Home / Cryptography / Data Encryption Standard (DES)

Data Encryption Standard (DES)

The Data Encryption Standard (DES) used to be the default standard for symmetric encryption of data. DES was based on an earlier design by Horst Feistel and developed by IBM in the early 1970s. DES was submitted to the National Bureau of Standards as part of a drive to propose a new standard for protecting government data.

The National Bureau of Standards eventually selected a modified version of DES after consultation with the National Security Agency, and it was released as a standard in 1997.

If you are developing a new system that requires the encryption of data, then I do not recommend using DES as it is considered a weak algorithm by today’s standards due to the 56-bit key size. DES is being included in this book as it is feasible that you may have to integrate with an older legacy system that still uses DES as its encryption standard.

In the following example, you will see a class called DesEncryption that contains two public methods, Encrypt and Decrypt.

public class Encryption

{

public byte[] Encrypt(byte[] dataToEncrypt, byte[] key, byte[] iv)

{

using (var DES = new DESCryptoServiceProvider())

{

DES.Mode = CipherMode.CBC;

DES.Padding = PaddingMode.PKCS7;

DES.Key = key;

DES.IV = iv;

using (var memStream = new MemoryStream())

{

var cryptoStream = new CryptoStream(memStream, des.CreateEncryptor(),

CryptoStreamMode.Write);

cryptoStream.Write(dataToEncrypt, 0, dataToEncrypt.Length);

cryptoStream.FlushFinalBlock();

return memStream.ToArray();

}

}

}

public byte[] Decrypt(byte[] data, byte[] key, byte[] IV)

{

using (var DES= new DESCryptoServiceProvider())

{

DES.Mode = CipherMode.CBC;

DES.Padding = PaddingMode.PKCS7;

DES.Key = key;

DES.IV = IV;

using (var memStream = new MemoryStream())

{

var cryptoStream = new CryptoStream(memStream, des.CreateDecryptor(),

CryptoStreamMode.Write);

cryptoStream.Write(data, 0, data.Length);

cryptoStream.FlushFinalBlock();

return memStream.ToArray(); ;

}

}

}

}

To encrypt some data, you first construct the DESCryptoServiceProvider object and wrap it in a using statement so that it is properly disposed of. Then, the Mode and Padding is explicitly set. They are set to the defaults in this example, but it doesn’t hurt to do this explicitly to state your intention when configuring the algorithm. Next, the Key and IVs are set. These are passed into the Encrypt and Decrypt methods. The key and IVs have to be the same for both the encrypt and decrypt operations. The key has to be secret, but the IV doesn’t have to be.

After that, a new MemoryStream is constructed and passed into a new instance of the CryptoStream object, along with the result of the CreateEncryptor() or CreateDecryptor() method and the CryptoStreamMode.Write enumeration. des.CreateEncryptor() or des.CreateDecryptor() creates a symmetric encryptor or decryptor object with the current Key property and IV.

Once the CryptoStream object has been created, you then call the Write() method by passing in the data to encrypt or decrypt and the data length. Then, a call to FlushFinalBlock() is made to update the underlying data with the current state of the buffer and then clear the buffer. Next, you call ToArray() on the initial MemoryStream to convert the final result into a byte array to pass back to the calling object.

In the following code sample, you can see an example in which the DesEncryption class is used to encrypt and decrypt some data.

class Example

{

static void Main(string[] args)

{

var DES= new DesEncryption();

var key = Random.GenerateRandomNumber(8);

var iv = Random.GenerateRandomNumber(8);

var text = “Encrypt this”;

var encrypted = DES.Encrypt(Encoding.UTF8.GetBytes(text), key, iv);

var decrypted = DES.Decrypt(encrypted, key, iv);

var decryptedMessage = Encoding.UTF8.GetString(decrypted);

Console.WriteLine(“DES Encryption Demonstration in .NET”);

Console.WriteLine(“––––––––––––”);

Console.WriteLine();

Console.WriteLine(“Original Text = ” + text);

Console.WriteLine(“Encrypted Text = ” + Convert.ToBase64String(encrypted));

Console.WriteLine(“Decrypted Text = ” + decryptedMessage);

Console.ReadLine();

}

}

DES internally uses a 56-bit key, but you will notice we are passing in eight bytes, which is 64 bits. Out of these 64 bits, only 56 are actually used by the DES algorithm. Eight bits are used for checking parity and are discarded thereafter.

Triple DES

Triple DES is a variant of the Data Encryption Standard (DES) algorithm where DES is applied to a message three times. As computer hardware increased in processing power, the original DES algorithm was subjected to many brute force attacks. Triple DES was a response to these attacks without the need to develop a new block cipher.

