Portable Cryptography API for Triple DES

DES (Data Encryption Standard) is an industrial strength symmetric block cipher.

Included is an implementation of DES and triple DES (which is much stronger than DES) cryptography. It can be used to encrypt/decrypt using CBC (chain block ciphering) or ECB (Electronic Code Book). CBC is a stronger method because the results of each 64 block encryption are used for the next.

It's implemented in ANSI C++, so it can be compiled on any platform. I've also included an ANSI C version for platforms without a C++ compiler). The C++ version has been written as a template class simply because it negates having to include a seperate Cpp file (and I'm lazy); it doesn't require any template parameters.

DES requires a private 8-byte key for encryption/decryption. Triple DES requires two private 8-byte keys for encryption/decryption. To use it in its simplist form, follow this code:

#include "McbDES2.hpp"
#include &ltstdio.h>

void McbTestTripleDES()
{
   unsigned char * lpKey1 = (unsigned char*)"11111111";
   unsigned char * lpKey2 = (unsigned char*)"22222222";

   McbDES desEncrypt;

   desEncrypt.McbSetKey1(lpKey1);
   desEncrypt.McbSetKey2(lpKey2);

   if (desEncrypt.McbEncrypt("Encrypted with triple DES"))
   {
      McbDES desDecrypt;

      desDecrypt.McbSetKey1(lpKey1);
      desDecrypt.McbSetKey2(lpKey2);

      desDecrypt.McbDecrypt(desEncrypt.McbGetCryptogram(),
         desEncrypt.McbGetCryptogramSize());

      printf("Decryption (%d) bytes: %s, \n",
             desDecrypt.McbGetPlainTextSize(),
             desDecrypt.McbGetPlainText());
   }
}

The above example uses the default options of triple DES and PKCS#5 padding to encrypt a block of text. For clarification, the cryptogram is allocated and managed in an instance of the DES class then passed to another instance that performs the decryption. Obviously, this is not a real world example because typically the cryptogram would be squirreled away somewhere or transmitted over a network. Usually, the keyz would be stored elsewhere or perhaps generated from a hashing function based on some user input.

A buffer also can be supplied to the object rather than having the object manage the cryptogram or plaintext. An example of this can be seen in McbMain.cpp, where a stl string is used as the buffer.

Enjoy...



Downloads

Comments

  • Problems with zeros ?

    Posted by juanqui on 11/14/2009 06:22pm

    Martin you have done an excellent work, thanks for the source. I have been working with the ansi c implementation, it works fine in some cases, in others not. Here are some examples: Algorithm DES, encrypted with a 8 bytes key and 8 bytes source. Example 1 works fine Source: 6421EC8AD8F60E66 Key: 5741544348444154 Result: 306FA82F385B2971 Example 2 doesn't work Source: 780565C000098000 Key: 5741544348444154 Result: D88EB6F7BCB8EDBE The valid result should be: BAC52CCA7FA7893A I need your help to do it work, could you please help me ? If you need I can send you more examples or the complete source to test it. Thanks in advance, Juan.

    Reply
  • Adding a third key to triple DES?

    Posted by CharlesGrossman on 09/23/2008 11:03am

    I've enjoyed this article and source code that demonstrates DES and Triple DES. I'm just learning about encryption, so I have a beginner's question: If I want to add a third key to Triple DES encryption, is that just a matter of creating a third subkey? Or are there further complications to worry about?

    • You only works with 2 keys

      Posted by juanqui on 11/14/2009 06:31pm

      Hi, the des algorithm doesn't work with 3 keys. The triple des algorithm doesn't means that you can have 3 keys. If you want to apply the triple des variation of des algorithm it works so: You need 2 keys (each key of 8 bytes), then the triple des algorithm do 3 calculations. First calculates source encrypted des with key1, second calculates the first result decrypted des with key2, and third calculates the second result encrypted with key1. The result is the triple des algorithm.

      Reply
    Reply
  • Sending Cryptogram over network

    Posted by shrodikan on 01/21/2008 02:28am

    Hello Martyn,
    I love this easy-to-use DES library! It is very simple to use and fast also. The problem that I am having is I cannot seem to get the Cryptogram to come out on the other side of a Socket. 
    CODE - Server Side:
    //I init the proper keys, etc and then:
    err = send(c, (const char *)des_e.McbGetCryptogram(), des_e.McbGetCryptogramSize(), 0);
    CODE - Client Side
    //Do the same initialization, etc:
    recv(s, buff, sizeof(buff), 0);
    des_d.McbDecrypt((unsigned char *)buff, strlen(buff));
    //this doesn't output anything right! When I call des_d.McbGetPlainText() later. 
    
