Cryptography Reference
In-Depth Information
encipheringof
k
with Bob's public key
e
B
to form
e
B
(
k
). Then
e
B
(
k
),
k
(
D
), identifying data, and specifiers for the cryptographic algorithms
beingused are sent to Bob.
The various cryptographic algorithms that MUST
8.3
be used by S/MIME
are contained in the following
cryptographic suites
, or sets of cryptographic
algorithms.
[CS1]: RSA for digital signatures, with RSA key size a minimum of
1024 bits beinga MUST (see pae 181) and SHA-1 for hashing(see
page 255); RSA for key transport; 3DES (see page 131) for content
encryption, and at least two independent keys MUST be supported
usingCBC mode (see page 134), called DES EDES3 CBC.
[CS2]: DSA (see page 183) for digital signatures, with DSA key size of
1024 bits beinga MUST, with SHA-1; RSA for key transport; and
3DES for content encryption.
In addition to the above, the following cryptographic algorithms SHOULD
be supported for implementation.
[CS3] RSA for digital signatures with SHA-1 for hashing, RSA for key
transport, and AES (see Section 3.5) for content encryption.
[CS4] DSA for digital signatures with SHA-1 for hashing, DiJe-Hellman
(see page 166) for key agreement, and 3DES for content encryption.
[CS5] DSA for digital signatures, SHA-256 (see page 255) for hashing,
DiJe-Hellman for key agreement, and AES for content encryption.
2.
Signed Data
: This function renders a data integrity resource. First, a
message digest is formed, h(m), then encrypted with Alice's private key
to get
d
A
(
h
(
m
)), which is radix-64-encoded, the latter beingcalled
transfer
encoding
. This means that the digital equipment being used encodes the
data in base-64 to enable the binary data to be transferred, unaltered,
through a variety of systems. (This is essential since, for instance, if
an 8-bit message is sent through an e-mail portal, which is, say, a 7-
bit device, then it could strip the message of important symbols, and any
digitally signed message that is altered or stripped of characters is rejected
as invalid.) Once so encoded, only S/MIME-enabled users can read the
signed data.
3.
Clear-Signed Data
: This is a function allowing
non
-S/MIME-enabled
users to view the message content, but not verify the signature. This is
8.3
The terms “MUST”, “SHOULD”, and “MAY” are precisely defined in [204]. Essentially
a “MUST” means that what is referenced is an absolute requirement of the S/MIME protocol,
and must be implemented in order to be in compliance with the specification. “SHOULD”
means that the referenced feature may be ignored for sound reasons, but it is recommended
that the feature be implemented. “MAY”, sometimes replaced by the adjective ”OPTIONAL”,
means that an item is truly optional.
Search WWH ::
Custom Search