iaik.security.cipher
Class TripleDES

java.lang.Object
  |
  +--javax.crypto.CipherSpi
        |
        +--iaik.security.cipher.BufferedCipher
              |
              +--iaik.security.cipher.TripleDES

Direct Known Subclasses:

PbeWithSHAAnd3_KeyTripleDES_CBC

public class TripleDES

extends iaik.security.cipher.BufferedCipher

Extends the BufferedCipher class for adding a buffering mechanism to the underlying TripleDES cipher.

TripleDES is a variant of the Data Encryption Standard (DES) algorithm, that increases the security of the DES algorithm by performing an encrypting-decrypting-encrypting (EDE) operation on the given data block by using two or three different keys.

When two different keys are used for TripleDES encrypting a given data block, first a full 16 round DES encryption is performed using the first key. Subsequently the data resulting from the first encryption phase is (16 round) DES decrypted using the second key. And finally the first key again is used for performing a last 16round DES encryption of the data output of the second (i.e. decryption) phase.

Data decryption goes the reverse way: An initial data decryption using the first key follows a data encryption phase with the second key, which is concluded by a final data decryption using the first key again.

This class creates only a BufferedCipher object for the TripleDES cipher. Applications shall use

 Cipher.getInstance("3DES", "IAIK");
 

for creating a TripleDES object. They optionally may specifiy operation mode (ECB (default), CBC, PCBC, OFB, CFB) and padding scheme (NoPadding (default), or PKCS5Padding as described in the PKCS #5: Password-Based Encryption Standard).

When requesting this TripleDES implementation without any mode specification (Cipher.getInstance("3DES")), the TripleDES algorithm is used in pure ECB (Electronic Code Book) mode encrypting plaintext blocks into ciphertext blocks independently from each other. The ECB mode is prone to codebook attacks and block replay. A codebook attack may be successfully when being able to read plain- and corresponding ciphertext blocks for a certain quantity of messages making it possible to generate a codebook for decrypting blocks of further messages without knowing the key. For being effective against codebook analyses and block replay (often messages contain common sub-parts making it possible to unnoticed replace these blocks) one can use the CBC mode makes the encryption of one block of plain data conditional on all previously encrypted data blocks.

Since ECB encrypts each single block independently, it enables random access to encrypted data blocks which may be preferable for database encrypting. Often ECB is used for key-encrypting.

See Also:

BufferedCipher, Cipher

Constructor Summary

TripleDES()
Creates a TripleDES object by calling the BufferedCipher constructor for the TripleDES cipher.

Methods inherited from class iaik.security.cipher.BufferedCipher

engineDoFinal, engineDoFinal, engineGetBlockSize, engineGetIV, engineGetOutputSize, engineGetParameters, engineInit, engineInit, engineInit, engineSetMode, engineSetPadding, engineUpdate, engineUpdate, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

TripleDES

public TripleDES()

Creates a TripleDES object by calling the BufferedCipher constructor for the TripleDES cipher. This constructor is only internally used for initializing a TripleDES Cipher. Applications should not call this constructor to get a TripleDES Cipher; they should call one of the Cipher.getInstance factory methods instead.

See Also:

Cipher.getInstance(java.lang.String)