Please tell me about the data length of encryption and decryption using Java.
When Cipher.dofinal() was executed with DES / CBC / PKCS5Padding specified, the unencrypted data with a data length of 8 bytes became 16 bytes after encryption.
Is there a way to make it 8 bytes?
DES is obsolete and no longer secure. AES is much better.
Both AES and DES are block ciphers which encrypt data in chunks: blocks. A DES block is 64 bits, 8 characters, while AES uses 128 bit blocks, 16 characters. When you split the plaintext into blocks, there may be some odd characters left at the end. Cryptographic padding is used to extend the plaintext to the next block boundary. In your case you are using PKCS5 padding to do this.
With an 8 byte plaintext in DES, your padding is adding 8 bytes before encrypting because padding is always added. Hence your 16 byte cyphertext: 8 bytes of encrypted plaintext and 8 bytes of encrypted padding.
If you really need just 8 bytes of cyphertext then use NoPadding or whatever the equivalent is on your system. That omits any padding, but leaks information about the length of your plaintext.
From a security point of view you would be better off switching to padded AES and accepting a 16 byte cyphertext.
Related
If I encrypt emails so that I can store them in a database, the resulting string is longer than the email itself. Is there a maximum length to this resulting coded string? if so, does it depend on both key length and the email length? I need to know this so I can set my database fields to the correct length.
Thanks.
As Alex K. notes, for block ciphers (like DES), common modes will pad them out to a multiple of the block size. The block size for 3DES is 64-bits (8 bytes). The most common padding scheme is PKCS7, which pads the block with "n x n bytes." This is to say, if you need one bytes of padding, it pads with 0x01. If you need four bytes of padding, it pads with 0x04040404 (4x 4s). If your data is already the right length, it pads with a full block (8 bytes of 0x08 for 3DES).
The short version is that the padded cipher text for 3DES can be up to 8 bytes longer than the plaintext. If your encryption scheme is a typical, insecure implementation, this is the length. The fact that you're using 3DES (an obsolete cipher) makes it a bit more likely that it's also insecurely implemented, and so this is the answer.
But if your scheme is implemented well, then there could be quite a few other things attached to the message. There could be 8 bytes of initialization vector. There could be a salt of arbitrary length if you're using a password. There could be an HMAC. There could be lots of things that could add an arbitrary amount of space. (The RNCryptor format, for example, adds up to 82 bytes to the message.) So you need to know how your format is implemented.
I want to know if data stored in encrypted form is encrypted by block-cipher or a stream-cipher?
I have encrypted data, how do I check that it comes from a block or a stream cipher?
With only the encrypted data, there's no way to tell for sure, but a good indicator is to check the data length.
All of the common modern block ciphers (AES, Blowfish, DES, Serpent, Twofish) have block sizes of either 64 or 128 bits (8 and 16 bytes, respectively). Thus, if the encrypted data length in bytes is a multiple of 8, it's likely to be a block cipher (you have 1 in 8 probability of being wrong). if It's not a multiple of 8, you can be sure it's not a block cipher in common block modes (at most, it's a block cipher trying to emulate a stream cipher, such as in CFB mode).
Don't forget to exclude any potential file/stream headers, IVs, etc. Of course, if you do have a header, you might want to check there first to detect what cipher it's using...
I read about RSA algorithm and How it work? But I don't understand some think.I ask for plaintext length
Why specify the size of the plaintext in the 64-bit algorithm rsa?
also
Is plaintext length is related key length?
I need any suggested to understand this idea?
When using the RSA algorithm, the plaintext size cannot be larger than the modulus of the key. For example, a 2048-bit RSA key cannot operate on plaintext that is larger than 2048 bits (or 256 bytes).
This restriction also needs to consider padding, which normally adds several bytes. For example, PKCS#1 padding typically adds at least 11 bytes to the plaintext, meaning the largest plaintext is then 245 bytes (or smaller).
My device doesn't support full 3DES (EDE). How can I emulate one using standard DES? Encryption mode is CBC.
You start by picking three independent DES keys which are not related to each other in any way.
