|
Information Security
< Previous Next >
re: FIX Protocol & Encryption
Scott Atwell / American Century <>
5 Sep 2000 8:21AM ETI believe the PGP software in use today with FIX uses the RSA cipher. That is, what's in use today is based upon ViaCrypt PGP as it was implemented in 1996 or an alternate implementation compatible with that.
> As far as I know PGP does not identically define the crypting schema. Moreover, different versions of software realizes different schema. What can be understood under PGP crypto technology? Does it mean, for instance, that IDEA encryption is used? How can I provide compatibility and interoperability with other vendors?
>
> > Not exactly. PGP (Pretty Good Privacy) is one of several de-facto crypto "standards". It has been around for a while (originally developed by Phil Zimmerman). FIX's use of "PGP-DES-MD5" is a custom approach using three existing and understood crypto technologies. The reference implementation of how to implement "PGP-DES-MD5" which was published by a member of the FIX Committee back in 1996 used ViaCrypt PGP (firm's name changed from ViaCrypt to PGP Inc. and then later acquired by Network Associates) on Unix which had to be invoked from the command line. Thus the reference implementation "shells out" to the command line to invoke PGP. I know that the Windows version of this software is API-based and does not require command line invocation. PGP is also available in downloadable form from Ireland, I beleive.
> >
> > In short, FIX uses PGP but doesn't supply and didn't create PGP, rather FIX defined how PGP can be combined with the use of DES and MD5 to implement what we refer to as "PGP-DES-MD5". A white paper regarding how this is implemented and the reference implementation can be found under "Specifications", "App Notes".
> >
> >
> > > As I understand, FIX standard is based on developed software (PGP) instead of developed encryption standards, isn't it?
> > > So, to realize the encryption schema PGP-DES-MD5 I have to execute the external program PGP. Is that right?
>
>
re: FIX Protocol & Encryption
Scott Atwell / American Century 5 Sep 2000 8:21AM ET
|
