Deprecated functions
Some of the libica application programming interfaces are meanwhile deprecated due to their insufficient security strength. For compatibility reasons, libica continues to offer these functions. However, it is recommended to replace them with more secure APIs as indicated.
The list of deprecated functions currently comprises all DES functions and the SHA1 function.
- Instead of the DES functions, use the corresponding AES functions (AES functions).
- Instead of the SHA1 function (ica_sha1), use one of the hash APIs listed in Secure hash operations.
These deprecated functions are also included in:
include/ica_api.h.
DES functions
DES functions perform encryption and decryption and computation or verification of message authentication codes using a DES (DEA) key. A DES key has a size of 8 bytes. Each byte of a DES key contains one parity bit, such that each 64-bit DES key contains only 56 security-relevant bits. The cipher block size for DES is 8 bytes.
To securely apply DES encryption to messages that are longer than the cipher block size, modes of operation can be used to chain multiple encryption, decryption, or authentication operations. Most modes of operation require an initialization vector as additional input. As long as the messages are encrypted or decrypted using such a mode of operation, and have a size that is a multiple of a particular block size (mostly the cipher block size), the functions encrypting or decrypting according to a mode of operation also compute an output vector. This output vector can be used as the initialization vector of a chained encryption or decryption operation in the same mode with the same block size and the same key.
- The mode of operation
- The key
- The initialization vector (if applicable)
- For the ica_des_cfb function, the lcfb parameter