Symmetric encryption des and tripledes

first, symmetric encryption

Symmetric encryption, is a more traditional encryption method, its cryptographic operations, decryption operations using the same key, the sender of information and the recipient of information in the transmission and processing of information, must jointly hold the password (called symmetric password). Therefore, both sides of the communication must obtain the key and keep the key secret.

The security of a single-key cryptography system relies on the following two factors:

First, the encryption algorithm must be strong enough to decrypt the information based on the ciphertext itself in practice is not possible.

Second, the security of the encryption method depends on the secret of the key, not the secret of the algorithm, therefore, we do not need to ensure the secrecy of the algorithm (in fact, many of the single-key cryptosystem used in real-world algorithms are public), but we must ensure the confidentiality of the key.

DES (Data Encryption Standard) and TripleDES are two implementations of symmetric encryption.

The Des and tripledes basic algorithms are consistent, but the TripleDES algorithm provides more key bits and higher encryption reliability.

The key used by Des is 8 bytes, and the initial Vector iv is also 8 bytes.

The TripleDES uses a 24-byte key, and the initial Vector iv is also 8 bytes.

Both algorithms are encrypted with a block of 8 bytes, a chunk of data is encrypted, and a 8-byte plaintext cipher is 8 bytes. If the clear text length is not an integer multiple of 8 bytes, add a byte with a value of 0 to the 8-byte integer multiple. So the encrypted cipher length must be an integer multiple of 8 bytes.

This article test source code:/files/chnking/tripledestest.rar

Ii. encryption and decryption process

Figure 1. Des encryption and decryption process

Above is the entire DES and tripledes algorithm encryption and decryption process, the following tripledes as an example, combined with dotnet analysis of the various steps of encryption and decryption, and give the relevant implementation code.

1. Generate Key and IV

The System.Security.Cryptography. TripleDESCryptoServiceProvider class is the main class that implements the TripleDES algorithm in dotnet.

The TripleDESCryptoServiceProvider class has only one constructor method, TripleDESCryptoServiceProvider (), which initializes some properties:

KeySize (encryption key length, in bits) = 192 (24 bytes)

BlockSize (encrypted data block size, in bits) = 64 (8 bytes)

Feedbacksize (the size of data returned after encrypting a block, in bits) = 64 (8 bytes)

The TripleDESCryptoServiceProvider construction method initializes a set of random keys and IV.

The default TripleDESCryptoServiceProvider key is 24 bytes, IV is 8 bytes, and the encrypted data block is 8 bytes.

The code for generating key and IV is simple:

TripleDESCryptoServiceProvider tdesalg = new TripleDESCryptoServiceProvider ();

byte[] Keyarray = Tdesalg.key;

byte[] Ivarray = TDESALG.IV;

The generated key and IV are used in both the encryption process and the decryption process.

2, the string plaintext into a code page corresponding to the encoded byte stream

Data to be encrypted may have two forms, one is binary data, itself is a set of byte stream, such data can skip this step, directly into the encryption step. Another case is string data, where the same characters in a string use different code pages to generate different bytecode, so a conversion from string to byte stream is required to specify what encoding to use. After decryption, the conversion from a byte stream to a string will be decoded using the same code page, or garbled.

String to encrypt

String plaintextstring = "Here are some data to encrypt. Here are some data to encrypt. ";

Use UTF-8 encoding (you can also use a different encoding)

Encoding sencoding = encoding.getencoding ("Utf-8");

Converts a string literal to a utf-8 encoded byte stream

byte[] Plaintextarray = sencoding.getbytes (plaintextstring);

3. Encryption Operation

The encrypted raw material is the Ming text stream, the TripleDES algorithm encrypts the byte stream and returns the encrypted byte stream. The key and IV to be used for encryption are also given.

Converts a string literal to a utf-8 encoded byte stream

byte[] Plaintextarray = sencoding.getbytes (plaintextstring);

public static byte[] EncryptString (byte[] Plaintextarray, byte[] Key, byte[] IV)

{

Set up a MemoryStream, which stores the encrypted data stream

MemoryStream mstream = new MemoryStream ();

Create a new CryptoStream object using MemoryStream and key, IV

CryptoStream cstream = new CryptoStream (Mstream,

New TripleDESCryptoServiceProvider (). CreateEncryptor (Key, IV),

CryptoStreamMode.Write);

Writes the encrypted byte stream to the MemoryStream

Cstream.write (Plaintextarray, 0, plaintextarray.length);

Update the last state in the buffer to MemoryStream and clear the Cstream buffers

Cstream.flushfinalblock ();

Stream the decrypted data into byte streams

byte[] ret = Mstream.toarray ();

Close two streams.

Cstream.close ();

Mstream.close ();

return ret;

}

4. Decryption Operation

The decryption operation decrypts the ciphertext byte[generated by the above steps and requires the same set of keys and IV used to the encryption step.

Call the decryption method to return the byte[of the decrypted data]

byte[] Finalplaintextarray = Decrypttextfrommemory (Data, Keyarray, Ivarray);