RSA Security Projection Television 5.2.2 Instrukcja Użytkownika Strona 183
- Strona / 376
- Spis treści
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
Chapter 5 Non-Cryptographic Operations 161
Hash-Based Message Authentication Code
Hash-Based Message Authentication
Code (HMAC)
A hash-based message authentication code (HMAC) combines a secret key with a
message digest to create a message authentication code. See “Hash-Based Message
Authentication Codes (HMAC)” on page 49 for a description of the algorithm.
Crypto-C provides an HMAC implementation based on SHA1. Recall that SHA1
produces a 20-byte digest and takes input in 64-byte blocks.
The example in this section corresponds to the file
hmac.c.
Step 1: Creating an Algorithm Object
Declare a variable of type B_ALGORITHM_OBJ. As defined in the function prototype in
Chapter 4 of the Reference Manual, its address is the argument for
B_CreateAlgorithmObject:
Step 2: Setting the Algorithm Object
There is only one AI for hash-based message authentication codes, AI_HMAC. The
Reference Manual Chapter 2 entry for
AI_HMAC states that the format of
info
supplied to
B_SetAlgorithmInfo is a pointer to a B_DIGEST_SPECIFIER structure:
The only choice for
digestInfoType
in Crypto-C is AI_SHA1. In the case of AI_SHA1,
digestInfoParams
should be set to NULL_PTR:
B_ALGORITHM_OBJ HMACDigester = (B_ALGORITHM_OBJ)NULL_PTR;
if ((status = B_CreateAlgorithmObject (&HMACDigester)) != 0)
break;
typedef struct {
B_INFO_TYPE digestInfoType;
POINTER digestInfoParams;
} B_DIGEST_SPECIFIER;
- Crypto-C 1
- First printing: May 2001 2
- Contents 3
- Quick Start 7 4
- Cryptography 35 4
- Using Crypto-C 101 6
- Symmetric-Key Operations 177 8
- Public-Key Operations 213 8
- Secret Sharing Operations 305 9
- Command-Line Demos 327 10
- Glossary 339 10
- Index 349 10
- List of Figures 11
- List of Tables 13
- What’s New in Version 5.2.2? 16
- Organization of This Manual 17
- Terms and Abbreviations 19
- Related Documents 20
- How to Contact RSA Security 22
- Introduction 23
- The Crypto-C Toolkit 24
- Hardware Support 25
- PKCS Standards and Crypto-C 26
- NIST Standards and Crypto-C 26
- PKCS Compared with NIST 27
- Quick Start 29
- The Six-Step Sequence 30
- Introductory Example 31
- Chapter 2 Quick Start 11 33
- Chapter 2 Quick Start 13 35
- Chapter 2 Quick Start 15 37
- Chapter 2 Quick Start 17 39
- Chapter 2 Quick Start 21 43
- Putting It All Together 44
- Chapter 2 Quick Start 25 47
- Multiple Updates 51
- Chapter 2 Quick Start 31 53
- Summary of the Six Steps 54
- Cryptography 57
- Cryptography Overview 58
- Ciphers in Crypto-C 59
- Triple DES 60
- • word size 61
- • rounds 61
- • key size (in bytes) 61
- Modes of Operation 63
- Cipher Feedback (CFB) Mode 65
- Output Feedback (OFB) Mode 67
- Public-Key Cryptography 72
- Modular Math 74
- Prime Numbers 74
- MultiPrime Numbers 74
- Security 76
- Digital Envelopes 77
- Figure 3-10 Digital Envelope 78
- Chapter 3 Cryptography 57 79
- • A message 80
- Chapter 3 Cryptography 59 81
- Digital Certificates 83
- The Algorithm 84
- Parameter Generation 85
- Elliptic Curve Cryptography 87
- Elliptic Curve Parameters 88
- Odd Prime Fields 89
- Fields of Even Characteristic 89
- The Point P and its Order 91
- The Order of a Point 92
- A Point of Prime Order 92
- The Cofactor 93
- ECDSA Signature Scheme 95
- Verifying a Signature 96
- 98
- 98
- The Math 101
- Secret Sharing 102
- Working with Keys 103
- Key Management 104
- Key Escrow 104
- Applications of Cryptography 105
- Point-to-Point Applications 106
- Client/Server Applications 107
- Peer-to-Peer Applications 108
- Choosing Algorithms 109
- Secret Sharing and Key Escrow 111
- Elliptic Curve Algorithms 111
- Interoperability 112
