RFC 1423 (rfc1423) - Page 3 of 14
Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers
Alternative Format: Original Text Document
RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993
DES is defined in FIPS PUB 81 [3], and is equivalent to those
provided in ANSI X3.106 [4] and in ISO IS 8372 [5]. The character
string "DES-CBC" within an encapsulated PEM header field indicates
the use of this algorithm/mode combination.
The input to the DES CBC encryption process shall be padded to a
multiple of 8 octets, in the following manner. Let n be the length
in octets of the input. Pad the input by appending 8-(n mod 8)
octets to the end of the message, each having the value 8-(n mod 8),
the number of octets being added. In hexadecimal, the possible
paddings are: 01, 0202, 030303, 04040404, 0505050505, 060606060606,
07070707070707, and 0808080808080808. All input is padded with 1 to
8 octets to produce a multiple of 8 octets in length. The padding
can be removed unambiguously after decryption.
The DES CBC encryption process requires a 64-bit cryptographic key.
A new, pseudorandom key shall be generated for each ENCRYPTED PEM
message. Of the 64 bits, 56 are used directly by the DES CBC
process, and 8 are odd parity bits, with one parity bit occupying the
right-most bit of each octet. When symmetric key management is
employed, the setting and checking of odd parity bits is encouraged,
since these bits could detect an error in the decryption of a DES key
encrypted under a symmetric key management algorithm (e.g., DES ECB).
When asymmetric key management is employed, the setting of odd parity
bits is encouraged, but the checking of odd parity bits is
discouraged, in order to facilitate interoperability, and since an
error in the decryption of a DES key can be detected by other means
(e.g., an incorrect PKCS #1 encryption-block format). In all cases,
the encrypted form of a DES key shall carry all 64 bits of the key,
including the 8 parity bits, though those bits may have no meaning.
The DES CBC encryption process also requires a 64-bit Initialization
Vector (IV). A new, pseudorandom IV shall be generated for each
ENCRYPTED PEM message. Section 4.3.1 of [7] provides rationale for
this requirement, even given the fact that individual DES keys are
generated for individual messages. The IV is transmitted with the
message within an encapsulated PEM header field.
When this algorithm/mode combination is used for message text
encryption, the "DEK-Info:" header field carries exactly two
arguments. The first argument identifies the DES CBC algorithm/mode
using the character string defined above. The second argument
contains the IV, represented as a contiguous string of 16 ASCII
hexadecimal digits.
When symmetric key management is employed with this algorithm/mode
combination, a symmetrically encrypted DES key will be represented in
the third argument of a "Key-Info:" header field as a contiguous
Balenson