| ||encr3des - Triple-DES-CBC Encryption
Algorithm Module for IPSec
This module implements triple-DES, which is the application
of the United States Data Encryption Standard (DES)
three times with three different keys for IPSec. The triple application of DES, given K1, K2, and K3, happens on a per-block basis as follows:
- Encrypt w/K1, Decrypt
w/K2, Encrypt w/K3
- Decrypt w/K3, Encrypt
w/K2, Decrypt w/K1
Triple-DES roughly doubles the effective key strength
of DES. For further discussions on Triple-DES, see Applied Cryptography: Protocols, Algorithms, and
Source Code in C by Bruce Schneier.
The encr3des module uses cipher-block chaining ("CBC"), as per RFC 2451 and has the
- Key Size
- 192 bits. The single 192-bit
key consists of three DES keys concatenated together in
the outbound-encryption order. See encrdes(7M).
The encr3des module supports weak-key checking and parity-fixing
to aid pf_key(7P).
- Block Size
- 64 bit.
for descriptions of the following attributes:
|ATTRIBUTE TYPE||ATTRIBUTE VALUE
| ||SUNWcarx.u (64-bit)
ipseckey(1M), attributes(5), encrdes(7M), ipsec(7P), ipsecesp(7P), pf_key(7P)
NIST, FIPS PUB 46-2: Data Encryption Standard,
Pereira, R. and Adams, R., RFC 2451, The ESP CBC-Mode Cipher
Algorithms, The Internet Society, 1998.
Schneier, B., Applied Cryptography: Protocols, Algorithms,
and Source Code in C. Second ed. New York, New York: John Wiley
& Sons, 1996.