Description of DES symmetric encryption in. NET

The DES algorithm generally has two key points: the first is the encryption mode, and the second is the data bit complement. The main significance of the encryption mode is that the encryption algorithm is encrypted by block, such as DES, it is 64-bit block encryption, that is, 8 bytes are encrypted each time. Therefore, each time you input eight bytes of plaintext, eight bytes of ciphertext are output. If it is 16 bytes, if the plaintext is 1234567812345678 and the chunk is encrypted separately, the encryption result is similar to "c4132710962c519c c4132710962c519c 62c519c". The plaintext law can be seen, this is the ECB's encryption mode, where the ciphertext can see the rules of the plain text. To solve this problem, there are other encryption modes: CBC encryption mode (Cryptographic group connection ), CFB encryption mode (password feedback mode), OFB encryption mode (output feedback mode) CBC is required to give an initial vector, and then each output is computed with this vector, the calculation result is used as the initialization vector of the next encrypted block. Neither CFB nor OFB needs to provide the initial The initial vector directly uses the password or output as the initialization vector for calculation. This avoids the appearance of the plaintext Law in the ciphertext. Of course, the disadvantage is that the ciphertext must be correct during decryption, if some errors occur during network transmission, the subsequent decryption results may be incorrect. (ECB mode only affects the block with incorrect transmission. The cryptographic algorithms are basically grouped (FAST) for encryption. What if the ciphertext length is not exactly the same? Only filling is allowed.

Common encryption algorithms include ECB mode and CBC mode:
First E-encryption method (ECB)
ECB mode: the electronic encryption mode encrypts or decrypts data in 8 bytes to obtain 8 bytes of ciphertext or plaintext, And the last segment is less than 8 bytes, then, 8 bytes are supplemented (Note: here the data is involved) for computation, and then the calculated data is connected together in order, each segment of data does not affect each other. Divide the plaintext into n 64-bit groups. If the plaintext length is not a multiple of 64-bit, fill in the appropriate number of required symbols at the end of the plaintext. Encrypt the plaintext group with the given keys respectively. The row ciphertext C = (C0, C1 ,......, Cn-1) Where Ci = DES (K, xi), I = ,....., N-1. This is the default mode of the DES algorithm encapsulated in Java.
The second method is the ciphertext grouped Link (CBC)

In the CBC mode, each plaintext group xi is encrypted with a set of ciphertext followed by bitwise mode and then sent to DES for encryption, the CBC method overcomes the disadvantages of the ECB method in reporting the group weight. However, because the plaintext group is related to a group of ciphertext before encryption, the error of the former group of ciphertext will be transmitted to the next group. This is the default mode of the DES algorithm encapsulated by. NET. It is troublesome. The encryption steps are as follows:

1. First, group the data in a group of 8 bytes to get D1D2 ...... Dn (if the data is not an integer multiple of 8, the data is involved)

2. Perform DES encryption on the result of the first group of data D1 and vector I to obtain the first group of ciphertext C1. (Note: vector I is not used in ECB mode)

3. The D2 data in the second group is different from the C1 encryption result in the first group or DES encryption is performed in the later results to obtain the C2 ciphertext of the second group.

4. The following data is obtained in Cn.

5. Connect to C1C2C3 in order ...... Cn indicates the encrypted result.

The third ciphertext feedback mode (CFB), which can be used for sequential passwords.
Plaintext X = (x0, x1 ,......, Xn-1), where xi consists of t bits 0 fourth output feedback mode (OFB), can be used for sequential Cipher
The only difference with CFB is that OFB directly retrieves the t bit output by DES, rather than the t bit output by ciphertext, and the rest are the same as CFB. However, it uses the DES output, so it overcomes the shortcomings of CFB ciphertext error propagation.

Generally, there are NoPadding and PKCS7Padding (PKCS5Padding in Java) filling modes. The actual protocol is different for PKCS7Padding and PKCS5Padding. According to relevant information, PKCS5Padding clearly defines that the encryption block is 8 bytes, PKCS7Padding can be encrypted between 1 and. However, the encapsulated DES algorithms are 8 bytes by default, so they can be considered the same. The data population is actually the filling process of the multiples of 8 bytes when the data is smaller than the multiples of 8 bytes.

NoPadding filling mode: The algorithm itself is not filled. For example, the. NET padding mode provides the None and Zeros modes, which are respectively not filled and 0.

PKCS7Padding (PKCS5Padding) filling mode: Yes. NET and Java default fill mode, the length of the encrypted data byte to get more than 8 is r, if r is greater than 0, then fill 8-r bytes, the byte is 8-r value; if r is equal to 0, 8 bytes are added. for example:

If the encrypted string is AAA, the bitwise is AAA55555. If the encrypted string is BBBBBB, the bitwise is bbbb22. If the encrypted string is cccccccccc, the bitwise is cccccccc8888888888.

DES encryption in. NET

For. NET, the Framework provides the DESCryptoServiceProvider as the packaging interface for System. Security. Cryptography. DES encryption and decryption in the System. Security. Cryptography namespace. It provides the following four methods:

Public override ICryptoTransform CreateDecryptor (byte [] rgbKey, byte [] rgbIV)

Public override ICryptoTransform CreateEncryptor (byte [] rgbKey, byte [] rgbIV)

Public override void GenerateIV ()

Public override void GenerateKey ()

In the encapsulation of the. NET class library, a Key and an IV vector are required for encryption and decryption. In addition, the Key must be 8 bytes of data. Otherwise, an exception is thrown. In ECB mode, the encryption results are the same no matter what IV vector is input.