Shulou(Shulou.com)06/01 Report--

DES

DES is a block algorithm that uses key encryption. It was identified as the Federal Data Processing Standard (FIPS) by the National Bureau of Standards of the US federal government in 1977 and authorized to be used in non-classified government communications. Subsequently, the algorithm was widely spread internationally.

Introduction to DES

DES requires setting encryption content, encryption key, encryption obfuscation vector iv, block cipher mode, padding mode.

Encrypted content:

Given encrypted data. If the data length is not n* packet size, it is completed with '\0' after it.

Encryption Key:

Encryption key. If the key length is not the valid length supported by the algorithm, padding is required. If the key length is too long, it needs to be truncated.

Encryption iv:

For CBC, CFB, OFB mode, not required in ECB mode.

Block cipher mode:

Common block cipher modes are CBC, OFB, CFB and ECB.

Fill mode:

Pkcs5、Pkcs7。

Filling algorithm (Pkcs5, Pkcs7)

PKCS5Padding and PKCS7Padding are basically interchangeable. In PKCS5Padding, it is clearly defined that the Block size is 8 bits, while in PKCS7Padding definition, the block size is uncertain, and can be between 1-255 (block length exceeding 255 remains to be studied). The algorithm for filling values is the same:

pad = k - (l mod k) //k= block size, l= data length, if k=8, l=9, an extra 7 bytes of 7 need to be filled

It follows that Pkcs5 is a special case of Pkcs7 (Block size is always 8 bits). When Block size is always 8 bits, Pkcs5 and Pkcs7 are the same. (Reference)

Filling algorithm implementation:

PHP

function pkcs5_pad($text) { $pad = 8 - (strlen($text) % 8); //$pad = 8 - (strlen($text) & 7); //this method can also be used return $text . str_repeat(chr($pad), $pad);}function pkcs7_pad ($text, $blocksize) { $pad = $blocksize - (strlen($text) % $blocksize); return $text . str_repeat(chr($pad), $pad);}

Anti-filling (removing the filled characters) only needs to know what is filled according to the last character of the decrypted content, fill a few, and then intercept it: A

function _unpad($text){ $pad = ord(substr($text, -1));//take the ASCII value of the last character if ($pad

strlen($text)) { $pad = 0; } return substr($text, 0, (strlen($text) - $pad));}

Python

from Crypto.Cipher import AESdef pkcs7_pad(str): x = AES.block_size - (len(str) % AES.block_size) if x != 0: str = str + chr(x)*x return str def _unpad(msg): paddingLen = ord(msg[len(msg)-1]) return msg[0:-paddingLen] encryption and decryption steps

Encryption steps (take PHP extension mcrypt as an example):

1. Obtain the block size of the encryption algorithm (mcrypt_get_block_size);

2. Encrypted plaintext is padded with Pkcs5 or Pkcs7;

3. The encryption key is truncated or filled to 8 bits;

4. Encryption vector iv setting;

5. Open the module corresponding to the specified algorithm and mode, and return the encryption descriptor td (mcrypt_module_open);

6. Initialize the buffer required for encryption using td, key, iv (mcrypt_generic_init);

Encrypted data (mcrypt_generic);

8. Cleaned encryption descriptor td buffer (mcrypt_generic_deinit);

9. Release encryption descriptor td (mcrypt_module_close);

10. Return the encryption result of base64_encode, optional.

Decryption steps (take PHP extension mcrypt as an example):

base64_decode decoding, if base64_encode is used for encryption;

2. The encryption key is truncated or filled to 8 bits;

3. Encryption vector iv setting;

4. Open the module corresponding to the specified algorithm and mode, and return the encryption descriptor td (mcrypt_module_open);

5. Initialize the buffer required for encryption (mcrypt_generic_init) using td, key, iv;

Decrypt data (mdecrypt_generic);

7. Cleaned encryption descriptor td buffer (mcrypt_generic_deinit);

8. Release encryption descriptor td (mcrypt_module_close);

9. Use Pkcs5 to remove the filling content and return the decrypted result.

The following points need to be noted when using DES:

1)Make sure DES + ECB is used;

2)Make sure that plaintext padding uses either Pkcs5 or Pkcs7, which has the same effect;

3)The encryption key must be 8 bytes in DES length; if it is not long enough, it must be filled; if it is too long, it must be truncated;

4)Encryption vector iv has the same convention as encryption key;

5)Note that encryption results are recommended to use base64 encoding.

Only if the above remains the same, the final encrypted ciphertext in each language will remain consistent, otherwise it will appear:

1)The ciphertext is different each time, but it can be decrypted;(iv caused by random generation)

2)The ciphertext encrypted in different languages is inconsistent.

Various language implementation examples PHP

Examples:

Crypt_DES.php

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.