AIR FORCE FIPS-PUB-46-2-1993 DATA ENCRYPTION STANDARD (DES)《数据加密术标准》.pdf

1、 U.S. DEPARTMENT OF COMMERCE Technology Administration National Institute of Standards and Technology FIPS PUB 4612 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION (Supersedes FIPS PUB 46-1 - 1988 January 22) DATA ENCRYPTION STANDARD (DES) CATEGORY COMPUTER SECURITY SUBCATEGORY: CRYPTOGRAPHY Re

2、affirmed 1993 December 30 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-t FIPS PUB 46-2 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION (Supersedes FIPS PUB 46-1 - 1988 January 22) DATA ENCRYPTION STANDARD (DES) CATEGORY COMPUTER SECURITY SUBC

3、ATEGORY CRYPTOGRAPHY Computer Systems Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899 Reaffirmed December 30, 1993 US. Department of Commerce Ronald H. Brown, Secretary Technology Admlnlrhion . Mary L. Good, Under Secretary for Tedinology National Institute of Standa

4、rds Arati Prabhakar, Diredor and Tech- Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Foreword The Federal Information Processing Standards Publication Series of the National Institute of Standards and Technology (NIST) is the official publication r

5、elating to standards and guidelines adopted and promulgated under the provisions of Section i i 1 (d) of the Federal Property and Administrative Services Act of 1949 as amended by the Computer Security Act of 1987, Public Law 100-235. These mandates have given the Secreaty of Commerce and NIST impor

6、tant respnsibilities for improving the utilization and management of computer and related telecommunications systems in the Federal Government. The NIST. through its Computer Systems Laboratory, provides leadership, technical guidance, and coordination of Government effortc in the development of sta

7、ndards and guidelines in these areas. Comments concerning Federal Information Processing Standards Publications are welcomed and should be addressed to the Director, Computer Systems Laboratory, National Institute of Standards and Technology, Gaihersburg, MD 20899. James H. Burrows, Director Cornput

8、er Systems Laboratory Abstract The selective application of technological and related procedural safeguards is an important responsibility of every Federal organization in providing adequate security to its electronic data systems. This publication specifies a cryptographic algorithm which may be us

9、ed by Federal organizations to protect sensitive data. Protection of data during transmission or while.in storage may be necessary to maintain the confidential- ity and integrity of the information represented by the data. The algorithm uniquely defines the mathematical steps required to transform d

10、ata into a cryptographic cipher and also to transform the cipher back to the original form. The Data Encryption Stan- dard is being made available for use by Federal agencies within the context of a total security program consisting o physical security procedures, good information man- agement pract

11、ices, and computer systemlnetwork access controls. This revision supersedes FIPS 46-1 in its entirety. Key words: computer secudy; data encryption standard; encryption; Federal Information Processing Standard (FIPS): security. National Institute of Standards and Technology Washington: 1993 Technical

12、 Information FIPS PUB 46-2 Service 18 pages (Dec. 30,1993) CODEN: FIPPAT Springfield, VA 22161 U.S. Government Printing Office For sale by the National U.S. Department of Commerce Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-FIPS PUB 46-2 Federal

13、Information Processing Standards Publication 46-2 1993 December 30 Announcing the DATA ENCRYPTION STANDARD (DES) Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology (NIST) after approval by the Secretary of Commerce pursu

14、ant to Section lll(d) of the Federal Property and Administrative Services Act of 1949 as amended by the Computer Security Act of 1987, Public Law 100-235. 1. Name of Standard. Data Encryption Standard (DES). 2. Categorg of Standard. Computer Security, Cryptography. 3. Explanation. The Data Encryptio

15、n Standard (DES) specifies a FIPS approved cryptographic algorithm as required by FIPS 140-1. This publication provides a complete description of a mathematical algorithm for encrypting (enciphering) and decrypting (deciphering) binary coded information. Encrypting data converts it to an unintelligi

16、ble form called cipher. Decrypting cipher converts the data back to its original form called plaintext. The algorithm described in this standard specifies both enciphering and deciphering operations which are based on a binary number called a key. A key consists of 64 binary digits (“0”s or “1”s) of

