[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Java crypto Cipher-Block-Chaining isn't chaining
On 4 May 99 at 1:05, Theodore Y. Ts'o wrote:
> RFC 2405 does require that the IV be a new random value for each packet,
> however, so an implementation which used the same IV for each packet
> would not comply with RFC 2405. (Nor would it be a good idea from a
> cryptographic point of view.)
>
> That being said, the original question was about the Java JCE, and it's
> not clear to me that the Java JCE was designed to be a IPSEC
> implementation. The JCE is just a crypto toolkit, is it not?
JCE = Java Cryptography Extension.
Java is probably not suited for doing complete IPSEC, but is very good
suited to do IKE, which is part of IPSEC.
RFC 2409 defines IKE (partially), and it has the requirement that
subsequent messages to be encrypted with IV = last CBC block.
In the mean time I figured it out, and the questions have been
answered.
That does not alter the correctness of my initial observations; only
they ware intentional, and the Java CBC implementation seems to be
correct.
Robert
--
Robert Luursema R.Luursema@incaa.nl Incaa Datacom b.v.
Follow-Ups: