Encryption and decryption (DES)

Code
Using System;
Using System. Data;
Using System. configuration;
Using System. LINQ;
Using System. Web;
Using System. Web. Security;
Using System. Web. UI;
Using System. Web. UI. htmlcontrols;
Using System. Web. UI. webcontrols;
Using System. Web. UI. webcontrols. webparts;
Using System. xml. LINQ;
Using System. text;
Using System. IO;
Using System. Security. cryptography;

///   <Summary>
/// Summary Description for MD5
///   </Summary>
Public   Class Des
{
Public Des ()
{
//
// Todo: Add constructor logic here
//
}
///   <Summary>
/// Perform DES encryption.
///   </Summary>
///   <Param name = "ptoencrypt"> The string to be encrypted. </Param>
///   <Param name = "skey"> Key, which must be 8 bits. </Param>
///   <Returns> The encrypted string returned in base64 format. </Returns>
Public   Static   String Encrypt ( String Ptoencrypt, String Skey)
{
Using (Descryptoserviceprovider des =   New Descryptoserviceprovider ())
{
Byte [] Inputbytearray = Encoding. utf8.getbytes (ptoencrypt );
Des. Key = Asciiencoding. ASCII. getbytes (skey );
Des. iv = Asciiencoding. ASCII. getbytes (skey );
MS for system. Io. memorystream =   New System. Io. memorystream ();
Using (Cryptostream CS =   New Cryptostream (MS, Des. createencryptor (), cryptostreammode. Write ))
{
CS. Write (inputbytearray, 0 , Inputbytearray. Length );
CS. flushfinalblock ();
CS. Close ();
}
String Str = Convert. tobase64string (Ms. toarray ());
Ms. Close ();
Return STR;
}
}

/**/
///   <Summary>
/// Perform des decryption.
///   </Summary>
///   <Param name = "ptodecrypt"> Base64 </Param>
///   <Param name = "skey"> Key, which must be 8 bits. </Param>
///   <Returns> Decrypted string. </Returns>
Public   Static   String Decrypt ( String Ptodecrypt, String Skey)
{
Byte [] Inputbytearray = Convert. frombase64string (ptodecrypt );
Using (Descryptoserviceprovider des =   New Descryptoserviceprovider ())
{
Des. Key = Asciiencoding. ASCII. getbytes (skey );
Des. iv = Asciiencoding. ASCII. getbytes (skey );
MS for system. Io. memorystream =   New System. Io. memorystream ();
Using (Cryptostream CS =   New Cryptostream (MS, Des. createdecryptor (), cryptostreammode. Write ))
{
CS. Write (inputbytearray, 0 , Inputbytearray. Length );
CS. flushfinalblock ();
CS. Close ();
}
String Str = Encoding. utf8.getstring (Ms. toarray ());
Ms. Close ();
Return STR;
}
}
///   <Summary>
/// Create a key
///   </Summary>
///   <Returns> </returns>


Public   Static   String Generatekey ()
{
Descryptoserviceprovider descrypto = (Descryptoserviceprovider) descryptoserviceprovider. Create ();
Return Asciiencoding. ASCII. getstring (descrypto. Key );
}
}

Call String Key = Des. generatekey ();
String S0 =   " People's Republic of China " ;
String S1 = Des. Encrypt (S0, key );
String S2 = Des. decrypt (S1, key );
Response. Write (S1 +   " , "   + S2 );

Knowledge Point Understanding
DesAlgorithmIt is a symmetric encryption algorithm developed by IBM in 1972.

The key length is 56 bits, and the plaintext is grouped by 64 bits. The Grouped plaintext group and the 56-bit key are replaced or exchanged in bits to form the encryption method of the ciphertext group.

Des encryption algorithm features: Short groups, short keys, short password lifecycles, and slow operation speed.

The basic principle of DES is that it has three entry parameters: Key, data, and mode. The key is the key used for encryption and decryption. The data is the data encrypted and decrypted, and the mode is the working mode. When the mode is encryption mode, the plaintext is grouped by 64-bit to form a plaintext group. The key is used to encrypt the data. When the mode is decryption mode, the key is used to decrypt the data. In practical use, the key only uses 56 bits in 64 bits, so as to have high security.

