Skip to main content

6.2. PBES2

6.2. PBES2

PBES2 combines a password-based key derivation function, which shall be PBKDF2 (Section 5.2) for this version of PKCS #5, with an underlying encryption scheme (see Appendix B.2 for examples). The key length and any other parameters for the underlying encryption scheme depend on the scheme.

PBES2 is recommended for new applications.

6.2.1. PBES2 Encryption Operation

The encryption operation for PBES2 consists of the following steps, which encrypt a message M under a password P to produce a ciphertext C, applying a selected key derivation function KDF and a selected underlying encryption scheme:

  1. Select a salt S and an iteration count c, as outlined in Section 4.

  2. Select the length in octets, dkLen, for the derived key for the underlying encryption scheme.

  3. Apply the selected key derivation function to the password P, the salt S, and the iteration count c to produce a derived key DK of length dkLen octets:

    DK = KDF (P, S, c, dkLen)

  4. Encrypt the message M with the underlying encryption scheme under the derived key DK to produce a ciphertext C. (This step may involve selection of parameters such as an initialization vector and padding, depending on the underlying scheme.)

  5. Output the ciphertext C.

The salt S, the iteration count c, the key length dkLen, and identifiers for the key derivation function and the underlying encryption scheme may be conveyed to the party performing decryption in an AlgorithmIdentifier value (see Appendix A.4).

6.2.2. PBES2 Decryption Operation

The decryption operation for PBES2 consists of the following steps, which decrypt a ciphertext C under a password P to recover a message M:

  1. Obtain the salt S for the operation.

  2. Obtain the iteration count c for the key derivation function.

  3. Obtain the key length in octets, dkLen, for the derived key for the underlying encryption scheme.

  4. Apply the selected key derivation function to the password P, the salt S, and the iteration count c to produce a derived key DK of length dkLen octets:

    DK = KDF (P, S, c, dkLen)

  5. Decrypt the ciphertext C with the underlying encryption scheme under the derived key DK to recover a message M. If the decryption function outputs "decryption error", then output "decryption error" and stop.

  6. Output the recovered message M.

Last updated on