- Security Considerations 113
- Temporary Buffers 114
- Choosing Passwords 115
- DES Weak Keys 116
- Stream Ciphers 117
- Timing Attacks and Blinding 117
- · s mod n 118
- Choosing Key Sizes 119
- RSA Keys 120
- RC2 Effective Key Bits 121
- RC4 Key Bits 121
- RC5 Key Bits and Rounds 121
- Triple DES Keys 121
- Elliptic Curve Keys 122
- Using Crypto-C 123
- Basic Algorithm Info Types 124
- Summary of AIs 125
- Table 4-3 ASCII Encoding 126
- Algorithms in Crypto-C 127
- Symmetric Block Ciphers 127
- Symmetric Stream Ciphers 127
- RSA Public-Key Cryptography 129
- DSA Public-Key Cryptography 131
- Diffie-Hellman Key Agreement 132
- Bloom-Shamir Secret Sharing 133
- Hardware Interface 133
- Keys In Crypto-C 135
- RSA Public and Private Keys 136
- DSA Public and Private Keys 136
- Block Cipher Keys 136
- Token Keys 137
- Algorithm Choosers 138
- An RSA Algorithm Chooser 139
- The Surrender Context 140
- A Sample Surrender Function 141
- Saving State 142
- When to Allocate Memory 143
- Memory-Management Routines 144
- BER/DER Encoding 145
- Chapter 4 Using Crypto-C 125 147
- Input and Output 148
- The RSA Algorithm 149
- General Considerations 150
- Key Size 151
- Private Key Size 152
- • Total: 484 bytes 153
- Using Cryptographic Hardware 154
- B_CreateSessionchooser is 155
- PKCS #11 Support 156
- Chapter 4 Using Crypto-C 135 157
- Chapter 4 Using Crypto-C 137 159
- Chapter 4 Using Crypto-C 139 161
- Chapter 4 Using Crypto-C 141 163
- Advanced PKCS #11 169
- Hardware Issues 170
- Chapter 4 Using Crypto-C 149 171
- Non-Cryptographic Operations 173
- Message Digests 174
- Step 3: Init 175
- Step 4: Update 175
- Step 5: Final 176
- BER-Encoding the Digest 177
- Saved State 178
- B_SetAlgorithmInfo call 180
- Code (HMAC) 183
- Step 6: Destroy 186
- Generating Random Numbers 187
- Step 5: Generate 191
- Step 1: Create 192
- Step 2: Set 192
- Steps 4, 5, 6 193
- Encoding Binary Data To ASCII 194
- Decoding ASCII-Encoded Data 196
- Symmetric-Key Operations 199
- Block Ciphers 200
- Cipher KIs 203
- Decrypting 205
- The RC2 Cipher 206
- The RC5 Cipher 212
- The RC6 Cipher 218
- The AES Cipher 223
- Step 3b: Setting the Key Data 225
- Password-Based Encryption 228
- Public-Key Operations 235
- Performing RSA Operations 236
- MultiPrime 240
- How Many Primes? 241
- Structure 244
- Crypto-C Format 246
- RSA Public-Key Encryption 248
- RSA Private-Key Decryption 251
- RSA Digital Signatures 255
- Verifying a Digital Signature 258
- Performing DSA Operations 261
- Generating a DSA Key Pair 264
- DSA Signatures 265
- Computing a Digital Signature 266
- BER Format 276
- Step 4: Phase 1 279
- Step 5: Phase 2 280
- Saving the Object State 281
- The following procedure 288
- Step 3: Initialize 292
- Step 5: Phase 2 306
- Generating EC Parameters 307
- Generating an EC Key Pair 307
- Step 3: Init 312
- Using ECAES 319
- Using an EC Key Pair 320
- ECAES Public-Key Encryption 320
- ECAES Private-Key Decryption 324
- Step 4: Update 324
- Secret Sharing Operations 327
- Reconstructing the Secret 331
- Putting It All Together: 335
- An X9.31 Example 335
- The X9.31 Sample Program 336
- Generating Random Bytes 337
- Providing the Seed 339
- Generating a Key Pair 340
- Verifying the Signature 345
- Surrendering Control 347
- Printing the Buffer Contents 348
- Command-Line Demos 349
- Starting BDEMO 350
- Specifying User Keys 351
- Using BDEMO 351
- Create a File Envelope 352
- Verify a Signed File 352
- Open a File Envelope 352
- Generate a Key Pair 353
- BDEMODSA 354
- Sign a File 355
- Running BDEMOEC 356
- Using BDEMOEC 356
- File Reference 357
- Glossary 361
© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.169 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji