Weak and strong cryptography

Introduction

The Cryptography library is provided in two separate builds, “weak” and “strong”, in order to comply with governmental export rules. These two builds are identical with the exception that the weak build rejects requests to apply an encryption scheme with key sizes greater than a size specified by the UK Government.

Currently, symmetric algorithms with keys greater than 56 bits, and asymmetric with keys greater than 512 are deemed export controlled and are classed within Symbian as strong encryption. Keys of less than 56 and 512 bits respectively are classed as weak. Some algorithms – such as 3DES and AES cannot operate with weak keys, and are therefore strong-only algorithms.

At present, two versions of the Cryptography library can be built:

  • weak_cryptography.dll

  • strong_cryptography.dll

Clients always link against cryptography.dll.

The strong/weak libraries are interchangeable (link compatible) except that the weak one will fail at run-time if an attempt is made to employ keys that are larger than bounds laid down by UK export restrictions.

On hardware, the version used is determined at ROM build time by including the appropriate version of the Cryptography library as cryptography.dll. On the emulator, the crypto switch sub-component supplies cryptography.dll, and this transparently forwards calls to the appropriate version of the Cryptography library.

The strong and weak Cryptography APIs are identical. The TCrypto API allows higher level components to determine at run-time whether the Cryptography library supports full strength cryptography. See How to find the cryptographic strength.

Weak cryptography

The weak version of the Cryptography library is the default one. This is the version that is exported to the \epoc32 tree as cryptography.dll. This default version may be replaced with any of the other versions. See How to change the cryptographic strength for instructions on how to do this.

The default weak Cryptography library (weak_cryptography.dll) is limited as follows:

  • Symmetric algorithms (DES, RC2, ARC4) are limited to 56 bit key sizes.

  • The 3DES symmetric algorithm is not supported since this requires key sizes greater than 56 bits.

  • Asymmetric algorithms, RSA and DSA, may be used for decryption using any key size, but encryption is limited to 512 bits.

  • DH is limited to 512 bits.

If attempts are made to use key lengths not supported by a weak crypto library then the library will return an error.

Strong cryptography

The strong Cryptography library supports any key length.

Build targets and variants

The two versions of the Cryptography library are available for different build targets and variants in:

<your-SDK-path>\src\generic\security\cryptalg\import\bin\<target>\<variant>\

Where target is one of the following build targets: wins, winscw, winc, thumb, armi, or arm4. And variant is either udeb or urel.