|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
|
+--javax.crypto.CipherSpi
|
+--iaik.security.cipher.BufferedCipher
|
+--iaik.security.cipher.DES
Extends the BufferedCipher class for adding a buffering mechanism to the underlying DES cipher.
This DES implementation can be used with custom S-Boxes and/or P-Boxes,
see the DESParameterSpec class. From these boxes custom tables are automatically
generated to allow for a fast DES ciphering. Memory usage is 3.5 kbyte per
instance that does not use the standard tables. Calculating these tables also
takes a bit of time (each time init() is called), but it is pretty
fast and usually neglegible.
The Data Encryption Standard (DES) today is the most popular symmetric block algorithm for data encryption. It operates on data blocks of 64 bit size using a 64 (in fact 56) bit key. The DES algorithm performs 16 rounds permutating and combining data and key bits according to a given scheme.
Initially, the given 64 bit data block is devided into two 32-bit parts, called left and right half. 48 of the 56 key bits are XOR combined with the right data half, which previously is expanded to 48 bits. Each of the resulting 48 combined data-key bits specifies one of 48 address lines into 8 S-boxes (64x4 ROMs a 6 address lines and 4 data output lines). From every S-Box one 4-Bit word is read. The resulting eight 4-bit words are concatenated giving a 32-bit word, which - after a permutation - is combined with the old left data half to produce the new right data half for the next round. The old right data half is shifted to the left half, serving as new left half for the next round. After 16 rounds, left and right data half are combined and permutated to finally produce the encrypted 64 bit block.
Decryption uses the same proceeding, except for applying the keys in reverse order.
This class only creates a BufferedCipher object for the DES cipher.
Applications shall use
Cipher.getInstance("DES", "IAIK");
When requesting this DES implementation without any mode specification
(Cipher.getInstance("DES")), the DES algorithm is used in pure ECB
(Electronic Code Book) mode encrypting plaintext blocks into ciphertext blocks
independently from each other. The ECB mode is prone to codebook attacks and block
replay. A codebook attack may be successfully when being able to read plain- and
corresponding ciphertext blocks for a certain quantity of messages making it
possible to generate a codebook for decrypting blocks of further messages without
knowing the key. For being effective against codebook analyses and block replay
(often messages contain common sub-parts making it possible to unnoticed
replace these blocks) one can use the CBC mode makes the encryption of one
block of plain data conditional on all previously encrypted data blocks.
Since ECB encrypts each single block independently, it enables random access to encrypted data blocks which may be preferable for database encrypting. Often ECB is used for key-encrypting.
DESParameterSpec,
Cipher| Constructor Summary | |
DES()
Creates a DES object by calling the BufferedCipher constructor for the DES cipher. |
|
| Methods inherited from class iaik.security.cipher.BufferedCipher |
engineDoFinal,
engineDoFinal,
engineGetBlockSize,
engineGetIV,
engineGetOutputSize,
engineGetParameters,
engineInit,
engineInit,
engineInit,
engineSetMode,
engineSetPadding,
engineUpdate,
engineUpdate,
toString |
| Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
wait,
wait,
wait |
| Constructor Detail |
public DES()
Cipher.getInstance factory methods instead.
Cipher.getInstance(java.lang.String)
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||