17、 which 56 bits are randomly generated and used directly by the algorithm. The other 8 bits, which are not used by the algorithm, are used for error detection. The 8 error detecting bits are set to make the parity of each 8-bit byte of the key odd, i.e., there is an odd number of “1”s in each 8-bit b

18、yte. Authorized users of encrypted computer data must have the key that was used to encipher the data in order to decrypt it. The encryption algorithm specified in this standard is commonly known among those using the standard. The unique key chosen for use in a particular application makes the resu

19、lts of encrypting data using the algorithm unique. Selection of a different key causes the cipher that is produced for any given set of inputs to be different. The cryptographic security of the data depends on the security provided for the key used to encipher and decipher the data. Data can be reco

20、vered from cipher only by using exactly the same key used to encipher it. Unauthorized recipients of the cipher who know the algorithm but do not have the correct key cannot derive the original data algorithmically. However, anyone who does have the key and the algorithm can easily decipher the ciph

21、er and obtain the original data. A standard algorithm based on a secure key thus provides a basis for exchanging encrypted computer data by issuing the key used to encipher it to those authorized to have the data. Data that is considered sensitive by the responsible authority, data that has a high v

22、alue, or data that represents a high value should be cryptographicalIy protected if it is vulnerable to unauthorized disclosure or undetected modification during transmission or while in storage. A risk analysis should be performed under the direction of a responsible authority to determine potentia

23、l threats. The costs of providing cryptographic protection using this standard as well as alternative methods of providing this protection and their respective costs should be projected. A responsible authority then should make a decision, based on these analyses, whether or not to use cryptographic

24、 protection and this standard. Sometimes keys are generated in an encrypted form. A random -bit number is generated and defined to be the cipher formed by the encryption of a key using a key encrypting key. In this case the parity bits of the encrypted key cannot be set until after the kg is decrypt

25、ed. 1 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-4. Approving Authority. Secretary of Commerce. 5. Maintenance Agency. US. Department of Commerce, National Institute of Standards and Technology, Computer Systems Laboratory. 6. Applicability. Thi

26、s standard may be used by Federal departments and agencies when the following con- ditions apply: 1. An authorized official or manager responsible for data security or the security of any computer system decides that cryptographic protection is required; and 2. The data is not classified according t

27、o the National Security Act of 1947, as amended, or the Atomic Energy Act of 1954, as amended. Federal agencies or departments which use cryptographic devices for protecting data classified according to either of these acts can use those devices for protecting unclassified data in lieu of the standa

28、rd. when implemented in accordance with FIPS 140-1. Other FIPS approved cryptographic algorithms may be used in addition to, or in lieu of, this standard In addition, this standard may be adopted and used by non-Federal Government organizations. Such use is encouraged when it provides the desired se

29、curity for commercial and private organizations. 7. Applications. Data encryption (cryptography) is utilized in various applications and environments. The specific utilization of encryption and the implementation of the DES will be based on many factors particular to the computer system and its asso

30、ciated components. In general, cryptography is used to protect data while it is being communicated between two points or while it is stored in a medium vulnerable to physical theft. Communication security provides protection to data by enciphering it at the transmitting point and deciphering it at t

31、he receiving point. File security provides protection to data by enciphering it when it is recorded on a storage medium and deciphering it when it is read back from the storage medium. In the first case, the key must be available at the transmitter and receiver simultaneously during communication. I

32、n the second case, the key must be maintained and accessible for the duration of the storage period. FIPS 171 provides approved methods for managing the keys used by the algorithm specified in this standard. 8. Implementations. Cryptographic modules which implement this standard shall conform to the

33、 require- ments of FIPS 140-1. The algorithm specified in this standard may be implemented in software, firmware, hardware, or any combination thereof. The specific implementation may depend on several factors such as the application, the environment, the technology used, etc. Implementations which

34、may comply with this standard include electronic devices (e.g., VISI chip packages), micro-processors using Read Only Memory (ROM), Programmable Read Only Memory (PROM), or Electronically Erasable Read Only Memory (EEROM), and mainframe computers using Random Access Memory (RAM). When the algorithm

