1des(n)                  Data Encryption Standard (DES)                  des(n)
2
3
4
5______________________________________________________________________________
6

NAME

8       des - Implementation of the DES and triple-DES ciphers
9

SYNOPSIS

11       package require Tcl  8.2
12
13       package require des  1.1
14
15       ::DES::des ?-mode [ecb|cbc|cfb|ofb]? ?-dir [encrypt|decrypt]? -key key‐
16       data ?-iv vector? ?-hex? ?-weak? ?-out channel? ?-chunksize size? [ -in
17       channel | data ]
18
19       ::DES::Init mode keydata iv ?weak?
20
21       ::DES::Encrypt Key data
22
23       ::DES::Decrypt Key data
24
25       ::DES::Reset Key iv
26
27       ::DES::Final Key
28
29______________________________________________________________________________
30

DESCRIPTION

32       This  is an implementation in Tcl of the Data Encryption Standard (DES)
33       as published by the U.S. National Institute of Standards and Technology
34       (NIST)  [1]. This implementation also supports triple DES (3DES) exten‐
35       sion to DES. DES is a 64-bit block cipher that uses a 56-bit key.  3DES
36       uses  a 168-bit key. DES has now officially been superceeded by AES but
37       is in common use in many protocols.
38
39       The tcllib implementation of DES and 3DES uses an implementation by Mac
40       Cody  and is available as a separate download from [2]. For anyone con‐
41       cerned about the details of exporting this code please see  the  TclDES
42       web pages. The tcllib specific code is a wrapper to the TclDES API that
43       presents same API for the DES cipher as for other ciphers  in  the  li‐
44       brary.
45

COMMANDS

47       ::DES::des ?-mode [ecb|cbc|cfb|ofb]? ?-dir [encrypt|decrypt]? -key key‐
48       data ?-iv vector? ?-hex? ?-weak? ?-out channel? ?-chunksize size? [ -in
49       channel | data ]
50              Perform the DES algorithm on either the data provided by the ar‐
51              gument or on the data read from the  -in  channel.  If  an  -out
52              channel  is  given then the result will be written to this chan‐
53              nel.
54
55              The -key option must be given. This  parameter  takes  a  binary
56              string  of  8  bytes  in  length and is used to generate the key
57              schedule.  In DES only 56 bits of key data are used. The highest
58              bit from each byte is discarded.
59
60              The  -mode and -dir options are optional and default to cbc mode
61              and encrypt respectively. The initialization vector -iv takes an
62              8 byte binary argument. This defaults to all zeros. See MODES OF
63              OPERATION for more about -mode and the use of the initialization
64              vector.
65
66              DES  is  a 64-bit block cipher. This means that the data must be
67              provided in units that are a multiple of 8 bytes.
68

PROGRAMMING INTERFACE

70       Internal state is maintained in an opaque structure  that  is  returned
71       from  the  Init  function. In ECB mode the state is not affected by the
72       input but for other modes some input dependent state is maintained  and
73       may  be  reset  by calling the Reset function with a new initialization
74       vector value.
75
76       ::DES::Init mode keydata iv ?weak?
77              Construct a new DES key schedule using the  specified  key  data
78              and  the  given initialization vector. The initialization vector
79              is not used with ECB mode  but  is  important  for  other  usage
80              modes.  See MODES OF OPERATION.
81
82              There  are a small number of keys that are known to be weak when
83              used with DES. By default if such a key is passed in then an er‐
84              ror  will be raised. If there is a need to accept such keys then
85              the weak parameter can be set true  to  avoid  the  error  being
86              thrown.
87
88       ::DES::Encrypt Key data
89              Use  a prepared key acquired by calling Init to encrypt the pro‐
90              vided data. The data argument should be a binary array that is a
91              multiple  of  the DES block size of 8 bytes. The result is a bi‐
92              nary array the same size as the input of encrypted data.
93
94       ::DES::Decrypt Key data
95              Decipher data using the key. Note that the same key may be  used
96              to  encrypt  and  decrypt  data provided that the initialization
97              vector is reset appropriately for CBC mode.
98
99       ::DES::Reset Key iv
100              Reset the initialization vector. This permits the programmer  to
101              re-use  a key and avoid the cost of re-generating the key sched‐
102              ule where the same key data is being used multiple times.
103
104       ::DES::Final Key
105              This should be called to clean up resources associated with Key.
106              Once  this  function  has  been  called  the key may not be used
107              again.
108

