LOGO

DES Encryption Package

Version 2 - Including Triple DES

Title:
DES Encryption Package
Language:
C++
Author:
Philip J. Erdelsky
Date:
July 15, 1999
Usage:
Public domain; no restrictions on use
Portability:
Any C++ compiler
Keywords:
DES, Crypto, Encryption, Cryptography
Abstract:
A C++ package to perform DES encryption and decryption on arbitrary data.

The Data Encryption Standard (DES) has been a standard encryption method in the United States for a number of years. It is moderately secure. No easy ways have been found to crack it, although a brute-force approach, using expensive special-purpose equipment, is probably feasible.

In Version 1, only plain DES was implemented. In Version 2, a variant called Triple DES has been added. This method uses three keys and encrypts each block of data successively with each key. Triple DES is slower than regular DES, but it gives added security. For reasons that are beyond the scope of this document, Triple DES is actually only as secure as a block encryption method using a key twice as long as that used by regular DES. If a password is used, these methods, like any others, are only as secure as the password.

Technically, this package does not implement DES precisely as it was originally defined. The original DES contains some additional permutations which do not make the algorithm more secure but just make it easier to implement in hardware. Also, a technically correct implementation uses a 64-bit key which is converted to a 56-bit key by ignoring every eighth bit. For details, see the book "Applied Cryptography" by Bruce Schneier.

On January 15, 2002, two small errors in the S-boxes were corrected when my attention was called to them by an observant reader.

The DES encryption and decryption package resides in the file DES.CPP, which must be compiled and linked into an application that uses it. Any module that calls on the package must include the header file DES.H. These files are available in text format:

If Triple DES is desired (in addition to regular DES), the label TRIPLEDES must be defined, usually by a -D option on the compiler command line.

For the fastest operation, data used by the package is packed one bit per byte. Each byte must be either 0 or 1. The results will be highly anomalous if this is not the case.

To DES encrypt or decrypt, first declare an object of the des encryption class:

     des crypto;

To Triple DES encrypt or decrypt, first declare an object of the triple_des encryption class:

     triple_des crypto;

If you have a 56-bit key, you can initialize a des object to encrypt and decrypt with the specified key by calling a member function:

     crypto.initialize(key);

     const unsigned char key[DES_KEY_SIZE];
                      56-bit encryption and decryption
                      key, packed one bit per byte (each
                      byte must be either 0 or 1)

If you have a 168-bit key, you can initialize a triple_des object to encrypt and decrypt with the specified key by calling a member function:

     crypto.initialize(key);

     const unsigned char key[3*DES_KEY_SIZE];
                      168-bit encryption and decryption
                      key, packed one bit per byte (each
                      byte must be either 0 or 1)

Alternatively, you may generate a key and initialize the object with a password:

     crypto.password(p);

     const char *p;   pointer to nul-terminated password

The password may be any length (except zero), but only the first 32 characters will be used for regular DES, and only the first 48 characters will be used for Triple DES. It may contain any characters except nuls. It is case-sensitive; i.e., passwords that differ only in capitalization will produce different keys.

Then to encrypt or decrypt a block of 64 bits, call the member functions:

     crypto.encrypt(data);

     crypto.decrypt(data);

     unsigned char data[DES_DATA_SIZE];
                       64-bit block of data to be
                       encrypted or decrypted, packed one
                       bit per byte (each byte must be
                       either 0 or 1)

The encrypted or decrypted data is written back into the same buffer in the same format (one bit per byte).

When DES.CPP is compiled as a standalone application, it produces a command-line application that encrypts or decrypts a file using a password taken from the first command-line argument. If TRIPLEDES is defined, it uses Triple DES encryption and runs noticeably slower; otherwise it uses regular DES. The two methods are not compatible. A file encrypted with regular DES cannot be decrypted with Triple DES, or vice-versa, even if the passwords are identical.