# ISO 11568-4:2007 pdf free

**ISO 11568-4**:2007 pdf free.Banking一Key management (retail) 一Asymmetric cryptosystems一Key management and life cycle

Encipherment of a symmetric key using the public key of an asymmetric cipher is typically used for the distribution of that key using a non-secure channel. The enciphered key may be a working key, or may itself be a KEK. Thus, mixed key hierarchies, as described in ISO 11568-2, may be created which incorporate the keys of both symmetric and asymmetric ciphers.

The symmetric key shall be formatted into a data block appropriate to the encipherment operation. As the block size of asymmetric ciphers tends to be larger than the key size of symmetric ciphers, it is usually possible to include more than one key in the data block for encipherment. Additionally, formatting information, random padding and redundancy characters shall be incorporated in the data block (see ISO/IEC 18033-2).

Asymmetric keys may be enciphered using a symmetric cipher.

As the keys of asymmetric cryptosystems tend to be larger than the block size of symmetric ciphers, the asymmetric key may be formatted into multiple data blocks for encipherment. Therefore, the cipher block chaining mode of operation (see ISO/IEC 10116) or an equivalent operation shall be used for encipherment.

Due consideration shall be paid to known attacks when assessing the equivalent strength of various cryptographic algorithms. Generally an algorithm can be said to provide s bits of strength where the best-known attack would take, on average, 28- T to attack, where T is the amount of time that is required to perform one encryption of a plaintext value and comparison of the result against the corresponding ciphertext value.

For example in ISO/IEC 10116, an attack against 1 12-bit TDEA is presented that requires O(k) space and 2120- log k operations, where k is the number of known plaintext-ciphertext pairs. As discussed in reference [11], given 240 known plaintext-ciphertext pairs, this reduces the strength of two-key (112-bit) TDEA to 80 bits.

Recommended equivalent key sizes at the time of publication are given in Table 1. In assessing these numbers, consideration must be paid to any further developments in cryptanalysis, factoring and computing generally.

NOTE Currently, in the retail banking environment, where TDEA keys are used for protecting other keys, and are changed such that the collection of quantities of plaintext/ciphertext pairs sufficient to significantly weaken the underlying cipher is improbable, 112-bit TDEA can be considered to offer sufficient security for the protection of 168-bit TDEA and 2048-bit RSA keys.ISO 11568-4 pdf download.