Triple-DES ciphering algorithms
A triple-DES (TDES) algorithm is used to encrypt keys, PIN blocks, and general data.
Several techniques are employed:
- TDES ECB
- DES keys, when triple encrypted under a double-length DES key, are ciphered using an e-d-e scheme without feedback.
- TDES CBC
- Encryption of general data, and RSA section type X'08' CRT-format private keys and OPK
keys, employs the scheme depicted in Figure 1 and Figure 2. This is often referred to as
outer CBC mode.
This CCA technique supports double-length DES keys for triple-DES data encryption using the Encipher and Decipher verbs. The triple-length asymmetric master key is used to CBC encrypt CRT-format OPK keys.
- EDEx / DEDx
- CCA employs EDEx processes
for encrypting several of the RSA private key formats (section types X'02', X'05', and X'06') and
the OPK key in section type X'06'. The EDEx processes make successive use of single-key DES
CBC processes. EDE2, EDE3, and EDE5 processes have been defined, based on the number of keys and
initialization vectors used in the process. See Figure 3 and
Figure 4. K1, K2, and K3 are true keys while
K4
andK5
are initialization vectors. See Figure 3 and Figure 4.