As with DES, if you are developing a new system, you should avoid using 3DES to encrypt your data. You should only use 3DES if you have to integrate with a legacy system that still makes use of it.

In the following example, you will see a class called TripleDESEncryption that contains two public methods, Encrypt and Decrypt.

public class TripleDESEncryption

{

public byte[] Encrypt(byte[] data, byte[] key, byte[] iv)

{

using (var DES = new TripleDESCryptoServiceProvider())

{

DES.Mode = CipherMode.CBC;

DES.Padding = PaddingMode.PKCS7;

DES.Key = key;

DES.IV = iv;

using (var memStream = new MemoryStream())

{

var cryptoStream = new CryptoStream(memoryStream, DES.CreateEncryptor(),

CryptoStreamMode.Write);

cryptoStream.Write(data, 0, data.Length);

cryptoStream.FlushFinalBlock();

return memStream.ToArray();

}

}

}

public byte[] Decrypt(byte[] data, byte[] key, byte[] IV)

{

using (var DES= new TripleDESCryptoServiceProvider())

{

DES.Mode = CipherMode.CBC;

DES.Padding = PaddingMode.PKCS7;

DES.Key = key;

DES.IV = IV;

using (var memStream= new MemoryStream())

{

var cryptoStream = new CryptoStream(memStream, DES.CreateDecryptor(),

CryptoStreamMode.Write);

cryptoStream.Write(data, 0, data.Length);

cryptoStream.FlushFinalBlock();

var decryptBytes = memStream.ToArray();

return decryptBytes;

}

}

}

}

To encrypt some data, you first construct the TripleDESCryptoServiceProvider object and wrap it in a using statement so that it is properly disposed of. Next, the Mode and Padding are explicitly set. They are set to the defaults in this example, but it doesn’t hurt to do this explicitly to state your intention when configuring the algorithm.

After that, the key and IVs are set. These are passed into the Encrypt and Decrypt methods. They key and IVs have to be the same for both the encrypt and decrypt operations. The key has to be secret but the IV doesn’t have to be.

Next, a new MemoryStream is constructed and passed into a new instance of the CryptoStream object along with the result of the CreateEncryptor() or CreateDecryptor() method and the CryptoStreamMode.Write enumeration. TripleDesEncryption.CreateEncryptor() or TripleDesEncryption. CreateDecryptor() creates a symmetric encryptor or decryptor object with the current Key property and IV.

Once the CryptoStream object has been created, you then call the Write() method by passing in the data to encrypt or decrypt and the data length. Then, a call to FlushFinalBlock() is made to update the underlying data with the current state of the buffer, and then clear the buffer. Next, you call ToArray() on the initial MemoryStream to convert the final result into a byte array to pass back to the calling object.

In the following code sample, you can see an example in which the TripleDesEncryption class is used to encrypt and decrypt some data.

class Example

{

static void Main(string[] args)

{

var tripleDES = new TripleDESEncryption();

var key = Random.GenerateRandomNumber(24);

var iv = Random.GenerateRandomNumber(8);

var text = “Encrypt this”;

var encrypted = tripleDES.Encrypt(Encoding.UTF8.GetBytes(text), key, iv);

var decrypted = tripleDES.Decrypt(encrypted, key, iv);

var decryptedMessage = Encoding.UTF8.GetString(decrypted);

Console.WriteLine(“Triple DES Encryption Demonstration in .NET”);

Console.WriteLine(“––––––––––––––—”);

Console.WriteLine();

Console.WriteLine(“Original Text = ” + text);

Console.WriteLine(“Encrypted Text = ” + Convert.ToBase64String(encrypted));

Console.WriteLine(“Decrypted Text = ” + decryptedMessage);

Console.ReadLine();

}

}

DES internally uses a 56-bit key. 3DES works by running DES three times in a series. You have a choice of two key configurations with TripleDESCryptoServiceProvider. In the preceding example, when the key is generated, 24 bytes are created. This is three times eight-byte keys which is 192 bits in total, or three times 56-bit DES keys including eight bits of parity per key.

When you use the keys in this configuration, 3DES looks like the following diagram. Here, some plaintext is passed into the first instance of DES and encrypted with key 1. Next, the results of that are passed into another instance of DES and encrypted with key 2. Finally, the output of this is fed into another instance of DES and encrypted with key 3. The result of this is the encrypted ciphertext.

Check Also

digital signature

Digital Signature

An essential purpose of cryptography would be  to ensure nonrepudiation of a delivered message. This …

Leave a Reply

Your email address will not be published. Required fields are marked *