DES encryption Understanding

Des is all called the data Encryptionstandard, which is the standard for encryption. Des encryption algorithm is a symmetric encryption algorithm, the so-called symmetric encryption algorithm refers to the plaintext of the encryption and decryption of the cipher is the same key.

Des uses a 56-bit key and an additional 8-bit parity bit to produce a maximum of 64-bit packet size. This is an iterative grouping cipher that uses a technique called Feistel, which divides the encrypted block of text into two halves. Use the sub-key to apply the loop function to half of them, then "XOR" the output with the other half, and then swap the two halves, the process will continue, but the last loop does not swap. DES uses 16 loops, using XOR, permutation, substitution, and shift operations for four basic operations.

Features: Data Encryption Standard, faster, suitable for encrypting a large number of data occasions.

The DES algorithm has three entry parameters: Key, Data, Mode.

Key: A total of 64 bits for 8 bytes, the DES algorithm stipulates that 8th, 16, and 、...... The 64-bit is a parity bit and does not participate in DES operations, so it is often said that the key for DES is 56 bits. During DES encryption and decryption, the length of the key must be a multiple of 8 bytes.

Data:8 bytes 64 bits, is the data to be decrypted after being encrypted.

How Mode:des works: Encrypt, decrypt. des encryption Mode

Des's encryption mode mainly has CBC mode, the ECB mode, they are encrypted using different encryption methods.

ECB mode refers to the electronic password This mode, is one of the oldest, simplest mode, the encrypted data into several groups, the size of each group is the same as the encryption key length, and then each group with the same key encryption, if the last packet length is not enough 64 bits, to make up 64 bits. The ECB model is characterized by:

Each key, clear text, ciphertext length must be 64 bits;

Data block Repeat order does not need to be detected;

The same plaintext blocks (using the same key) produce the same cipher blocks, which are susceptible to dictionary attacks;

An error only affects a ciphertext block;

The CBC mode refers to the cryptographic block chain pattern, which differs from the ECB mode by adding an initial vector. The CBC mode is characterized by:

The ciphertext length of each encryption is 64 bits (8 bytes);

The CBC mode always produces the same ciphertext when the same key and initial vector are used in the same plaintext;

Cipher blocks are dependent on previous operation results, so the ciphertext block cannot be rearranged.

Different initialization vectors can be used to avoid the same ciphertext generated by the same plaintext, to some extent against dictionary attacks;

After an error occurs, the current and future ciphertext will be affected; Fill Mode

The common method of filling pkcs5padding,pkcs5padding means that the data should be used when the number of bits is insufficient, or it can be called the data fill method. Pkcs5padding This fill method, specifically, "filled numbers represent the total number of bytes filled"

For example, a difference of two bytes, is ##### #22, the difference is 5 bytes is # # #55555, so according to the last self can know the number and number of fills. ensure the consistency of encryption and decryption

On different platforms, the consistency of encryption and decryption can be achieved as long as these parameters are guaranteed to be consistent.

Encryption and decryption keys are consistent

When using CBC mode, ensure that the initial vectors are consistent

Use the same fill mode
/**
* Encryption
*
* @param data
* @param SKey
* @return
*/
public static byte[] Encrypt (byte[] data, String SKey) {
try {
byte[] key = Skey.getbytes ();
Initialization vector
SecureRandom random = new SecureRandom ();
Deskeyspec Deskey = new Deskeyspec (key);
Create a key factory and use it to convert the Deskeyspec into Secretkey
Secretkeyfactory keyfactory = secretkeyfactory.getinstance ("DES");
Secretkey SecureKey = Keyfactory.generatesecret (Deskey);
The Cipher object actually completes the cryptographic operation
Cipher Cipher = cipher.getinstance ("des/ecb/nopadding");
Initialize the Cipher object with a key
Cipher.init (Cipher.encrypt_mode, SecureKey, Random);
Now, get the data and encrypt
Formally perform cryptographic operations
return cipher.dofinal (data);
} catch (Throwable e) {
E.printstacktrace ();
}
return null;
}


/**
* Decryption
*
* @param src
* @param SKey
* @return
* @throws Exception
*/
public static byte[] Decrypt (byte[] src, String sKey) throws Exception {
byte[] key = Skey.getbytes ();
The DES algorithm requires a trustworthy random number source
SecureRandom random = new SecureRandom ();
Create a Deskeyspec object
Deskeyspec Deskey = new Deskeyspec (key);
Create a key factory
Secretkeyfactory keyfactory = secretkeyfactory.getinstance ("DES");
Convert Deskeyspec objects to Secretkey objects
Secretkey SecureKey = Keyfactory.generatesecret (Deskey);
The Cipher object actually completes the decryption operation
Cipher Cipher = cipher.getinstance ("des/ecb/nopadding");
Initialize the Cipher object with a key
Cipher.init (Cipher.decrypt_mode, SecureKey, Random);
Actually start the decryption operation
return cipher.dofinal (SRC);
}