Imported from previous forum
When creating an encypted (PGP DES MD5) FIX4.0 session with a counterparty should a separate DES key per (inbound/outbound) direction be created ?
Is there any documentation to describe this ?
I see in the Morgan Stanley Fix Application Notes (Security Protocol) document that something like this is alluded to, but I can find nowhere that says that this is required as of a particular version of FIX.
During the Logon message exchange the randomly generated DES key is exchanged securely via PGP encyrption (within "struct FIX_key_info{}" in fapi.h in the reference implementation). The same DES key is used for both inbound and outbound connections, however, DES is used in Cypher Block Chaining (CBC) mode and the inbound and outbound communication each have their own chaining vector and thus will chain differently as messages are sent/received.
> When creating an encypted (PGP DES MD5) FIX4.0 session with a counterparty should a separate DES key per (inbound/outbound) direction be created ?
>
> Is there any documentation to describe this ?
> I see in the Morgan Stanley Fix Application Notes (Security Protocol) document that something like this is alluded to, but I can find nowhere that says that this is required as of a particular version of FIX.
>