Supported Cryptographic Operations
The operations supported are as follows:
Security Provided | Algorithm | Functions Supported |
---|---|---|
Data Privacy and Confidentiality (Symmetric) | AES AES/GCM DESede FPE/AES/CARD10 FPE/AES/CARD26 | Encrypt/Decrypt |
Data Privacy and Confidentiality (Asymmetric) | RSA | Encrypt/Decrypt |
Data Integrity | HmacSHA1, HmacSHA256, HmacSHA384, HmacSHA512 | MAC/MAC Verify |
Data Signatures | SHA1withRSA SHA256withRSA SHA384withRSA SHA512withRSA SHA1withRSA/PSSPadding SHA256withRSA/PSSPadding SHA384withRSA/PSSPadding SHA512withRSA/PSSPadding | Sign/Sign Verify |
Note
SHA-1 must not be used to hash a message for signature purpose.
To encrypt or decrypt with a block algorithm, divide the plaintext value into full blocks of a specific size. (For AES, the block size is sixteen (16) bytes; for DESede, the block size is eight (8) bytes).
If the plaintext length is not a multiple of the algorithm’s block size, padding is used to fill the remainder of the last block.
If the length of the plaintext value is a multiple of the block size, padding is used to fill an additional trailing block. This additional block is used to indicate that padding is not present in the preceding blocks.
Whichever algorithm is used to encrypt data, the ciphertext is larger than the original plaintext value. The following table illustrates how this is true for the AES algorithm.
Plaintext Size (in bytes) | Ciphertext Size (in bytes) |
---|---|
15 | 16 |
16 | 32 |
17 | 32 |
127 | 128 |
128 | 144 |
As mentioned, DESede uses a block size of eight bytes. The following table illustrates how padding affects the length of ciphertexts from DESede algorithm.
Plaintext Size (in bytes) | Ciphertext Size (in bytes) |
---|---|
7 | 8 |
8 | 16 |
9 | 19 |
95 | 96 |
96 | 104 |
Asymmetric algorithms, such as RSA, can be up to an order of magnitude slower than symmetric algorithms.
When using RSA keys to encrypt data, the ciphertext is always the size of the key; if your RSA key is 2048 bits (or 256 bytes), then the ciphertext is also 256 bytes. For example, if you use a 2048-bit RSA key, the maximum data size that you can encrypt with that key is 245 bytes.
The speed and size issues make public key cryptography impractical for encrypting data. Therefore, it is recommended that you use symmetric key algorithms to encrypt your data.
Modes of Operation
If you are using a block cipher (AES or DESede), decide whether you want to use the algorithm in electronic codebook (ECB) mode, or cipher-block chaining (CBC) mode.
In ECB mode, each block is encrypted separately, through the same procedure. Thus, two identical plaintext blocks encrypt to the same ciphertext and any data patterns in the plaintext can be detected in the encrypted data.
In CBC mode, the first block is XORed with an initialization vector before being encrypted. All subsequent plaintext blocks are XORed with the previous ciphertext block before being encrypted. This dependency makes it more difficult for an attacker to swap blocks, because blocks must be decrypted in the same order in which they were encrypted to produce the original plaintext.
When the same key and different IVs are used, identical plaintexts are guaranteed to have different ciphertexts.
It is recommended that you use CBC mode, unless you have a compelling reason to use ECB mode.
Initialization Vectors
An initialization vector (IV) is a sequence of random bytes appended to the front of the plaintext before encryption. Use of a unique IV eliminates the possibility that the initial ciphertext block is the same for any two encryption operations of the same plaintext that use the same key. In the CipherTrust Manager environment, IVs are only used by block ciphers in CBC mode. The size of the IV depends on the algorithm; AES uses a sixteen byte IV. FPE uses an IV depending on cardinality and it’s block size. For example, FPE will have a 56 bytes IV having a cardinality 10 when data size is > 56 bytes. DESede uses an eight byte IV. The CipherTrust Manager can generate random IVs, or user can supply own IV.
Make sure that IV is sufficiently complex, and if supplying own IV for anything other than data migration, it is crucial to remember the IV supplied.
To ensure a unique ciphertext during data migration, it is required to apply IVs at the field–level and not the column–level.
In general, it is recommended to use symmetric (AES, FPE, or DESede) block ciphers to encrypt data in the CipherTrust Manager environment. Out of the symmetric block ciphers, it is further recommended to use AES because it performs better and is considered to be more secure than others. To preserve the formatting of data, use FPE algorithm.
It is recommended not to use TDES algorithm as they are known to be weak algorithms and are supported only for backward compatibility.
Note
• The algorithms AES and DESede support default IV.
• IV must not be re-used.
Supported Algorithms
The CipherTrust Manager supports the following algorithms:
Public Algorithms
AES
AES/GCM
DESede
HMAC-SHA
HMAC-SHA1
HMAC-SHA256
HMAC-SHA1384
HMAC-SHA512
RSA
Proprietary Algorithm
FPE/AES
Note
It is recommended to use CBC/GCM encryption over ECB encryption.