MODES OF OPERATION

110       Electronic Code Book (ECB)
111              ECB is the basic mode of all block ciphers. Each  block  is  en‐
112              crypted  independently  and so identical plain text will produce
113              identical output when encrypted with the same key.  Any  encryp‐
114              tion errors will only affect a single block however this is vul‐
115              nerable to known plaintext attacks.
116
117       Cipher Block Chaining (CBC)
118              CBC mode uses the output of the last block encryption to  affect
119              the  current block. An initialization vector of the same size as
120              the cipher block size is used to handle  the  first  block.  The
121              initialization  vector should be chosen randomly and transmitted
122              as the first block of the output. Errors  in  encryption  affect
123              the current block and the next block after which the cipher will
124              correct itself. CBC is the most commonly used mode  in  software
125              encryption.
126
127       Cipher Feedback (CFB)
128              CFB  mode  can  be used to convert block ciphers into stream ci‐
129              phers. In CFB mode the initialization vector  is  encrypted  and
130              the  output  is then xor'd with the plaintext stream. The result
131              is then used as the initialization vector for  the  next  round.
132              Errors will affect the current block and the next block.
133
134       Output Feedback (OFB)
135              OFB  is  similar  to CFB except that the output of the cipher is
136              fed back into the next round and not the xor'd plain text.  This
137              means  that  errors only affect a single block but the cipher is
138              more vulnerable to attack.
139

EXAMPLES

141              % set ciphertext [DES::des -mode cbc -dir encrypt -key $secret $plaintext]
142              % set plaintext [DES::des -mode cbc -dir decrypt -key $secret $ciphertext]
143
144
145
146              set iv [string repeat \\0 8]
147              set Key [DES::Init cbc \\0\\1\\2\\3\\4\\5\\6\\7 $iv]
148              set ciphertext [DES::Encrypt $Key "somedata"]
149              append ciphertext [DES::Encrypt $Key "moredata"]
150              DES::Reset $Key $iv
151              set plaintext [DES::Decrypt $Key $ciphertext]
152              DES::Final $Key
153
154

REFERENCES

156       [1]    "Data Encryption Standard", Federal Information Processing Stan‐
157              dards  Publication  46-3,  1999,  (http://csrc.nist.gov/publica
158              tions/fips/fips46-3/fips46-3.pdf)
159
160       [2]    "TclDES: munitions-grade  Tcl  scripting"  http://tcldes.source
161              forge.net/
162

AUTHORS

164       Jochen C Loewer, Mac Cody, Pat Thoyts
165

BUGS, IDEAS, FEEDBACK

167       This  document,  and the package it describes, will undoubtedly contain
168       bugs and other problems.  Please report such in the category des of the
169       Tcllib  Trackers  [http://core.tcl.tk/tcllib/reportlist].   Please also
170       report any ideas for enhancements  you  may  have  for  either  package
171       and/or documentation.
172
173       When proposing code changes, please provide unified diffs, i.e the out‐
174       put of diff -u.
175
176       Note further that  attachments  are  strongly  preferred  over  inlined
177       patches.  Attachments  can  be  made  by  going to the Edit form of the
178       ticket immediately after its creation, and  then  using  the  left-most
179       button in the secondary navigation bar.
180

SEE ALSO

182       aes(n), blowfish(n), md5(n), rc4(n), sha1(n)
183

KEYWORDS

185       3DES, DES, block cipher, data integrity, encryption, security
186

CATEGORY

188       Hashes, checksums, and encryption
189
191       Copyright (c) 2005, Pat Thoyts <patthoyts@users.sourceforge.net>
192
193
194
195
196tcllib                                1.1                               des(n)
Impressum