RSA BSAFE® Crypto-C Cryptographic Components for C Developer’s Guide Version 5.2.2 RSA Security Inc. RSA Security Ireland Limited 20 Crosby Drive Bay 127, Shannon Free Zone Bedford, MA 01730 USA Shannon, County Clare, Ireland Tel (US) 1 877 RSA 4900, +1 781 301 5000 Tel +353 61 72 5100 Fax +1 781 301 5170 Fax +353 61 72 5110 www.rsasecurity.com www.rsasecurity.ie See our Web Site for regional Customer Service telephone and fax numbers. Trademarks ACE/Server, BSAFE, Genuine RSA Encryption Engine, Keon, RC2, RC4, RC5, RSA, RSA SecurPC, SecurCare, SecurID, SoftID, and WebID are registered trademarks, and RC6, RSA Security, RSA Secured, SecurSight, and The Most Trusted Name in e-Security are trademarks, of RSA Security Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. License agreement This software and the associated documentation are proprietary and confidential to RSA Security, are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright below. This software and any copies thereof may not be provided or otherwise made available to any other person. Note on encryption technologies This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import, and export regulations should be followed when exporting this product. Distribution Limit distribution of this document to trusted personnel. RSA Security notice The RC5® Block Encryption Algorithm With Data-Dependent Rotations is protected by U.S. Patent #5,724,428 and #5,835,600. The RC6™ Encryption Algorithm is the subject of pending U.S. and foreign patent applications. The DES implementation in this product contains code based on the "libdes" package written by Eric A. Young ([email protected]) and is included with his permission. Compaq MultiPrime™ technology is protected by United States patent 5,848,159 and is the subject of patent applications in other countries. © 2001 RSA Security Inc. All rights reserved. 001-019003-522-001-000 First printing: May 2001 Contents Preface xv What’s New in Version 5.2.2? . xvi Improved performance. .xvi Hardware support . .xvi MultiPrime RSA . .xvi Serialization for algorithm objects performing RC4, Diffie Hellman key exchange . .xvi Advanced Encryption Standard (AES) . xvii Organization of This Manual . .xvii Conventions Used in This Manual . xviii Terms and Abbreviations . xix Related Documents . .xx How to Contact RSA Security . .xxii RSA Security Web Site . xxii Getting Support and Service . xxii SecurCare® Online . xxii Technical Support Telephone Numbers . xxii Call Handling and Escalation Process . xxii Chapter 1 Introduction 1 The Crypto-C Toolkit. 2 Algorithms . 2 Symmetric Ciphers . 2 Message Digests . .2 Message Authentication . 2 Random-Number Generation . 2 Public-Key Algorithms. .3 Digital Signatures. .3 Elliptic Curve Public-Key Algorithms . .3 Secret Sharing . .3 Hardware Support . .3 iii Cryptographic Standards and Crypto-C . 4 PKCS Standards and Crypto-C . 4 NIST Standards and Crypto-C. 4 PKCS Compared with NIST. 5 ANSI X9 Standards and Crypto-C . 6 Chapter 2 Quick Start 7 The Six-Step Sequence . 8 Introductory Example . 9 Saving the Object State (optional). 16 Putting It All Together. 22 Decrypting the Introductory Example. 26 Multiple Updates . 29 Summary of the Six Steps . 32 Chapter 3 Cryptography 35 Cryptography Overview . 36 Symmetric-Key Cryptography . 36 Ciphers . 36 Block Ciphers . 37 Padding . 37 Ciphers in Crypto-C . 37 DES. 37 Triple DES. 38 DESX . 38 RC2 . 38 RC5. 39 RC6. 40 AES. 41 Modes of Operation. 41 Stream Ciphers . 46 Message Digests . 47 Message Digests and Pseudo-Random Numbers. 48 Hash-Based Message Authentication Codes (HMAC) . 49 Password-Based Encryption . 49 Public-Key Cryptography. 50 The RSA Algorithm . 51 Digital Envelopes. 55 iv RSA BSAFE Crypto-C Developer’s Guide Optimal Asymmetric Encryption Padding (OAEP) . .55 Authentication and Digital Signatures. 57 Digital Signature Algorithm (DSA) . .60 Digital Certificates . ..