The Statement Service Block

Author

Torben Pedersen, CRM

The statement service block provides services for securing information. The protection offered is:

• encryption (symmetric and asymmetric),
• message authenticaion code (MAC) and
• digital signatures.

Conventional methods require that the two parties share a key. A key exchange functionality is provided by a module. However, in principle, statements can also be secured using keys shared in other ways. The actual cryptographic operations are supplied by the Crypto Manager. All key material supplied as parameter must be handled using the class CryptoKeyInfo

Statements can be operated in two ways. Either directly on the Statement object or by first generating a StatementTransaction object. Operations directly on the Statement requires quite a lot of inputs (e.g., keys). By first establishing a transaction object these keys are fixed as part of the session context. Thus by using the operations this way the interface is quite simple, and in most cases the most convenient way to use statements is to initially set up such a transaction object and use this in all subsequent transfers and exchanges of statements.

In both cases the following operations are available

• Making and verifying signatures
• Making and verifying MAC values
• Public key encryption/decryption
• Conventional encryption/decryption

For more information on the cryptographic services see the cryptographic manager.

A StatementTransaction object is generated by calling the methods openInitiatorStatementSession or openResponderStatementSession of StatementMan. These methods first negotiate cryptographic algorithms to be used and a method for key exchange. Each party select candidate algorithms according to the following schedule:

1. Which algorithms are supported
2. Remove those public key algorithms for which the necessary keys are missing (e.g., remove signature algorithms where no public key is registered)
3. From those remaining select (and possibly order) the algorithms according to the users preferences.

When both client and server have selected algorithms they use as result an arbitrary one which is in both lists. Note, other negotiation algorithms will be supplied in later versions of the Statement manager..

The following services are negotiated:

• Conventional krypto system
• MAC algorithm
• Method for making signatures
• Method for verifying signatures
• Method for public key encryption
• Method for public key decryption
• Hash functions
• Method for key exchange

If key exchange is requested and the two parties agree on a method for this, a session key is generated afterwards. Key exchange is provided by a module in the state ent block. Currently, only one module exists. This is implemented as part of SEMPER in StatementModule. For the moment only two key exchange protocols are supported:

SIMPLE
The originator selects a key and sends it cryptographically protected to the responder.
MUTUAL
The two parties select a key mutually at random (only computationally random). See StatementModule for more information on this method.

Use of other Blocks

As mentioned above the Statement Block relies on the Crypto Block for cryptographic services and handling of keys.

It uses the Certificate Block for handling certificates. This is necessary when setting up sessions and when making/verifying signatures.

The Preferences Manager is used for letting the user select cryptographic algorithms. If the user does not make any selections, all supported algorithms are considered to be preferred.

The Archive Manager is used when retrieving keys or when checking the availability of keys. This is done when setting up a statetment session.

Test programs

To see how to test the statement operations run make test. Two tests are given. A simple one simply tests the various operations on a Statement. A more advanced test consists of first setting up keys of a client and a server using the online CAserver at GMD, and next setting up a session between these two (including key exchange) and testing the Statement operations using the resulting Transaction object.

To be done

• Suppport more than one module by the manager (add these dynamically)
• Add more methods for key exchange and refine the interface to the module
• Improve negotiation
• Support fault tolerance
• Allow more secret keys in StatementTransaction (presently there is only on conventional key whcih is used for making/verifyin MACs and encrypting/decrypting statements)
• Currently, all preferences are not fully tested (e.g., all choices for cryptographic algorithms).
• Access control to the methods must be added. Access control to keys is handled by the CryptoManager .
• Improve choice of datastructure for statement.

  ---

Date: January 28, 1997 .