Blackberry S-MIME SUPPORT PACKAGE VERSION 4.1 - Guia de Instalação descarregar pdf (Página 51)

BlackBerry Enterprise Solution Security

Appendix E: Ephemeral AES encryption key derivation process 51

Appendix E: Ephemeral AES encryption key derivation process

The BlackBerry device uses an ephemeral 256-bit AES encryption key to encrypt the content protection key and

the ECC private key. The BlackBerry device derives the ephemeral 256-bit AES encryption key from the

BlackBerry device password using the following process:

1. The BlackBerry device selects a 64-bit salt (random data to mix with the BlackBerry device password). This

is intended to keep two identical passwords from turning into the same key.

2. The BlackBerry device concatenates the salt, the password, and the salt again into a byte array

(Salt|Password|Salt).

3. The BlackBerry device hashes the byte array with SHA256.

4. The BlackBerry device stores the resulting hash in a byte array called a key.

(key) = SHA256(Salt|Password|Salt)

5. The BlackBerry device hashes (key) 18 more times. It stores the result into (key) each time. For example, for

i=0 to 18, the BlackBerry device does the following:

(key) = SHA256(key)

i++

done

6. The final hash creates the ephemeral key.

See the RSA Security –PKCS #5 for more information.

www.blackberry.com

1 2 ... 46 47 48 49 50 51 52

Sem comentários

Blackberry S-MIME SUPPORT PACKAGE VERSION 4.1 - Guia de Instalação Página 51