AES
Attribute | Description |
---|---|
Block Size | 16 bytes |
Supported Modes | ECB (default) CBC |
Padding Schemes | PKCS7Padding None (No Padding): When using AES in No Padding mode, ciphertext in multiples of 16 bytes must be supplied. |
IV | CBC mode requires a 16 byte IV. IV is not allowed in ECB mode. |
Key Size (in bits) | 128 (default) 192 256 |
Additional Notes | When using AES keys with No Padding, you must supply data (both ciphertext for decryption and plaintext for encryption) in multiples of 16 bytes. |
AES/GCM
Attribute | Description |
---|---|
Block Size | 16 bytes |
Supported Modes | GCM |
Padding Schemes | None (No Padding) |
IV (nonce) | 12 bytes |
Key Size (in bits) | 128 192 256 |
AAD | [Optional] This is the data that will be passed to the recipient in plaintext, but need to be "authenticated" to avoid being tampered. |
TagLen | The tag will ensure the data is not accidentally altered or maliciously tampered with during transmission or storage. The TagLen supported by this instance: 12, 13, 14, 15, or 16 bytes (96, 104, 112, 120, or 128 bits) |
DESede
Attribute | Description |
---|---|
Block Size | 8 bytes |
Supported Modes | ECB (default) CBC |
Padding Schemes | PKCS7Padding (default) None (No Padding) |
IV | CBC mode requires an 8 byte IV. IV is not allowed in ECB mode. |
Key Size | Supported key sizes are 168 (default) and 112 bits. Each key contains an extra 8 bits of parity. Thus, when you create a key of 112 bits, the actual key size is 128 bits; when you create a key of 168 bits, the actual key size is 192 bits. A key size of 112 bits refers to two–key triple DES. The sequence of operations in two– key triple DES is: • Encrypt with Key1 • Decrypt with Key2 • Encrypt with Key1 A key size of 168 bits refers to three–key triple DES. The sequence of operations in three–key triple DES is: • Encrypt with Key1 • Decrypt with Key2 • Encrypt with Key3 |
Additional Notes | When using DESede keys with No Padding, you must supply data (both ciphertext for decryption and plaintext for encryption) in multiples of 8 bytes. |
HMAC-SHA
Attribute | Description |
---|---|
Supported Hash Function | SHA-1, SHA-256, SHA-384, SHA-512 |
Padding Schemes | Uses padding from SHA-1 algorithm. No additional padding. |
IV | No IV is required. |
Key Size | Keys can be between 128 and 256 bits. It is recommended that the key size be at least 160 bits, and sets the default at 160. The HMAC keys you generate should be a multiple of 8 bytes. On some platforms, HMAC keys that are not a multiple of 8 bytes might yield incorrect results when generating MACs. |
Additional Notes | HMAC is a stream cipher. HMAC keys are bitstreams of multiples of 8 bits. |
RSA
Attribute | Description |
---|---|
Padding Schemes | For encryption: • Pkcs1(default) • OaepSHA1 • OaepSHA256 • OaepSHA384 • OaepSHA512 For signatures: • Pkcs1(default) • Pss |
IV | No IV is required. |
Key Size | 512, 1024, 2048, 3072, 4096 |
FPE/AES
Attribute | Description |
---|---|
Block Size | MAXb For CARD10 MAXb = 56 bytes, for CARD26 MAXb = 40 bytes |
Cardinality | CARD10 (both local and remote mode) CARD26 (local mode only) |
IV | FPE accepts a HEX encoded MAXb integer. If the length of data exceeds MAXb value then IV must be provided. FPE breaks long data into MAXb integer blocks and uses block chaining algorithm similar to CBC mode to perform encryption. • A 56 bytes IV in hex encoded form having a cardinality 10 when data size is >56 bytes • A 40 bytes IV in hex encoded form having a cardinality 26 when data size is >40 bytes Note: The value of each hex encoded byte in the IV value will be in the range 00 to (cardinality-1) . For example, when CARD26 is used, the maximum value will be 0x19 (hex encode of 26-1=25).In the following IV for CARD26: 120D0B02001104080B0B06050E1203090E0A12020D070F0605031202031100030F0B100E1101100B The hex 0A lies in the range 00 to cardinality-1 that is, 00 to 19. |
Key Size (in bits) | 128 192 256 |
Identifier Strings | FPE/AES/CARD10 FPE/AES/CARD26 |
Tweak Algorithm | Used to let caller specify a hashing algorithm to be applied to specified tweak data beforehand. Valid values: • NONE • SHA1 • SHA256 |
Tweak Data | Tweak data is optional but highly recommended. It uses the tweakable cipher concept to protect against statistical attacks due to potentially small input/output space. It accepts ASCII strings of maximum 256 characters. If tweak data algorithm is NONE or absent:For AES, the value must be HEX encoded string representing 64 bit long (hence, HEX encoding will consume 16 characters). If tweak data algorithm represents a valid argument then the tweak data need not be hex encoded string but any ASCII string. |
Additional Notes | • The FPE/AES/CARD10 and FPE/AES/CARD26 algorithms are only applicable for non-versioned keys. • Default Tweak Algorithm will be NONE, if Null value is provided. For details on FPE, refer to Format Preserving Encryption. |