3.4.3 Message Confidentiality

  • Article

Message confidentiality, if it is negotiated, also implies message integrity. If message confidentiality is negotiated, a sealed (and implicitly signed) message is sent instead of a signed or unsigned message. The function that seals a message using the signing key, sealing key, and message sequence number is as follows. 

 -- Input: 
 --   SigningKey - The key used to sign the message.
 --   Message - The message to be sealed, as provided to the application.
 --   NegFlg, SeqNum - Defined in section 3.1.1.
 --   Handle - The handle to a key state structure corresponding to the
 --   current state of the SealingKey
 --
 -- Output:
 --   Sealed message – The encrypted message
 --   Signature – The checksum of the Sealed message
 --
 --   Functions used: 
  
 --   RC4() - Defined in Section 6 and 3.1.
 --   MAC() - Defined in Section 3.4.4.1 and 3.4.4.2.
  
    Define SEAL(Handle, SigningKey, SeqNum, Message) as 
      Set Sealed message to RC4(Handle, Message)
      Set Signature to MAC(Handle, SigningKey, SeqNum, Message)
      EndDefine

Message confidentiality is available in connectionless mode only if the client configures extended session security.