This command is used to generate new keys. The identifier of the user invoking the command, user i in the example, is always the leftmost value in the concatenation of the sending and receiving identifiers. If the two identifiers are equal, then the key is personal and cannot be shared. This command may not be executed unless the user is active. Otherwise an error message is returned. This command is not used in the normal functioning of the system. It need only be used for communication with someone outside of the system who doesn't have the same key generation and encryption capability or for generating cipher encrypted under a particular key. Since this command violates the security criterion that no clear key be permitted outside of the KNF, it recommended that only the security officer be allowed to execute it. It may be best not to implement this command at all. This command loads a data key, either shared or personal, into the user's active state in the KNF. The key is stored at the transmit key address if kft, and at the receive key address if kf = r. If user i executed the command, then kf s if and only if sp = i. Otherwise an error message will be returned. = When kf s and sp = i the data key will be loaded into both the transmit and receive locations. The user must be active before this command can be executed. = This command is used to generate new initialization vectors. The KNF key generator generates 64 bits, (56 random and 8 parity), and then encrypts them under the data key which must be previously loaded at the transmit address in active user memory. The encrypted IV IV is returned to the user. The data key may be either personal or shared. is If kft then the data key at the transmit address used to decrypt the encrypted IV. The IV is then stored at the transmit IV address. If kfr then the data key at the receive address is used to decrypt the encrypted IV, and the IV is stored at the receive IV address. When kf = S, transmit data key is used to decrypt and the IV is placed in both the transmit and receive IV locations. the one can always This command is not necessary because use the GIV command to obtain IV's. However, it may be used with the EDK command for communications outside of the system. Since, in the KNS, no unencrypted IV's are to be known by users, it is recommended that this command be restricted solely to the security officer or omitted completely. The IV is encrypted under the DK previously loaded at the transmit key address. RDK: in = = {kf, in, sp, ok, rk} t if data key is for transmitted data r if data key is for received data s if data key is for personal data sp = identifier of shared party ok = old encrypted data key rk ex. = returned reencrypted data key (user j reencrypting a key sent to him by user i) kf = r This command is used when interchange keys are changed. It reencrypts data keys under the new interchange key So that the data protected by the key does not have to be reencryptThe user must be active. Also, kf = s if and only ed. sp if These commands are not required in the normal operation of the system. They are provided to accommodate future modes of DES encryption which, as yet, have not been considered or approved. EC BE encrypts eight bytes of plain text at pt and stores the result in ct. ECBD decrypts eight bytes of cipher at ct and stores the result at pt. Encryption uses the transmit DK while decryption uses the receive DK. A data key must be previously loaded into the appropriate active state. authentication mode to calculate an eight-byte authentication value on nb bytes of data at da. If kf = tor s then the data key and IV which have been previously loaded into transmit active storage will be used. If kf = r the key and IV in receive key active storage will be used. The value of md indicates which DES encryption modes are desired. 9.15 CIPHER BLOCK CHAINING (CBCE AND CBCD) are at pt For encryption, CBCE, nb bytes of data starting encrypted in the CBC mode and the cipher is returned starting at ct. For decryption, nb bytes of data at ct are decrypted and returned to pt. If nb is not a multiple of eight, then the CBC mode is used until b < 8 bytes remain. The final b bytes are encrypted by exclusive or ́ing them with the first b bytes of the next DES output block. DK and IV must be in the active user memory otherwise an error message is returned. Encryption uses the transmit IV and DK while decryption uses the receive IV and DK. As described for the CBC commands, nb bytes are either encrypted or decrypted. Encryption uses the transmit IV and DK while decryption uses the receive values. If the required IV and DK values have not been loaded an error sage will be returned. mes 10. DIGITAL SIGNATURES 10.1 RATIONALE Recall that digital signatures are possible with public key algorithms because one cannot decrypt another person ́s data even though anyone with the public key can encrypt data intended for that person. This is because the decrypt key is not shared. terchange keys Since the KNF combines identifiers with in and |