These pages document the use of cryptography on the Internet, in the form of links to IETF RFCs (Request For Comments) and Internet Drafts.

Authenticated Encryption

Authenticated encryption is a form of symmetric encryption that, in addition to providing confidentiality for the plaintext that is encrypted, provides a way to check its integrity and authenticity.

Authenticated Encryption with Associated Data (AEAD) (12 RFCs, 23 Internet Drafts, 6 expired Internet Drafts)

Key Wrap Algorithm (19 RFCs, 19 Internet Drafts, 6 expired Internet Drafts)

Synthetic Initialization Vector (SIV) (1 RFCs, 3 Internet Drafts)

Ciphers

This category includes block ciphers and stream ciphers that perform symmetric encryption.

Advanced Encryption Standard (AES) Block Cipher (180 RFCs, 147 Internet Drafts, 67 expired Internet Drafts)

Triple Data Encryption Standard (3DES) Block Cipher (148 RFCs, 64 Internet Drafts, 37 expired Internet Drafts)

Camellia Block Cipher (15 RFCs, 24 Internet Drafts, 14 expired Internet Drafts)

CLEFIA Block Cipher (1 RFCs, 4 Internet Drafts, 1 expired Internet Drafts)

Data Encryption Standard (DES) Block Cipher (83 RFCs, 11 Internet Drafts, 4 expired Internet Drafts)

SEED Block Cipher (7 RFCs, 6 Internet Drafts, 2 expired Internet Drafts)

ARIA Block Cipher (2 RFCs, 6 Internet Drafts, 1 expired Internet Drafts)

KCipher-2 Stream Cipher (0 RFCs, 3 Internet Drafts, 2 expired Internet Drafts)

RC4 Stream Cipher (58 RFCs, 31 Internet Drafts, 11 expired Internet Drafts)

RC2 Block Cipher (37 RFCs, 11 Internet Drafts, 7 expired Internet Drafts)

RC5 Block Cipher (26 RFCs, 9 Internet Drafts, 4 expired Internet Drafts)

CAST-128 Block Cipher (20 RFCs, 2 Internet Drafts, 1 expired Internet Drafts)

CAST-256 Block Cipher (13 RFCs, 1 Internet Drafts)

International Data Encryption Algorithm (IDEA) Block Cipher (9 RFCs, 2 Internet Drafts, 1 expired Internet Drafts)

SKIPJACK Block Cipher (15 RFCs, 4 Internet Drafts, 3 expired Internet Drafts)

BLOWFISH Block Cipher (27 RFCs, 10 Internet Drafts, 7 expired Internet Drafts)

TWOFISH Block Cipher (9 RFCs, 2 Internet Drafts, 1 expired Internet Drafts)

Serpent Block Cipher (6 RFCs, 3 Internet Drafts, 2 expired Internet Drafts)

GOST 28147-89 Block Cipher (8 RFCs, 8 Internet Drafts, 7 expired Internet Drafts)

Rabbit Stream Cipher (1 RFCs, 1 Internet Drafts)

MISTY1 Block Cipher (1 RFCs, 1 Internet Drafts)

Message Authentication Codes

A message authentication code, or MAC, is a keyed function that can be used to ensure the authenticity and integrity of data. MACs use symmetric keys.

(Keyed) Hash Message Authentication Code (HMAC) (364 RFCs, 417 Internet Drafts, 168 expired Internet Drafts)

Galois Message Authentication Code (GMAC) (21 RFCs, 39 Internet Drafts, 12 expired Internet Drafts)

Chained Message Authentication Code (CMAC) (23 RFCs, 48 Internet Drafts, 26 expired Internet Drafts)

Universal Message Authentication Code (UMAC) (3 RFCs, 4 Internet Drafts, 1 expired Internet Drafts)

Extended CBC Message Authentication Code (XCBC-MAC) (17 RFCs, 10 Internet Drafts, 6 expired Internet Drafts)

Hash Functions

Cryptographic hashes are unkeyed functions that are used in several different ways, such as digital signatures and message authentication. The security goal of a cryptographic hash depends on the way in which it is used.

