18.6 Stream Encryption Algorithms

Simple stream encryption algorithms generate, based on the key, a stream of octets that are XORed with the plain text octets to produce the cipher text on encryption and with the cipher text octets to produce plain text on decryption. They are normally used for the encryption of data. Thus they are specified by the value of the Algorithm attribute of the EncryptionMethod child of an EncryptedData element. See Figure 18-1.


It is critical that you use each simple stream encryption key (or key and initialization vector, if an IV is also used) once only. If the same key (or key and IV) is ever used on two messages, then, by XORing the two cipher texts, you obtain the XOR of the two plain texts. This result is usually very compromising.

The XOR nature of stream ciphers makes it trivial to change specific bits in the plain text. Changing a bit in the cipher text changes the corresponding bit of plain text without changing any other plain text bits. This case illustrates the common need, beyond encryption, for integrity or authentication, if the plain text should be trusted after decryption.

Stream algorithms typically use the optional KeySize explicit parameter. In cases where the key size is not apparent from the algorithm URI or key source, as with key agreement methods, this parameter sets the key size. If the size of the key is apparent and disagrees with the KeySize parameter, the application must return an error. Implementation of any stream algorithms is optional. The schema for the KeySize parameter follows:

 <!-- KeySize DTD --> <!ELEMENT KeySize (#PCDATA) > 

In schema syntax, it has the following form:

 <!-- KeySize Schema --> <simpleType name='KeySizeType'>     <restriction base="integer"/> </simpleType> 

18.6.1 ARCFOUR

 ARCFOUR Identifier     http://www.w3.org/2001/04/xmldsig-more#arcfour 

ARCFOUR is a fast, simple stream encryption algorithm that interoperates with RSA Security's RC4 algorithm. Implementation of ARCFOUR is optional. An example of an ARCFOUR EncryptionMethod follows:

 <EncryptionMethod   Algorithm="http://www.w3.org/2001/04/xmldsig-more#arcfour">   <KeySize>40</KeySize> </EncryptionMethod> 

Secure XML(c) The New Syntax for Signatures and Encryption
Secure XML: The New Syntax for Signatures and Encryption
ISBN: 0201756056
EAN: 2147483647
Year: 2005
Pages: 186

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net