PKCS#5 Password-Based Cryptography

RFC8018 PKCS#5 Password-Based Cryptography Specification

KDF: key derivation functions

基于password, salt, iterationCount生成key

推荐用 derived_key = PBKDF2(password, salt, iterationCount, derived_key_len)

\[ \begin{align}\begin{aligned}T_l = F (P, S, c, l)\\F (P, S, c, i) = U_1 \xor U_2 \xor ... \xor U_c\\U_1 = PRF (P, S || INT (i)) , U_2 = PRF (P, U_1) , ... U_c = PRF (P, U_{c-1})\\DK = T_1 || T_2 || ... || T_l<0..r-1> l = CEIL (dkLen / hLen) #总共要算多少个block r = dkLen - (l - 1) * hLen #最后一个block取多长\end{aligned}\end{align} \]

其中,PRF是PseudoRandom Functions,例如HMAC-SHA-1,HMAC-SHA-2

ES: Encryption Scheme

推荐PBES2 Encryption Operation:

已有password,选择PBKDF2, salt, iterationCount, 生成一个derived_key

使用derived_key使用指定加密算法(例如AES-CBC-Pad, RC5-CBC-Pad)加密消息message,获得cipher

MAS: Message Authentication Schemes

推荐使用PBMAC1:

已有password,使用 PBKDF2 生成一个derived_key

使用derived_key 与消息message 作为输入,使用underlying message authentication scheme计算出一个消息验证码T。

MAS函数例如HMAC-SHA-1, HMAC-SHA-2

ASN.1 Syntax

PBKDF2-params ::= SEQUENCE {
       salt CHOICE {
           specified OCTET STRING,
           otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
       },
       iterationCount INTEGER (1..MAX),
       keyLength INTEGER (1..MAX) OPTIONAL,
       prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
       }

PBES2-params ::= SEQUENCE {
      keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
      encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} }

PBES2-KDFs ALGORITHM-IDENTIFIER ::=
      { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }

PBMAC1-params ::=  SEQUENCE {
      keyDerivationFunc AlgorithmIdentifier {{PBMAC1-KDFs}},
      messageAuthScheme AlgorithmIdentifier {{PBMAC1-MACs}} }