Secure Hash Algorithm (SHA) Version 2 (160 RFCs, 286 Internet Drafts, 92 expired Internet Drafts)

Secure Hash Algorithm (SHA) Version 1 (462 RFCs, 504 Internet Drafts, 222 expired Internet Drafts)

RIPE-MD-160 (14 RFCs, 5 Internet Drafts, 3 expired Internet Drafts)

RIPE-MD-128 (4 RFCs)

Message Digest 5 (MD5) (580 RFCs, 334 Internet Drafts, 165 expired Internet Drafts)

Message Digest 4 (MD4) (57 RFCs, 22 Internet Drafts, 13 expired Internet Drafts)

Message Digest 2 (MD2) (53 RFCs, 18 Internet Drafts, 10 expired Internet Drafts)

GOST R 34.11-94 (9 RFCs, 7 Internet Drafts, 7 expired Internet Drafts)

SM3 Hash (0 RFCs, 5 Internet Drafts)

Key Derivation Functions

A key derivation function (KDF) is used to compute one or more keys from another key. In some cases the input key must be uniformly random; in other cases, it merely must be unpredictable.

HMAC-based Extract-and-Expand Key Derivation Function (HKDF) (11 RFCs, 33 Internet Drafts, 4 expired Internet Drafts)

Extended CBC Pseudorandom Function (XCBC-PRF) (10 RFCs, 4 Internet Drafts, 3 expired Internet Drafts)

GSS-API Pseudorandom Function (GSS-API PRF) (2 RFCs, 5 Internet Drafts, 1 expired Internet Drafts)

Password Based Key Derivation Function (PBKDF) (28 RFCs, 29 Internet Drafts, 15 expired Internet Drafts)

Key Agreement

This category contains asymmetric key protocols that can be used to establish shared secrets.

Diffie-Hellman (DH) (229 RFCs, 191 Internet Drafts, 76 expired Internet Drafts)

Menezes-Qu-Vanstone (MQV) (18 RFCs, 16 Internet Drafts, 10 expired Internet Drafts)

Public Key Encryption and Signatures

Asymmetric encryption and asymmetric authentication are covered in this category.

Rivest-Shamir-Adleman (RSA) Encryption and Signatures (74 RFCs, 69 Internet Drafts, 32 expired Internet Drafts)

Digital Signature Algorithm (DSA) (89 RFCs, 63 Internet Drafts, 27 expired Internet Drafts)

El Gamal Encryption (19 RFCs, 4 Internet Drafts, 3 expired Internet Drafts)

Elliptic Curve Cryptography (91 RFCs, 146 Internet Drafts, 49 expired Internet Drafts)

Identity-Based Encryption (6 RFCs, 8 Internet Drafts, 2 expired Internet Drafts)

Password Authenticated Key Exchange

The protocols in this category can be used to establish a strong shared secret, using only a weak password for authentication, and they resist offline dictionary attacks.

Secure Remote Password (SRP) (12 RFCs, 9 Internet Drafts, 4 expired Internet Drafts)

Encrypted Key Exchange (EKE) (6 RFCs, 9 Internet Drafts, 3 expired Internet Drafts)

Interfaces

A cryptographic programming interface defines how cryptographic algorithms can be used. The security and efficiency of an implementation can depend on the details of its interface. Several different interfaces have been defined for use in different domains.

Generic Security Service API (58 RFCs, 58 Internet Drafts, 20 expired Internet Drafts)

Authenticated Encryption with Associated Data (AEAD) (12 RFCs, 23 Internet Drafts, 6 expired Internet Drafts)

Simple Cryptographic Program Interface (Crypto API) (2 RFCs)

PF_KEY Key Management API, Version 2 (9 RFCs, 6 Internet Drafts, 5 expired Internet Drafts)

PKCS

The PKCS documents are specifications that were produced by RSA Laboratories; some (but not all) of the documents have been published as Informational RFCs. These specifications have become part of many formal standards, including PKIX, S/MIME, TLS, ANSI X9 and IEEE P1363.

PKCS#1: RSA Cryptography (54 RFCs, 63 Internet Drafts, 27 expired Internet Drafts)

PKCS#5: Password-based Encryption (22 RFCs, 15 Internet Drafts, 7 expired Internet Drafts)

PKCS#7: Cryptographic Message Syntax (30 RFCs, 13 Internet Drafts, 6 expired Internet Drafts)

PKCS#8: Private-Key Information Syntax (3 RFCs, 3 Internet Drafts, 2 expired Internet Drafts)

PKCS#9: Selected Attribute Types (9 RFCs, 6 Internet Drafts, 3 expired Internet Drafts)

PKCS#10: Certification Request (13 RFCs, 16 Internet Drafts, 3 expired Internet Drafts)

Other Topics

This category touches on essentials of cryptography other than the basic algorithms.

Random Sources and Uses of Randomness (180 RFCs, 125 Internet Drafts, 57 expired Internet Drafts)

Key Sizes and Strength Against Cryptanalysis (26 RFCs, 18 Internet Drafts, 4 expired Internet Drafts)

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License.