You will want to put DES into ECB mode, not CBC mode. You also need to ensure that each encryption and decryption operation is done only on 64-bit blocks and nothing more or less. Padding schemes and the likes will cause a vulnerability in the implementation and will lead to the discovery of the block content via brute force faster than a brute force against each key.
Using the first key, encrypt your plaintext. Using the second key, decrypt that value. Using the third key, encrypt the value for your full block. It looks like this:
Encrypt(k3, Decrypt(k2, Encrypt(k1, plaintext)))
Decryption is the other way around and looks like this:
Decrypt(k1, Encrypt(k2, Decrypt(k3, ciphertext)))
When you encrypt your blocks with 3DES you then need to apply your mode of operation like CBC or CTR and apply padding if needed.
Be careful.
Block mode encryption
What you do is that you split the key of size 128 bit (16 byte) or 168 bit (24 byte) in two or three pieces respectively. So for a 16 byte key K you would have two keys Ka and Kb, and for a 24 byte key you would have Ka, Kb and Kc. DES ABC keys have an effective strength of about 112 bits, DES ABA keys have an effective strength of about 80 bits.
To encrypt a single block of 8 bytes (the block size of both DES and 3DES) you would perform the following cryptographic operation: Cn = E(Ka, D(Kb, E(Kc, Mn))) where Mn is the n'th block of the plain text message and Cn the n'th block of the cipher text. If you don't have a Kc then you may use Ka (DES ABC key vs DES ABA key).
For this you need a single block DES encrypt, which is identical to a single block encrypt in ECB mode, or a single block encrypt with CBC and an IV consisting of 8 bytes valued 00h.
CBC
So that's the block encryption sorted, now you need some kind of encryption mode and padding mode. I'll explain CBC mode encryption here, ECB should not be used for encryption non-random data.
With CBC mode encryption you XOR a vector to the plain text. The vector is normally just the output of the last DESede encrypted block. As you don't have any preceding cipher text, you need to create the first vector yourself using random data. This vector is called the initialization vector or IV. See wikipedia for a clear picture.
Padding
Block cipher modes only allow full blocks of plain text to be encrypted. So you would need some kind of padding scheme. Although there are many padding modes, PKCS#5 padding is used most of the time. You should pad the plain text like this: pad with bytes valued 0Xh, where X is the number of padding bytes required to create a full block. X should be between 1 and 8: in other words, PKCS#5 padding is always used; this makes it possible to distinquish the padding bytes from the plain text.
If you use padding in an online protocol then you need to protect against padding oracle attacks. In this case it is highly recommended to use some form of integrity checks, e.g. by adding a HMAC over the cipher text using a separate key.
3DES is just DES used three times on the plaintext:
ciphertext = E_K3(D_K2(E_K1(plaintext)))
plaintext = D_K1(E_K2(D_K3(ciphertext)))
E_Kn = Encryption with Key number n.
D_Kn = Decryption with Key number n.
So you can easily "emulate" 3DES with just DES.
In CBC mode you'll need an IV to start with and then XOR the next plaintext block with the previous ciphertext block. If your device doesn't support CBC then this too is easily "emulated".
how can I encrypt a 300-bit plaintext using a block cipher with a block size of 128 bits in ECB mode.
First you have do some padding. The most simple padding would be to fill your plaintext with zeros up to size 3*128 bits. Now you can encrypt it with your block cipher in three steps, first encrypting bits 0 to 127, then 128 to 255 and last 256 to 383. That's ECB.
For decryption you do the reverse. Decrypt the single blocks, then remove the padding.
First a question: Why do you want to use ECB for encrypting data larger than the block size? I would say that using ECB for len(cleartext) > block size is not recommended.
If you can live with ciphertext expansion due to padding on the last block then you can do as tangens recommends.
If you need the len(ciphertext) == len(cleartext) you need to look at cipherhext stealing versions of ECB (or CBC):
http://en.wikipedia.org/wiki/Ciphertext_stealing
http://csrc.nist.gov/publications/nistpubs/800-38a/addendum-to-nist_sp800-38A.pdf