35、is implemented in software or firmware, the processor on which the algorithm runs must be specified as part of the validation process. Implementations of the algorithm which are tested and validated by NIST will be considered as complying with the standard. Note that FIPS 140-1 places additional req

36、uirements on cryptographic modules for Government use. Information about devices that have been validated and procedures for testing and validating equipment for conformance with this standard and FIPS 140-1 are available from the National Institute of Standards and Technology, Computer Systems Labo

37、ratory, Gaithersburg, MD 20899. I 9. Export Control. Cryptographic devices and technical data regarding them are subject to Federal Govern- ment export controls as specified in Title 22, Code of Federal Regulations, Parts 120 through 128. Some exports of cryptographic modules implementing this stand

38、ard and technical data regarding them must comply with these Federal regulations and be licensed by the U.S. Department of State. Other exports of crypto- graphic modules implementing this standard and technical data regarding them fall under the 2 Provided by IHSNot for ResaleNo reproduction or net

39、working permitted without license from IHS-,-,-licensing authority of the Bureau of Export Administration of the U.S. Department of Commerce. The Depart- ment of Commerce is responsible for licensing cryptographic devices used for authentication, access control, proprietary software, automatic telle

40、r machines (ATMs), and certain devices used in other equipment and software. For advice concerning which agency has licensing authority for a particular cryptographic device, please contact the respective agencies. 10. Patents. Cryptographic devices implementing this standard may be covered by U.S.

41、and foreign patents issued to the International Business Machines Corporation. However, IBM has granted nonexclusive, royalty- free licenses under the patents to make, use and sell apparatus which complies with the standard. The terms, conditions and scope of the licenses are set out in notices publ

42、ished in the May 13,1975 and August 31,1976 issues of the Official Gazette of the United States Patent and Trademark Office (934 O.G. 452 and 949 O.G. 1717). 11. Alternative Modes of Using the DES. FIPS PUB 81, DES Modes of Operation, describes four different modes for using the algorithm described

43、in this standard. These four modes are called the Electronic Code- book (ECB) mode, the Cipher Block Chaining (CBC) mode, the Cipher Feedback (CFB) mode, and the Out- put Feedback (OFB) mode. ECB is a direct application of the DES algorithm to encrypt and decrypt data; CBC is an enhanced mode of ECB

44、 which chains together blocks of cipher text; CFB uses previously generated cipher text as input to the DES to generate pseudorandom outputs which are combined with the plaintext to produce cipher, thereby chaining together the resulting cipher; OFB is identical to CFB except that the pre- vious out

45、put of the DES is used as input in OFB while the previous cipher is used as input in CFB. OFB does not chain the cipher. 12. Implementation of this Standard. This standard became effective July 1977. It was reaffirmed in 1983, 1988, and 1993. It applies to all Federal agencies, contractors of Federa

46、l agencies, or other organizations that process information (using a computer or telecommunications system) on behalf of the Federal Government to accomplish a Federal function. Each Federal agency or department may issue internal directives for the use of this standard by their operating units base

47、d on their data security requirement determinations. FIPS 46-2 which revises the implementation of the Data Encryption Algorithm to include software, firmware, hard- ware, or any combination thereof, is effective June 30, 1994. This revised standard may be used in the interim period before the effec

48、tive date. NIST provides technical assistance to Federal agencies in implementing data encryption through the is- suance of guidelines and through individual reimbursable projects. The National Security Agency assists Fed- eral departments and agencies in communications security for classified appli

49、cations and in determining specific security requirements. Instructions and regulations for procuring data processing equipment utilizing this standard are included in the Federal Information Resources Management Regulation (FIRMR) Subpart 201-8.111-1. 13. Specifications. Federal Information Processing Standard (FIPS) 46-2, Data Encryption Standard (DES) (affixed). 14. Cross Index. and subpart 201.39.1002, Federal Standards. a. b. c. d. e. f. g. h. i. Federal Information Res