RFC 1423 (rfc1423) - Page 3 of 14

Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers

RFC 1423         PEM: Algorithms, Modes and Identifiers    February 1993


   DES is defined in FIPS PUB 81 [3], and is equivalent to those
   provided in ANSI X3.106 [4] and in ISO IS 8372 [5].  The character
   string "DES-CBC" within an encapsulated PEM header field indicates
   the use of this algorithm/mode combination.

   The input to the DES CBC encryption process shall be padded to a
   multiple of 8 octets, in the following manner.  Let n be the length
   in octets of the input.  Pad the input by appending 8-(n mod 8)
   octets to the end of the message, each having the value 8-(n mod 8),
   the number of octets being added.  In hexadecimal, the possible
   paddings are:  01, 0202, 030303, 04040404, 0505050505, 060606060606,
   07070707070707, and 0808080808080808.  All input is padded with 1 to
   8 octets to produce a multiple of 8 octets in length.  The padding
   can be removed unambiguously after decryption.

   The DES CBC encryption process requires a 64-bit cryptographic key.
   A new, pseudorandom key shall be generated for each ENCRYPTED PEM
   message.  Of the 64 bits, 56 are used directly by the DES CBC
   process, and 8 are odd parity bits, with one parity bit occupying the
   right-most bit of each octet.  When symmetric key management is
   employed, the setting and checking of odd parity bits is encouraged,
   since these bits could detect an error in the decryption of a DES key
   encrypted under a symmetric key management algorithm (e.g., DES ECB).
   When asymmetric key management is employed, the setting of odd parity
   bits is encouraged, but the checking of odd parity bits is
   discouraged, in order to facilitate interoperability, and since an
   error in the decryption of a DES key can be detected by other means
   (e.g., an incorrect PKCS #1 encryption-block format).  In all cases,
   the encrypted form of a DES key shall carry all 64 bits of the key,
   including the 8 parity bits, though those bits may have no meaning.

   The DES CBC encryption process also requires a 64-bit Initialization
   Vector (IV).  A new, pseudorandom IV shall be generated for each
   ENCRYPTED PEM message.  Section 4.3.1 of [7] provides rationale for
   this requirement, even given the fact that individual DES keys are
   generated for individual messages.  The IV is transmitted with the
   message within an encapsulated PEM header field.

   When this algorithm/mode combination is used for message text
   encryption, the "DEK-Info:" header field carries exactly two
   arguments.  The first argument identifies the DES CBC algorithm/mode
   using the character string defined above.  The second argument
   contains the IV, represented as a contiguous string of 16 ASCII
   hexadecimal digits.

   When symmetric key management is employed with this algorithm/mode
   combination, a symmetrically encrypted DES key will be represented in
   the third argument of a "Key-Info:" header field as a contiguous



Balenson