2.3.4.14 DataIntegrity Generation (Agile Encryption)

The DataIntegrity element contained within an Encryption element MUST be generated by using the following steps:

  1. Obtain the intermediate key by decrypting the encryptedKeyValue from a KeyEncryptor contained within the KeyEncryptors sequence. Use this key for encryption operations in the remaining steps of this section.

  2. Generate a random array of bytes, known as Salt, of the same length as the value of the KeyData.saltSize attribute.

  3. Encrypt the random array of bytes generated in step 2 by using the binary form of the KeyData.saltValue attribute and a blockKey byte array consisting of the following bytes: 0x5f, 0xb2, 0xad, 0x01, 0x0c, 0xb9, 0xe1, and 0xf6 used to form an initialization vector as specified in section 2.3.4.12. If the array of bytes is not an integral multiple of blockSize bytes, pad the array with 0x00 to the next integral multiple of blockSize bytes.

  4. Assign the encryptedHmacKey attribute to the base64-encoded form of the result of step 3.

  5. Generate an HMAC, as specified in [RFC2104], of the encrypted form of the data (message), which the DataIntegrity element will verify by using the Salt generated in step 2 as the key. Note that the entire EncryptedPackage stream (1), including the StreamSize field, MUST be used as the message.

  6. Encrypt the HMAC as in step 3 by using a blockKey byte array consisting of the following bytes: 0xa0, 0x67, 0x7f, 0x02, 0xb2, 0x2c, 0x84, and 0x33.

  7. Assign the encryptedHmacValue attribute to the base64-encoded form of the result of step 6.