RFC8018 PKCS#5 Password-Based Cryptography Specification
- KDF: key derivation functions
- ES: Encryption Scheme
- MAS: Message Authentication Schemes
- ASN.1 Syntax
KDF: key derivation functions
基于password, salt, iterationCount生成key
推荐用 derived_key = PBKDF2(password, salt, iterationCount, derived_key_len)
T_l = F (P, S, c, l)
F (P, S, c, i) = U_1 \xor U_2 \xor ... \xor U_c
U_1 = PRF (P, S || INT (i)) ,
U_2 = PRF (P, U_1) ,
...
U_c = PRF (P, U_{c-1})
DK = T_1 || T_2 || ... || T_l<0..r-1>
l = CEIL (dkLen / hLen) #总共要算多少个block
r = dkLen - (l - 1) * hLen #最后一个block取多长
其中,PRF是PseudoRandom Functions,例如HMAC-SHA-1,HMAC-SHA-2
ES: Encryption Scheme
推荐PBES2 Encryption Operation:
已有password,选择PBKDF2, salt, iterationCount, 生成一个derived_key
使用derived_key使用指定加密算法(例如AES-CBC-Pad, RC5-CBC-Pad)加密消息message,获得cipher
MAS: Message Authentication Schemes
推荐使用PBMAC1:
已有password,使用 PBKDF2 生成一个derived_key
使用derived_key 与消息message 作为输入,使用underlying message authentication scheme计算出一个消息验证码T。
MAS函数例如HMAC-SHA-1, HMAC-SHA-2
ASN.1 Syntax
PBKDF2-params ::= SEQUENCE {
salt CHOICE {
specified OCTET STRING,
otherSource AlgorithmIdentifier
},
iterationCount INTEGER (1..MAX),
keyLength INTEGER (1..MAX) OPTIONAL,
prf AlgorithmIdentifier DEFAULT algid-hmacWithSHA1
}
PBES2-params ::= SEQUENCE {
keyDerivationFunc AlgorithmIdentifier ,
encryptionScheme AlgorithmIdentifier }
PBES2-KDFs ALGORITHM-IDENTIFIER ::=
{ {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }
PBMAC1-params ::= SEQUENCE {
keyDerivationFunc AlgorithmIdentifier ,
messageAuthScheme AlgorithmIdentifier }
