RFC 1829 (rfc1829) - Page 1 of 10
The ESP DES-CBC Transform
Alternative Format: Original Text Document
Network Working Group P. Karn
Request for Comments: 1829 Qualcomm
Category: Standards Track P. Metzger
Piermont
W. Simpson
Daydreamer
August 1995
The ESP DES-CBC Transform
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract
This document describes the DES-CBC security transform for the IP
Encapsulating Security Payload (ESP).
Table of Contents
1. Introduction .......................................... 1
1.1 Keys ............................................ 1
1.2 Initialization Vector ........................... 1
1.3 Data Size ....................................... 2
1.4 Performance ..................................... 2
2. Payload Format ........................................ 3
3. Algorithm ............................................. 5
3.1 Encryption ...................................... 5
3.2 Decryption ...................................... 5
SECURITY CONSIDERATIONS ...................................... 6
ACKNOWLEDGEMENTS ............................................. 7
REFERENCES ................................................... 8
AUTHOR'S ADDRESS ............................................. 10
Karn, Metzger & Simpson Standards Track [Page i]
RFC 1829 ESP DES-CBC August 1995
1. Introduction
The Encapsulating Security Payload (ESP) [RFC-1827] provides
confidentiality for IP datagrams by encrypting the payload data to be
protected. This specification describes the ESP use of the Cipher
Block Chaining (CBC) mode of the US Data Encryption Standard (DES)
algorithm [FIPS-46, FIPS-46-1, FIPS-74, FIPS-81].
All implementations that claim conformance or compliance with the
Encapsulating Security Payload specification MUST implement this
DES-CBC transform.
This document assumes that the reader is familiar with the related
document "Security Architecture for the Internet Protocol"
[RFC-1825], which defines the overall security plan for IP, and
provides important background for this specification.
1.1. Keys
The secret DES key shared between the communicating parties is eight
octets in length. This key consists of a 56-bit quantity used by the
DES algorithm. The 56-bit key is stored as a 64-bit (eight octet)
quantity, with the least significant bit of each octet used as a
parity bit.
1.2. Initialization Vector
This mode of DES requires an Initialization Vector (IV) that is eight
octets in length.
Each datagram contains its own IV. Including the IV in each datagram
ensures that decryption of each received datagram can be performed,
even when other datagrams are dropped, or datagrams are re-ordered in
transit.
The method for selection of IV values is implementation dependent.
Notes:
A common acceptable technique is simply a counter, beginning with
a randomly chosen value. While this provides an easy method for
preventing repetition, and is sufficiently robust for practical
use, cryptanalysis may use the rare serendipitous occurrence when
a corresponding bit position in the first DES block increments in
exactly the same fashion.
Karn, Metzger & Simpson Standards Track