ISO/IEC 10116:2017传输或存储期间的数据）。定义的模式仅提供数据机密性保护。数据完整性保护不在本文件范围内。此外，大多数模式不保护消息长度信息的机密性。 注1:ISO/IEC 9797-1中提供了使用分组密码保护数据完整性的方法。 注2:ISO/IEC 19772提供了同时保护数据机密性和完整性的方法。 ISO/IEC 10116:2017规定了操作模式，并给出了选择参数值的建议（视情况而定）。 注3:本文件中规定的操作模式已根据ISO/IEC 9834分配了对象标识符。附件A中给出了分配的对象标识符列表。在使用对象标识符的应用中，应优先使用附件A中规定的对象标识符，而不是相关模式中可能存在的任何其他对象标识符。 注4:附录B包含对每种模式属性的评论和重要的安全指南。

ISO/IEC 10116:2017 data during transmission or in storage). The defined modes only provide protection of data confidentiality. Protection of data integrity is not within the scope of this document. Also, most modes do not protect the confidentiality of message length information. NOTE 1 Methods for protecting the integrity of data using a block cipher are provided in ISO/IEC 9797-1. NOTE 2 Methods for simultaneously protecting the confidentiality and integrity of data are provided in ISO/IEC 19772. ISO/IEC 10116:2017 specifies the modes of operation and gives recommendations for choosing values of parameters (as appropriate). NOTE 3 The modes of operation specified in this document have been assigned object identifiers in accordance with ISO/IEC 9834. The list of assigned object identifiers is given in Annex A. In applications in which object identifiers are used, the object identifiers specified in Annex A are to be used in preference to any other object identifiers that can exist for the mode concerned. NOTE 4 Annex B contains comments on the properties of each mode and important security guidance.