    I really appreciate all that you did with the code and completely understand if you are too busy to give me a hand. Thanks a lot Martyn and good luck with your job(you probably have one already with the quality of work that you do)! Peace, Zach

    • Thanks Martyn!

      Posted by shrodikan on 01/27/2008 11:50am

      Just to let you know it was pebkac. I was initializing the keys (1 && 2) to be of length 9 by accident. As soon as I broke it down to its functional parts, I found this issue. Thanks for your fast response and keep up the good work!

      Reply
    • strlen bad for binary

      Posted by Fazer1000 on 01/22/2008 06:01am

      Hi Shrodikan, On brief perusal I would imagine that your problem is related using strlen to determine the length of the cryptogram from the receiving socket. Don't forget that the cryptogram is encrypted text and will contain binary. strlen uses ANSI based strings which are NULL (0) terminated. It's probable and highly likely that the cryptogram will contain a 0 in its payload. Therefore the length is being incorrectly interpreted and your deciphered text will not be correct. I use one of two basic options when I'm writing socket code to dermine stream lengths. Option 1 would be to use a postfix that you look for in the stream to determine when a complete message has been obtained. This option is best suited for data types such as XML where by you can expect a particular delimiter. Another option I often use is to first send the length of the data in the first DWORD (or unsigned long if your not coding on Windows) then follow the DWORD with the data. I reckon this is the best way to deal with binary messages including the cryptogram which you are dealing with. Regards, Martyn

      Reply
    Reply
  • Martyn Brown looking for work

    Posted by Fazer1000 on 10/19/2007 08:31am

    I'm currently looking for a position which allows me to program from home. Alternatively, I'm contemplating a new challenge and lifestyle change with a permanent/contracting position in a nice warm country other than the UK (any serious offer considered). Please contact me if you would like to see my CV. Techical skills below... C/C++ (10+ years), C#/.NET, COM/ATL, STL, MFC/wxWidgets, IBM MQSeries (6+ years) (including MQI/Admin), Windows NT (10+ years) (including RPC/Services/GUI development/ TCP/IP/ multithreading/etc), Visual Basic/VBA, UNIX daemons (ANSI C), x86 Assembler (inline/MASM), Cryptography, SQL Server, Microsoft Access V2 (5 years), Java.

    Reply
  • how do i view the encrypted content

    Posted by imin on 03/28/2007 12:06am

    how do i view the encrypted content? the code desDecrypt.McbGetPlainText()) only displays the decrypted content, right?

    • re: how do i view the encrypted content

      Posted by imin on 03/28/2007 12:08am

      thanks a lot..got it myself already..really simple :p

      Reply
    Reply
  • The Best! How do I encrypt a byte array with leading zeros ?

    Posted by Mike Pliam on 04/05/2006 06:17pm

    Great work, Martyn, as usual. This is the clearest and easiest to use of any of the numerous DES sources that I have tested. One thing. I have tried to encrypt whole files and it doesnt work very well for a couple of reasons. 1) the files are too long (what is the size limit of total bytes?) and 2) it wont encrypt even short byte arrays with leading zeros. How can I solve these problems. Martyn, I am really impressed with the beautiful job you've done here. I did rewrite your code eliminating the templates in case I want to use it in a DLL. Also, I have had trouble integrating the single header file approach into a Windows MFC application. It seems to work much better if the files are split up into a *.h and *.cpp. Thanks for making all of your work available. I still find your mcbEasyXML among the best. Mike Pliam

    • Flattery will get you everywhere!

      Posted by Fazer1000 on 04/06/2006 12:12pm

      Do you have some sample code you were usign to encrypt a file/byte array? It is definately possible to do this using this algorithm because I've written a utility which encrypts/decrypts files based on the hash of a password.

      Reply
    Reply
Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • This IDC study assists senior IT leaders in assessing the current state of their hybrid cloud management processes, governance models, technologies, and skills to identify gaps and create a road map for better aligning the organization's management model and tools with the emerging needs of complex, dynamic self-service hybrid cloud environments. This IDC MaturityScape identifies five maturity stages for hybrid cloud management based on a set of specific people, process, and technology dimensions and outcomes. …

  • As your content grows, it can be challenging to define the proper rules, regulations and policies that govern that content and ensure proper protection and compliance. Entrusting your content to Box – the only secure, modern content platform in the cloud – is the right first step. The next step is to evaluate your retention, disposition and defensible discovery needs and to establish the proper buy-in to satisfy all your needs. In this Information Governance webinar, learn how Box Governance can add …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date