|
12 <concept xml:lang="en" id="GUID-A6363EC1-D9A2-5011-94F2-08B38E8247E0"><title>Weak and strong cryptography</title><prolog><metadata><keywords/></metadata></prolog><conbody><ul><li id="GUID-468D6A12-8121-5B9D-B90B-E0058B6C76D4"><p> <xref href="GUID-A6363EC1-D9A2-5011-94F2-08B38E8247E0.dita#GUID-A6363EC1-D9A2-5011-94F2-08B38E8247E0/GUID-4DE8C7E7-E568-5FB3-B44E-D0E8FD01A22B">Introduction</xref> </p> </li> <li id="GUID-4C1CA7A9-00C8-5E9C-8636-F75DA384FE57"><p> <xref href="GUID-A6363EC1-D9A2-5011-94F2-08B38E8247E0.dita#GUID-A6363EC1-D9A2-5011-94F2-08B38E8247E0/GUID-F542A25E-A152-58DD-AFA0-F9778F8EC8C6">Weak cryptography</xref> </p> </li> <li id="GUID-70699AF8-7419-5CB0-92F4-2FF7AC71ECD4"><p> <xref href="GUID-A6363EC1-D9A2-5011-94F2-08B38E8247E0.dita#GUID-A6363EC1-D9A2-5011-94F2-08B38E8247E0/GUID-6309E669-E4C0-5E3C-8BB6-693F673D560D">Strong cryptography</xref> </p> </li> <li id="GUID-0568AF73-E52A-5412-B7B0-8DE227584400"><p> <xref href="GUID-A6363EC1-D9A2-5011-94F2-08B38E8247E0.dita#GUID-A6363EC1-D9A2-5011-94F2-08B38E8247E0/GUID-FB7BC684-B087-597A-BB38-44F211E435C8">Build targets and variants</xref> </p> </li> </ul> <section id="GUID-4DE8C7E7-E568-5FB3-B44E-D0E8FD01A22B"><title>Introduction</title> <p>The Cryptography library is provided in two separate builds, “weak” and “strong”, in order to comply with governmental export rules. These two builds are identical with the exception that the weak build rejects requests to apply an encryption scheme with key sizes greater than a size specified by the UK Government. </p> <p>Currently, symmetric algorithms with keys greater than 56 bits, and asymmetric with keys greater than 512 are deemed export controlled and are classed within Symbian as strong encryption. Keys of less than 56 and 512 bits respectively are classed as weak. Some algorithms – such as 3DES and AES cannot operate with weak keys, and are therefore strong-only algorithms. </p> <p>At present, two versions of the Cryptography library can be built: </p> <ul><li id="GUID-8AFD58E7-4AF8-51A3-B285-DB467203FF05"><p> <filepath>weak_cryptography.dll</filepath> </p> </li> <li id="GUID-241F8D66-1B59-54E5-8116-84F22C69F73C"><p> <filepath>strong_cryptography.dll</filepath> </p> </li> </ul> <p> <b>Clients always link against cryptography.dll</b>. </p> <p>The strong/weak libraries are interchangeable (link compatible) except that the weak one will fail at run-time if an attempt is made to employ keys that are larger than bounds laid down by UK export restrictions. </p> <p>On hardware, the version used is determined at ROM build time by including the appropriate version of the Cryptography library as <filepath>cryptography.dll</filepath>. On the emulator, the crypto switch sub-component supplies <filepath>cryptography.dll</filepath>, and this transparently forwards calls to the appropriate version of the Cryptography library. </p> <p>The strong and weak Cryptography APIs are identical. The <filepath>TCrypto</filepath> API allows higher level components to determine at run-time whether the Cryptography library supports full strength cryptography. See <xref href="GUID-1D60BB43-4FF8-5632-A597-0DF00234F93E.dita">How to find the cryptographic strength</xref>. </p> </section> <section id="GUID-F542A25E-A152-58DD-AFA0-F9778F8EC8C6"><title>Weak cryptography</title> <p>The weak version of the Cryptography library is the default one. This is the version that is exported to the <filepath>\epoc32</filepath> tree as <filepath>cryptography.dll</filepath>. This default version may be replaced with any of the other versions. See <xref href="GUID-D6A2B169-F6DB-5BCE-83C9-7CD4A10C5BE9.dita">How to change the cryptographic strength</xref> for instructions on how to do this. </p> <p>The default weak Cryptography library (<filepath>weak_cryptography.dll</filepath>) is limited as follows: </p> <ul><li id="GUID-C483912B-96E8-5C79-8E76-296C0DF5622A"><p> <xref href="GUID-712DF59D-FAE1-592E-82A6-4E323676F5B8.dita">Symmetric algorithms</xref> (DES, RC2, ARC4) are limited to 56 bit key sizes. </p> </li> <li id="GUID-A73D5C8D-D2D5-5361-881C-117296125A70"><p>The 3DES symmetric algorithm is not supported since this requires key sizes greater than 56 bits. </p> </li> <li id="GUID-3E0EF0D4-3699-57F9-8ACD-924326BFAA11"><p> <xref href="GUID-35E9F104-95F7-511F-B0C5-AB64BCA972D0.dita">Asymmetric algorithms</xref>, RSA and DSA, may be used for decryption using any key size, but encryption is limited to 512 bits. </p> </li> <li id="GUID-396CCE5C-BB27-5649-A1B2-21F5252F3B04"><p>DH is limited to 512 bits. </p> </li> </ul> <p>If attempts are made to use key lengths not supported by a weak crypto library then the library will return an error. </p> </section> <section id="GUID-6309E669-E4C0-5E3C-8BB6-693F673D560D"><title>Strong cryptography</title> <p>The strong Cryptography library supports any key length. </p> </section> <section id="GUID-FB7BC684-B087-597A-BB38-44F211E435C8"><title>Build targets and variants</title> <p>The two versions of the Cryptography library are available for different build targets and variants in: </p> <p> <filepath><your-SDK-path>\src\generic\security\cryptalg\import\bin\<target>\<variant>\</filepath> </p> <p>Where <filepath>target</filepath> is one of the following build targets: <filepath>wins</filepath>, <filepath>winscw</filepath>, <filepath>winc</filepath>, <filepath>thumb</filepath>, <filepath>armi</filepath>, or <filepath>arm4</filepath>. And <filepath>variant</filepath> is either <filepath>udeb</filepath> or <filepath>urel</filepath>. </p> </section> </conbody></concept> |