RFC 3217 (rfc3217) - Page 2 of 9
Triple-DES and RC2 Key Wrapping
Alternative Format: Original Text Document
RFC 3217 Triple-DES and RC2 Key Wrapping December 2001
In this document, the key words MUST, MUST NOT, REQUIRED, SHOULD,
SHOULD NOT, RECOMMENDED, and MAY are to be interpreted as described
by Scott Bradner in [STDWORDS].
2 Key Checksum
The key checksum algorithm is used to provide a key integrity check
value. The algorithm is:
1. Compute a 20 octet SHA-1 [SHA1] message digest on the key that is
to be wrapped.
2. Use the most significant (first) eight octets of the message
digest value as the checksum value.
3 Triple-DES Key Wrapping and Unwrapping
This section specifies the algorithms for wrapping and unwrapping one
Triple-DES key with another Triple-DES key [3DES].
The same key wrap algorithm is used for both Two-key Triple-DES and
Three-key Triple-DES keys. When a Two-key Triple-DES key is to be
wrapped, a third DES key with the same value as the first DES key is
created. Thus, all wrapped Triple-DES keys include three DES keys.
However, a Two-key Triple-DES key MUST NOT be used to wrap a Three-
key Triple-DES key that is comprised of three unique DES keys.
3.1 Triple-DES Key Wrap
The Triple-DES key wrap algorithm encrypts a Triple-DES key with a
Triple-DES key-encryption key. The Triple-DES key wrap algorithm is:
1. Set odd parity for each of the DES key octets comprising the
Three-Key Triple-DES key that is to be wrapped, call the result
CEK.
2. Compute an 8 octet key checksum value on CEK as described above in
Section 2, call the result ICV.
3. Let CEKICV = CEK || ICV.
4. Generate 8 octets at random, call the result IV.
5. Encrypt CEKICV in CBC mode using the key-encryption key. Use the
random value generated in the previous step as the initialization
vector (IV). Call the ciphertext TEMP1.
6. Let TEMP2 = IV || TEMP1.
7. Reverse the order of the octets in TEMP2. That is, the most
significant (first) octet is swapped with the least significant
(last) octet, and so on. Call the result TEMP3.
8. Encrypt TEMP3 in CBC mode using the key-encryption key. Use an
initialization vector (IV) of 0x4adda22c79e82105. The ciphertext
is 40 octets long.
Housley Informational