2.3.4.13 PasswordKeyEncryptor Generation (Agile Encryption)

For agile encryption, the password key encryptor XML element specified in section 2.3.4.10 MUST be created as follows:

saltSize: Set this attribute to the number of bytes used by the binary form of the saltValue attribute. It MUST conform to a SaltSize type.

blockSize: Set this attribute to the number of bytes needed to contain an encrypted block of data, as defined by the cipherAlgorithm used. It MUST conform to a BlockSize type.

keyBits: Set this attribute to the number of bits needed to contain an encryption key, as defined by the cipherAlgorithm used. It MUST conform to a KeyBits type.

hashSize: Set this attribute to the number of bytes needed to contain the output of the hashing algorithm defined by the hashAlgorithm element. It MUST conform to a HashSize type.

cipherAlgorithm: Set this attribute to a string containing the cipher algorithm used to encrypt the encryptedVerifierHashInput, encryptedVerifierHashValue, and encryptedKeyValue. It MUST conform to a CipherAlgorithm type.

cipherChaining: Set this attribute to the cipher chaining mode used to encrypt encryptedVerifierHashInput, encryptedVerifierHashValue, and encryptedKeyValue. It MUST conform to a CipherChaining type.

hashAlgorithm: Set this attribute to the hashing algorithm used to derive the encryption key from the password and that is also used to obtain the encryptedVerifierHashValue. It MUST conform to a HashAlgorithm type.

saltValue: Set this attribute to a base64-encoded, randomly generated array of bytes. It MUST conform to a SaltValue type. The number of bytes required by the decoded form of this element MUST be saltSize.

spinCount: Set this attribute to the number of times to iterate the password hash when creating the key used to encrypt the encryptedVerifierHashInput, encryptedVerifierHashValue, and encryptedKeyValue. It MUST conform to a SpinCount type.

encryptedVerifierHashInput: This attribute MUST be generated by using the following steps:

1. Generate a random array of bytes with the number of bytes used specified by the saltSize attribute.

2. Generate an encryption key as specified in section 2.3.4.11 by using the user-supplied password, the binary byte array used to create the saltValue attribute, and a blockKey byte array consisting of the following bytes: 0xfe, 0xa7, 0xd2, 0x76, 0x3b, 0x4b, 0x9e, and 0x79.

3. Encrypt the random array of bytes generated in step 1 by using the binary form of the saltValue attribute as an initialization vector as specified in section 2.3.4.12. If the array of bytes is not an integral multiple of blockSize bytes, pad the array with 0x00 to the next integral multiple of blockSize bytes.

4. Use base64 to encode the result of step 3.

encryptedVerifierHashValue: This attribute MUST be generated by using the following steps:

1. Obtain the hash value of the random array of bytes generated in step 1 of the steps for encryptedVerifierHashInput.

2. Generate an encryption key as specified in section 2.3.4.11 by using the user-supplied password, the binary byte array used to create the saltValue attribute, and a blockKey byte array consisting of the following bytes: 0xd7, 0xaa, 0x0f, 0x6d, 0x30, 0x61, 0x34, and 0x4e.

3. Encrypt the hash value obtained in step 1 by using the binary form of the saltValue attribute as an initialization vector as specified in section 2.3.4.12. If hashSize is not an integral multiple of blockSize bytes, pad the hash value with 0x00 to an integral multiple of blockSize bytes.

4. Use base64 to encode the result of step 3.

encryptedKeyValue: This attribute MUST be generated by using the following steps:

1. Generate a random array of bytes that is the same size as specified by the Encryptor.KeyData.keyBits attribute of the parent element.

2. Generate an encryption key as specified in section 2.3.4.11, using the user-supplied password, the binary byte array used to create the saltValue attribute, and a blockKey byte array consisting of the following bytes: 0x14, 0x6e, 0x0b, 0xe7, 0xab, 0xac, 0xd0, and 0xd6.

3. Encrypt the random array of bytes generated in step 1 by using the binary form of the saltValue attribute as an initialization vector as specified in section 2.3.4.12. If the array of bytes is not an integral multiple of blockSize bytes, pad the array with 0x00 to an integral multiple of blockSize bytes.

4. Use base64 to encode the result of step 3.