RFC 3217 (rfc3217) - Page 1 of 9
Triple-DES and RC2 Key Wrapping
Alternative Format: Original Text Document
Network Working Group R. Housley
Request for Comments: 3217 RSA Laboratories
Category: Informational December 2001
Triple-DES and RC2 Key Wrapping
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved.
Abstract
This document specifies the algorithm for wrapping one Triple-DES key
with another Triple-DES key and the algorithm for wrapping one RC2
key with another RC2 key. These key wrap algorithms were originally
published in section 12.6 of RFC 2630. They are republished since
these key wrap algorithms have been found to be useful in contexts
beyond those supported by RFC 2630.
1 Introduction
Management of symmetric cryptographic keys often leads to situations
where one symmetric key is used to encrypt (or wrap) another. Key
wrap algorithms are commonly used in two situations. First, key
agreement algorithms (such as Diffie-Hellman [DH-X9.42]) generate a
pairwise key-encryption key, and a key wrap algorithm is used to
encrypt the content-encryption key or a multicast key with the
pairwise key-encryption key. Second, a key wrap algorithm is used to
encrypt the content-encryption key, multicast key, or session key in
a locally generated storage key-encryption key or a key-encryption
key that was distributed out-of-band.
This document specifies the algorithm for wrapping one Triple-DES key
with another Triple-DES key [3DES], and it specifies the algorithm
for wrapping one RC2 key with another RC2 key [RC2]. Encryption of a
Triple-DES key with another Triple-DES key uses the algorithm
specified in section 3. Encryption of a RC2 key with another RC2 key
uses the algorithm specified in section 4. Both of these algorithms
rely on the key checksum algorithm specified in section 2. Triple-
DES and RC2 content-encryption keys are encrypted in Cipher Block
Chaining (CBC) mode [MODES].
Housley Informational