**Connected: An Internet Encyclopedia**

*1.5.2. Symmetric Encryption Algorithm*

**Up:**
Connected: An Internet Encyclopedia

**Up:**
Requests For Comments

**Up:**
RFC 1446

**Up:**
1. Introduction

**Up:**
1.5. Mechanisms

**Prev:** 1.5.1. Message Digest Algorithm

**Next:** 2. SNMPv2 Party

### 1.5.2. Symmetric Encryption Algorithm

1.5.2. Symmetric Encryption Algorithm
In support of data confidentiality, the use of the Data
Encryption Standard (DES) in the Cipher Block Chaining mode of
operation is chosen. The designated portion of a SNMPv2
message is encrypted and included as part of the message sent
to the recipient.

Two organizations have published specifications defining the
DES: the National Institute of Standards and Technology (NIST)
[5] and the American National Standards Institute [6]. There
is a companion Modes of Operation specification for each
definition (see [7] and [8], respectively).

The NIST has published three additional documents that
implementors may find useful.

- There is a document with guidelines for implementing and
using the DES, including functional specifications for
the DES and its modes of operation [9].

- There is a specification of a validation test suite for
the DES [10]. The suite is designed to test all aspects
of the DES and is useful for pinpointing specific
problems.

- There is a specification of a maintenance test for the
DES [11]. The test utilizes a minimal amount of data and
processing to test all components of the DES. It
provides a simple yes-or-no indication of correct
operation and is useful to run as part of an
initialization step, e.g., when a computer reboots.

The use of this algorithm in conjunction with the Symmetric
Privacy Protocol (see Section 4) is identified by the ASN.1
object identifier value desPrivProtocol, defined in [4].

For any SNMPv2 party for which the privacy protocol is
desPrivProtocol, the size of the private privacy key is 16
octets, of which the first 8 octets are a DES key and the
second 8 octets are a DES Initialization Vector. The 64-bit
DES key in the first 8 octets of the private key is a 56 bit
quantity used directly by the algorithm plus 8 parity bits -
arranged so that one parity bit is the least significant bit
of each octet. The setting of the parity bits is ignored.

The length of the octet sequence to be encrypted by the DES
must be an integral multiple of 8. When encrypting, the data
should be padded at the end as necessary; the actual pad value
is insignificant.

If the length of the octet sequence to be decrypted is not an
integral multiple of 8 octets, the processing of the octet
sequence should be halted and an appropriate exception noted.
Upon decrypting, the padding should be ignored.

**Next:** 2. SNMPv2 Party

**Connected: An Internet Encyclopedia**

*1.5.2. Symmetric Encryption Algorithm*