSA BSAFE Crypto-C Developer’s Guideis written E(Fq).The Order of an Elliptic CurveThe addition system that makes the points o

Seite 370

Chapter 3 Cryptography 71Cryptography Overview• The order n of P P is sometimes called the base point.The CofactorWe mentioned previously that the pr

Seite 371

Cryptography Overview72 RSA BSAFE Crypto-C Developer’s GuideRepresenting Fields of Even CharacteristicFor fields of even characteristic (fields of the

Seite 372

Chapter 3 Cryptography 73Cryptography OverviewCreating the Key PairTo compute a public/private key pair:1. Generate a random value, d, between 1 and

Seite 373

Cryptography Overview74 RSA BSAFE Crypto-C Developer’s Guide, you will be using regular arithmetic. This is so different from arithmetic in F2m that,

Seite 374

Chapter 3 Cryptography 75Cryptography OverviewThe following calculations are really just a series of substitutions that can be made by looking back a

Seite 375

Cryptography Overview76 RSA BSAFE Crypto-C Developer’s GuideEncrypting a Message Using the Public KeyAnyone who wishes to send Bob an encrypted messag

Seite 376

Chapter 3 Cryptography 77Cryptography Overview6. Compute an authentication tag, tag = SHA1 (x1 || M’). That is, tag is the SHA1 hash of concatenation

Kommentare zu diesen Handbüchern

Keine Kommentare

Curtis FR464 Handbücher

Bedienungsanleitungen und Benutzerhandbücher für Nein Curtis FR464.
Wir stellen 1 PDF-Handbücher Curtis FR464 zum kostenlosen herunterladen nach Dokumenttypen zur Verfügung Bedienungsanleitung






Weitere Produkte und Handbücher für Nein Curtis

Modelle Dokumententyp
FRP245 Bedienungsanleitung Curtis FRP245 User's Manual, 1 Seiten
FR145C Bedienungsanleitung   Curtis FR145C User's Manual, 6 Seiten
FR320UK Bedienungsanleitung   Curtis FR320UK User's Manual, 1 Seiten
RT111 Bedienungsanleitung   Curtis RT111 User's Manual, 1 Seiten
TV2011 Bedienungsanleitung   Curtis TV2011 User's Manual, 1 Seiten
RT068J Bedienungsanleitung   Curtis RT068J User's Manual, 8 Seiten
CR1320 Bedienungsanleitung   Curtis CR1320 User's Manual, 1 Seiten
DVD DVD2053 Bedienungsanleitung   Curtis DVD DVD2053 User's Manual, 21 Seiten
FR1008 Bedienungsanleitung   Curtis FR1008 User's Manual, 1 Seiten
FR320 Bedienungsanleitung   Curtis FR320 User's Manual, 1 Seiten
FR180 Bedienungsanleitung   Curtis FR180 User's Manual, 1 Seiten
TVD2002-B Bedienungsanleitung Curtis TVD2002-B User's Manual, 12 Seiten
MWC500 Bedienungsanleitung   Curtis MWC500 User's Manual, 1 Seiten
TV1410 Bedienungsanleitung Curtis TV1410 User's Manual, 7 Seiten
MWC497 Bedienungsanleitung   Curtis MWC497 User's Manual, 1 Seiten
RCD237UKT Bedienungsanleitung   Curtis RCD237UKT User's Manual, 8 Seiten
CR1353 Bedienungsanleitung   Curtis CR1353 User's Manual, 9 Seiten
DVD1098 Bedienungsanleitung   Curtis DVD1098 User's Manual, 29 Seiten
MP510 Bedienungsanleitung   Curtis MP510 User's Manual, 1 Seiten
FRF434 Bedienungsanleitung   Curtis FRF434 freezer [en] , 14 Seiten