1. Home
  2. Moldova standards
  3. STM
  4. St ISO IEC 9797-1-2011

ISO IEC 9797-1-2011 PDF

St ISO IEC 9797-1-2011

Name in English:
St ISO IEC 9797-1-2011

Name in Russian:
Ст ISO IEC 9797-1-2011

Description in English:

Original standard ISO IEC 9797-1-2011 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO IEC 9797-1-2011 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso26846
Choose Document Language:
€25

Full title and description

ISO/IEC 9797-1:2011 — Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher. This part specifies a model and six MAC algorithms that use a secret key and an n-bit block cipher to compute an m-bit MAC; it includes padding options, key-derivation examples, object identifiers, numerical examples and a security analysis.

Abstract

Defines six block-cipher-based message authentication code (MAC) mechanisms (denoted MAC Algorithm 1 through MAC Algorithm 6) together with padding methods, optional key-derivation methods, output truncation and object identifiers for unambiguous identification of mechanisms. The standard is intended for application in any security architecture or application requiring data-origin authentication and integrity; key management is outside its scope.

General information

  • Status: Published.
  • Publication date: March 2011 (Edition 2).
  • Publisher: International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), joint publication.
  • ICS / categories: 35.030 (Information technology — Security techniques).
  • Edition / version: Edition 2 (2011). Amendment 1 published August 2023 (ISO/IEC 9797-1:2011/Amd 1:2023).
  • Number of pages: 40 pages (main document).

Scope

This part of ISO/IEC 9797 specifies mechanisms for producing message authentication codes using block ciphers. It provides six algorithmic options based on combinations of padding, initial and output transformations, and optional key derivation; it does not cover key-management procedures. The standard may be applied to the security services of any security architecture, process or application.

Key topics and requirements

  • Definition of a general MAC model based on an n-bit block cipher, with parameters for block cipher choice, padding, MAC length and key derivation.
  • Specification of six MAC algorithms (MAC Algorithm 1–6) including common variants: CBC-MAC (Algorithm 1), Retail MAC (Algorithm 3), CMAC-style construction (Algorithm 5), and parallel/derived-key variants.
  • Padding methods to handle messages not a multiple of the block size and rules for truncation of the MAC output.
  • Guidance and examples for key-derivation methods where required (algorithms 2, 4, 5 and 6), with a requirement that derived keys be distinct.
  • Object identifiers for unambiguous mechanism identification and numerical examples plus an annexed security analysis of the algorithms and known attacks.

Typical use and users

Implementers of cryptographic libraries and hardware (smart cards, HSMs), product designers in payments and banking, telecom and network equipment vendors, security architects and protocol designers who require standardized MAC mechanisms for data-origin authentication and integrity. Also used by testing and certification bodies and standards committees specifying interoperable MAC usage.

Related standards

Part of the ISO/IEC 9797 series; closely related parts include ISO/IEC 9797-2 (mechanisms using a dedicated hash function) and ISO/IEC 9797-3 (mechanisms using a universal hash function). Historical predecessor: ISO/IEC 9797-1:1999 (withdrawn). Relevant external references and complementary documents include NIST guidance on CMAC (NIST SP 800-38B) and older FIPS references such as FIPS PUB 113 for CBC-MAC equivalence in DES contexts. Amendment ISO/IEC 9797-1:2011/Amd 1:2023 updates the 2011 edition.

Keywords

Message Authentication Code, MAC, CBC-MAC, CMAC, block cipher, key derivation, padding, truncation, ISO/IEC 9797-1, message integrity, data origin authentication.

FAQ

Q: What is this standard?

A: ISO/IEC 9797-1:2011 is the ISO/IEC international standard that specifies a family of block-cipher-based message authentication code (MAC) mechanisms and related options for padding, key derivation and output truncation.

Q: What does it cover?

A: It covers the algorithmic model and six specific MAC algorithm variants built from an n-bit block cipher, examples of key-derivation methods, object identifiers, numerical examples and a security analysis; it does not prescribe key-management procedures.

Q: Who typically uses it?

A: Cryptographic library developers, implementers of secure hardware (HSMs, smart cards), payment and telecom system designers, security architects, and standards/certification bodies that need interoperable MAC specifications.

Q: Is it current or superseded?

A: The 2011 edition (Edition 2) is the current published version; it was confirmed in ISO’s periodic review and remains published. An amendment (ISO/IEC 9797-1:2011/Amd 1:2023) was issued in August 2023. The 1999 edition was withdrawn and superseded by the 2011 edition. For procurement or compliance use, reference the 2011 edition and note the 2023 amendment.

Q: Is it part of a series?

A: Yes — ISO/IEC 9797 is a multipart series on Message Authentication Codes: Part 1 (block cipher mechanisms), Part 2 (dedicated hash-function mechanisms) and Part 3 (universal hash-function mechanisms). Further parts may exist or be developed.

Q: What are the key keywords?

A: MAC, message authentication code, CBC-MAC, CMAC, block cipher, padding, key derivation, truncation, ISO/IEC 9797-1.