|
Information Security
< Previous Next >
re: FIX Protocol & Encryption
Scott Atwell / American Century <>
5 Sep 2000 7:36AM ETNot exactly. PGP (Pretty Good Privacy) is one of several de-facto crypto "standards". It has been around for a while (originally developed by Phil Zimmerman). FIX's use of "PGP-DES-MD5" is a custom approach using three existing and understood crypto technologies. The reference implementation of how to implement "PGP-DES-MD5" which was published by a member of the FIX Committee back in 1996 used ViaCrypt PGP (firm's name changed from ViaCrypt to PGP Inc. and then later acquired by Network Associates) on Unix which had to be invoked from the command line. Thus the reference implementation "shells out" to the command line to invoke PGP. I know that the Windows version of this software is API-based and does not require command line invocation. PGP is also available in downloadable form from Ireland, I beleive.
In short, FIX uses PGP but doesn't supply and didn't create PGP, rather FIX defined how PGP can be combined with the use of DES and MD5 to implement what we refer to as "PGP-DES-MD5". A white paper regarding how this is implemented and the reference implementation can be found under "Specifications", "App Notes".
> As I understand, FIX standard is based on developed software (PGP) instead of developed encryption standards, isn't it?
> So, to realize the encryption schema PGP-DES-MD5 I have to execute the external program PGP. Is that right?
>
> > I added some examples of the Logon message exchange to the ExampleFixMessages.txt document under Organization, Tech Committee. I added an example of a Logon message exchange unencrypted and one when using PGP-DES-MD5. I hope that answers your question.
> >
> > > > This thread should be used to discuss how particular encryption techniques impact the FIX specification. For example, if a particular encryption technique cannot be represented inside today's FIX message structure, we should discuss here the best way to suggest changes to the spec to accomodate the required changes.
> > > >
> > > What would be the data format before and after appling DES or any othere encryption method.
> > >
> >
>
re: FIX Protocol & Encryption
Scott Atwell / American Century 5 Sep 2000 7:36AM ET
|
