标准编号:ISO/IEC 19772:2020
中文名称:信息技术安全 认证加密
英文名称:Information security — Authenticated encryption
发布日期:2020-11
标准范围
This document specifies five methods for authenticated encryption, i.e. defined ways of processing a
data string with the following security objectives:
— data confidentiality, i.e. protection against unauthorized disclosure of data;
— data integrity, i.e. protection that enables the recipient of data to verify that it has not been modified;
— data origin authentication, i.e. protection that enables the recipient of data to verify the identity of
the data originator.
All five methods specified in this document are based on a block cipher algorithm, and require the
originator and the recipient of the protected data to share a secret key for this block cipher.
Key management is outside the scope of this document. Key management techniques are defined in
ISO/IEC 11770 (all parts).
Four of the mechanisms in this document, namely mechanisms 3, 4, 5 (AAD variant only) and 6, allow
data to be authenticated which is not encrypted. That is, these mechanisms allow a data string that is
to be protected to be divided into two parts, D, the data string that is to be encrypted and integrity-
protected, and A (the additional authenticated data) that is integrity-protected but not encrypted. In all
cases, the string A can be empty.
NOTE Examples of types of data that can need to be sent in unencrypted form, but whose integrity is to be
protected, include addresses, port numbers, sequence numbers, protocol version numbers and other network
protocol fields that indicate how the plaintext is to be handled, forwarded or processed.
立即下载标准文件