encr3des(7M)
NAME
encr3des - Triple-DES-CBC Encryption Algorithm Module for
IPSec
SYNOPSIS
strmod/encr3des
DESCRIPTION
This module implements triple-DES, which is the application
of the United States Data Encryption Standard (DES) three
times with three different keys for IPSec. The triple
application of DES, given K1, K2, and K3, happens on a per-
block basis as follows:
Encryption:
Encrypt w/K1, Decrypt w/K2, Encrypt w/K3
Decryption:
Decrypt w/K3, Encrypt w/K2, Decrypt w/K1
Triple-DES roughly doubles the effective key strength of
DES. For further discussions on Triple-DES, see Applied
Cryptography: Protocols, Algorithms, and Source Code in C by
Bruce Schneier.
The encr3des module uses cipher-block chaining ("CBC"), as
per RFC 2451 and has the following properties:
Key Size
192 bits. The single 192-bit key consists of
three DES keys concatenated together in the
outbound-encryption order. See encrdes(7M). The
encr3des module supports weak-key checking and
parity-fixing to aid pf_key(7P).
Block Size
64 bit.
ATTRIBUTES
See attributes(5)
for descriptions of the following attributes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcsr (32-bit) |
|_____________________________|_____________________________|
| | SUNWcarx.u (64-bit) |
|_____________________________|_____________________________|
| Interface Stability | Evolving |
|_____________________________|_____________________________|
SEE ALSO
ipseckey(1M), attributes(5), encrdes(7M), ipsec(7P),
ipsecesp(7P), pf_key(7P)
NIST, FIPS PUB 46-2: Data Encryption Standard, December,
1993.
Pereira, R. and Adams, R., RFC 2451, The ESP CBC-Mode Cipher
Algorithms, The Internet Society, 1998.
Schneier, B., Applied Cryptography: Protocols, Algorithms,
and Source Code in C. Second ed. New York, New York: John
Wiley & Sons, 1996.
Man(1) output converted with
man2html