ISO/IEC 19772:2020 信息技术安全 认证加密
标准编号:ISO/IEC 19772:2020
中文名称:信息技术安全 认证加密
英文名称:Information security — Authenticated encryption
发布日期:2020-11
标准范围
本文档规定了五种认证加密方法,即定义了处理具有以下安全目标的数据串的方式:-数据保密性,即防止未经授权披露数据;-数据完整性,即使数据接收者能够验证数据未被修改的保护;-数据源认证,即使数据接收者能够验证数据发起者身份的保护。本文档中指定的所有五种方法都基于分组密码算法,并且要求受保护数据的发起者和接收者共享该分组密码的密钥。关键管理超出了本文档的范围。ISO/IEC 11770(所有部分)中定义了密钥管理技术。本文档中的四种机制,即机制3、4、5(仅AAD变体)和6,允许对未加密的数据进行认证。也就是说,这些机制允许将要保护的数据串分成两个部分,即要加密和完整性保护的数据串D,以及要完整性保护但未加密的A(附加认证数据)。在所有情况下,字符串A可以为空。注:可能需要以未加密形式发送但其完整性要受到保护的数据类型的示例包括地址、端口号、序列号、协议版本号和指示如何处理、转发或处理明文的其他网络协议字段。
This document specifies five methods for authenticated encryption, i.e. defined ways of processing a data string with the following security objectives:
- data confidentiality, i.e. protection against unauthorized disclosure of data;
- data integrity, i.e. protection that enables the recipient of data to verify that it has not been modified;
- data origin authentication, i.e. protection that enables the recipient of data to verify the identity of the data originator.
All five methods specified in this document are based on a block cipher algorithm, and require the originator and the recipient of the protected data to share a secret key for this block cipher.
Key management is outside the scope of this document. Key management techniques are defined in ISO/IEC 11770 (all parts).
Four of the mechanisms in this document, namely mechanisms 3, 4, 5 (AAD variant only) and 6, allow data to be authenticated which is not encrypted. That is, these mechanisms allow a data string that is to be protected to be divided into two parts, D, the data string that is to be encrypted and integrity-protected, and A (the additional authenticated data) that is integrity-protected but not encrypted. In all cases, the string A can be empty.
NOTE Examples of types of data that can need to be sent in unencrypted form, but whose integrity is to be protected, include addresses, port numbers, sequence numbers, protocol version numbers and other network protocol fields that indicate how the plaintext is to be handled, forwarded or processed.
标准预览图