The DES algorithm changes the 64-bit plaintext input block to a 64-bit ciphertext output block. The key used is also 64-bit. The main flow chart of the algorithm is as follows:

The function is to recombine the 64-bit data blocks in bit mode, and divide the output into l0 and R0, each of which is 32-bit long. The replacement rules are shown in the following table:

,

, 54,

,

,

We will change the input 58th bits to the first, and the 50th bits to the 2nd bits. So far, the last bits are the original 7th bits. L0 and R0 are the two parts after the transposition output, l0 is the left 32 bits of the output, and R0 is the right 32 bits, for example: set the input value before replacement to d1d2d3 ...... d64, the result after initial replacement is: L0 = d58d50... d8; R0 = d57d49... d7.

After 16 iterations. Obtain L16 and R16. Use this as the input and perform inverse replacement to obtain the ciphertext output. Inverse replacement is the initial inverse operation. For example, if 1st bits are in the 40th bits after initial replacement, and the 40th bits are changed back to the 1st bits through reverse replacement, the following table shows the inverse replacement rules:

,

,

,

, 25,

Zoom in a table

32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, 8, 9, 10, 11,

12, 13, 12, 13, 14, 15, 16, 17, 16, 17, 18, 19, 20, 21, 20, 21,

22, 23, 24, 25, 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1,

Simple Transposition Table

16,7, 20,21, 29,12, 28,17,

, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11,

In the F (Ri, KI) algorithm description diagram, S1, S2. .. S8 is the selection function. Its function is to convert 6-bit data into 4-bit data. The following shows the menu for selecting the function Si (I = 1, 2... 8:

Select function Si

S1:

,

,

,

,

S2:

,

,

,

,

S3:

10, 0, 9, 14, 6, 3, 15, 5, 12, 7, 11, 4,

,

,

,

S4:

,

,

10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,

,

S5:

,

,

,

,

S6:

,

,

,

,

S7:

,

,

,

6, 11, 13, 8, 10, 7, 9, 5,

S8:

,

,

,

,

Here we take S1 as an example to describe its function. We can see that in S1, there are 4 rows of Data named 0, 1, 2, and 3; each row has 16 columns, name it 0, 1, 2, 3 ,......, 14. 15 columns.

The input is d = d1d2d3d4d5d6.

Order: column = d2d3d4d5

Row = d1d6

Then, we can find the corresponding number in the S1 table, which is expressed in 4-bit binary. This is the output of the Selection Function S1. The following is an algorithm for generating the sub-key KI (48bit ).

From the algorithm description of the generation of the sub-key Ki, we can see that the initial key value is 64 bits, but the DES algorithm stipulates that 8th, 16 ,...... the 64-bit is the parity bit and is not involved in the des operation. Therefore, the actual number of available keys is only 56. That is, after downgrading the transpose table 1, the number of digits of the key is changed from 64 to 56. The 56 digits are divided into C0 and D0 parts, each of which has 28 digits, then, 1st cycles are shifted to the left, C1 and D1 are obtained, C1 (28 BITs) and D1 (28 BITs) are combined to obtain 56 bits, and then transposed to 2, then the key K0 (48 bits) is obtained ). You can get K1, K2,..., and k15 by using this type of push. However, you must note that the number of left shifts corresponding to the Left shift of 16 cycles must follow the following rules:

Number of shifts to the left of a loop

The above describes the DES algorithm encryption process. The decryption process of the DES algorithm is the same. The difference is that the first iteration uses the sub-key k15, the second K14 ,......, the last time K0 was used, the algorithm itself had not changed.

II. Application misunderstanding of DES algorithm

The DES algorithm has high security. So far, in addition to using the exhaustive search method to attack the DES algorithm, no more effective method has been found. However, the 56-bit long key does not have a sufficient space of 256, which means that if a computer detects 1 million keys every second, it takes nearly 2285 years to search for a complete key. Obviously, this is hard to achieve. Of course, with the development of science and technology, when ultra-high-speed computers appear, we can consider increasing the des key length to a higher level of confidentiality.

Based on the above DES algorithm, we can see that the DES algorithm only uses 56 of the 64-bit keys, while 8th, 16, 24 ,...... 64-bit 8-bit is not involved in the des operation. This puts forward an application requirement, that is, the security of DES is based on ,...... only 256 of the remaining 56-bit combinations except 64-bit can be ensured. Therefore, in practice, we should avoid using the, 24 ,...... 64-bit as the valid data bit, and other 56-bit as the valid data bit, in order to ensure the safe and reliable DES algorithm to play a role. If you do not understand this, put the key 8, 16, 24 ,...... when using 64-bit data as valid data, the security of DES encrypted data cannot be guaranteed, and the risk of deciphering data is generated for systems that use des for confidentiality, this is precisely the misunderstanding of the DES algorithm in application, which leaves a great hidden danger for attacks and deciphering.