Triple DES

Warning

Use AES instead. This module is provided only for legacy purposes.

Triple DES (or TDES or TDEA or 3DES) is a symmetric block cipher standardized by NIST in SP 800-67 Rev1, though they will deprecate it soon.

TDES has a fixed data block size of 8 bytes. It consists of the cascade of 3 Single DES ciphers (EDE: Encryption - Decryption - Encryption), where each stage uses an independent DES sub-key.

The standard defines 3 Keying Options:

  • Option 1: all sub-keys take different values (parity bits ignored). The TDES key is therefore 24 bytes long (concatenation of K1, K2, and K3) , to achieve 112 bits of effective security.

  • Option 2: K1 matches K3 but K2 is different (parity bits ignored). The TDES key is 16 bytes long (concatenation of K1 and K2), to achieve 90 bits of effective security. In this mode, the cipher is also termed 2TDES.

  • Option 3: K1 K2, and K3 all match (parity bits ignored). As result, Triple DES degrades to Single DES.

This implementation does not support and will purposefully fail when attempting to configure the cipher in Option 3.

As an example, encryption can be done as follows:

>>> from Crypto.Cipher import DES3
>>> from Crypto.Random import get_random_bytes
>>>
>>> # Avoid Option 3
>>> while True:
>>>     try:
>>>         key = DES3.adjust_key_parity(get_random_bytes(24))
>>>         break
>>>     except ValueError:
>>>         pass
>>>
>>> cipher = DES3.new(key, DES3.MODE_CFB)
>>> plaintext = b'We are no longer the knights who say ni!'
>>> msg = cipher.iv + cipher.encrypt(plaintext)

Triple DES symmetric cipher

Triple DES (or TDES or TDEA or 3DES) is a symmetric block cipher standardized by NIST. It has a fixed data block size of 8 bytes. Its keys are 128 (Option 1) or 192 bits (Option 2) long. However, 1 out of 8 bits is used for redundancy and do not contribute to security. The effective key length is respectively 112 or 168 bits.

TDES consists of the concatenation of 3 simple DES ciphers.

The plaintext is first DES encrypted with K1, then decrypted with K2, and finally encrypted again with K3. The ciphertext is decrypted in the reverse manner.

The 192 bit key is a bundle of three 64 bit independent subkeys: K1, K2, and K3.

The 128 bit key is split into K1 and K2, whereas K1=K3.

It is important that all subkeys are different, otherwise TDES would degrade to single DES.

TDES is cryptographically secure, even though it is neither as secure nor as fast as AES.

As an example, encryption can be done as follows:

>>> from Crypto.Cipher import DES
>>> from Crypto import Random
>>> from Crypto.Util import Counter
>>>
>>> key = b'-8B key-'
>>> nonce = Random.new().read(DES.block_size/2)
>>> ctr = Counter.new(DES.block_size*8/2, prefix=nonce)
>>> cipher = DES.new(key, DES.MODE_CTR, counter=ctr)
>>> plaintext = b'We are no longer the knights who say ni!'
>>> msg = nonce + cipher.encrypt(plaintext)
undocumented:

__revision__, __package__

class Crypto.Cipher.DES3.DES3Cipher(key, *args, **kwargs)

TDES cipher object

Crypto.Cipher.DES3.MODE_CBC = 2

Cipher-Block Chaining (CBC). See blockalgo.MODE_CBC.

Crypto.Cipher.DES3.MODE_CFB = 3

Cipher FeedBack (CFB). See blockalgo.MODE_CFB.

Crypto.Cipher.DES3.MODE_CTR = 6

CounTer Mode (CTR). See blockalgo.MODE_CTR.

Crypto.Cipher.DES3.MODE_ECB = 1

Electronic Code Book (ECB). See blockalgo.MODE_ECB.

Crypto.Cipher.DES3.MODE_OFB = 5

Output FeedBack (OFB). See blockalgo.MODE_OFB.

Crypto.Cipher.DES3.MODE_OPENPGP = 7

OpenPGP Mode. See blockalgo.MODE_OPENPGP.

Crypto.Cipher.DES3.MODE_PGP = 4

This mode should not be used.

Crypto.Cipher.DES3.block_size = 8

Size of a data block (in bytes)

Crypto.Cipher.DES3.key_size = (16, 24)

Size of a key (in bytes)

Crypto.Cipher.DES3.new(key, *args, **kwargs)

Create a new TDES cipher

Parameters:
keybyte string

The secret key to use in the symmetric cipher. It must be 16 or 24 bytes long. The parity bits will be ignored.

Keywords:
modea MODE_* constant

The chaining mode to use for encryption or decryption. Default is MODE_ECB.

IVbyte string

The initialization vector to use for encryption or decryption.

It is ignored for MODE_ECB and MODE_CTR.

For MODE_OPENPGP, IV must be block_size bytes long for encryption and block_size +2 bytes for decryption (in the latter case, it is actually the encrypted IV which was prefixed to the ciphertext). It is mandatory.

For all other modes, it must be block_size bytes longs. It is optional and when not present it will be given a default value of all zeroes.

countercallable

(Only MODE_CTR). A stateful function that returns the next counter block, which is a byte string of block_size bytes. For better performance, use Crypto.Util.Counter.

segment_sizeinteger

(Only MODE_CFB).The number of bits the plaintext and ciphertext are segmented in. It must be a multiple of 8. If 0 or not specified, it will be assumed to be 8.

Attention:

it is important that all 8 byte subkeys are different, otherwise TDES would degrade to single DES.

Return:

an DES3Cipher object