IBM 10 SP1 EAL4 Server User Manual


 
Blowfish: Blowfish is a block cipher that operates on 64-bit blocks of data. It supports variable key
sizes, but generally uses 128-bit keys.
Data Encryption Standard (DES): DES is a symmetric key cryptosystem derived from the Lucifer
algorithm developed at IBM. DES describes the Data Encryption Algorithm (DEA). DEA operates
on a 64-bit block size and uses a 56-bit key.
TDES (3DES): TDES, or Triple DES, encrypts a message three times using DES. This encryption
can be accomplished in several ways. For example, using two keys, the message can be encrypted
with key 1, decrypted with key 2, and encrypted again with key 1. With three keys, the message can
be encrypted 3 times with each encryption using a different key.
International Data Encryption Algorithm (IDEA): The IDEA cipher is secret key block encryption
algorithm developed by James Massey and Xuejia Lai. IDEA operates on 64-bit plain text blocks and
uses a 128-bit key.
RC4: RC4, proprietary of RSA Security Inc., is a stream cipher with a variable key length. A typical
key length of 128-bit is used for strong encryption.
RC5: RC5 is a cryptographic algorithm invented by Ronald Rivest of RSA Security Inc. RC5 is a
block cipher of variable block length and encrypts through integer addition, the application of a bit-
wise eXclusive OR, and variable rotations. The key size and number of rounds are also variable.
Advanced encryption standard (AES): AES is a cryptographic algorithm created by researchers Joan
Daemen and Vincent Rijmen. AES is an iterative, symmetric-key block cipher that can use keys of
128, 192, and 256 bits, and encrypts and decrypts data in blocks of 128 bits (16 bytes).
5.12.1.4.1 Asymmetric ciphers
OpenSSL on the TOE supports the following asymmetric key encryption algorithms. For a detailed
description of each of these algorithms, refer to their man pages.
Digital Signature Algorithm (DSA): DSA is based on a modification to the El Gamal digital
signature methodology, which is based on discrete logarithms. DSA conforms to US Federal
Information Processing Standard FIPS 186, and ANSI X9.30.
Diffie-Hellman: The Diffie-Hellman Key Exchange is a method for exchanging secret keys over a
non-secure medium, without exposing the keys.
RSA: RSA, derived from the last names of its inventors, Rivest, Shamir, and Addleman, is a public
key crypto system, which is based on the difficulty of factoring a number that is the product of two
large prime numbers.
5.12.1.4.2 Certificates
OpenSSL on the TOE supports the X.509 certificate format. For a detailed description of this format, refer to
its manual page.
The X.509 certificate is a structured grouping of information. X.509 contains subject information, the public
key of the subject, the name of the issuer, and the active key lifetime. An X.509 certificate is digitally signed
by the certificate authority.
5.12.1.4.3 Hash functions
OpenSSL on the TOE supports the following hash functions to generate message authentication codes. For a
detailed description of each of these functions, refer to their manual pages.
189