Skip to main content

B.2. Encryption Schemes

B.2. Encryption Schemes

An example encryption scheme for PBES2 (Section 6.2) is AES-CBC-Pad. The schemes defined in PKCS #5 v2.0 [RFC2898], DES-CBC-Pad, DES-EDE3-CBC-Pad, RC2-CBC-Pad, and RC5-CBC-Pad, are still supported, but DES-CBC-Pad, DES-EDE3-CBC-Pad, RC2-CBC-Pad are now considered legacy and should only be used for backwards compatibility reasons.

The object identifiers given in this section are intended to be employed in the object set PBES2-Encs (Appendix A.4).

B.2.1. DES-CBC-Pad

DES-CBC-Pad is single-key DES [NIST46] in CBC mode [NIST81] with the padding operation specified in RFC 1423 [RFC1423] (see Section 6.1.1 of this document). DES-CBC-Pad has an eight-octet encryption key and an eight-octet initialization vector. The key is considered as a 64-bit encoding of a 56-bit DES key with parity bits ignored.

The object identifier desCBC (defined in the NIST/OSI Implementors' Workshop agreements) identifies the DES-CBC-Pad encryption scheme:

desCBC OBJECT IDENTIFIER ::=
   {iso(1) identified-organization(3) oiw(14) secsig(3)
    algorithms(2) 7}

The parameters field associated with this OID in an AlgorithmIdentifier shall have type OCTET STRING (SIZE(8)), specifying the initialization vector for CBC mode.

B.2.2. DES-EDE3-CBC-Pad

DES-EDE3-CBC-Pad is three-key triple-DES in CBC mode [ANSIX952] with the padding operation specified in RFC 1423 [RFC1423]. DES-EDE3-CBC-Pad has a 24-octet encryption key and an eight-octet initialization vector. The key is considered as the concatenation of three eight-octet keys, each of which is a 64-bit encoding of a 56-bit DES key with parity bits ignored.

The object identifier des-EDE3-CBC identifies the DES-EDE3-CBC-Pad encryption scheme:

des-EDE3-CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 7}

The parameters field associated with this OID in an AlgorithmIdentifier shall have type OCTET STRING (SIZE(8)), specifying the initialization vector for CBC mode.

Note: An OID for DES-EDE3-CBC without padding is given in ANSI X9.52 [ANSIX952]; the one given here is preferred since it specifies padding.

B.2.3. RC2-CBC-Pad

RC2-CBC-Pad is the RC2 encryption algorithm [RFC2268] in CBC mode with the padding operation specified in RFC 1423 [RFC1423]. RC2-CBC-Pad has a variable key length, from one to 128 octets, a separate "effective key bits" parameter from one to 1024 bits that limits the effective search space independent of the key length, and an eight-octet initialization vector.

The object identifier rc2CBC identifies the RC2-CBC-Pad encryption scheme:

rc2CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 2}

The parameters field associated with OID in an AlgorithmIdentifier shall have type RC2-CBC-Parameter:

RC2-CBC-Parameter ::= SEQUENCE {
    rc2ParameterVersion INTEGER OPTIONAL,
    iv OCTET STRING (SIZE(8)) }

The fields of type RC2-CBCParameter have the following meanings:

  • rc2ParameterVersion is a proprietary RSA Security Inc. encoding of the "effective key bits" for RC2. The following encodings are defined:

    Effective Key BitsEncoding
    40160
    64120
    12858
    b >= 256b

    If the rc2ParameterVersion field is omitted, the "effective key bits" defaults to 32. (This is for backward compatibility with certain very old implementations.)

  • iv is the eight-octet initialization vector.

B.2.4. RC5-CBC-Pad

RC5-CBC-Pad is the RC5 encryption algorithm [RC5] in CBC mode with the padding operation specified in RFC 5652 [RFC5652], which is a generalization of the padding operation specified in RFC 1423 [RFC1423]. The scheme is fully specified in [RFC2040]. RC5-CBC-Pad has a variable key length, from 0 to 256 octets, and supports both a 64-bit block size and a 128-bit block size. For the former, it has an eight-octet initialization vector, and for the latter, a 16-octet initialization vector. RC5-CBC-Pad also has a variable number of "rounds" in the encryption operation, from 8 to 127.

Note: For RC5 with a 64-bit block size, the padding string is as defined in RFC 1423 [RFC1423]. For RC5 with a 128-bit block size, the padding string consists of 16-(||M|| mod 16) octets each with value 16-(||M|| mod 16).

The object identifier rc5-CBC-PAD [RFC2040] identifies the RC5-CBC-Pad encryption scheme:

rc5-CBC-PAD OBJECT IDENTIFIER ::= {encryptionAlgorithm 9}

The parameters field associated with this OID in an AlgorithmIdentifier shall have type RC5-CBC-Parameters:

RC5-CBC-Parameters ::= SEQUENCE {
   version INTEGER {v1-0(16)} (v1-0),
   rounds INTEGER (8..127),
   blockSizeInBits INTEGER (64 | 128),
   iv OCTET STRING OPTIONAL }

The fields of type RC5-CBC-Parameters have the following meanings:

  • version is the version of the algorithm, which shall be v1-0.

  • rounds is the number of rounds in the encryption operation, which shall be between 8 and 127.

  • blockSizeInBits is the block size in bits, which shall be 64 or 128.

  • iv is the initialization vector, an eight-octet string for 64-bit RC5 and a 16-octet string for 128-bit RC5. The default is a string of the appropriate length consisting of zero octets.

B.2.5. AES-CBC-Pad

AES-CBC-Pad is the AES encryption algorithm [NIST197] in CBC mode with the padding operation specified in RFC 5652 [RFC5652]. AES-CBC-Pad has a variable key length of 16, 24, or 32 octets and has a 16-octet block size. It has a 16-octet initialization vector.

Note: For AES, the padding string consists of 16-(||M|| mod 16) octets each with value 16-(||M|| mod 16).

For AES, object identifiers are defined depending on key size and operation mode. For example, the 16-octet (128-bit) key AES encryption scheme in CBC mode would be aes128-CBC-Pad identifying the AES-CBC-PAD encryption scheme using a 16-octet key:

aes128-CBC-PAD OBJECT IDENTIFIER ::= {aes 2}

The AES object identifier is defined in Appendix C.

The parameters field associated with this OID in an AlgorithmIdentifier shall have type OCTET STRING (SIZE(16)), specifying the initialization vector for CBC mode.

Last updated on