
STREAMS Modules  encr3des(7M) 
 encr3des  TripleDESCBC Encryption
Algorithm Module for IPSec 
SYNOPSIS

This module implements tripleDES, which is the application
of the United States Data Encryption Standard (DES)
three times with three different keys for IPSec. The triple application of DES, given K1, K2, and K3, happens on a perblock basis as follows:
 Encryption:
 Encrypt w/K1, Decrypt
w/K2, Encrypt w/K3
 Decryption:
 Decrypt w/K3, Encrypt
w/K2, Decrypt w/K1
TripleDES roughly doubles the effective key strength
of DES. For further discussions on TripleDES, see Applied Cryptography: Protocols, Algorithms, and
Source Code in C by Bruce Schneier.
The encr3des module uses cipherblock chaining ("CBC"), as per RFC 2451 and has the
following properties:
 Key Size
 192 bits. The single 192bit
key consists of three DES keys concatenated together in
the outboundencryption order. See encrdes(7M).
The encr3des module supports weakkey checking and parityfixing
to aid pf_key(7P).
 Block Size
 64 bit.


See attributes(5)
for descriptions of the following attributes:
ATTRIBUTE TYPE  ATTRIBUTE VALUE 
Availability  SUNWcsr (32bit) 
 SUNWcarx.u (64bit) 
Interface Stability  Evolving 


ipseckey(1M), attributes(5), encrdes(7M), ipsec(7P), ipsecesp(7P), pf_key(7P)
NIST, FIPS PUB 462: Data Encryption Standard,
December, 1993.
Pereira, R. and Adams, R., RFC 2451, The ESP CBCMode Cipher
Algorithms, The Internet Society, 1998.
Schneier, B., Applied Cryptography: Protocols, Algorithms,
and Source Code in C. Second ed. New York, New York: John Wiley
& Sons, 1996.

 