APPENDIX The key and initialization vector generator described here has not been analyzed either for its quality as a pseudorandom number generator or for its security. It is merely presented as an example which may be altered or replaced at a later date. X, key, and let EC B E[X] (Y) represents the DES encryption of Y under key, in the mode. Let FIK be the facility interchange V be a seed value. V may be initially set to any number. Let DT be the date-time word that is passed to the KNF from the host on each key or initialization vector generation command. A 64-bit vector, R is generated as fol and a new V is given by V =E[FIK] (R XOR I). data key is If the GIV If the GDK command made the call, then a created by resetting every eighth bit of R so that the modulo 2 sum of the bits of each 8-bit byte is odd. command made the call, R is used directly as the 64-bit tialization vector. ini REFERENCES 1. 2. 3. 4. 5. 6. 7. 8. Branstad, Dennis K., Encryption Protection in Computer Data Communications, IEEE Fourth Data Communications Symposium, 7-9 Oct. 1975. Data Encryption Standard, National Bureau of Standards (U.S.), Federal Information Processing Standards Publication (FIPS PUB) 46, National Technical Information Service, Springfield, VA (1977). Diffie, W. and Hellman, M., New Directions in Cryptography, IEEE Trans. Inform. Theory, vol. IT-22, Nov. 1976. Ehrsam, W. F., Matyas, S. M., Meyer, C. H. and Tuchman, W. L., A Cryptographic Key Management Scheme for Implementing the Data Encryption Standard, IBM Systems Journal, vol. 17 no. 2, 1978. Everton, J., A Hierarchical Basis for Encryption Key D., Using Needham, Roger M. and Schroeder, Michael S., Encryption Popek, Gerald J. and Kline, Charles Rivest, R., Shamir, A. and Adleman, L., A Method for Obtaining Digital Signatures and Public Key Cryp tosystems, Commun. ACM, Feb. 1978. 12. SPONSORING ORGANIZATION NAME AND COMPLETE ADDRESS (Street, City, State, ZIP) Same as number 9 10. Project/Task/Work Unit No. 11. Contract/Grant No. 13. Type of Report & Period Covered Final Sponsoring Agency Code 15. SUPPLEMENTARY NOTES Library of Congress Catalog Card Number: 79-600160 Document describes a computer program; SF-185, FIPS Software Summary, is attached. 16. ABSTRACT (A 200-word or less factual summary of most significant information. If document includes a significant bibliography or literature survey, mention it here.) A cryptographic, key notarization system is proposed for computer networks to protect personal (nonshared) files, to communicate securely both on and off-line with local and remote users, to protect against key substitution, to authenticate system users, to authenticate data, and to provide a digital signature capability using a nonpublic key encryption algorithm. The system is implemented by addition of key notarization facilities which give users the capability of exercising a set of commands for key management as well as for data encryption functions. Key notarization facilities perform notarization which, upon encryption, seals a key or password with the identities of the transmitter and intended receiver. 17. KEY WORDS (six to twelve entries; alphabetical order; capitalize only the first letter of the first key word unless a proper name; separated by semicolons) Cryptography; digital signatures; encryption; identifiers; key management; key notarization |